[Pkg-shadow-devel] /usr/lib/passwd and OSTree

Colin Walters walters at verbum.org
Fri Mar 7 19:48:43 UTC 2014


I'd like to talk about my shadow-utils patch that lives here:

The commit message links to the Sourceware bug which has some 
rationale, but let me retype it here briefly:

OSTree is a new general-purpose upgrade system for Linux-based 
operating systems, designed to *complement* existing package systems 
like dpkg/rpm.  You feed it packages on the build server, and clients 
merely pull from the repository.

In this model, there is no %post/postinst - no code execution at all.  
That means no calls to /usr/sbin/adduser to add new system users from 
new packages.

In order to make this work then, the system users come in 
/usr/lib/passwd, and any end up in /etc/passwd.

On the client side, https://github.com/aperezdc/nss-altfiles is used as 
a NSS module to tell glibc to find the file.

Fortuitously, shadow-utils already has a '-r' option to specify a 
system user.  So on the build server side, any RPMs whose %post calls 
out to useradd will go in /usr/lib/passwd (if it exists).

The last bit is important - the patch checks to see if /usr/lib/passwd 
exists, if it doesn't, the users end up in the traditional /etc/passwd, 
so RPM/dpkg continue to work as is.

Comments appreciated!

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.alioth.debian.org/pipermail/pkg-shadow-devel/attachments/20140307/0e1bb01f/attachment.html>

More information about the Pkg-shadow-devel mailing list