| 1 |
On 11/23/2016 01:08 AM, Michał Górny wrote: |
| 2 |
> On Wed, 23 Nov 2016 09:44:33 +0100 |
| 3 |
> Manuel Rüger <mrueg@g.o> wrote: |
| 4 |
> |
| 5 |
>> I have not started to write it, but I am considering it and rather want |
| 6 |
>> to gather feedback on my idea first. |
| 7 |
>> I am aware that https://wiki.gentoo.org/wiki/GLEP:27 exists, but as of |
| 8 |
>> right now I haven't seen anyone working on it. The goal of this eclass |
| 9 |
>> is to improve user/group handling without touching the PMS. |
| 10 |
>> |
| 11 |
>> tl;dr: Userkit eclass will improve the user handling by externalizing |
| 12 |
>> the configuration to variables that can be set from outside of the ebuild. |
| 13 |
>> |
| 14 |
>> Userkit.eclass will inherit user.eclass and require bash arrays |
| 15 |
>> USERKIT_USER and USERKIT_GROUP for configuration. |
| 16 |
>> I will export a pkg_setup with the corresponding setup (basically |
| 17 |
>> calling enewuser and enewgroup). It will provide get_user, get_uid, |
| 18 |
>> get_group, get_gid and get_home functions. |
| 19 |
>> This would allow to do something like "fowners $(get_user):$(get_group) |
| 20 |
>> foo". |
| 21 |
>> |
| 22 |
>> If ${CATEGORY}-${PN}_user and ${CATEGORY}-${PN}_group are set, these |
| 23 |
>> will replace the contents of USERKIT_USER and USERKIT_GROUP, allowing |
| 24 |
>> the user to fully define everything user/group related. |
| 25 |
> |
| 26 |
> How does that all map to multiple users/groups? How does that map to |
| 27 |
> USE-conditional users/groups? How does that map to users/groups shared |
| 28 |
> between multiple packages? |
| 29 |
> |
| 30 |
> Besides, this sounds a lot like games.eclass... will developers be |
| 31 |
> required to patch upstream software now to force support for using |
| 32 |
> custom users/groups? |
| 33 |
> |
| 34 |
>> What happens if the ebuild wants to create multiple users/group? |
| 35 |
>> Currently, I want to ignore that case and focus on the 80% ebuilds that |
| 36 |
>> can profit from such an eclass. |
| 37 |
> |
| 38 |
> Do you have specific numbers? I don't see 80% of ebuilds caring about |
| 39 |
> users/groups. I don't see the problem you are trying to fix. |
| 40 |
> |
| 41 |
> Is it one of those problems that someone thinks it's awesome to make |
| 42 |
> everything declaratory, and add tons of middleware to make the |
| 43 |
> declaratory work somehow for the most common use cases? |
| 44 |
> |
| 45 |
I think the use-case here is ebuilds that need to create a user and/or |
| 46 |
group (www-servers/lighttpd is a good example; alongside pretty much |
| 47 |
anything else that needs to run as a separate user and serves |
| 48 |
something). In lighttpd's case we don't currently support the ability to |
| 49 |
declare which user and group lightty uses; the lighttpd user and |
| 50 |
lighttpd group will always be created. Later configuration of users and |
| 51 |
groups can be worked with, and iirc we recently patched the initscript |
| 52 |
so it handles that use case. |
| 53 |
|
| 54 |
I could see a use-case for someone wanting to install a given daemon or |
| 55 |
server with a specific user and/or group. I'm not sure this is the right |
| 56 |
approach (nor do I know what is), but I think we have room to think |
| 57 |
about a solution; ideally one that is dead-simple to implement and |
| 58 |
doesn't have a ton of edge-cases. |
| 59 |
|
| 60 |
What is QA's current policy on user/group creation, btw? |
| 61 |
-- |
| 62 |
Daniel Campbell - Gentoo Developer |
| 63 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
| 64 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |
Archives