From 461390ca162e4b1c2454f8158d428f0bbdf2b86d Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Sun, 29 Jan 2017 18:21:34 -0500 Subject: [PATCH] Update the eclass to use "fixed UIDs... with random fallback." --- eclass/sys-user.eclass | 129 ++++++++++++++++++++++++----------------- 1 file changed, 75 insertions(+), 54 deletions(-) diff --git a/eclass/sys-user.eclass b/eclass/sys-user.eclass index 65b731f..549e8b3 100644 --- a/eclass/sys-user.eclass +++ b/eclass/sys-user.eclass @@ -12,11 +12,14 @@ inherit user -EXPORT_FUNCTIONS src_unpack src_prepare src_configure src_compile src_install src_test pkg_preinst pkg_postinst pkg_prerm +EXPORT_FUNCTIONS pkg_pretend src_unpack src_configure src_compile src_install src_test pkg_preinst pkg_postinst pkg_prerm -# This is hard-coded to the package name. If you want a different -# username, use a different package name. This is a nice way to prevent -# different people from claiming the same username. +: ${HOMEPAGE:="https://www.gentoo.org/"} +: ${DESCRIPTION:="The ${PN} system user"} +: ${LICENSE:="GPL-2"} + +# If you want a different username, use a different package name. This +# prevents different people from claiming the same username. SYS_USER_NAME="${PN}" # @ECLASS-VARIABLE: SYS_USER_GROUPS @@ -25,9 +28,16 @@ SYS_USER_NAME="${PN}" : ${SYS_USER_GROUPS:=${PN}} # @ECLASS-VARIABLE: SYS_USER_UID +# @REQUIRED # @DESCRIPTION: # etc. (use -1 to get next available using user.eclass) -: ${SYS_USER_UID:=-1} +[[ -z "${SYS_USER_UID}" ]] && die "SYS_USER_UID must be set" + +# @ECLASS-VARIABLE: SYS_USER_UID_IMPORTANT +# @REQUIRED +# @DESCRIPTION: +# Set to "true" if you want to die() if you don't get your desired UID. +: ${SYS_USER_UID_IMPORTANT:=false} # In many cases, if the UID of a user changes, packages depending on it # will want to rebuild. We always use SLOT=0, because you can't install @@ -61,8 +71,6 @@ unset _group S="${WORKDIR}" sys-user_src_unpack() { :; } -sys-user_src_prepare() { :; } -sys-user_src_configure() { :; } sys-user_src_compile() { :; } sys-user_src_test() { :; } @@ -78,23 +86,50 @@ sys-user_next_uid() { fi } -sys-user_src_prepare() { - eapply_user # whatever +sys-user_pkg_pretend() { + # Sanity checks that would otherwise run code in global scope. + # + # First ensure that the user didn't say his UID is important and + # then fail to specify one. + if (( "${SYS_USER_UID}" == -1 )) && + [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then + # Don't make no damn sense. + die "arbitrary UID requested with SYS_USER_UID_IMPORTANT=true" + fi + + # Next ensure that no other username owns an important UID. + if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]]; then + # Ok, the UID is important. Make sure nobody else has it. Or + # rather, nobody else *with a different username* has it. + local oldname=$(egetent passwd "${SYS_USER_UID}" | cut -f1 -d':') + if [[ "${SYS_USER_NAME}" != "${oldname}" ]]; then + die "important UID ${SYS_USER_UID} already belongs to ${oldname}" + fi + fi + + # Finally, ensure that this username doesn't already exist with + # another UID if its UID is supposedly important. + if [[ -n $(egetent passwd "${SYS_USER_NAME}") ]]; then + local olduid=$(id --real --user "${SYS_USER_NAME}") + if [[ "${SYS_USER_UID_IMPORTANT}" == "true" ]] && \ + [[ "${SYS_USER_UID}" != "${olduid}" ]]; then + # The UID is important and specified, but there is already a + # system user with this name and a different UID. Halp. + die "user ${SYS_USER_NAME} already exists with UID ${olduid}" + fi + fi +} +sys-user_src_configure() { if [[ -n $(egetent passwd "${SYS_USER_NAME}") ]]; then # UPGRADE PATH: This user already exists, so if the eclass # consumer doesn't care about some settings, we can reuse the # pre-existing ones. # - # This is also useful for sys-user package upgrades, becaused it - # prevents us from incrementing the UID pointlessly on a - # reinstall. Usually that will prevent rebuilds of depending - # packages, and is crucial to our ability to use subslot deps to - # cause rebuilds when the UID changes. We don't want the UID to - # change if the subslot doesn't change, and the subslot for "I - # don't care about the UID" will always be "-1", so the UID - # shouldn't generally change either when SYS_USER_UID=-1. - if (( "${SYS_USER_UID}" == -1 )); then + # This is also useful for sys-user package upgrades, because it + # prevents us from incrementing the UID on a reinstall, and doing + # so would break most packages that need a system user to exist. + if [[ "${SYS_USER_UID_IMPORTANT}" != "true" ]]; then SYS_USER_UID=$(id --real --user "${SYS_USER_NAME}") fi @@ -118,9 +153,6 @@ sys-user_src_prepare() { # UID, so pick the next one. SYS_USER_UID=$(sys-user_next_uid) fi - - # We do something with this in src_install. - touch "${T}/${SYS_USER_UID}" || die } sys-user_src_install() { @@ -132,14 +164,10 @@ sys-user_src_install() { # # Beware, this only works if SYS_USER_UID is guaranteed to have a # real UID and not, for example, -1. That is taken care of in - # src_prepare() for now. + # src_configure() for now. + touch "${T}/${SYS_USER_UID}" || die insinto "/var/lib/sys-user" doins "${T}/${SYS_USER_UID}" - - # TODO: do we want to try to create the user's home directory within - # the package manager so that it can be cleaned up later? The - # obvious problem with that plan is that we need to be careful not - # to give the new user ownership of e.g. /dev/null. } sys-user_pkg_preinst() { @@ -154,46 +182,39 @@ sys-user_pkg_preinst() { "${SYS_USER_GROUPS}" \ || die "failed to add user ${SYS_USER_NAME}" elif [[ -n "${REPLACING_VERSIONS}" ]]; then - # This is an upgrade from an existing sys-user package. This - # case is a little bit weird. If we do it in preinst(), then it - # will happen before the "old" user is removed in - # pkg_prerm(). Except the old user and the new user are the - # same, so if we overwrite the existing user here, then prerm - # for the version that created it will clobber our new entry. - # - # We also can't just LEAVE the old user there, because then no - # upgrade happens. - # - # Uh, let's do this case in pkg_postinst so that it happens - # after the old version's prerm. - : + # + # This case is done in pkg_postint() to avoid clobbering a + # new user when we remove the old one. + # + : else # UPGRADE PATH: Ok, the user exists but this isn't an upgrade of # a sys-user package. This is the upgrade path from the old - # style of user/group management to the new style. What can we - # do? We could make it policy that old users must be compatible - # with the new ones, but that entails hard-coding UIDs that - # don't need to be hard-coded. + # style of user/group management to the new style. Lets see if + # the new user is compatible with the old one; it usually will be. + # We only bail out if there's a homedir or shell conflict. + # + # We should make it policy that new sys-user packages have the + # same homedir and shell as the existing ones created by + # ebuilds, but it can't hurt to check again here. These checks + # are done here (and not in pkg_pretend, where they would be + # more consistent) because the PMS states that REPLACING_VERSIONS + # may not be defined there. # - # Instead lets see if the new user is compatible with the old - # (it usually will be), and then only bail out if there's a real - # problem. + # If a homedir/shell changes during a sys-user upgrade, we don't + # consider that a problem, because the change was knowingly made + # by a developer who just edited an ebuild to make that change. local oldhome=$(egethome "${SYS_USER_NAME}") local oldshell=$(egetshell "${SYS_USER_NAME}") - local olduid=$(id --real --user "${SYS_USER_NAME}") - if [[ "${oldhome}" -ne "${SYS_USER_HOME}" ]]; then + if [[ "${oldhome}" != "${SYS_USER_HOME}" ]]; then die "home directory conflict for new user ${SYS_USER_HOME}" fi - if [[ "${oldhshell}" -ne "${SYS_USER_SHELL}" ]]; then + if [[ "${oldhshell}" != "${SYS_USER_SHELL}" ]]; then die "shell conflict for new user ${SYS_USER_HOME}" fi - if [[ "${olduid}" -ne "${SYS_USER_UID}" ]]; then - die "UID conflict for new user ${SYS_USER_NAME}" - fi - # The user already exists, so all we have left to do is to try # to append SYS_USER_GROUPS to the existing groups. The "usermod" # tool expects a comma-separated list, so change our spaces to -- 2.43.2