]> gitweb.michael.orlitzky.com - mjo-overlay.git/blob - eclass/sys-user.eclass
projects / mjo-overlay.git / blob
? search:


95417c79a8516ec4f53031cfe6c442d43e3eb77f
[mjo-overlay.git] / eclass / sys-user.eclass
1 # Copyright 1999-2017 Gentoo Foundation
2 # Distributed under the terms of the GNU General Public License v2
3
4 # @ECLASS: sys-user.eclass
5 # @MAINTAINER:
6 # Michael Orlitzky <mjo@gentoo.org>
7 # @BLURB: handle installation and removal of system users.
8 # @DESCRIPTION:
9 # This eclass does most of the work for the sys-user/ packages that
10 # supply system user accounts.
11
12 inherit user
13
14 EXPORT_FUNCTIONS pkg_pretend src_unpack src_configure src_compile src_install src_test pkg_preinst pkg_postinst pkg_prerm
15
16 : ${HOMEPAGE:="https://www.gentoo.org/"}
17 : ${DESCRIPTION:="The ${PN} system user"}
18 : ${LICENSE:="GPL-2"}
19
20 # If you want a different username, use a different package name. This
21 # prevents different people from claiming the same username.
22 SYS_USER_NAME="${PN}"
23
24 # @ECLASS-VARIABLE: SYS_USER_GROUPS
25 # @DESCRIPTION:
26 # etc.
27 : ${SYS_USER_GROUPS:=${PN}}
28
29 # @ECLASS-VARIABLE: SYS_USER_UID
30 # @REQUIRED
31 # @DESCRIPTION:
32 # etc. (use -1 to get next available using user.eclass)
33 [[ -z "${SYS_USER_UID}" ]] && die "SYS_USER_UID must be set"
34
35 # @ECLASS-VARIABLE: SYS_USER_UID_IMPORTANT
36 # @REQUIRED
37 # @DESCRIPTION:
38 # Set to "true" if you want to die() if you don't get your desired UID.
39 : ${SYS_USER_UID_IMPORTANT:=false}
40
41 # In many cases, if the UID of a user changes, packages depending on it
42 # will want to rebuild. We always use SLOT=0, because you can't install
43 # the same user twice. Then we use the UID as our subslot so that
44 # subslot deps can be used to rebuild packages when our UID changes.
45 SLOT="0/${SYS_USER_UID}"
46
47 # @ECLASS-VARIABLE: SYS_USER_HOME
48 # @DESCRIPTION:
49 # etc. (use -1 to get user.eclass default)
50 : ${SYS_USER_HOME:=-1}
51
52 # @ECLASS-VARIABLE: SYS_USER_SHELL
53 # @DESCRIPTION:
54 # etc. (use -1 to get user.eclass default)
55 : ${SYS_USER_SHELL:=-1}
56
57 case ${EAPI} in
58 6) ;;
59 *)
60 die "${ECLASS} is not compatible with EAPI=${EAPI}"
61 esac
62
63 # Depend on any groups we might need.
64 for _group in ${SYS_USER_GROUPS}; do
65 DEPEND+=" sys-group/${_group} "
66 RDEPEND+=" sys-group/${_group}:= "
67 done
68 unset _group
69
70 S="${WORKDIR}"
71
72 sys-user_src_unpack() { :; }
73 sys-user_src_compile() { :; }
74 sys-user_src_test() { :; }
75
76 sys-user_getuid() {
77 # Output the real UID of the given user, or the empty string if the
78 # user does not exist on the system.
79 local username="${1}"
80 echo $(id --real --user "${username}")
81 }
82
83 sys-user_next_uid() {
84 local euid;
85 for (( euid = 101; euid <= 999; euid++ )); do
86 [[ -z $(egetent passwd "${euid}") ]] && break
87 done
88 if (( "${euid}" == 999 )); then
89 die "out of available UIDs!"
90 else
91 echo "${euid}"
92 fi
93 }
94
95 sys-user_pkg_pretend() {
96 # Sanity checks that would otherwise run code in global scope.
97 #
98 # First ensure that the user didn't say his UID is important and
99 # then fail to specify one.
100 if (( "${SYS_USER_UID}" == -1 )) &&
101 [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then
102 # Don't make no damn sense.
103 die "arbitrary UID requested with SYS_USER_UID_IMPORTANT=true"
104 fi
105
106 # Next ensure that no other username owns an important UID.
107 if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then
108 # Ok, the UID is important. Make sure nobody else has it. Or
109 # rather, nobody else *with a different username* has it.
110 local oldname=$(egetent passwd "${SYS_USER_UID}" | cut -f1 -d':')
111 if [[ "${SYS_USER_NAME}" != "${oldname}" ]]; then
112 die "important UID ${SYS_USER_UID} already belongs to ${oldname}"
113 fi
114 fi
115
116 # Finally, ensure that this username doesn't already exist with
117 # another UID if its UID is supposedly important.
118 if [[ -n $(egetent passwd "${SYS_USER_NAME}") ]]; then
119 local olduid=$(sys-user_getuid "${SYS_USER_NAME}")
120 if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]] && \
121 [[ "${SYS_USER_UID}" != "${olduid}" ]]; then
122 # The UID is important and specified, but there is already a
123 # system user with this name and a different UID. Halp.
124 die "user ${SYS_USER_NAME} already exists with UID ${olduid}"
125 fi
126 fi
127 }
128
129 sys-user_src_configure() {
130 if [[ -n $(egetent passwd "${SYS_USER_NAME}") ]]; then
131 # UPGRADE PATH: This user already exists, so if the eclass
132 # consumer doesn't care about some settings, we can reuse the
133 # pre-existing ones.
134 #
135 # This is also useful for sys-user package upgrades, because it
136 # prevents us from incrementing the UID on a reinstall, and doing
137 # so would break most packages that need a system user to exist.
138 if [[ "${SYS_USER_UID_IMPORTANT}" != "true" ]]; then
139 SYS_USER_UID=$(sys-user_getuid "${SYS_USER_NAME}")
140 fi
141
142 if (( "${SYS_USER_HOME}" == -1 )); then
143 SYS_USER_HOME=$(egethome "${SYS_USER_NAME}")
144 fi
145
146 if (( "${SYS_USER_SHELL}" == -1 )); then
147 SYS_USER_SHELL=$(egetshell "${SYS_USER_NAME}")
148
149 if [[ ${SYS_USER_SHELL} == */false ]] || \
150 [[ ${SYS_USER_SHELL} == */nologin ]]; then
151 # WHYYYYY? enewuser complains if we try to set a default
152 # shell explicitly.
153 SYS_USER_SHELL="-1"
154 fi
155 fi
156 elif (( "${SYS_USER_UID}" == -1 )); then
157 # There is no pre-existing user (i.e. this isn't along the
158 # upgrade path), and the consumer says he doesn't care about the
159 # UID, so pick the next one.
160 SYS_USER_UID=$(sys-user_next_uid)
161 fi
162 }
163
164 sys-user_src_install() {
165 # Install a placeholder file to /var/lib/sys-user/$uid. This will
166 # cause collisions if two packages try to install users with the
167 # same UID. The same problem potentially exists with the username,
168 # but as long as SYS_USER_NAME is hard-coded to $PN, that shouldn't
169 # be possible.
170 #
171 # Beware, this only works if SYS_USER_UID is guaranteed to have a
172 # real UID and not, for example, -1. That is taken care of in
173 # src_configure() for now.
174 touch "${T}/${SYS_USER_UID}" || die
175 insinto "/var/lib/sys-user"
176 doins "${T}/${SYS_USER_UID}"
177 }
178
179 sys-user_pkg_preinst() {
180 if [[ -z $(egetent passwd "${SYS_USER_NAME}") ]]; then
181 # The user does not already exist. This is the nice and easy
182 # case because no matter how we got here, we want to go ahead
183 # and create the (new) user.
184 enewuser "${SYS_USER_NAME}" \
185 "${SYS_USER_UID}" \
186 "${SYS_USER_SHELL}" \
187 "${SYS_USER_HOME}" \
188 "${SYS_USER_GROUPS}" \
189 || die "failed to add user ${SYS_USER_NAME}"
190 elif [[ -n "${REPLACING_VERSIONS}" ]]; then
191 #
192 # This case is done in pkg_postint() to avoid clobbering a
193 # new user when we remove the old one.
194 #
195 :
196 else
197 # UPGRADE PATH: Ok, the user exists but this isn't an upgrade of
198 # a sys-user package. This is the upgrade path from the old
199 # style of user/group management to the new style. Lets see if
200 # the new user is compatible with the old one; it usually will be.
201 # We only bail out if there's a homedir or shell conflict.
202 #
203 # We should make it policy that new sys-user packages have the
204 # same homedir and shell as the existing ones created by
205 # ebuilds, but it can't hurt to check again here. These checks
206 # are done here (and not in pkg_pretend, where they would be
207 # more consistent) because the PMS states that REPLACING_VERSIONS
208 # may not be defined there.
209 #
210 # If a homedir/shell changes during a sys-user upgrade, we don't
211 # consider that a problem, because the change was knowingly made
212 # by a developer who just edited an ebuild to make that change.
213 local oldhome=$(egethome "${SYS_USER_NAME}")
214 local oldshell=$(egetshell "${SYS_USER_NAME}")
215
216 if [[ "${oldhome}" != "${SYS_USER_HOME}" ]]; then
217 die "home directory conflict for new user: ${SYS_USER_HOME}"
218 fi
219
220 if [[ "${oldhshell}" != "${SYS_USER_SHELL}" ]]; then
221 die "shell conflict for new user: ${SYS_USER_SHELL}"
222 fi
223
224 # The user already exists, so all we have left to do is to try
225 # to append SYS_USER_GROUPS to the existing groups. The "usermod"
226 # tool expects a comma-separated list, so change our spaces to
227 # commas. This does succeed if you append duplicates.
228 usermod --append --groups "${SYS_USER_GROUPS// /,}" \
229 || die "failed to append groups to existing user ${SYS_USER_NAME}"
230 fi
231 }
232
233 sys-user_pkg_postinst() {
234 if [[ -n "${REPLACING_VERSIONS}" ]]; then
235 # This is an upgrade from a previous version of a sys-user
236 # package. This case has to be handled carefully to make sure
237 # that the pkg_prerm() of the old version doesn't remove the user
238 # that this new version is going to add. At this point, in our
239 # pkg_postinst(), the old version's pkg_prerm() phase should have
240 # already happened.
241 if [[ -n $(egetent passwd "${SYS_USER_NAME}") ]]; then
242 die "User ${SYS_USER_NAME} already exists during an upgrade."
243 else
244 enewuser "${SYS_USER_NAME}" \
245 "${SYS_USER_UID}" \
246 "${SYS_USER_SHELL}" \
247 "${SYS_USER_HOME}" \
248 "${SYS_USER_GROUPS}" \
249 || die "failed to add user ${SYS_USER_NAME}"
250 fi
251 fi
252 }
253
254 sys-user_pkg_prerm() {
255 if [[ -z $(egetent passwd "${SYS_USER_NAME}") ]]; then
256 # We have successfully done nothing.
257 ewarn "Tried to remove nonexistent user ${SYS_USER_NAME}."
258 else
259 userdel "${SYS_USER_NAME}" || \
260 die "failed to remove user ${SYS_USER_NAME}"
261 einfo "Removed user ${SYS_USER_NAME} from the system."
262 fi
263 }
A Gentoo overlay containing whatever I feel like at the moment.