[Pkg-shadow-devel] /usr/lib/passwd and OSTree

Colin Walters walters at verbum.org
Thu Apr 3 18:57:56 UTC 2014


Any comments on the below?

On Fri, Mar 7, 2014 at 2:48 PM, Colin Walters <walters at verbum.org> 
> Hi,
> I'd like to talk about my shadow-utils patch that lives here:
> http://fedorapeople.org/~walters/Use-usr-lib-passwd-for-system-users-if-it-exists.patch
> The commit message links to the Sourceware bug which has some 
> rationale, but let me retype it here briefly:
> OSTree is a new general-purpose upgrade system for Linux-based 
> operating systems, designed to *complement* existing package systems 
> like dpkg/rpm.  You feed it packages on the build server, and clients 
> merely pull from the repository.
> In this model, there is no %post/postinst - no code execution at all. 
>  That means no calls to /usr/sbin/adduser to add new system users 
> from new packages.
> In order to make this work then, the system users come in 
> /usr/lib/passwd, and any end up in /etc/passwd.
> On the client side, https://github.com/aperezdc/nss-altfiles is used 
> as a NSS module to tell glibc to find the file.
> Fortuitously, shadow-utils already has a '-r' option to specify a 
> system user.  So on the build server side, any RPMs whose %post calls 
> out to useradd will go in /usr/lib/passwd (if it exists).
> The last bit is important - the patch checks to see if 
> /usr/lib/passwd exists, if it doesn't, the users end up in the 
> traditional /etc/passwd, so RPM/dpkg continue to work as is.
> Comments appreciated!
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20140403/8af3085c/attachment.html>

More information about the Pkg-shadow-devel mailing list