On Fri, Jun 30, 2023 at 10:15:35PM +0200, Björn Persson wrote:
Ewoud Kohl van Wijngaarden wrote:
I'm looking at converting my package (where I'm also the upstream) to
use sysusers.d but I'd prefer shipping the sysusers.d file inside the
source tarball rather than in packaging. This allows me to use the same
definition on Debian, which I think is a huge benefit of systemd
standardizing these kinds of things.
Yes, of course you'd want to do it that way, but Fedora isn't ready.
I got the same impression.
The documentation[1] only mentions shipping it as a separate source, not
inside the tarball. Should I simply replace %{SOURCE3} in the docs with
the path from the extracted tarball?
My experience is that sysusers_create_compat can't be made to work with
a file extracted from the tarball. It requires a separate source file.
As long as user and group accounts must be added in the packaging, it's
more convenient to do it in the spec file than in a separate sysusers
file. Thus sysusers_create_compat seems rather useless to me.
I wouldn't say completely useless, but useless in the ideal case.
If your program needs its user account only at run time (such as a
daemon that runs as non-root), then it's enough to drop the sysusers
file into /usr/lib/sysusers.d. The account will then be created at the
end of the RPM transaction, after all the packages have been installed.
In that case shipping the sysusers file inside the tarball should work,
and you don't need sysusers_create_compat.
If your package contains any files owned by the account it creates,
then installing the sysusers file is not sufficient. In that case the
account must be created in %pre before the files are installed, either
with sysusers_create_compat (which requires a separate source file) or
with plain old useradd or groupadd.
Sadly, this is the case (owning /var/lib/%{name}).
I've seen some discussion recently about integrating sysusers support
into RPM. That should allow an upstream sysusers file to work in all
cases, if I understand correctly. If your package currently works, then
I suggest waiting until the RPM integration is done before you change
how user accounts are created.
Thanks for the advice.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue