Hi Martin, On Tue, Aug 05, 2008 at 05:30:03PM +1200, Martin Langhoff wrote: > On Mon, Aug 4, 2008 at 10:49 PM, Enrico Scholz > <enrico.scholz@xxxxxxxxxxxxxxxxxxxxxxxxx> wrote: > > Without reading whole thread and participating in yet another flame war > > Apologies, didn't mean to taunt peoplle into another flamefest -- > thanks for your kind reply. I will use a high uid range as the base if > I do use this. > > However, it seems that my situation is one where I end up with an > ordering if I try to use your package. Brief description follows > > My project - OLPC's School Server - is a Fedora spin that adds a few > packages with custom daemons, provides a "xs-config" package that > makes a mess of /etc (ahem!, applies a custom configuration), and has > a metapackage to pull it all together. > > Having stable, predictable uids/gids is *extremely* valuable as we > want maximum consistency between systems -- the target ratio is of a > small sysadmin team (5 to 12) managing thousands of servers. We could > hardcode the uid/gids, but we want to work with Fedora to make our > packages mainstream as much as possible. So we tend to package things > "vanilla" and do our wonky configuration in a separate package. > > So I would need to have an "config" package that > - depends on fedora-usermgmt fedora-usermgmt-shadowutils > - is guaranteed to install _before_ any other package that depends on > fedora-usermgmt > > the "main" xs-config package gets installed late because it overwrites > configurations, and so it depends on everything. > > Is there a way to force this early-dependency? In case you are > wondering, this gets installed via anaconda unattended and or via yum > update. I'm wary of anaconda hacks that a yum install / yum update > won't obey. > > It's a bit of circular logic. Can I package my own > "fedora-usermgmt-yesjustdoit" version of the -shadowutils with > metadata that makes it win over the "-dontreallydoanything" package? I would strongly recommend against it. IIRC correctly the tool was even banned from EPEL and if the FPC weren't that tiered about the flamewars it might have even gotten as far as being banned altogether. But the result was that the FPC did some serious thinking on how to manage users/groups and came up with a solution that doesn't involve fedora-usermgmt. The wiki is currently off-line otherwise I'd add a pointer to the resp. pages. I think the right way to do this is to see the different needs between the general Fedora space and OLPC: Fedora wants to reserve as few as possible *static* uids/gids (e.g. officially stamped onto every Fedora system) because this resource is rather sparse. But if in OLPC there are some applications/situations that need a static uid, then OLPC should simply reserve them as a donwstream and ask Fedora (the FPC or Bill) on a static uid mapping. I would check whether the requirements for static uids are indeed needed, but lets do that in a separate thread or PM. -- Axel.Thimm at ATrpms.net
Attachment:
pgpCGHEJwj0NQ.pgp
Description: PGP signature
-- fedora-devel-list mailing list fedora-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-devel-list
