On Wed, 09.07.14 06:19, Colin Walters (walters@xxxxxxxxxx) wrote: > Hi, for Atomic I'd like to investigate the new systemd-sysusers, so I > wrote up a Change: > > https://fedoraproject.org/wiki/Changes/SystemdSysusers > > Note: for Fedora 22. > > The main motivation for me is it would allow Atomic to not be a Remix > due to the not-in-Fedora shadow-utils patch[1] Further, it would > potentially allow us to migrate away from /usr/lib/passwd and > nss-altfiles which would be really nice. Though I'm still exploring > that. > > [1] https://bugzilla.redhat.com/show_bug.cgi?id=1098304 Ah, interesting. A week ago I filed this: https://fedorahosted.org/fpc/ticket/442 In order to get the process started to get this through FPC first. In that ticket I actually promised to bring this up on fedora-devel, but it appears that you beat me to it. The reason I haven't brought this up yet is because I wanted a nice way how we can make use of this from RPM scriptlets, so that packages can just stick to this declarative scheme, and be done. However, that's actually not that trivial: Some packages (notably polkit) rely on files owned by a system user that is not root. This means we need to do the user registration in %pre how it was always done. But if we do the user registration declaratively from files we ship in the RPM, then we could only run that from %post, which of course means that the files cannot be owned properly. Fortunately it's only a handful of packages which appear to require that though (but I didn't spend to much time to figure out the details). Our current way of thinking is to simply introduce a second syntax for the sysusers RPM macro: the few packages which need that would then be able to embedd the declaration of the user into %pre, while most users would be created via %post. The few packages which need that would contain the user definition at two places though: once in the file system in a drop-in file shipped in the RPM, and a second time, inline, in the %pre scriptlet. Not pretty... Not sure though what other options there are, that would be better... Anyway, I do like to see this feature implemented in Fedora. I think it's really crucial to get this done. Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
