parsec-service: do group membership modifications in useradd

Instead of calling groupmems after creating the user, we can tell useradd
to do the group membership when creating the user.  There are several
reasons for this:

1) Consolidation of the calls into a single call means creation is atomic,
   it either worked or it did not.
2) The existing logic doesn't work if both TPM and TS were enabled.
3) GROUPMEMS_PARAM is broken in oe-core master[1] and this will not be
   fixed as groupmems has been removed from shadow[2].

Instead, construct a list of groups that parsec needs to be a member of,
and pass them to useradd.

[1] https://bugzilla.yoctoproject.org/show_bug.cgi?id=16277
[2] shadow 388ce70 "*/: groupmems(8): Remove program"

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Scott Murray <scott.murray@konsulko.com>

meta-parsec/recipes-parsec/parsec-service/parsec-service_1.5.0.bb

@@ -72,9 +72,22 @@ do_install () {
 inherit useradd
 USERADD_PACKAGES = "${PN}"
 GROUPADD_PARAM:${PN} = "-r parsec"
-USERADD_PARAM:${PN} = "-r -g parsec -s /usr/sbin/nologin -d ${localstatedir}/lib/parsec parsec"
-GROUPMEMS_PARAM:${PN} = "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'tpm-provider', '-a parsec -g tss ;', '', d)}"
-GROUPMEMS_PARAM:${PN} += "${@bb.utils.contains('PACKAGECONFIG_CONFARGS', 'trusted-service-provider', '-a parsec -g tee', '', d)}"
+USERADD_PARAM:${PN} = "\
+    --system \
+    --gid parsec \
+    --shell /usr/sbin/nologin \
+    --home-dir ${localstatedir}/lib/parsec \
+    ${@parsec_groups(d)} \
+    parsec"
+
+def parsec_groups(d):
+    groups = []
+    config = d.getVar("PACKAGECONFIG").split()
+    if "TPM" in config:
+        groups.append("tss")
+    if "TS" in config:
+        groups.append("teeclnt")
+    return "--groups " + ",".join(groups) if groups else ""
 
 FILES:${PN} += " \
     ${sysconfdir}/parsec/config.toml \