Replies: 4 comments
-
Didn't look through this all just now, but a couple of quick notes:
|
Beta Was this translation helpful? Give feedback.
-
I did just that in this fedora-devel post from June: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/message/NEFOV236FJYS2RED2SEOV5YHDFLDX7DK/ It doesn't talk anything about shadow-utils and such tooling dependencies because for all practical purposes there are none. You just don't need to care.
Just point |
Beta Was this translation helpful? Give feedback.
-
Oh and of course, it is all very very different from what user/group handling in rpm has traditionally been. You need to just unlearn that all 😄 The key difference really is that with the sysuser integration, the rpm running the transaction is what does the work and contains any tooling dependencies, whereas in the traditional model it's the packageset being installed that get to do the work. So instead of adding more shadow-utils deps and the like, you instead get to remove those deps from the packages. And, like said, you can now have arbitrary users starting from the very first package being installed because the user/group tooling doesn't need to be bootstrapped first in that environment. |
Beta Was this translation helpful? Give feedback.
-
(moved to discussions as this is more like a pile of questions than an issue) |
Beta Was this translation helpful? Give feedback.
-
Please correct me if I got something wrong. My understanding is the following:
Provides: user(foo) = <hash>
andProvides: group(foo) = <hash>
(??, see below) for packages which have sysusers.d filesRequires: {user,group}(foo)
orRecommends: {user,group}(foo)
for packages which carry files owned by user or groupfoo
(depending on%_use_weak_usergroup_deps
)/usr/lib/rpm/sysusers.sh
and will invoke it when installing packages which have the appropriate Provides.sysusers.sh
is in bash (provided bybash.rpm
) and callsuseradd
,groupadd
,usermod
,groupmod
(provided byshadow-utils.rpm
),touch
,cut
,mkdir
(provided bycoreutils.rpm
), andgrep
(provided bygrep.rpm
).rpm.rpm
declares dependency onbash
andcoreutils
, but notgrep
orshadow-utils
sysusers.sh
implementsu
,g
, andm
, but notr
sysusers.sh
knows about/usr/lib/sysusers.d
,/run/sysusers.d
, and/etc/sysusers.d
, but not about/usr/local/lib/sysusers.d
.sysusers.sh
also doesn't know about specifiersThe lack of dependencies seems to be a problem. A package may have
Requires: user(foo)
, which will pull in some package that hasProvides: user(foo)
, but this is not enough. Something else needs to pull in bothrpm
andshadow-utils
andgrep
.Those tool dependencies are a problem:
rpm
is a very big dependency. It is strange to install it in images just to create users. Maybe it should be split out torpm-sysusers-impl
(name TBD), so it can be installed without the rest of the stack? Also, that package should probably get dependencies on the appropriate tools.Packages which are supposed to provide a user should get a Requires or Recommends dependency on the implementing tool (depending on
%_use_weak_usergroup_deps
).I understand the decision to move away from
systemd-sysusers
as the implementation, but it would be great if it was still allowed as an option. In fact, systemd provides two implementations: one insystemd.rpm
and the second one insystemd-standalone-sysusers
. The latter has dependencies only onglibc
,libcap
,libgcc
,libselinux
, andlibgcrypt
, and is much smaller thanshadow-utils
.For example, packages that have
Provides: {user,group}(…)
, could have a dependency onrpm-sysusers-impl | systemd-sysusers
, andrpm
should attempt to call bothsystemd-sysusers
andsysusers.sh
.Please explain how this is all supposed to be integrated by a distro…
I was testing this with
dbus
package, and I noticed the following:dbus-common
hasProvides: user(dbus) = dSBkYnVzIDgxICJTeXN0ZW0gTWVzc2FnZSBCdXMiIC0gLQAA
butProvides: group(dbus)
, with no= …
. Looking at the code, this provides will be ignored. Is this intentional?sudo dnf5 install --use-host-config --installroot=/var/tmp/inst5 noarch/dbus-common-1.14.10-1.fc40.noarch.rpm
I get no dbus in/var/tmp/inst5/etc/{group,passwd}
. I tried installingrpm
,grep
,shadow-utils
and part of the same transaction, or in an earlier transaction, and the result is the same./cc @DaanDeMeyer
Beta Was this translation helpful? Give feedback.
All reactions