[Exherbo-dev] supar dupar uid/gid management

Ciaran McCreesh ciaran.mccreesh at googlemail.com
Tue Dec 30 16:17:34 GMT 2008


Here's the idea:

    paludis-scm.exheres-0:
        DEPENDENCIES="
            uid/paludisbuild
            gid/paludisbuild
            "

Then the user has:

    ids.conf:
        format = ids
        backend = passwd
        passwd = /etc/passwd
        # might not need the next line
        managed-ids = /var/db/paludis/repositories/managed-ids/

    installed-ids.conf:
        format = installed-ids
        backend = passwd
        passwd = /etc/passwd
        managed-ids = /var/db/paludis/repositories/managed-ids/

The IDs repository will contain a bunch of packages like:

    uid/paludisbuild-0 :0 ::ids
        Description:        User used by Paludis to perform builds

    gid/paludisbuild-0 :0 ::ids
        Description:        Group used by Paludis to perform builds

It will be populated by going around every available repository and
saying "what IDs do you want to export?". Exheres layout repositories
can export IDs by saying:

    metadata/uids/paludisbuild.conf:
        shell = /bin/bash
        gecos = Used used by Paludis to perform builds
        primary-group = paludisbuild

    metadata/gids/paludisbuild.conf:
        # this can be empty

Paludis will do the ID population magically, kinda like how it does for
old style virtuals on Gentoo. In the case of conflicts, the most
important repository wins.

The installed IDs repository will contain a bunch of packages like:

    uid/paludisbuild-0 :0 ::installed-ids
        Description:        User used by Paludis to perform builds
        uid:                123
        gid:                234

Things like --uninstall-unused will be able to remove IDs that are no
longer required.

But how do we handle user-managed IDs?

For user-managed IDs that aren't used by a repository, we don't have to
care. As far as the package manager is concerned, they don't exist.

But we can't really ignore the case where a user already has a foo UID.
We don't want the package mangler messing with it, and we don't want
the package mangler removing it. This is where managed-ids comes in.

We keep a couple of lists: managed-users and managed-groups. These
contain a list of users and groups that we're allowed to mangle. If we
install an ID ourselves, we consider it managed (although the user can
go in by hand and remove the entry if they want to take over management
of that ID).

There are a few ways we can handle unmanaged IDs. Not sure which is
best. We have to have unmanaged IDs listed as already installed. But
for the installable repo, we have options:

* If we list unmanaged installed IDs as installable, installing the ID
  would merely do nothing.

* We could just not list it as installable at all. This means we'd have
  to have the installed IDs marked has having a transient origin.

* We could mask the installable ID. Again, this needs transient origin.

I think the second option is easiest.

-- 
Ciaran McCreesh
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: not available
URL: <http://lists.exherbo.org/pipermail/exherbo-dev/attachments/20081230/0b0db7fe/attachment.pgp>


More information about the Exherbo-dev mailing list