| 1 |
On Thu, 30 May 2019 14:50:30 +0200 |
| 2 |
Michał Górny <mgorny@g.o> wrote: |
| 3 |
|
| 4 |
> Please review the following patches, implementing the user/group package |
| 5 |
> concept. The patches incorporate some of the feedback to the proposed |
| 6 |
> GLEP, and I'd like to get them reviewed before I submit the next GLEP |
| 7 |
> update. They are based on earlier work by mjo. |
| 8 |
|
| 9 |
I like the idea and the changes look good. I gather this doesn't |
| 10 |
address the ROOT problem. That's fine, it wasn't one of the stated |
| 11 |
goals, I just want to keep it in mind. I still stand by what I said in |
| 12 |
https://bugs.gentoo.org/541406#c2. |
| 13 |
|
| 14 |
The various tools such as useradd do have a -R option to specify a |
| 15 |
root directory but this performs an actual chroot, making it useless |
| 16 |
for non-native environments. Even if this somehow worked or if it |
| 17 |
were run through QEMU, it would still not be sufficient because |
| 18 |
Portage needs to know about these users and groups from the |
| 19 |
perspective of the build system. |
| 20 |
|
| 21 |
I believe what is needed is some way to intelligently sync the |
| 22 |
accounts between / and ROOT. If a user or group already exists in / |
| 23 |
then use the same ID in ROOT. If it doesn't already exist then create |
| 24 |
it in / first, ensuring that the new ID doesn't clash with one |
| 25 |
already in ROOT. If there is an unresolvable ID clash then error out. |
| 26 |
|
| 27 |
If we're looking to keep all UIDs/GIDs fixed going forwards then |
| 28 |
clashes obviously become less of an issue. Since writing the above, |
| 29 |
I've become aware that you can bind mount individual files such |
| 30 |
as /etc/passwd and there are also new tricks like user namespacing. We |
| 31 |
could probably come up with something workable but this hasn't reached |
| 32 |
the top of my pile. |
| 33 |
|
| 34 |
-- |
| 35 |
James Le Cuirot (chewi) |
| 36 |
Gentoo Linux Developer |
Archives