On 11/27/21 16:10, Neal Gompa wrote:
On Sat, Nov 27, 2021 at 9:02 AM Frank Ch. Eigler <fche@xxxxxxxxxx> wrote:
Adam Williamson <adamwill@xxxxxxxxxxxxxxxxx> writes:
[...]
https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_dynamic_allocation
say:
"Create a <package-name>.sysusers file with the user definition and add
where usr/lib/sysusers.d/geekotest.conf is the path to one of the
sysusers config file within the upstream source, but it doesn't seem to
work. [...]
One problem with these sysusers rpm macros is that they expand to the
scriptlets very early: before even the main source tarball is extracted.
This is why the fedora packaging guideline more or less forces them to
be first-class spec sources.
There's a way around this: change the %sysusers_create_package stuff to
use "%pre -f <scriptfile>". Just like with %files -f, the script can be
generated during build/install stages so you can use both separate
sources and tarballed ones. And like with %files -f, the -f included
script file gets appended to what else may be in that script.
So basically you'd want to turn %sysusers_create_package into a
standalone script which can be called from %build/install, and included
with %pre -f. Much like %find_lang is used.
In the case of systemtap, we worked around this by moving the sysusers
config files right into the spec file - out of the source tarball - and
feed them to %pre and %install scripts by hand.
https://src.fedoraproject.org/rpms/systemtap/blob/rawhide/f/systemtap.spec#_91
https://src.fedoraproject.org/rpms/systemtap/blob/rawhide/f/systemtap.spec#_688
https://src.fedoraproject.org/rpms/systemtap/blob/rawhide/f/systemtap.spec#_818
IMO this is ugly and unfortunate.
The design around sysusers expects a model where files are unpacked
and *then* scripts are run. RPM doesn't work that way, which makes all
Actually, in rpm >= 4.17 there technically is a window where users could
be created based on content unpacked from the package itself. What's
missing is a hook (aka script) to run after unpacking all files but
prior to setting metadata on them all.
of this fall apart. In the ideal case, we could generate preinstall
scriptlets for this stuff from detected sysusers files on the fly, but
there's currently no way to do that.
A more practical way to work around this is to always subpackage out
sysusers and use dependencies to guarantee that it's installed before
the package itself is. This would require the systemd file trigger to
make it so that sysusers is run per-package instead of
per-transaction, though. Alternatively, you could just manually run
systemd-sysusers in %post for those cases.
Yeah, conceptually user-only subpackages is a kinda neat solution, but
not sure its tolerable in terms of package number explosion / metadata
overhead.
- Panu -
--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
