[neon/neon/calamares-settings/Neon/unstable] oem-prepare: use ui 60000 for oem user

Carlos De Maine null at kde.org
Fri Feb 20 04:10:05 GMT 2026 

Git commit 82883120cc49c80b61e7ab50fca67e737ec8bc01 by Carlos De Maine.
Committed on 20/02/2026 at 04:09.
Pushed by carlosdem into branch 'Neon/unstable'.

use ui 60000 for oem user

and do a complex dance of min_uid and max_uid settings to allow the final user to be uid 1000

M  +4    -0    oem-prepare/calamares/oem-prepare/prepare-system/oem-cleanup
M  +2    -2    oem-prepare/calamares/oem-prepare/prepare-user/calamares-oem-prepare2
M  +9    -3    oem-prepare/usr/sbin/calamares-oem-uid
M  +5    -2    oem-prepare/usr/sbin/calamares-oem-uid-undo-and-configure

https://invent.kde.org/neon/neon/calamares-settings/-/commit/82883120cc49c80b61e7ab50fca67e737ec8bc01

diff --git a/oem-prepare/calamares/oem-prepare/prepare-system/oem-cleanup b/oem-prepare/calamares/oem-prepare/prepare-system/oem-cleanup
index cdcce3b..50c61db 100755
--- a/oem-prepare/calamares/oem-prepare/prepare-system/oem-cleanup
+++ b/oem-prepare/calamares/oem-prepare/prepare-system/oem-cleanup
@@ -31,3 +31,7 @@ done
 # finalize the cleanup. On the flip side we need to manually rm.
 rm -rf /usr/bin/calmares-oem
 rm -rf /usr/share/calmares-oem
+
+# remove the last of the oem uer dance/hack
+mv $ROOT/etc/login.defs.oem $ROOT/etc/login.defs
+
diff --git a/oem-prepare/calamares/oem-prepare/prepare-user/calamares-oem-prepare2 b/oem-prepare/calamares/oem-prepare/prepare-user/calamares-oem-prepare2
index 4184f9f..f58882d 100755
--- a/oem-prepare/calamares/oem-prepare/prepare-user/calamares-oem-prepare2
+++ b/oem-prepare/calamares/oem-prepare/prepare-user/calamares-oem-prepare2
@@ -10,8 +10,8 @@ CALAMARES_DESKTOPFILE="/usr/share/applications/calamares.desktop"
 # Consistency check. The root portion will allow the oem user to run calamares via pkexec.
 # Ensure the relevant action is actually available on the system.
 # Otherwise there was a change in calamares that we need to adapt to.
-if [ "$(id -u)" -ne 1100 ]; then
-  kdialog --error "We are not running as UID $(id  -u) not our specified UID 1100. Please file a bug!"
+if [ "$(id -u)" -ne 60000 ]; then
+  kdialog --error "We are not running as UID $(id  -u) not our specified UID 60000. Please file a bug!"
 exit 1
 fi
 
diff --git a/oem-prepare/usr/sbin/calamares-oem-uid b/oem-prepare/usr/sbin/calamares-oem-uid
index 0c67171..46a8d76 100755
--- a/oem-prepare/usr/sbin/calamares-oem-uid
+++ b/oem-prepare/usr/sbin/calamares-oem-uid
@@ -3,11 +3,17 @@
 # SPDX-License-Identifier: GPL-3.0-only OR LicenseRef-KDE-Accepted-GPL
 
 # Hack...
-# Since calamares doesn't allow forcing a uid we'll implcitly move the
-# auto-ranges so the oem user is created at uid 1100.
-# This hack is undone in a module once the user was created.
 # This hack allows us to not break with the expecation that the default/first
 # user will be UID 1000.
+# Since calamares doesn't allow forcing a uid we'll implcitly move the
+# auto-ranges so the oem user is created at uid 60000.
+# useradd adds a user uid even if we set the uid_min to a system uid (eg 900) as we are adding a user account.
+# The first part of this hack is undone in a calamares-oem-uid-undo-and-configure once the user was created.
+# We also then set a new hack of uid_max and gid_max at 59999 which let's useradd reset the uid
+# counter as our oem user has a uid equal to the max, thus the to be installed user will be uid 1000.
+# Finally, in the oem-cleanup service, we cp the original login.defs back after oem user has been deleted and we
+# are about to reboot into the freshly installed system.
+# EndHack...
 
 set -ex
 
diff --git a/oem-prepare/usr/sbin/calamares-oem-uid-undo-and-configure b/oem-prepare/usr/sbin/calamares-oem-uid-undo-and-configure
index a85d81c..99a1ee7 100755
--- a/oem-prepare/usr/sbin/calamares-oem-uid-undo-and-configure
+++ b/oem-prepare/usr/sbin/calamares-oem-uid-undo-and-configure
@@ -10,14 +10,17 @@ set -ex
 ROOT=$1
 
 # reinstate login.defs and reset user uid & gid to 1000
-mv $ROOT/etc/login.defs.oem $ROOT/etc/login.defs
+cp $ROOT/etc/login.defs.oem $ROOT/etc/login.defs
+sed -i 's%UID_MAX.*1000%UID_MAX 60000%g' $ROOT/etc/login.defs
+sed -i 's%GID_MAX.*1000%GID_MAX 60000%g' $ROOT/etc/login.defs
+
 
 # ... and also do some special modifications to configure the oem user
 
 mkdir -p $ROOT/home/oem/Desktop
 ln -s ../../../calamares/oem-prepare/oem-prepare.desktop $ROOT/home/oem/Desktop/oem-prepare.desktop
 # Make sure the oem user (900) can clean up this file!
-chown -Rv 1100 $ROOT/home/oem/Desktop/
+chown -Rv 60000 $ROOT/home/oem/Desktop/
 
 kwriteconfig6 --file $ROOT/etc/sddm.conf --group Autologin --key Relogin --type bool true
 kwriteconfig6 --file $ROOT/etc/sddm.conf --group Autologin --key User oem

More information about the Neon-commits mailing list