Re: Enabling RPM based sysuser handling

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 5/13/24 13:07, Florian Festi wrote:
On 5/11/24 12:56, Zbigniew Jędrzejewski-Szmek wrote:
On Fri, May 10, 2024 at 01:28:07PM +0200, Florian Festi wrote:
Anyone interested in picking this up? I remember quite a few people
being exited about this when it was announced with the rpm-4.19 Change.

I would be interested in making this happen.

You mentioned that the transition "requires some care". What are
the problems?

There are Requires created for the users and groups. To make this work
the Provides need to be there first - obviously. So one will probably
need to set %_use_weak_usergroup_deps for a transition period. At least
until the first mass rebuild.

Fedora has already been through at least one mass rebuild under 4.19 so the provides (and weak requires) are already there.


There are also a large number of packages that are using useradd:
grep useradd *.spec | cut -d: -f1 | sort -u | wc
     281     281    4090

We need to think what to do with them.

The sysusers macros are much less used actually:
grep sysusers_requires_compat *.spec | cut -d: -f1 | sort -u | wc
      53      53     725
grep sysusers_create_compat *.spec | cut -d: -f1 | sort -u | wc
     101     101    1476

This whole thing probably needs to be a Global Change involving a change
to the Packaging Guidelines [4] and may be an Mass Package Change
(although that might be avoided by changing the macros in
systemd-rpm-macros to NOPs).

The macros are written in a way that if the user/group exist,
no operation is done. Thus, naively, I would think that if rpm
starts to create users and groups on its own, then the existing
scriptlets would become noops. That would mean that we could enable
the feature in rpm without any mass package changes first.

That might work, but I have not looked deep enough into that to do that
blindly.

I'm quite sure there's *some* exception to the rule, but in general even the useradd era scripts are written in a way to allow pre-existing users. They kinda have to.

I outlined the migration process last year in https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx/thread/NEFOV236FJYS2RED2SEOV5YHDFLDX7DK/#OYCWXKAMIXEZNYPVOM6VQ3YYXQ76M3DG but failed to follow-up, so I'm glad to see this getting revisited.

	- Panu -

--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue




[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Users]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]

  Powered by Linux