maintenance of "setup" and https://fedoraproject.org/wiki/Packaging:UsersAndGroups

Kevin Fenzi kevin at scrye.com
Sat Jul 12 20:51:55 UTC 2014 

On Fri, 11 Jul 2014 15:55:44 -0700
Colin Walters <walters at verbum.org> wrote:

> Hi,
> 
> I was looking at user/group stuff more as part of the other thread on
> https://fedoraproject.org/wiki/Changes/SystemdSysusers - but let's
> ignore that for a second.
> 
> So on
> https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
> - I followed the link to the "uidgid" section, and noticed "Hey, we
> have another uid/gid listing here".
> 
> Scanning that list, I saw "polkituser"...which:
> 1) Doesn't exist - the polkit package allocates a user named "polkit"
> 2) Isn't used even if it did: polkit allocates a dynamic uid/gid.

Fun. ;) 

> Now Mirek and I currently maintain polkit, and at least I was unaware
> of the existence of this reservation.
> 
> Basically, because this list isn't actually *used* by RPM at
> installation time, it is prone to desynchronization with the actual
> code in the spec files, and it happened in at least this case for
> polkit.
> 
> I did a bit of archaeology in the git log through several whitespace
> cleanups/reorganizations and then hit a wall on this commit:
> https://git.fedorahosted.org/cgit/setup.git/commit/?id=08258e0f748c4f372fcbf1dd7947c132ee0b8a12
> 
> Hard to know what was going on at that time.

Yeah, perhaps Phil recalls?
 
> Anyways at least nowadays there appears to be a relatively sane SOP
> for this wrt filing a trac ticket or bug against setup, but it seems
> like we have an opportunity now for some sort of static check to
> ensure that the systemd-sysusers snippets shipped by packages
> actually match that of setup.

Perhaps this could be a taskotron QA test? check that package uses
static uid, check it against list?
 
> Also, we should audit now to see if there are other packages besides
> polkit that are out of sync.

Yeah. 

Also, audit it for packages that don't need a static allocation at all. 

kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140712/75beecce/attachment.sig>

More information about the devel mailing list