On 12/19/24 3:06 PM, Michal Sekletar wrote:
On Wed, Jun 26, 2024 at 3:17 PM Panu Matilainen <pmatilai@xxxxxxxxxx> wrote:
Excellent :) With the duplicates gone from systemd basic.conf gone, a
logical next step would be turning on hard dependencies for users and
groups before the F41 mass rebuild (by dropping
rpm-4.19.91-weak-user-group.patch from Fedora rpm).
Hi,
I recently ran into issues related to the current state of sysusers in
Fedora, i.e. macro shenanigans and sysusers configs in dist-git. I
thought it would be nice to finally cross the finish line and make
native rpm support for sysusers default. There is still some work to
do in order to have this feature fully integrated in Fedora. These are
the work items that I am aware of,
(a) Put together Fedora System-Wide Change Proposal
(b) Remove rpm patch so that we generate strong dependencies on
virtual user and group provides
(c) Update Fedora Packaging Guidelines and stop recommending use of
%sysusers_create_compat macro
From above the most pressing is (a) because we are approaching the
submission deadline for change proposals. I'd be willing to put
together a draft of the proposal if you agree.
That would be awesome, thanks for volunteering! I don't have the
capacity to drive this thing with rpm v6 approaching rapidly, but I'll
be happy to help if/where needed, so feel free to add me as a co-owner.
All the necessary user/group provides should already be in place since
F40 mass rebuild, and it shouldn't matter which mechanism actually
creates the users, so it's not committing to any changes in user/group
handling as such, this is just an extra packaging hygiene step in the
process.
Given above, I think that the proposal should be uncontroversial as it
is mostly about cleanup and finishing touches because the feature as
such is already present in rpm.
Let me know what you guys think.
Two things to be aware of:
1) the user/group hard dependencies are likely to cause some install
order disruption requiring packaging changes, best to prepare and
reserve some capacity for that
2) there's a shadow-utils issue that prevents useradd/groupadd from
working properly wrt --chroot
(https://github.com/shadow-maint/shadow/issues/940)
Since 2) appears to affect mock, it may well be a show-stopper for
actually enabling the sysusers feature in rpm. Native systemd-sysusers
isn't affected by that, but then it doesn't do all the audit-stuff that
shadow-utils do, and AIUI that's a showstopper for using
systemd-sysusers in Fedora :-/ It doesn't prevent moving on with the
hard user/group dependencies though, those really are the right thing
regardless of how exactly the users are created.
FWIW, I'll be on vacation and AFK after today and back on January 7th.
- Panu -
--
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue