1 |
On 11/23/2016 01:08 AM, Michał Górny wrote: |
2 |
> On Wed, 23 Nov 2016 09:44:33 +0100 |
3 |
> Manuel Rüger <mrueg@g.o> wrote: |
4 |
> |
5 |
>> I have not started to write it, but I am considering it and rather want |
6 |
>> to gather feedback on my idea first. |
7 |
>> I am aware that https://wiki.gentoo.org/wiki/GLEP:27 exists, but as of |
8 |
>> right now I haven't seen anyone working on it. The goal of this eclass |
9 |
>> is to improve user/group handling without touching the PMS. |
10 |
>> |
11 |
>> tl;dr: Userkit eclass will improve the user handling by externalizing |
12 |
>> the configuration to variables that can be set from outside of the ebuild. |
13 |
>> |
14 |
>> Userkit.eclass will inherit user.eclass and require bash arrays |
15 |
>> USERKIT_USER and USERKIT_GROUP for configuration. |
16 |
>> I will export a pkg_setup with the corresponding setup (basically |
17 |
>> calling enewuser and enewgroup). It will provide get_user, get_uid, |
18 |
>> get_group, get_gid and get_home functions. |
19 |
>> This would allow to do something like "fowners $(get_user):$(get_group) |
20 |
>> foo". |
21 |
>> |
22 |
>> If ${CATEGORY}-${PN}_user and ${CATEGORY}-${PN}_group are set, these |
23 |
>> will replace the contents of USERKIT_USER and USERKIT_GROUP, allowing |
24 |
>> the user to fully define everything user/group related. |
25 |
> |
26 |
> How does that all map to multiple users/groups? How does that map to |
27 |
> USE-conditional users/groups? How does that map to users/groups shared |
28 |
> between multiple packages? |
29 |
> |
30 |
> Besides, this sounds a lot like games.eclass... will developers be |
31 |
> required to patch upstream software now to force support for using |
32 |
> custom users/groups? |
33 |
> |
34 |
>> What happens if the ebuild wants to create multiple users/group? |
35 |
>> Currently, I want to ignore that case and focus on the 80% ebuilds that |
36 |
>> can profit from such an eclass. |
37 |
> |
38 |
> Do you have specific numbers? I don't see 80% of ebuilds caring about |
39 |
> users/groups. I don't see the problem you are trying to fix. |
40 |
> |
41 |
> Is it one of those problems that someone thinks it's awesome to make |
42 |
> everything declaratory, and add tons of middleware to make the |
43 |
> declaratory work somehow for the most common use cases? |
44 |
> |
45 |
I think the use-case here is ebuilds that need to create a user and/or |
46 |
group (www-servers/lighttpd is a good example; alongside pretty much |
47 |
anything else that needs to run as a separate user and serves |
48 |
something). In lighttpd's case we don't currently support the ability to |
49 |
declare which user and group lightty uses; the lighttpd user and |
50 |
lighttpd group will always be created. Later configuration of users and |
51 |
groups can be worked with, and iirc we recently patched the initscript |
52 |
so it handles that use case. |
53 |
|
54 |
I could see a use-case for someone wanting to install a given daemon or |
55 |
server with a specific user and/or group. I'm not sure this is the right |
56 |
approach (nor do I know what is), but I think we have room to think |
57 |
about a solution; ideally one that is dead-simple to implement and |
58 |
doesn't have a ton of edge-cases. |
59 |
|
60 |
What is QA's current policy on user/group creation, btw? |
61 |
-- |
62 |
Daniel Campbell - Gentoo Developer |
63 |
OpenPGP Key: 0x1EA055D6 @ hkp://keys.gnupg.net |
64 |
fpr: AE03 9064 AE00 053C 270C 1DE4 6F7A 9091 1EA0 55D6 |