maintenance of "setup" and https://fedoraproject.org/wiki/Packaging:UsersAndGroups
Kevin Fenzi
kevin at scrye.com
Sat Jul 12 20:51:55 UTC 2014
On Fri, 11 Jul 2014 15:55:44 -0700
Colin Walters <walters at verbum.org> wrote:
> Hi,
>
> I was looking at user/group stuff more as part of the other thread on
> https://fedoraproject.org/wiki/Changes/SystemdSysusers - but let's
> ignore that for a second.
>
> So on
> https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
> - I followed the link to the "uidgid" section, and noticed "Hey, we
> have another uid/gid listing here".
>
> Scanning that list, I saw "polkituser"...which:
> 1) Doesn't exist - the polkit package allocates a user named "polkit"
> 2) Isn't used even if it did: polkit allocates a dynamic uid/gid.
Fun. ;)
> Now Mirek and I currently maintain polkit, and at least I was unaware
> of the existence of this reservation.
>
> Basically, because this list isn't actually *used* by RPM at
> installation time, it is prone to desynchronization with the actual
> code in the spec files, and it happened in at least this case for
> polkit.
>
> I did a bit of archaeology in the git log through several whitespace
> cleanups/reorganizations and then hit a wall on this commit:
> https://git.fedorahosted.org/cgit/setup.git/commit/?id=08258e0f748c4f372fcbf1dd7947c132ee0b8a12
>
> Hard to know what was going on at that time.
Yeah, perhaps Phil recalls?
> Anyways at least nowadays there appears to be a relatively sane SOP
> for this wrt filing a trac ticket or bug against setup, but it seems
> like we have an opportunity now for some sort of static check to
> ensure that the systemd-sysusers snippets shipped by packages
> actually match that of setup.
Perhaps this could be a taskotron QA test? check that package uses
static uid, check it against list?
> Also, we should audit now to see if there are other packages besides
> polkit that are out of sync.
Yeah.
Also, audit it for packages that don't need a static allocation at all.
kevin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://lists.fedoraproject.org/pipermail/devel/attachments/20140712/75beecce/attachment.sig>
More information about the devel
mailing list