[gentoo-dev] [PATCH] acct-user.eclass: Support var overrides for user properties - gentoo-dev

From:	"Michał Górny" <mgorny@g.o>
To:	gentoo-dev@l.g.o
Cc:	"Michał Górny" <mgorny@g.o>
Subject:	[gentoo-dev] [PATCH] acct-user.eclass: Support var overrides for user properties
Date:	Mon, 04 Jan 2021 17:08:10
Message-Id:	`20210104170802.978090-1-mgorny@gentoo.org`

1

Introduce a few variables to allow easy overrides of common user account

2

proprerties, that is:

3

4

- ACCT_USER_<username>_SHELL

5

- ACCT_USER_<username>_HOME

6

- ACCT_USER_<username>_HOME_OWNER

7

- ACCT_USER_<username>_HOME_PERMS

8

- ACCT_USER_<username>_GROUPS

9

- ACCT_USER_<username>_GROUPS_ADD

10

11

The first five variables override the respective ACCT_USER_* variables,

12

with ACCT_USER_*_GROUPS being a space-separated list.  The *_GROUPS_ADD

13

variable appends to groups present in the ebuild, as this seems a common

14

necessity.

15

16

We do realize that the original requirement of overriding ebuilds

17

in a local repository was inconvenient.  This new logic should permit

18

easy updates via make.conf.  Additionally, it has the advantage

19

of clearly reporting the changes made in the build logs.

20

21

This does not preclude other solutions to the problem.  However, this

22

is probably the best one and it should become the current

23

recommendation.

24

25

Signed-off-by: Michał Górny <mgorny@g.o>

26

---

27

 eclass/acct-user.eclass | 84 +++++++++++++++++++++++++++++------------

28

 1 file changed, 60 insertions(+), 24 deletions(-)

29

30

diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass

31

index 22b0038fbff7..5c55b8092c69 100644

32

--- a/eclass/acct-user.eclass

33

+++ b/eclass/acct-user.eclass

34

@@ -82,7 +82,8 @@ readonly ACCT_USER_NAME

35

 # @ECLASS-VARIABLE: ACCT_USER_SHELL

36

 # @DESCRIPTION:

37

 # The shell to use for the user.  If not specified, a 'nologin' variant

38

-# for the system is used.

39

+# for the system is used.  This can be overriden in make.conf through

40

+# ACCT_USER_<UPPERCASE_USERNAME>_SHELL variable.

41

 : ${ACCT_USER_SHELL:=-1}

42

43

 # @ECLASS-VARIABLE: ACCT_USER_HOME

44

@@ -90,6 +91,8 @@ readonly ACCT_USER_NAME

45

 # The home directory for the user.  If not specified, /dev/null is used.

46

 # The directory will be created with appropriate permissions if it does

47

 # not exist.  When updating, existing home directory will not be moved.

48

+# This can be overriden in make.conf through

49

+# ACCT_USER_<UPPERCASE_USERNAME>_HOME variable.

50

 : ${ACCT_USER_HOME:=/dev/null}

51

52

 # @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER

53

@@ -97,11 +100,14 @@ readonly ACCT_USER_NAME

54

 # @DESCRIPTION:

55

 # The ownership to use for the home directory, in chown ([user][:group])

56

 # syntax.  Defaults to the newly created user, and its primary group.

57

+# This can be overriden in make.conf through

58

+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_OWNER variable.

59

60

 # @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS

61

 # @DESCRIPTION:

62

 # The permissions to use for the home directory, in chmod (octal

63

-# or verbose) form.

64

+# or verbose) form.  This can be overriden in make.conf through

65

+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_PERMS variable.

66

 : ${ACCT_USER_HOME_PERMS:=0755}

67

68

 # @ECLASS-VARIABLE: ACCT_USER_GROUPS

69

@@ -110,6 +116,12 @@ readonly ACCT_USER_NAME

70

 # List of groups the user should belong to.  This must be a bash

71

 # array.  The first group specified is the user's primary group, while

72

 # the remaining groups (if any) become supplementary groups.

73

+#

74

+# This can be overriden in make.conf through

75

+# ACCT_USER_<UPPERCASE_USERNAME>_GROUPS variable, or appended to

76

+# via ACCT_USER_<UPPERCASE_USERNAME>_GROUPS_ADD.  Please note that

77

+# due to technical limitations, the override variables are not arrays

78

+# but space-separated lists.

79

80

81

 # << Boilerplate ebuild variables >>

82

@@ -316,23 +328,48 @@ acct-user_pkg_pretend() {

83

 acct-user_src_install() {

84

 	debug-print-function ${FUNCNAME} "${@}"

85

86

-	if [[ ${ACCT_USER_HOME} != /dev/null ]]; then

87

+	# serialize for override support

88

+	local ACCT_USER_GROUPS=${ACCT_USER_GROUPS[*]}

89

+

90

+	# support make.conf overrides

91

+	local override_name=${ACCT_USER_NAME^^}

92

+	override_name=${override_name//-/_}

93

+	local var

94

+	for var in ACCT_USER_{SHELL,HOME{,_OWNER,_PERMS},GROUPS}; do

95

+		local var_name=ACCT_USER_${override_name}_${var#ACCT_USER_}

96

+		if [[ -n ${!var_name} ]]; then

97

+			ewarn "${var_name}=${!var_name} override in effect, support will not be provided."

98

+		else

99

+			var_name=${var}

100

+		fi

101

+		declare -g "_${var}=${!var_name}"

102

+	done

103

+	var_name=ACCT_USER_${override_name}_GROUPS_ADD

104

+	if [[ -n ${!var_name} ]]; then

105

+		ewarn "${var_name}=${!var_name} override in effect, support will not be provided."

106

+		_ACCT_USER_GROUPS+=" ${!var_name}"

107

+	fi

108

+

109

+	# deserialize into an array

110

+	local groups=( ${_ACCT_USER_GROUPS} )

111

+

112

+	if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then

113

 		# note: we can't set permissions here since the user isn't

114

 		# created yet

115

-		keepdir "${ACCT_USER_HOME}"

116

+		keepdir "${_ACCT_USER_HOME}"

117

fi

118

119

 	insinto /usr/lib/sysusers.d

120

 	newins - ${CATEGORY}-${ACCT_USER_NAME}.conf < <(

121

 		printf "u\t%q\t%q\t%q\t%q\t%q\n" \

122

 			"${ACCT_USER_NAME}" \

123

-			"${ACCT_USER_ID/#-*/-}:${ACCT_USER_GROUPS[0]}" \

124

+			"${ACCT_USER_ID/#-*/-}:${groups[0]}" \

125

 			"${DESCRIPTION//[:,=]/;}" \

126

-			"${ACCT_USER_HOME}" \

127

-			"${ACCT_USER_SHELL/#-*/-}"

128

-		if [[ ${#ACCT_USER_GROUPS[@]} -gt 1 ]]; then

129

+			"${_ACCT_USER_HOME}" \

130

+			"${_ACCT_USER_SHELL/#-*/-}"

131

+		if [[ ${#groups[@]} -gt 1 ]]; then

132

 			printf "m\t${ACCT_USER_NAME}\t%q\n" \

133

-				"${ACCT_USER_GROUPS[@]:1}"

134

+				"${groups[@]:1}"

135

fi

136

)

137

}

138

@@ -344,26 +381,26 @@ acct-user_src_install() {

139

 acct-user_pkg_preinst() {

140

 	debug-print-function ${FUNCNAME} "${@}"

141

142

-	local groups=${ACCT_USER_GROUPS[*]}

143

 	enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \

144

-		"${ACCT_USER_ID}" "${ACCT_USER_SHELL}" "${ACCT_USER_HOME}" \

145

-		"${groups// /,}"

146

+		"${ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \

147

+		"${_ACCT_USER_GROUPS// /,}"

148

149

-	if [[ ${ACCT_USER_HOME} != /dev/null ]]; then

150

+	if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then

151

 		# default ownership to user:group

152

-		if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then

153

-			ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${ACCT_USER_GROUPS[0]}

154

+		if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then

155

+			local group_array=( ${_ACCT_USER_GROUPS} )

156

+			_ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]}

157

fi

158

 		# Path might be missing due to INSTALL_MASK, etc.

159

 		# https://bugs.gentoo.org/691478

160

-		if [[ ! -e "${ED}/${ACCT_USER_HOME#/}" ]]; then

161

+		if [[ ! -e "${ED}/${_ACCT_USER_HOME#/}" ]]; then

162

 			eerror "Home directory is missing from the installation image:"

163

-			eerror "  ${ACCT_USER_HOME}"

164

+			eerror "  ${_ACCT_USER_HOME}"

165

 			eerror "Check INSTALL_MASK for entries that would cause this."

166

-			die "${ACCT_USER_HOME} does not exist"

167

+			die "${_ACCT_USER_HOME} does not exist"

168

fi

169

-		fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}"

170

-		fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}"

171

+		fowners "${_ACCT_USER_HOME_OWNER}" "${_ACCT_USER_HOME}"

172

+		fperms "${_ACCT_USER_HOME_PERMS}" "${_ACCT_USER_HOME}"

173

fi

174

}

175

176

@@ -380,10 +417,9 @@ acct-user_pkg_postinst() {

177

fi

178

179

 	# NB: eset* functions check current value

180

-	esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"

181

-	esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"

182

-	local groups=${ACCT_USER_GROUPS[*]}

183

-	esetgroups "${ACCT_USER_NAME}" "${groups// /,}"

184

+	esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}"

185

+	esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}"

186

+	esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}"

187

 	# comment field can not contain colons

188

 	esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}"

189

 	eunlockuser "${ACCT_USER_NAME}"

190

--

191

2.30.0

Subject	Author
Re: [gentoo-dev] [PATCH] acct-user.eclass: Support var overrides for user properties	Thomas Deutschmann <whissi@g.o>
Re: [gentoo-dev] [PATCH] acct-user.eclass: Support var overrides for user properties	Patrick McLean <chutzpah@g.o>

Gentoo Archives: gentoo-dev

Replies

1	Introduce a few variables to allow easy overrides of common user account
2	proprerties, that is:
3
4	- ACCT_USER_<username>_SHELL
5	- ACCT_USER_<username>_HOME
6	- ACCT_USER_<username>_HOME_OWNER
7	- ACCT_USER_<username>_HOME_PERMS
8	- ACCT_USER_<username>_GROUPS
9	- ACCT_USER_<username>_GROUPS_ADD
10
11	The first five variables override the respective ACCT_USER_* variables,
12	with ACCT_USER__GROUPS being a space-separated list. The _GROUPS_ADD
13	variable appends to groups present in the ebuild, as this seems a common
14	necessity.
15
16	We do realize that the original requirement of overriding ebuilds
17	in a local repository was inconvenient. This new logic should permit
18	easy updates via make.conf. Additionally, it has the advantage
19	of clearly reporting the changes made in the build logs.
20
21	This does not preclude other solutions to the problem. However, this
22	is probably the best one and it should become the current
23	recommendation.
24
25	Signed-off-by: Michał Górny <mgorny@g.o>
26	---
27	eclass/acct-user.eclass \| 84 +++++++++++++++++++++++++++++------------
28	1 file changed, 60 insertions(+), 24 deletions(-)
29
30	diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
31	index 22b0038fbff7..5c55b8092c69 100644
32	--- a/eclass/acct-user.eclass
33	+++ b/eclass/acct-user.eclass
34	@@ -82,7 +82,8 @@ readonly ACCT_USER_NAME
35	# @ECLASS-VARIABLE: ACCT_USER_SHELL
36	# @DESCRIPTION:
37	# The shell to use for the user. If not specified, a 'nologin' variant
38	-# for the system is used.
39	+# for the system is used. This can be overriden in make.conf through
40	+# ACCT_USER_<UPPERCASE_USERNAME>_SHELL variable.
41	: ${ACCT_USER_SHELL:=-1}
42
43	# @ECLASS-VARIABLE: ACCT_USER_HOME
44	@@ -90,6 +91,8 @@ readonly ACCT_USER_NAME
45	# The home directory for the user. If not specified, /dev/null is used.
46	# The directory will be created with appropriate permissions if it does
47	# not exist. When updating, existing home directory will not be moved.
48	+# This can be overriden in make.conf through
49	+# ACCT_USER_<UPPERCASE_USERNAME>_HOME variable.
50	: ${ACCT_USER_HOME:=/dev/null}
51
52	# @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER
53	@@ -97,11 +100,14 @@ readonly ACCT_USER_NAME
54	# @DESCRIPTION:
55	# The ownership to use for the home directory, in chown ([user][:group])
56	# syntax. Defaults to the newly created user, and its primary group.
57	+# This can be overriden in make.conf through
58	+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_OWNER variable.
59
60	# @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS
61	# @DESCRIPTION:
62	# The permissions to use for the home directory, in chmod (octal
63	-# or verbose) form.
64	+# or verbose) form. This can be overriden in make.conf through
65	+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_PERMS variable.
66	: ${ACCT_USER_HOME_PERMS:=0755}
67
68	# @ECLASS-VARIABLE: ACCT_USER_GROUPS
69	@@ -110,6 +116,12 @@ readonly ACCT_USER_NAME
70	# List of groups the user should belong to. This must be a bash
71	# array. The first group specified is the user's primary group, while
72	# the remaining groups (if any) become supplementary groups.
73	+#
74	+# This can be overriden in make.conf through
75	+# ACCT_USER_<UPPERCASE_USERNAME>_GROUPS variable, or appended to
76	+# via ACCT_USER_<UPPERCASE_USERNAME>_GROUPS_ADD. Please note that
77	+# due to technical limitations, the override variables are not arrays
78	+# but space-separated lists.
79
80
81	# << Boilerplate ebuild variables >>
82	@@ -316,23 +328,48 @@ acct-user_pkg_pretend() {
83	acct-user_src_install() {
84	debug-print-function ${FUNCNAME} "${@}"
85
86	- if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
87	+ # serialize for override support
88	+ local ACCT_USER_GROUPS=${ACCT_USER_GROUPS[*]}
89	+
90	+ # support make.conf overrides
91	+ local override_name=${ACCT_USER_NAME^^}
92	+ override_name=${override_name//-/_}
93	+ local var
94	+ for var in ACCT_USER_{SHELL,HOME{,_OWNER,_PERMS},GROUPS}; do
95	+ local var_name=ACCT_USER_${override_name}_${var#ACCT_USER_}
96	+ if [[ -n ${!var_name} ]]; then
97	+ ewarn "${var_name}=${!var_name} override in effect, support will not be provided."
98	+ else
99	+ var_name=${var}
100	+ fi
101	+ declare -g "_${var}=${!var_name}"
102	+ done
103	+ var_name=ACCT_USER_${override_name}_GROUPS_ADD
104	+ if [[ -n ${!var_name} ]]; then
105	+ ewarn "${var_name}=${!var_name} override in effect, support will not be provided."
106	+ _ACCT_USER_GROUPS+=" ${!var_name}"
107	+ fi
108	+
109	+ # deserialize into an array
110	+ local groups=( ${_ACCT_USER_GROUPS} )
111	+
112	+ if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then
113	# note: we can't set permissions here since the user isn't
114	# created yet
115	- keepdir "${ACCT_USER_HOME}"
116	+ keepdir "${_ACCT_USER_HOME}"
117	fi
118
119	insinto /usr/lib/sysusers.d
120	newins - ${CATEGORY}-${ACCT_USER_NAME}.conf < <(
121	printf "u\t%q\t%q\t%q\t%q\t%q\n" \
122	"${ACCT_USER_NAME}" \
123	- "${ACCT_USER_ID/#-*/-}:${ACCT_USER_GROUPS[0]}" \
124	+ "${ACCT_USER_ID/#-*/-}:${groups[0]}" \
125	"${DESCRIPTION//[:,=]/;}" \
126	- "${ACCT_USER_HOME}" \
127	- "${ACCT_USER_SHELL/#-*/-}"
128	- if [[ ${#ACCT_USER_GROUPS[@]} -gt 1 ]]; then
129	+ "${_ACCT_USER_HOME}" \
130	+ "${_ACCT_USER_SHELL/#-*/-}"
131	+ if [[ ${#groups[@]} -gt 1 ]]; then
132	printf "m\t${ACCT_USER_NAME}\t%q\n" \
133	- "${ACCT_USER_GROUPS[@]:1}"
134	+ "${groups[@]:1}"
135	fi
136	)
137	}
138	@@ -344,26 +381,26 @@ acct-user_src_install() {
139	acct-user_pkg_preinst() {
140	debug-print-function ${FUNCNAME} "${@}"
141
142	- local groups=${ACCT_USER_GROUPS[*]}
143	enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \
144	- "${ACCT_USER_ID}" "${ACCT_USER_SHELL}" "${ACCT_USER_HOME}" \
145	- "${groups// /,}"
146	+ "${ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \
147	+ "${_ACCT_USER_GROUPS// /,}"
148
149	- if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
150	+ if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then
151	# default ownership to user:group
152	- if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then
153	- ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${ACCT_USER_GROUPS[0]}
154	+ if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then
155	+ local group_array=( ${_ACCT_USER_GROUPS} )
156	+ _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]}
157	fi
158	# Path might be missing due to INSTALL_MASK, etc.
159	# https://bugs.gentoo.org/691478
160	- if [[ ! -e "${ED}/${ACCT_USER_HOME#/}" ]]; then
161	+ if [[ ! -e "${ED}/${_ACCT_USER_HOME#/}" ]]; then
162	eerror "Home directory is missing from the installation image:"
163	- eerror " ${ACCT_USER_HOME}"
164	+ eerror " ${_ACCT_USER_HOME}"
165	eerror "Check INSTALL_MASK for entries that would cause this."
166	- die "${ACCT_USER_HOME} does not exist"
167	+ die "${_ACCT_USER_HOME} does not exist"
168	fi
169	- fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}"
170	- fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}"
171	+ fowners "${_ACCT_USER_HOME_OWNER}" "${_ACCT_USER_HOME}"
172	+ fperms "${_ACCT_USER_HOME_PERMS}" "${_ACCT_USER_HOME}"
173	fi
174	}
175
176	@@ -380,10 +417,9 @@ acct-user_pkg_postinst() {
177	fi
178
179	# NB: eset* functions check current value
180	- esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"
181	- esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"
182	- local groups=${ACCT_USER_GROUPS[*]}
183	- esetgroups "${ACCT_USER_NAME}" "${groups// /,}"
184	+ esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}"
185	+ esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}"
186	+ esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}"
187	# comment field can not contain colons
188	esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}"
189	eunlockuser "${ACCT_USER_NAME}"
190	--
191	2.30.0