| 1 |
In rare cases, a system user will need a real home directory to store |
| 2 |
per-user configuration data and/or be accessed interactively by a |
| 3 |
human being. In those cases, /home/${username} is an appropriate place |
| 4 |
for the user's home directory. Using /home is allowed and encouraged |
| 5 |
by the FHS, and there are no real technical obstacles to it aside from |
| 6 |
an install-time QA warning about the path. |
| 7 |
|
| 8 |
Before GLEP81, the efficacy of this check was unarguable. With |
| 9 |
enewuser, you could still set a user's home directory to a location |
| 10 |
under /home, but the lack of a "keepdir" meant that it would fly under |
| 11 |
the radar during the QA check. As a result, the QA check would only |
| 12 |
flag truly problematic files. With GLEP81, however, an implementation |
| 13 |
detail leads this check to flag the user's home directory. |
| 14 |
|
| 15 |
This commit makes an exception for the home directory /home/${PN} |
| 16 |
itself, and the /home/${PN}/.keep* file it contains. This lets us |
| 17 |
migrate existing user.eclass ebuilds to GLEP81 without triggering a |
| 18 |
new QA warning on a dummy file. |
| 19 |
|
| 20 |
This will be useful in at least two real situations: |
| 21 |
|
| 22 |
* The "amavis" user exists to launch the amavisd daemon, but much of |
| 23 |
the configuration for that user is created in $HOME by a human who |
| 24 |
is logged in as "amavis" interactively. This is user data by any |
| 25 |
definition, and should be stored in /home/amavis rather than |
| 26 |
dumping it in the daemon's working directory. |
| 27 |
|
| 28 |
* The "spamd" user gets its SpamAssassin configuration the same way |
| 29 |
local users do in a traditional UNIX mail setup: by reading it out |
| 30 |
of $HOME. This is user data, even though it happens to affect the |
| 31 |
daemon. With user.eclass, /home/spamd is already used as the home |
| 32 |
directory. When migrating to GLEP81, we should not break existing |
| 33 |
systems and force a migration just to avoid an old warning. |
| 34 |
|
| 35 |
There are other potential uses as well. If I want to share (real |
| 36 |
human) user accounts across multiple Gentoo installs per the design of |
| 37 |
GLEP81, then I can do that with acct-user packages in an overlay. The |
| 38 |
user packages ensure that the same UIDs and GIDs get used on every |
| 39 |
system, but if I do this with my "mjo" account, I'm going to want |
| 40 |
/home/mjo to be my home directory. There's nothing wrong with that, |
| 41 |
so we shouldn't warn about it. |
| 42 |
--- |
| 43 |
metadata/install-qa-check.d/08gentoo-paths | 27 ++++++++++++++++++++++ |
| 44 |
1 file changed, 27 insertions(+) |
| 45 |
|
| 46 |
diff --git a/metadata/install-qa-check.d/08gentoo-paths b/metadata/install-qa-check.d/08gentoo-paths |
| 47 |
index 5161aef9922..ab9bd64d0e0 100644 |
| 48 |
--- a/metadata/install-qa-check.d/08gentoo-paths |
| 49 |
+++ b/metadata/install-qa-check.d/08gentoo-paths |
| 50 |
@@ -19,6 +19,10 @@ gentoo_path_check() { |
| 51 |
boot dev etc opt srv usr var |
| 52 |
) |
| 53 |
|
| 54 |
+ # We make an exception and allow acct-user packages to install to |
| 55 |
+ # /home in rare circumstances. |
| 56 |
+ [[ "${CATEGORY}" == "acct-user" ]] && allowed_paths_toplevel+=( home ) |
| 57 |
+ |
| 58 |
# directories in /usr which can be installed to by ebuilds |
| 59 |
# /usr/games is not included as it is banned nowadays |
| 60 |
local allowed_paths_usr=( |
| 61 |
@@ -61,6 +65,29 @@ gentoo_path_check() { |
| 62 |
fi |
| 63 |
done |
| 64 |
|
| 65 |
+ # Normally ebuilds should not install anything under /home. If this |
| 66 |
+ # is a GLEP81 user package, however, we make an exception for the |
| 67 |
+ # user's home directory itself and the ".keep" file within it. This |
| 68 |
+ # allows GLEP81 user packages to have home directories under /home, |
| 69 |
+ # which can be useful if the account is meant to be used by a human |
| 70 |
+ # to store configuration data or run maintenance tasks. |
| 71 |
+ if [[ "${CATEGORY}" == "acct-user" ]]; then |
| 72 |
+ local f found=() |
| 73 |
+ while read -r -d '' f; do |
| 74 |
+ found+=( "${f}" ) |
| 75 |
+ done < <(find -L "${ED%/}/home" \ |
| 76 |
+ -mindepth 1 \ |
| 77 |
+ -maxdepth 2 \ |
| 78 |
+ ! -path "${ED%/}/home/${PN}" \ |
| 79 |
+ ! -path "${ED%/}/home/${PN}/.keep*" \ |
| 80 |
+ -print0) |
| 81 |
+ |
| 82 |
+ if [[ ${found[@]} ]]; then |
| 83 |
+ # mimic the output for non-acct-user packages. |
| 84 |
+ bad_paths+=( "/home" ) |
| 85 |
+ fi |
| 86 |
+ fi |
| 87 |
+ |
| 88 |
${shopt_save} |
| 89 |
|
| 90 |
# report |
| 91 |
-- |
| 92 |
2.24.1 |
Archives