On 3/29/2019 10:14 AM, Luis Ressel wrote:
> On Fri, Mar 29, 2019 at 08:17:55AM +0000, Laurent Bercot wrote:
>>> This is something we do indeed sorely need. We do not have one yet.
>>> After the formalisation of projects, this should probably be a top priority.
>>
>> It is much more user-friendly to create appropriate uid/gids
>> dynamically, at package first installation time (which is why I
>> did so in later packages). We lose consistency of uid/gid numbering
>> across machines, but I don't think it's a big issue.
>
> I agree with both you here. I think it'd be very useful to keep
> "system" uids and gids stable across hosts, but creating them
> dynamically at package installation is much saner than a big, scary
> /etc/group file listing everything.
>
I also agree here, but maybe instead of putting the users and troups
into the adelie-base package, we should look into writing a script that
contains an authoritative mapping of system/service users and their
related UIDs and GIDs. The script could be called "dynamically" by
packages post installs that need unprivileged users.
> And while we're on this topic: I've noticed our post-install hooks
> create users in rather inconsistent ways. Some use useradd, some use
> adduser, some hardcode uids/gids, some don't, and the flags passed
> (especially) to useradd are also wildy different. It'd be awesome if we
> could clean this mess up, and ideally in a way that doesn't require
> every package author to "copy&paste the blessed useradd incantation".
>
Definitely agree with this. I know that [[sroracle]] was working on an
APKBUILD linter/static analyzer, and that might be a good place to put
these checks into.
Thanks!
Dan Theisen
Received on Sat Mar 30 2019 - 00:03:23 UTC