sys-user.eclass: add and utilize a sys-user_getname() function.

[mjo-overlay.git] / eclass / sys-user.eclass

# Copyright 1999-2017 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2

# @ECLASS: sys-user.eclass
# @MAINTAINER:
# Michael Orlitzky <mjo@gentoo.org>
# @BLURB: handle installation and removal of system users.
# @DESCRIPTION:
# This eclass does most of the work for the sys-user/ packages that
# supply system user accounts.

# Needed for egetshell and egethome.
inherit user

EXPORT_FUNCTIONS pkg_pretend src_unpack src_configure src_compile src_install src_test pkg_preinst pkg_postinst pkg_prerm

: ${HOMEPAGE:="https://www.gentoo.org/"}
: ${DESCRIPTION:="The ${PN} system user"}
: ${LICENSE:="GPL-2"}

# If you want a different username, use a different package name. This
# prevents different people from claiming the same username.
SYS_USER_NAME="${PN}"

# @ECLASS-VARIABLE: SYS_USER_GROUPS
# @DESCRIPTION:
# A space-separated list of groups that the user will belong to.
# Dependencies on the appropriate sys-group packages are generated
# automatically.
: ${SYS_USER_GROUPS:=${PN}}

# @ECLASS-VARIABLE: SYS_USER_UID
# @REQUIRED
# @DESCRIPTION:
# etc.


# @ECLASS-VARIABLE: SYS_USER_UID_IMPORTANT
# @REQUIRED
# @DESCRIPTION:
# Set to "true" if you want to die() if you don't get your desired UID.
: ${SYS_USER_UID_IMPORTANT:=false}

# In many cases, if the UID of a user changes, packages depending on it
# will want to rebuild. We always use SLOT=0, because you can't install
# the same user twice. Then we use the UID as our subslot so that
# subslot deps can be used to rebuild packages when our UID changes.
SLOT="0/${SYS_USER_UID}"

# @ECLASS-VARIABLE: SYS_USER_HOME
# @DESCRIPTION:
# etc.
: ${SYS_USER_HOME:=/home/${SYS_USER_NAME}}

# @ECLASS-VARIABLE: SYS_USER_SHELL
# @DESCRIPTION:
# etc.
: ${SYS_USER_SHELL:=/bin/false}

case ${EAPI} in
        6) ;;
        *)
                die "${ECLASS} is not compatible with EAPI=${EAPI}"
esac

# Depend on any groups we might need.
for _group in ${SYS_USER_GROUPS}; do
        DEPEND+=" sys-group/${_group} "
        RDEPEND+=" sys-group/${_group}:= "
done
unset _group

S="${WORKDIR}"

sys-user_src_unpack() { :; }
sys-user_src_compile() { :; }
sys-user_src_test() { :; }

sys-user_getuid() {
        # Output the real UID of the given user, or the empty string if the
        # user does not exist on the system.
        [[ $# -eq 1 ]] || die "usage: sys-user_getuid <username>"
        echo $(id --real --user "${1}")
}

sys-user_getname() {
        # Output the username associated with the given UID, or the empty string
        # if the given UID is still available.
        [[ $# -eq 1 ]] || die "usage: sys-user_getname <uid>"
        echo $(egetent passwd "${1}" | cut -f1 -d':')
}

sys-user_create() {
        # Create the user whose information is contained in the following
        # variables:
        #
        #  * SYS_USER_NAME
        #  * SYS_USER_UID
        #  * SYS_USER_SHELL
        #  * SYS_USER_HOME
        #  * SYS_USER_GROUPS
        #
        # We don't create a group with the same name; that should be the
        # job of the matching sys-group package.
        useradd --no-user-group \
                        ${SYS_USER_UID:+--uid }"${SYS_USER_UID}" \
                        ${SYS_USER_GROUPS:+--groups }"${SYS_USER_GROUPS}" \
                        --shell "${SYS_USER_SHELL}" \
                        --home-dir "${SYS_USER_HOME}" \
                        "${SYS_USER_NAME}"
}


sys-user_modify() {
        # Modify the existing user named $SYS_USER_NAME to match the values
        # contained in the following variables:
        #
        #  * SYS_USER_UID
        #  * SYS_USER_SHELL
        #  * SYS_USER_HOME
        #  * SYS_USER_GROUPS
        #
        usermod ${SYS_USER_UID:+--uid }"${SYS_USER_UID}" \
                        ${SYS_USER_GROUPS:+--append --groups }"${SYS_USER_GROUPS}" \
                        --shell "${SYS_USER_SHELL}" \
                        --home-dir "${SYS_USER_HOME}" \
                        "${SYS_USER_NAME}"
}

sys-user_pkg_pretend() {
        # Sanity checks that would otherwise run code in global scope.
        #
        # First ensure that the user didn't say his UID is important and
        # then fail to specify one.
        if [[ -z "${SYS_USER_UID}" ]] &&
                   [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then
                # Don't make no damn sense.
                die "arbitrary UID requested with SYS_USER_UID_IMPORTANT=true"
        fi

        # Next ensure that no other username owns an important UID.
        if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then
                # Ok, the UID is important. Make sure nobody else has it. Or
                # rather, nobody else *with a different username* has it.
                local oldname=$(sys-user_getname "${SYS_USER_UID}")
                if [[ "${SYS_USER_NAME}" != "${oldname}" ]]; then
                        die "important UID ${SYS_USER_UID} already belongs to ${oldname}"
                fi
        fi

        # Finally, ensure that this username doesn't already exist with
        # another UID if its UID is supposedly important.
        local olduid=$(sys-user_getuid "${SYS_USER_NAME}")
        if [[ -n "${olduid}" ]]; then
                if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]] && \
                           [[ "${SYS_USER_UID}" != "${olduid}" ]]; then
                        # The UID is important and specified, but there is already a
                        # system user with this name and a different UID. Halp.
                        die "user ${SYS_USER_NAME} already exists with UID ${olduid}"
                fi
        fi
}

sys-user_src_configure() {
        local current_uid=$(sys-user_getuid "${SYS_USER_NAME}")
        if [[ -n "${current_uid}" ]]; then
                # UPGRADE PATH: This user already exists, so if the eclass
                # consumer doesn't care about some settings, we can reuse the
                # pre-existing ones.
                #
                # This is also useful for sys-user package upgrades, because it
                # prevents us from incrementing the UID on a reinstall, and doing
                # so would break most packages that need a system user to exist.
                if [[ "${SYS_USER_UID_IMPORTANT}" != "true" ]]; then
                        SYS_USER_UID="${current_uid}"
                fi

                if [[ -z "${SYS_USER_HOME}" ]]; then
                        SYS_USER_HOME=$(egethome "${SYS_USER_NAME}")
                fi

                if [[ -z "${SYS_USER_SHELL}" ]]; then
                        SYS_USER_SHELL=$(egetshell "${SYS_USER_NAME}")
                fi
        fi

        if [[ -n "${SYS_USER_UID}" ]]; then
                # A specific UID was requested.
                local current_name=$(sys-user_getname "${SYS_USER_UID}")
                if [[ "${current_name}" != "${SYS_USER_NAME}" ]]; then
                        # This UID is already taken by another user, but this
                        # specific UID was not important (we checked in
                        # pkg_pretend), so fall back to an arbitrary one.
                        SYS_USER_UID=""
                fi
        fi

        # The "useradd" and "usermod" tools expect a comma-separated list,
        # so change our spaces to commas. Having duplicates in the list is
        # not a problem for those two tools.
        SYS_USER_GROUPS="${SYS_USER_GROUPS// /,}"
}

sys-user_src_install() {
        # Install a placeholder file to /var/lib/sys-user/$uid. This will
        # cause collisions if two packages try to install users with the
        # same UID. The same problem potentially exists with the username,
        # but as long as SYS_USER_NAME is hard-coded to $PN, that shouldn't
        # be possible.
        #
        # Beware, this only works if SYS_USER_UID is guaranteed to have a
        # real UID and not, for example, -1.
        #
        # TODO: this is a problem now!
        #
        #touch "${T}/${SYS_USER_UID}" || die
        #insinto "/var/lib/sys-user"
        #doins "${T}/${SYS_USER_UID}"
}

sys-user_pkg_preinst() {
        if [[ -z $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
                # The user does not already exist. This is the nice and easy
                # case because no matter how we got here, we want to go ahead
                # and create the (new) user.
                sys-user_create || die "failed to add user ${SYS_USER_NAME}"
        elif [[ -n "${REPLACING_VERSIONS}" ]]; then
                #
                # This case is done in pkg_postint() to avoid clobbering a
                # new user when we remove the old one.
                #
                :
        else
                # UPGRADE PATH: Ok, the user exists but this isn't an upgrade of
                # a sys-user package. This is the upgrade path from the old
                # style of user/group management to the new style. Lets see if
                # the new user is compatible with the old one; it usually will be.
                # We only bail out if there's a homedir or shell conflict.
                #
                # We should make it policy that new sys-user packages have the
                # same homedir and shell as the existing ones created by
                # ebuilds, but it can't hurt to check again here. These checks
                # are done here (and not in pkg_pretend, where they would be
                # more consistent) because the PMS states that REPLACING_VERSIONS
                # may not be defined there.
                #
                # If a homedir/shell changes during a sys-user upgrade, we don't
                # consider that a problem, because the change was knowingly made
                # by a developer who just edited an ebuild to make that change.
                local oldhome=$(egethome "${SYS_USER_NAME}")
                local oldshell=$(egetshell "${SYS_USER_NAME}")

                if [[ "${oldhome}" != "${SYS_USER_HOME}" ]]; then
                        die "home directory conflict for new user: ${SYS_USER_HOME}"
                fi

                if [[ "${oldhshell}" != "${SYS_USER_SHELL}" ]]; then
                        die "shell conflict for new user: ${SYS_USER_SHELL}"
                fi

                # The user already exists, so all we have left to do is to try
                # to append SYS_USER_GROUPS to the existing groups. The home
                # dir, shell, and uid should all match already.
                sys-user_modify \
                        || die "failed to append groups to existing user ${SYS_USER_NAME}"
        fi
}

sys-user_pkg_postinst() {
        if [[ -n "${REPLACING_VERSIONS}" ]]; then
           # This is an upgrade from a previous version of a sys-user
           # package. This case has to be handled carefully to make sure
           # that the pkg_prerm() of the old version doesn't remove the user
           # that this new version is going to add. At this point, in our
           # pkg_postinst(), the old version's pkg_prerm() phase should have
           # already happened.
           if [[ -n $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
                   die "User ${SYS_USER_NAME} already exists during an upgrade."
           else
                   sys-user_create || die "failed to add user ${SYS_USER_NAME}"
           fi
        fi
}

sys-user_pkg_prerm() {
        if [[ -z $(sys-user_getuid "${SYS_USER_NAME}") ]]; then
                # We have successfully done nothing.
                ewarn "Tried to remove nonexistent user ${SYS_USER_NAME}."
        else
                userdel "${SYS_USER_NAME}" || \
                        die "failed to remove user ${SYS_USER_NAME}"
                einfo "Removed user ${SYS_USER_NAME} from the system."
        fi
}