| 1 |
On 12/14/15 12:06 AM, Robin H. Johnson wrote: |
| 2 |
> On Mon, Dec 14, 2015 at 07:49:42AM +0300, Alexey Shvetsov wrote: |
| 3 |
>> Hi! |
| 4 |
>> |
| 5 |
>> Ok. Since there is GLEP27 we should make it reality. To do so i think we |
| 6 |
>> should |
| 7 |
>> 1. Have some list of system uid/gid (on wiki for example). Also we need |
| 8 |
>> to agree on uid/gid numbers for services |
| 9 |
> This database was already started, prior to GLEP27. |
| 10 |
> In CVS, you want gentoo-src/eid_database/ |
| 11 |
> |
| 12 |
>> 2. Add uid/gid from list to existing ebuilds |
| 13 |
> |
| 14 |
>> 3. Make a repoman (or may be eclass) check, that will no allow to commit |
| 15 |
>> ebuilds with enewuser enewgroup calls with undefined uids |
| 16 |
> I think in the original discussion, there were concerns that there were |
| 17 |
> cases where this was going to be valid. I think this check needs to come |
| 18 |
> later, after we rule those out. It should however start to warn about |
| 19 |
> them ASAP. |
| 20 |
> |
| 21 |
>> 4. Make some script or howto to migrate to determenistic uids/gids from |
| 22 |
> Much of the work was implemented for GSOC2006, "Creandus" by |
| 23 |
> developer pioto. |
| 24 |
> |
| 25 |
> Cardoe did more work on it later on. |
| 26 |
> |
| 27 |
|
| 28 |
I'll try to find what I did but at one point I had the database of |
| 29 |
uid/gid updated to include everything in the tree. I had some patches |
| 30 |
for enewuser/enewgroup to not allow them to do anything unless the ids |
| 31 |
were in the database. |
| 32 |
|
| 33 |
Sadly, its been a long long time. But I still would love to see this |
| 34 |
happen. There just wasn't much interest from everyone in making this happen. |
| 35 |
|
| 36 |
-- |
| 37 |
Doug Goldstein |
Archives