X-Git-Url: http://gitweb.michael.orlitzky.com/?p=mjo-overlay.git;a=blobdiff_plain;f=eclass%2Fsys-user.eclass;h=37c4d8719ac82cce8bec5a42b3f830c9ed5ba682;hp=6c0c2b81469cca5e989c17f88a1de3b83b5a6548;hb=42b11c0d223b3cbdd2a3878375b54bedd66fc46b;hpb=1dc15997393754809af29b84209352033620e700 diff --git a/eclass/sys-user.eclass b/eclass/sys-user.eclass index 6c0c2b8..37c4d87 100644 --- a/eclass/sys-user.eclass +++ b/eclass/sys-user.eclass @@ -9,13 +9,14 @@ # This eclass does most of the work for the sys-user/ packages that # supply system user accounts. +# Needed for egetshell and egethome. inherit user -EXPORT_FUNCTIONS pkg_pretend src_unpack src_configure src_compile src_install src_test pkg_preinst pkg_postinst pkg_prerm +EXPORT_FUNCTIONS pkg_pretend src_unpack src_configure src_compile src_install src_test pkg_preinst pkg_prerm -: ${HOMEPAGE:="https://www.gentoo.org/"} +: ${HOMEPAGE:="https://wiki.gentoo.org/wiki/User:Mjo/GLEP:User_packages"} : ${DESCRIPTION:="The ${PN} system user"} -: ${LICENSE:="GPL-2"} +: ${LICENSE="GPL-2"} # If you want a different username, use a different package name. This # prevents different people from claiming the same username. @@ -31,8 +32,11 @@ SYS_USER_NAME="${PN}" # @ECLASS-VARIABLE: SYS_USER_UID # @REQUIRED # @DESCRIPTION: -# etc. - +# This should be set to the "fixed" UID that your user should have. +# We may have to fall back to an arbitrary UID, but you still need +# to specify a real, valid UID here. At the very least because our +# SLOT variable needs it. +[[ -z "${SYS_USER_UID}" ]] && die "SYS_USER_UID must be set" # @ECLASS-VARIABLE: SYS_USER_UID_IMPORTANT # @REQUIRED @@ -78,7 +82,15 @@ sys-user_src_test() { :; } sys-user_getuid() { # Output the real UID of the given user, or the empty string if the # user does not exist on the system. - echo $(id --real --user "${1}") + [[ $# -eq 1 ]] || die "usage: sys-user_getuid " + echo $(id --real --user "${1}" 2>/dev/null) +} + +sys-user_getname() { + # Output the username associated with the given UID, or the empty string + # if the given UID is still available. + [[ $# -eq 1 ]] || die "usage: sys-user_getname " + echo $(egetent passwd "${1}" | cut -f1 -d':') } sys-user_create() { @@ -102,32 +114,38 @@ sys-user_create() { } -sys-user_pkg_pretend() { - # Sanity checks that would otherwise run code in global scope. +sys-user_modify() { + # Modify the existing user named $SYS_USER_NAME to match the values + # contained in the following variables: # - # First ensure that the user didn't say his UID is important and - # then fail to specify one. - if [[ -z "${SYS_USER_UID}" ]] && - [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then - # Don't make no damn sense. - die "arbitrary UID requested with SYS_USER_UID_IMPORTANT=true" - fi + # * SYS_USER_UID + # * SYS_USER_SHELL + # * SYS_USER_HOME + # * SYS_USER_GROUPS + # + usermod ${SYS_USER_UID:+--uid }"${SYS_USER_UID}" \ + ${SYS_USER_GROUPS:+--append --groups }"${SYS_USER_GROUPS}" \ + --shell "${SYS_USER_SHELL}" \ + --home-dir "${SYS_USER_HOME}" \ + "${SYS_USER_NAME}" +} - # Next ensure that no other username owns an important UID. +sys-user_pkg_pretend() { + # Sanity checks that would otherwise run code in global scope. if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then - # Ok, the UID is important. Make sure nobody else has it. Or + + # The UID is important, so make sure nobody else has it. Or # rather, nobody else *with a different username* has it. - local oldname=$(egetent passwd "${SYS_USER_UID}" | cut -f1 -d':') - if [[ "${SYS_USER_NAME}" != "${oldname}" ]]; then + local oldname=$(sys-user_getname "${SYS_USER_UID}") + if [[ -n "${oldname}" ]] && \ + [[ "${SYS_USER_NAME}" != "${oldname}" ]]; then die "important UID ${SYS_USER_UID} already belongs to ${oldname}" fi - fi - # Finally, ensure that this username doesn't already exist with - # another UID if its UID is supposedly important. - local olduid=$(sys-user_getuid "${SYS_USER_NAME}") - if [[ -n "${olduid}" ]]; then - if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]] && \ + # Ensure that this username doesn't already exist with another + # UID if its UID is supposedly important. + local olduid=$(sys-user_getuid "${SYS_USER_NAME}") + if [[ -n "${olduid}" ]] && \ [[ "${SYS_USER_UID}" != "${olduid}" ]]; then # The UID is important and specified, but there is already a # system user with this name and a different UID. Halp. @@ -159,6 +177,14 @@ sys-user_src_configure() { fi fi + local current_name=$(sys-user_getname "${SYS_USER_UID}") + if [[ "${current_name}" != "${SYS_USER_NAME}" ]]; then + # This UID is already taken by another user, but this + # specific UID was not important (we checked in + # pkg_pretend), so fall back to an arbitrary one. + unset SYS_USER_UID + fi + # The "useradd" and "usermod" tools expect a comma-separated list, # so change our spaces to commas. Having duplicates in the list is # not a problem for those two tools. @@ -173,13 +199,21 @@ sys-user_src_install() { # be possible. # # Beware, this only works if SYS_USER_UID is guaranteed to have a - # real UID and not, for example, -1. + # real UID and not be e.g. the empty string. # - # TODO: this is a problem now! + # Our sys-user_create() function makes sure to set SYS_USER_UID to + # something useful, and the only place that sys-user_create() is + # called from is sys-user_pkg_preinst(), which takes place before + # this sys-user_src_install(). # - #touch "${T}/${SYS_USER_UID}" || die - #insinto "/var/lib/sys-user" - #doins "${T}/${SYS_USER_UID}" + # The other way that SYS_USER_UID could be empty is during an + # upgrade; however, if you're doing an upgrade and the new UID isn't + # important, then you'll get the same old UID that exists on the + # system from the old package. That old UID is assigned to SYS_USER_UID + # in sys-user_src_configure(), so that case is handled too. + touch "${T}/${SYS_USER_UID}" || die + insinto "/var/lib/sys-user" + doins "${T}/${SYS_USER_UID}" } sys-user_pkg_preinst() { @@ -189,11 +223,10 @@ sys-user_pkg_preinst() { # and create the (new) user. sys-user_create || die "failed to add user ${SYS_USER_NAME}" elif [[ -n "${REPLACING_VERSIONS}" ]]; then - # - # This case is done in pkg_postint() to avoid clobbering a - # new user when we remove the old one. - # - : + # This is an upgrade from a previous version of a sys-user + # package. Modify the existing user (who will not be removed; see + # sys-user_pkg_prerm) rather than creating a new one. + sys-user_modify || die "failed to upgrade user ${SYS_USER_NAME}" else # UPGRADE PATH: Ok, the user exists but this isn't an upgrade of # a sys-user package. This is the upgrade path from the old @@ -223,35 +256,32 @@ sys-user_pkg_preinst() { fi # The user already exists, so all we have left to do is to try - # to append SYS_USER_GROUPS to the existing groups. - usermod --append --groups "${SYS_USER_GROUPS}" \ + # to append SYS_USER_GROUPS to the existing groups. The home + # dir, shell, and uid should all match already. + sys-user_modify \ || die "failed to append groups to existing user ${SYS_USER_NAME}" fi } -sys-user_pkg_postinst() { - if [[ -n "${REPLACING_VERSIONS}" ]]; then - # This is an upgrade from a previous version of a sys-user - # package. This case has to be handled carefully to make sure - # that the pkg_prerm() of the old version doesn't remove the user - # that this new version is going to add. At this point, in our - # pkg_postinst(), the old version's pkg_prerm() phase should have - # already happened. - if [[ -n $(sys-user_getuid "${SYS_USER_NAME}") ]]; then - die "User ${SYS_USER_NAME} already exists during an upgrade." - else - sys-user_create || die "failed to add user ${SYS_USER_NAME}" - fi - fi -} sys-user_pkg_prerm() { if [[ -z $(sys-user_getuid "${SYS_USER_NAME}") ]]; then # We have successfully done nothing. ewarn "Tried to remove nonexistent user ${SYS_USER_NAME}." - else - userdel "${SYS_USER_NAME}" || \ - die "failed to remove user ${SYS_USER_NAME}" - einfo "Removed user ${SYS_USER_NAME} from the system." + elif [[ -z "${REPLACING_VERSIONS}" ]]; then + # The user to remove exists, and this is not an upgrade. For + # Phase 1, we maintain the status quo and simply refuse to + # remove him (unless you know what you are doing). + if [[ "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]; then + userdel "${SYS_USER_NAME}" || \ + die "failed to remove user ${SYS_USER_NAME}" + einfo "Removed user ${SYS_USER_NAME} from the system." + else + die "refusing to remove package for system user ${SYS_USER_NAME}" + fi + + # The missing case: if the user exists and this is an upgrade, + # we leave the user alone to be modified in + # sys-user_pkg_preinst(). fi }