[Pkg-shadow-devel] /usr/lib/passwd and OSTree
Colin Walters
walters at verbum.org
Thu Apr 3 18:57:56 UTC 2014
Hello,
Any comments on the below?
On Fri, Mar 7, 2014 at 2:48 PM, Colin Walters <walters at verbum.org>
wrote:
> Hi,
>
> I'd like to talk about my shadow-utils patch that lives here:
> http://fedorapeople.org/~walters/Use-usr-lib-passwd-for-system-users-if-it-exists.patch
>
> The commit message links to the Sourceware bug which has some
> rationale, but let me retype it here briefly:
>
> OSTree is a new general-purpose upgrade system for Linux-based
> operating systems, designed to *complement* existing package systems
> like dpkg/rpm. You feed it packages on the build server, and clients
> merely pull from the repository.
>
> In this model, there is no %post/postinst - no code execution at all.
> That means no calls to /usr/sbin/adduser to add new system users
> from new packages.
>
> In order to make this work then, the system users come in
> /usr/lib/passwd, and any end up in /etc/passwd.
>
> On the client side, https://github.com/aperezdc/nss-altfiles is used
> as a NSS module to tell glibc to find the file.
>
> Fortuitously, shadow-utils already has a '-r' option to specify a
> system user. So on the build server side, any RPMs whose %post calls
> out to useradd will go in /usr/lib/passwd (if it exists).
>
> The last bit is important - the patch checks to see if
> /usr/lib/passwd exists, if it doesn't, the users end up in the
> traditional /etc/passwd, so RPM/dpkg continue to work as is.
>
> Comments appreciated!
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20140403/8af3085c/attachment.html>
More information about the Pkg-shadow-devel
mailing list