On Fri, 11 Jul 2014 15:55:44 -0700
Colin Walters <walters(a)verbum.org> wrote:
Hi,
I was looking at user/group stuff more as part of the other thread on
https://fedoraproject.org/wiki/Changes/SystemdSysusers - but let's
ignore that for a second.
So on
https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_alloc...
- I followed the link to the "uidgid" section, and noticed "Hey, we
have another uid/gid listing here".
Scanning that list, I saw "polkituser"...which:
1) Doesn't exist - the polkit package allocates a user named "polkit"
2) Isn't used even if it did: polkit allocates a dynamic uid/gid.
Fun. ;)
Now Mirek and I currently maintain polkit, and at least I was
unaware
of the existence of this reservation.
Basically, because this list isn't actually *used* by RPM at
installation time, it is prone to desynchronization with the actual
code in the spec files, and it happened in at least this case for
polkit.
I did a bit of archaeology in the git log through several whitespace
cleanups/reorganizations and then hit a wall on this commit:
https://git.fedorahosted.org/cgit/setup.git/commit/?id=08258e0f748c4f372f...
Hard to know what was going on at that time.
Yeah, perhaps Phil recalls?
Anyways at least nowadays there appears to be a relatively sane SOP
for this wrt filing a trac ticket or bug against setup, but it seems
like we have an opportunity now for some sort of static check to
ensure that the systemd-sysusers snippets shipped by packages
actually match that of setup.
Perhaps this could be a taskotron QA test? check that package uses
static uid, check it against list?
Also, we should audit now to see if there are other packages besides
polkit that are out of sync.
Yeah.
Also, audit it for packages that don't need a static allocation at all.
kevin