From ad88c75318cc9173a5959ca329ccf16f2ac73553 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Tue, 29 Aug 2017 14:24:19 -0400
Subject: [PATCH] sys-user.eclass: don't remove users under normal
 circumstances.

---
 eclass/sys-user.eclass | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/eclass/sys-user.eclass b/eclass/sys-user.eclass
index d76e619..e14cdfb 100644
--- a/eclass/sys-user.eclass
+++ b/eclass/sys-user.eclass
@@ -271,11 +271,16 @@ sys-user_pkg_prerm() {
 		# We have successfully done nothing.
 		ewarn "Tried to remove nonexistent user ${SYS_USER_NAME}."
 	elif [[ -z "${REPLACING_VERSIONS}" ]]; then
-		# The user to remove exists, and this is not an upgrade, so
-		# we really do remove him.
-		userdel "${SYS_USER_NAME}" || \
-			die "failed to remove user ${SYS_USER_NAME}"
-		einfo "Removed user ${SYS_USER_NAME} from the system."
+		# The user to remove exists, and this is not an upgrade. For
+		# Phase 1, we maintain the status quo and simply refuse to
+		# remove him (unless you know what you are doing).
+		if [[ "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]; then
+			userdel "${SYS_USER_NAME}" || \
+				die "failed to remove user ${SYS_USER_NAME}"
+			einfo "Removed user ${SYS_USER_NAME} from the system."
+		else
+			die "refusing to remove package for system user ${SYS_USER_NAME}"
+		fi
 
 		# The missing case: if the user exists and this is an upgrade,
 		# we leave the user alone to be modified in
-- 
2.43.2