1 |
On Thu, 30 May 2019 14:50:30 +0200 |
2 |
Michał Górny <mgorny@g.o> wrote: |
3 |
|
4 |
> Please review the following patches, implementing the user/group package |
5 |
> concept. The patches incorporate some of the feedback to the proposed |
6 |
> GLEP, and I'd like to get them reviewed before I submit the next GLEP |
7 |
> update. They are based on earlier work by mjo. |
8 |
|
9 |
I like the idea and the changes look good. I gather this doesn't |
10 |
address the ROOT problem. That's fine, it wasn't one of the stated |
11 |
goals, I just want to keep it in mind. I still stand by what I said in |
12 |
https://bugs.gentoo.org/541406#c2. |
13 |
|
14 |
The various tools such as useradd do have a -R option to specify a |
15 |
root directory but this performs an actual chroot, making it useless |
16 |
for non-native environments. Even if this somehow worked or if it |
17 |
were run through QEMU, it would still not be sufficient because |
18 |
Portage needs to know about these users and groups from the |
19 |
perspective of the build system. |
20 |
|
21 |
I believe what is needed is some way to intelligently sync the |
22 |
accounts between / and ROOT. If a user or group already exists in / |
23 |
then use the same ID in ROOT. If it doesn't already exist then create |
24 |
it in / first, ensuring that the new ID doesn't clash with one |
25 |
already in ROOT. If there is an unresolvable ID clash then error out. |
26 |
|
27 |
If we're looking to keep all UIDs/GIDs fixed going forwards then |
28 |
clashes obviously become less of an issue. Since writing the above, |
29 |
I've become aware that you can bind mount individual files such |
30 |
as /etc/passwd and there are also new tricks like user namespacing. We |
31 |
could probably come up with something workable but this hasn't reached |
32 |
the top of my pile. |
33 |
|
34 |
-- |
35 |
James Le Cuirot (chewi) |
36 |
Gentoo Linux Developer |