1 |
On 12/14/15 12:06 AM, Robin H. Johnson wrote: |
2 |
> On Mon, Dec 14, 2015 at 07:49:42AM +0300, Alexey Shvetsov wrote: |
3 |
>> Hi! |
4 |
>> |
5 |
>> Ok. Since there is GLEP27 we should make it reality. To do so i think we |
6 |
>> should |
7 |
>> 1. Have some list of system uid/gid (on wiki for example). Also we need |
8 |
>> to agree on uid/gid numbers for services |
9 |
> This database was already started, prior to GLEP27. |
10 |
> In CVS, you want gentoo-src/eid_database/ |
11 |
> |
12 |
>> 2. Add uid/gid from list to existing ebuilds |
13 |
> |
14 |
>> 3. Make a repoman (or may be eclass) check, that will no allow to commit |
15 |
>> ebuilds with enewuser enewgroup calls with undefined uids |
16 |
> I think in the original discussion, there were concerns that there were |
17 |
> cases where this was going to be valid. I think this check needs to come |
18 |
> later, after we rule those out. It should however start to warn about |
19 |
> them ASAP. |
20 |
> |
21 |
>> 4. Make some script or howto to migrate to determenistic uids/gids from |
22 |
> Much of the work was implemented for GSOC2006, "Creandus" by |
23 |
> developer pioto. |
24 |
> |
25 |
> Cardoe did more work on it later on. |
26 |
> |
27 |
|
28 |
I'll try to find what I did but at one point I had the database of |
29 |
uid/gid updated to include everything in the tree. I had some patches |
30 |
for enewuser/enewgroup to not allow them to do anything unless the ids |
31 |
were in the database. |
32 |
|
33 |
Sadly, its been a long long time. But I still would love to see this |
34 |
happen. There just wasn't much interest from everyone in making this happen. |
35 |
|
36 |
-- |
37 |
Doug Goldstein |