1 |
In rare cases, a system user will need a real home directory to store |
2 |
per-user configuration data and/or be accessed interactively by a |
3 |
human being. In those cases, /home/${username} is an appropriate place |
4 |
for the user's home directory. Using /home is allowed and encouraged |
5 |
by the FHS, and there are no real technical obstacles to it aside from |
6 |
an install-time QA warning about the path. |
7 |
|
8 |
Before GLEP81, the efficacy of this check was unarguable. With |
9 |
enewuser, you could still set a user's home directory to a location |
10 |
under /home, but the lack of a "keepdir" meant that it would fly under |
11 |
the radar during the QA check. As a result, the QA check would only |
12 |
flag truly problematic files. With GLEP81, however, an implementation |
13 |
detail leads this check to flag the user's home directory. |
14 |
|
15 |
This commit makes an exception for the home directory /home/${PN} |
16 |
itself, and the /home/${PN}/.keep* file it contains. This lets us |
17 |
migrate existing user.eclass ebuilds to GLEP81 without triggering a |
18 |
new QA warning on a dummy file. |
19 |
|
20 |
This will be useful in at least two real situations: |
21 |
|
22 |
* The "amavis" user exists to launch the amavisd daemon, but much of |
23 |
the configuration for that user is created in $HOME by a human who |
24 |
is logged in as "amavis" interactively. This is user data by any |
25 |
definition, and should be stored in /home/amavis rather than |
26 |
dumping it in the daemon's working directory. |
27 |
|
28 |
* The "spamd" user gets its SpamAssassin configuration the same way |
29 |
local users do in a traditional UNIX mail setup: by reading it out |
30 |
of $HOME. This is user data, even though it happens to affect the |
31 |
daemon. With user.eclass, /home/spamd is already used as the home |
32 |
directory. When migrating to GLEP81, we should not break existing |
33 |
systems and force a migration just to avoid an old warning. |
34 |
|
35 |
There are other potential uses as well. If I want to share (real |
36 |
human) user accounts across multiple Gentoo installs per the design of |
37 |
GLEP81, then I can do that with acct-user packages in an overlay. The |
38 |
user packages ensure that the same UIDs and GIDs get used on every |
39 |
system, but if I do this with my "mjo" account, I'm going to want |
40 |
/home/mjo to be my home directory. There's nothing wrong with that, |
41 |
so we shouldn't warn about it. |
42 |
--- |
43 |
metadata/install-qa-check.d/08gentoo-paths | 27 ++++++++++++++++++++++ |
44 |
1 file changed, 27 insertions(+) |
45 |
|
46 |
diff --git a/metadata/install-qa-check.d/08gentoo-paths b/metadata/install-qa-check.d/08gentoo-paths |
47 |
index 5161aef9922..ab9bd64d0e0 100644 |
48 |
--- a/metadata/install-qa-check.d/08gentoo-paths |
49 |
+++ b/metadata/install-qa-check.d/08gentoo-paths |
50 |
@@ -19,6 +19,10 @@ gentoo_path_check() { |
51 |
boot dev etc opt srv usr var |
52 |
) |
53 |
|
54 |
+ # We make an exception and allow acct-user packages to install to |
55 |
+ # /home in rare circumstances. |
56 |
+ [[ "${CATEGORY}" == "acct-user" ]] && allowed_paths_toplevel+=( home ) |
57 |
+ |
58 |
# directories in /usr which can be installed to by ebuilds |
59 |
# /usr/games is not included as it is banned nowadays |
60 |
local allowed_paths_usr=( |
61 |
@@ -61,6 +65,29 @@ gentoo_path_check() { |
62 |
fi |
63 |
done |
64 |
|
65 |
+ # Normally ebuilds should not install anything under /home. If this |
66 |
+ # is a GLEP81 user package, however, we make an exception for the |
67 |
+ # user's home directory itself and the ".keep" file within it. This |
68 |
+ # allows GLEP81 user packages to have home directories under /home, |
69 |
+ # which can be useful if the account is meant to be used by a human |
70 |
+ # to store configuration data or run maintenance tasks. |
71 |
+ if [[ "${CATEGORY}" == "acct-user" ]]; then |
72 |
+ local f found=() |
73 |
+ while read -r -d '' f; do |
74 |
+ found+=( "${f}" ) |
75 |
+ done < <(find -L "${ED%/}/home" \ |
76 |
+ -mindepth 1 \ |
77 |
+ -maxdepth 2 \ |
78 |
+ ! -path "${ED%/}/home/${PN}" \ |
79 |
+ ! -path "${ED%/}/home/${PN}/.keep*" \ |
80 |
+ -print0) |
81 |
+ |
82 |
+ if [[ ${found[@]} ]]; then |
83 |
+ # mimic the output for non-acct-user packages. |
84 |
+ bad_paths+=( "/home" ) |
85 |
+ fi |
86 |
+ fi |
87 |
+ |
88 |
${shopt_save} |
89 |
|
90 |
# report |
91 |
-- |
92 |
2.24.1 |