sys-user.eclass: hide stderr for "id" calls.
[mjo-overlay.git] / eclass / sys-user.eclass
1 # Copyright 1999-2017 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3
4 # @ECLASS: sys-user.eclass
5 # @MAINTAINER:
6 # Michael Orlitzky <mjo@gentoo.org>
7 # @BLURB: handle installation and removal of system users.
8 # @DESCRIPTION:
9 # This eclass does most of the work for the sys-user/ packages that
10 # supply system user accounts.
11
12 # Needed for egetshell and egethome.
13 inherit user
14
15 EXPORT_FUNCTIONS pkg_pretend src_unpack src_configure src_compile src_install src_test pkg_preinst pkg_prerm
16
17 : ${HOMEPAGE:="https://wiki.gentoo.org/wiki/User:Mjo/GLEP:User_packages"}
18 : ${DESCRIPTION:="The ${PN} system user"}
19 : ${LICENSE="GPL-2"}
20
21 # If you want a different username, use a different package name. This
22 # prevents different people from claiming the same username.
23 SYS_USER_NAME="${PN}"
24
25 # @ECLASS-VARIABLE: SYS_USER_GROUPS
26 # @DESCRIPTION:
27 # A space-separated list of groups that the user will belong to.
28 # Dependencies on the appropriate sys-group packages are generated
29 # automatically.
30 : ${SYS_USER_GROUPS:=${PN}}
31
32 # @ECLASS-VARIABLE: SYS_USER_UID
33 # @REQUIRED
34 # @DESCRIPTION:
35 # This should be set to the "fixed" UID that your user should have.
36 # We may have to fall back to an arbitrary UID, but you still need
37 # to specify a real, valid UID here. At the very least because our
38 # SLOT variable needs it.
39 [[ -z "${SYS_USER_UID}" ]] && die "SYS_USER_UID must be set"
40
41 # @ECLASS-VARIABLE: SYS_USER_UID_IMPORTANT
42 # @REQUIRED
43 # @DESCRIPTION:
44 # Set to "true" if you want to die() if you don't get your desired UID.
45 : ${SYS_USER_UID_IMPORTANT:=false}
46
47 # In many cases, if the UID of a user changes, packages depending on it
48 # will want to rebuild. We always use SLOT=0, because you can't install
49 # the same user twice. Then we use the UID as our subslot so that
50 # subslot deps can be used to rebuild packages when our UID changes.
51 SLOT="0/${SYS_USER_UID}"
52
53 # @ECLASS-VARIABLE: SYS_USER_HOME
54 # @DESCRIPTION:
55 # etc.
56 : ${SYS_USER_HOME:=/home/${SYS_USER_NAME}}
57
58 # @ECLASS-VARIABLE: SYS_USER_SHELL
59 # @DESCRIPTION:
60 # etc.
61 : ${SYS_USER_SHELL:=/bin/false}
62
63 case ${EAPI} in
64 6) ;;
65 *)
66 die "${ECLASS} is not compatible with EAPI=${EAPI}"
67 esac
68
69 # Depend on any groups we might need.
70 for _group in ${SYS_USER_GROUPS}; do
71 DEPEND+=" sys-group/${_group} "
72 RDEPEND+=" sys-group/${_group}:= "
73 done
74 unset _group
75
76 S="${WORKDIR}"
77
78 sys-user_src_unpack() { :; }
79 sys-user_src_compile() { :; }
80 sys-user_src_test() { :; }
81
82 sys-user_getuid() {
83 # Output the real UID of the given user, or the empty string if the
84 # user does not exist on the system.
85 [[ $# -eq 1 ]] || die "usage: sys-user_getuid <username>"
86 echo $(id --real --user "${1}" 2>/dev/null)
87 }
88
89 sys-user_getname() {
90 # Output the username associated with the given UID, or the empty string
91 # if the given UID is still available.
92 [[ $# -eq 1 ]] || die "usage: sys-user_getname <uid>"
93 echo $(egetent passwd "${1}" | cut -f1 -d':')
94 }
95
96 sys-user_create() {
97 # Create the user whose information is contained in the following
98 # variables:
99 #
100 # * SYS_USER_NAME
101 # * SYS_USER_UID
102 # * SYS_USER_SHELL
103 # * SYS_USER_HOME
104 # * SYS_USER_GROUPS
105 #
106 # We don't create a group with the same name; that should be the
107 # job of the matching sys-group package.
108 useradd --no-user-group \
109 ${SYS_USER_UID:+--uid }"${SYS_USER_UID}" \
110 ${SYS_USER_GROUPS:+--groups }"${SYS_USER_GROUPS}" \
111 --shell "${SYS_USER_SHELL}" \
112 --home-dir "${SYS_USER_HOME}" \
113 "${SYS_USER_NAME}"
114 }
115
116
117 sys-user_modify() {
118 # Modify the existing user named $SYS_USER_NAME to match the values
119 # contained in the following variables:
120 #
121 # * SYS_USER_UID
122 # * SYS_USER_SHELL
123 # * SYS_USER_HOME
124 # * SYS_USER_GROUPS
125 #
126 usermod ${SYS_USER_UID:+--uid }"${SYS_USER_UID}" \
127 ${SYS_USER_GROUPS:+--append --groups }"${SYS_USER_GROUPS}" \
128 --shell "${SYS_USER_SHELL}" \
129 --home-dir "${SYS_USER_HOME}" \
130 "${SYS_USER_NAME}"
131 }
132
133 sys-user_pkg_pretend() {
134 # Sanity checks that would otherwise run code in global scope.
135 if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then
136
137 # The UID is important, so make sure nobody else has it. Or
138 # rather, nobody else *with a different username* has it.
139 local oldname=$(sys-user_getname "${SYS_USER_UID}")
140 if [[ -n "${oldname}" ]] && \
141 [[ "${SYS_USER_NAME}" != "${oldname}" ]]; then
142 die "important UID ${SYS_USER_UID} already belongs to ${oldname}"
143 fi
144
145 # Ensure that this username doesn't already exist with another
146 # UID if its UID is supposedly important.
147 local olduid=$(sys-user_getuid "${SYS_USER_NAME}")
148 if [[ -n "${olduid}" ]] && \
149 [[ "${SYS_USER_UID}" != "${olduid}" ]]; then
150 # The UID is important and specified, but there is already a
151 # system user with this name and a different UID. Halp.
152 die "user ${SYS_USER_NAME} already exists with UID ${olduid}"
153 fi
154 fi
155 }
156
157 sys-user_src_configure() {
158 local current_uid=$(sys-user_getuid "${SYS_USER_NAME}")
159 if [[ -n "${current_uid}" ]]; then
160 # UPGRADE PATH: This user already exists, so if the eclass
161 # consumer doesn't care about some settings, we can reuse the
162 # pre-existing ones.
163 #
164 # This is also useful for sys-user package upgrades, because it
165 # prevents us from incrementing the UID on a reinstall, and doing
166 # so would break most packages that need a system user to exist.
167 if [[ "${SYS_USER_UID_IMPORTANT}" != "true" ]]; then
168 SYS_USER_UID="${current_uid}"
169 fi
170
171 if [[ -z "${SYS_USER_HOME}" ]]; then
172 SYS_USER_HOME=$(egethome "${SYS_USER_NAME}")
173 fi
174
175 if [[ -z "${SYS_USER_SHELL}" ]]; then
176 SYS_USER_SHELL=$(egetshell "${SYS_USER_NAME}")
177 fi
178 fi
179
180 local current_name=$(sys-user_getname "${SYS_USER_UID}")
181 if [[ "${current_name}" != "${SYS_USER_NAME}" ]]; then
182 # This UID is already taken by another user, but this
183 # specific UID was not important (we checked in
184 # pkg_pretend), so fall back to an arbitrary one.
185 unset SYS_USER_UID
186 fi
187
188 # The "useradd" and "usermod" tools expect a comma-separated list,
189 # so change our spaces to commas. Having duplicates in the list is
190 # not a problem for those two tools.
191 SYS_USER_GROUPS="${SYS_USER_GROUPS// /,}"
192 }
193
194 sys-user_src_install() {
195 # Install a placeholder file to /var/lib/sys-user/$uid. This will
196 # cause collisions if two packages try to install users with the
197 # same UID. The same problem potentially exists with the username,
198 # but as long as SYS_USER_NAME is hard-coded to $PN, that shouldn't
199 # be possible.
200 #
201 # Beware, this only works if SYS_USER_UID is guaranteed to have a
202 # real UID and not be e.g. the empty string.
203 #
204 # Our sys-user_create() function makes sure to set SYS_USER_UID to
205 # something useful, and the only place that sys-user_create() is
206 # called from is sys-user_pkg_preinst(), which takes place before
207 # this sys-user_src_install().
208 #
209 # The other way that SYS_USER_UID could be empty is during an
210 # upgrade; however, if you're doing an upgrade and the new UID isn't
211 # important, then you'll get the same old UID that exists on the
212 # system from the old package. That old UID is assigned to SYS_USER_UID
213 # in sys-user_src_configure(), so that case is handled too.
214 touch "${T}/${SYS_USER_UID}" || die
215 insinto "/var/lib/sys-user"
216 doins "${T}/${SYS_USER_UID}"
217 }
218
219 sys-user_pkg_preinst() {
220 if [[ -z $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
221 # The user does not already exist. This is the nice and easy
222 # case because no matter how we got here, we want to go ahead
223 # and create the (new) user.
224 sys-user_create || die "failed to add user ${SYS_USER_NAME}"
225 elif [[ -n "${REPLACING_VERSIONS}" ]]; then
226 # This is an upgrade from a previous version of a sys-user
227 # package. Modify the existing user (who will not be removed; see
228 # sys-user_pkg_prerm) rather than creating a new one.
229 sys-user_modify || die "failed to upgrade user ${SYS_USER_NAME}"
230 else
231 # UPGRADE PATH: Ok, the user exists but this isn't an upgrade of
232 # a sys-user package. This is the upgrade path from the old
233 # style of user/group management to the new style. Lets see if
234 # the new user is compatible with the old one; it usually will be.
235 # We only bail out if there's a homedir or shell conflict.
236 #
237 # We should make it policy that new sys-user packages have the
238 # same homedir and shell as the existing ones created by
239 # ebuilds, but it can't hurt to check again here. These checks
240 # are done here (and not in pkg_pretend, where they would be
241 # more consistent) because the PMS states that REPLACING_VERSIONS
242 # may not be defined there.
243 #
244 # If a homedir/shell changes during a sys-user upgrade, we don't
245 # consider that a problem, because the change was knowingly made
246 # by a developer who just edited an ebuild to make that change.
247 local oldhome=$(egethome "${SYS_USER_NAME}")
248 local oldshell=$(egetshell "${SYS_USER_NAME}")
249
250 if [[ "${oldhome}" != "${SYS_USER_HOME}" ]]; then
251 die "home directory conflict for new user: ${SYS_USER_HOME}"
252 fi
253
254 if [[ "${oldhshell}" != "${SYS_USER_SHELL}" ]]; then
255 die "shell conflict for new user: ${SYS_USER_SHELL}"
256 fi
257
258 # The user already exists, so all we have left to do is to try
259 # to append SYS_USER_GROUPS to the existing groups. The home
260 # dir, shell, and uid should all match already.
261 sys-user_modify \
262 || die "failed to append groups to existing user ${SYS_USER_NAME}"
263 fi
264 }
265
266
267 sys-user_pkg_prerm() {
268 if [[ -z $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
269 # We have successfully done nothing.
270 ewarn "Tried to remove nonexistent user ${SYS_USER_NAME}."
271 elif [[ -z "${REPLACING_VERSIONS}" ]]; then
272 # The user to remove exists, and this is not an upgrade. For
273 # Phase 1, we maintain the status quo and simply refuse to
274 # remove him (unless you know what you are doing).
275 if [[ "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]; then
276 userdel "${SYS_USER_NAME}" || \
277 die "failed to remove user ${SYS_USER_NAME}"
278 einfo "Removed user ${SYS_USER_NAME} from the system."
279 else
280 die "refusing to remove package for system user ${SYS_USER_NAME}"
281 fi
282
283 # The missing case: if the user exists and this is an upgrade,
284 # we leave the user alone to be modified in
285 # sys-user_pkg_preinst().
286 fi
287 }