1 |
commit: 945ca02e98edb25fd6e4cecb7d788b598de1fcef |
2 |
Author: Michał Górny <mgorny <AT> gentoo <DOT> org> |
3 |
AuthorDate: Mon Jan 4 16:46:16 2021 +0000 |
4 |
Commit: Michał Górny <mgorny <AT> gentoo <DOT> org> |
5 |
CommitDate: Sat Jan 9 18:02:23 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=945ca02e |
7 |
|
8 |
acct-user.eclass: Support var overrides for user properties |
9 |
|
10 |
Introduce a few variables to allow easy overrides of common user account |
11 |
proprerties, that is: |
12 |
|
13 |
- ACCT_USER_<username>_SHELL |
14 |
- ACCT_USER_<username>_HOME |
15 |
- ACCT_USER_<username>_HOME_OWNER |
16 |
- ACCT_USER_<username>_HOME_PERMS |
17 |
- ACCT_USER_<username>_GROUPS |
18 |
- ACCT_USER_<username>_GROUPS_ADD |
19 |
|
20 |
The first five variables override the respective ACCT_USER_* variables, |
21 |
with ACCT_USER_*_GROUPS being a space-separated list. The *_GROUPS_ADD |
22 |
variable appends to groups present in the ebuild, as this seems a common |
23 |
necessity. |
24 |
|
25 |
We do realize that the original requirement of overriding ebuilds |
26 |
in a local repository was inconvenient. This new logic should permit |
27 |
easy updates via make.conf. Additionally, it has the advantage |
28 |
of clearly reporting the changes made in the build logs. |
29 |
|
30 |
This does not preclude other solutions to the problem. However, this |
31 |
is probably the best one and it should become the current |
32 |
recommendation. |
33 |
|
34 |
Signed-off-by: Michał Górny <mgorny <AT> gentoo.org> |
35 |
|
36 |
eclass/acct-user.eclass | 84 +++++++++++++++++++++++++++++++++++-------------- |
37 |
1 file changed, 60 insertions(+), 24 deletions(-) |
38 |
|
39 |
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass |
40 |
index 47890e48409..a2d92605523 100644 |
41 |
--- a/eclass/acct-user.eclass |
42 |
+++ b/eclass/acct-user.eclass |
43 |
@@ -82,7 +82,8 @@ readonly ACCT_USER_NAME |
44 |
# @ECLASS-VARIABLE: ACCT_USER_SHELL |
45 |
# @DESCRIPTION: |
46 |
# The shell to use for the user. If not specified, a 'nologin' variant |
47 |
-# for the system is used. |
48 |
+# for the system is used. This can be overriden in make.conf through |
49 |
+# ACCT_USER_<UPPERCASE_USERNAME>_SHELL variable. |
50 |
: ${ACCT_USER_SHELL:=-1} |
51 |
|
52 |
# @ECLASS-VARIABLE: ACCT_USER_HOME |
53 |
@@ -90,6 +91,8 @@ readonly ACCT_USER_NAME |
54 |
# The home directory for the user. If not specified, /dev/null is used. |
55 |
# The directory will be created with appropriate permissions if it does |
56 |
# not exist. When updating, existing home directory will not be moved. |
57 |
+# This can be overriden in make.conf through |
58 |
+# ACCT_USER_<UPPERCASE_USERNAME>_HOME variable. |
59 |
: ${ACCT_USER_HOME:=/dev/null} |
60 |
|
61 |
# @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER |
62 |
@@ -97,11 +100,14 @@ readonly ACCT_USER_NAME |
63 |
# @DESCRIPTION: |
64 |
# The ownership to use for the home directory, in chown ([user][:group]) |
65 |
# syntax. Defaults to the newly created user, and its primary group. |
66 |
+# This can be overriden in make.conf through |
67 |
+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_OWNER variable. |
68 |
|
69 |
# @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS |
70 |
# @DESCRIPTION: |
71 |
# The permissions to use for the home directory, in chmod (octal |
72 |
-# or verbose) form. |
73 |
+# or verbose) form. This can be overriden in make.conf through |
74 |
+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_PERMS variable. |
75 |
: ${ACCT_USER_HOME_PERMS:=0755} |
76 |
|
77 |
# @ECLASS-VARIABLE: ACCT_USER_GROUPS |
78 |
@@ -110,6 +116,12 @@ readonly ACCT_USER_NAME |
79 |
# List of groups the user should belong to. This must be a bash |
80 |
# array. The first group specified is the user's primary group, while |
81 |
# the remaining groups (if any) become supplementary groups. |
82 |
+# |
83 |
+# This can be overriden in make.conf through |
84 |
+# ACCT_USER_<UPPERCASE_USERNAME>_GROUPS variable, or appended to |
85 |
+# via ACCT_USER_<UPPERCASE_USERNAME>_GROUPS_ADD. Please note that |
86 |
+# due to technical limitations, the override variables are not arrays |
87 |
+# but space-separated lists. |
88 |
|
89 |
|
90 |
# << Boilerplate ebuild variables >> |
91 |
@@ -316,23 +328,48 @@ acct-user_pkg_pretend() { |
92 |
acct-user_src_install() { |
93 |
debug-print-function ${FUNCNAME} "${@}" |
94 |
|
95 |
- if [[ ${ACCT_USER_HOME} != /dev/null ]]; then |
96 |
+ # serialize for override support |
97 |
+ local ACCT_USER_GROUPS=${ACCT_USER_GROUPS[*]} |
98 |
+ |
99 |
+ # support make.conf overrides |
100 |
+ local override_name=${ACCT_USER_NAME^^} |
101 |
+ override_name=${override_name//-/_} |
102 |
+ local var |
103 |
+ for var in ACCT_USER_{SHELL,HOME{,_OWNER,_PERMS},GROUPS}; do |
104 |
+ local var_name=ACCT_USER_${override_name}_${var#ACCT_USER_} |
105 |
+ if [[ -n ${!var_name} ]]; then |
106 |
+ ewarn "${var_name}=${!var_name} override in effect, support will not be provided." |
107 |
+ else |
108 |
+ var_name=${var} |
109 |
+ fi |
110 |
+ declare -g "_${var}=${!var_name}" |
111 |
+ done |
112 |
+ var_name=ACCT_USER_${override_name}_GROUPS_ADD |
113 |
+ if [[ -n ${!var_name} ]]; then |
114 |
+ ewarn "${var_name}=${!var_name} override in effect, support will not be provided." |
115 |
+ _ACCT_USER_GROUPS+=" ${!var_name}" |
116 |
+ fi |
117 |
+ |
118 |
+ # deserialize into an array |
119 |
+ local groups=( ${_ACCT_USER_GROUPS} ) |
120 |
+ |
121 |
+ if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then |
122 |
# note: we can't set permissions here since the user isn't |
123 |
# created yet |
124 |
- keepdir "${ACCT_USER_HOME}" |
125 |
+ keepdir "${_ACCT_USER_HOME}" |
126 |
fi |
127 |
|
128 |
insinto /usr/lib/sysusers.d |
129 |
newins - ${CATEGORY}-${ACCT_USER_NAME}.conf < <( |
130 |
printf "u\t%q\t%q\t%q\t%q\t%q\n" \ |
131 |
"${ACCT_USER_NAME}" \ |
132 |
- "${ACCT_USER_ID/#-*/-}:${ACCT_USER_GROUPS[0]}" \ |
133 |
+ "${ACCT_USER_ID/#-*/-}:${groups[0]}" \ |
134 |
"${DESCRIPTION//[:,=]/;}" \ |
135 |
- "${ACCT_USER_HOME}" \ |
136 |
- "${ACCT_USER_SHELL/#-*/-}" |
137 |
- if [[ ${#ACCT_USER_GROUPS[@]} -gt 1 ]]; then |
138 |
+ "${_ACCT_USER_HOME}" \ |
139 |
+ "${_ACCT_USER_SHELL/#-*/-}" |
140 |
+ if [[ ${#groups[@]} -gt 1 ]]; then |
141 |
printf "m\t${ACCT_USER_NAME}\t%q\n" \ |
142 |
- "${ACCT_USER_GROUPS[@]:1}" |
143 |
+ "${groups[@]:1}" |
144 |
fi |
145 |
) |
146 |
} |
147 |
@@ -344,26 +381,26 @@ acct-user_src_install() { |
148 |
acct-user_pkg_preinst() { |
149 |
debug-print-function ${FUNCNAME} "${@}" |
150 |
|
151 |
- local groups=${ACCT_USER_GROUPS[*]} |
152 |
enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \ |
153 |
- "${ACCT_USER_ID}" "${ACCT_USER_SHELL}" "${ACCT_USER_HOME}" \ |
154 |
- "${groups// /,}" |
155 |
+ "${ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \ |
156 |
+ "${_ACCT_USER_GROUPS// /,}" |
157 |
|
158 |
- if [[ ${ACCT_USER_HOME} != /dev/null ]]; then |
159 |
+ if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then |
160 |
# default ownership to user:group |
161 |
- if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then |
162 |
- ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${ACCT_USER_GROUPS[0]} |
163 |
+ if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then |
164 |
+ local group_array=( ${_ACCT_USER_GROUPS} ) |
165 |
+ _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]} |
166 |
fi |
167 |
# Path might be missing due to INSTALL_MASK, etc. |
168 |
# https://bugs.gentoo.org/691478 |
169 |
- if [[ ! -e "${ED}/${ACCT_USER_HOME#/}" ]]; then |
170 |
+ if [[ ! -e "${ED}/${_ACCT_USER_HOME#/}" ]]; then |
171 |
eerror "Home directory is missing from the installation image:" |
172 |
- eerror " ${ACCT_USER_HOME}" |
173 |
+ eerror " ${_ACCT_USER_HOME}" |
174 |
eerror "Check INSTALL_MASK for entries that would cause this." |
175 |
- die "${ACCT_USER_HOME} does not exist" |
176 |
+ die "${_ACCT_USER_HOME} does not exist" |
177 |
fi |
178 |
- fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}" |
179 |
- fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}" |
180 |
+ fowners "${_ACCT_USER_HOME_OWNER}" "${_ACCT_USER_HOME}" |
181 |
+ fperms "${_ACCT_USER_HOME_PERMS}" "${_ACCT_USER_HOME}" |
182 |
fi |
183 |
} |
184 |
|
185 |
@@ -380,10 +417,9 @@ acct-user_pkg_postinst() { |
186 |
fi |
187 |
|
188 |
# NB: eset* functions check current value |
189 |
- esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}" |
190 |
- esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}" |
191 |
- local groups=${ACCT_USER_GROUPS[*]} |
192 |
- esetgroups "${ACCT_USER_NAME}" "${groups// /,}" |
193 |
+ esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}" |
194 |
+ esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}" |
195 |
+ esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}" |
196 |
# comment field can not contain colons |
197 |
esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}" |
198 |
eunlockuser "${ACCT_USER_NAME}" |