Re: Towards enabling rpm sysusers integration

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On 6/23/23 21:20, Michal Domonkos wrote:

On Thu, Jun 22, 2023 at 01:18:27PM +0300, Panu Matilainen wrote:

Now that the initial hurdle of getting rpm 4.19 into rawhide is over, it's
time to start looking towards enabling the sysusers integration:
https://rpm-software-management.github.io/rpm/manual/users_and_groups.html


[...]


3. The various %sysuser_()* macros in systemd-rpm-macros need to be phased
out. As it'll be a long time before the sysusers feature is in all Fedora
versions, it needs a longer term plan. One simple possibility is do what was
done with all those ldconfig from %post back then: change the %sysusers_()
macros to no-ops in rawhide to let rpm handle it, and only actually bother
updating packages once all relevant versions have the sysusers feature.


This proposal would effectively move all existing packages that create users or
groups from useradd/groupadd (called by those %sysuser* macros underneath) to
systemd-sysusers(8).

I wonder if we shouldn't first just move those macros over to systemd-sysusers
to test-drive this utility at a larger scale and catch any potential bugs or
issues before actually proceeding with the remaining steps as outlined in the
email.

That's a lower-risk first step that should be fairly easy to implement right
away, as mentioned in:

     https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format
The big problem with that approach is that it drags all of systemd into every user/group creation. Doesn't matter on an already running system but is disastrous in the early install stages where even shadow-utils easily creates ordering loops.
The rpm integration avoids that entirely by calling the user/group creation helper from outside of the chroot (ie systemd-sysusers --root=...) Which means one could pretty much drop all of the static /etc/{passwd,group} content (now shipped in setup) because the user/group creation facilities are available even to the first package being installed. 

	- Panu -
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux