On 11/27/21 16:10, Neal Gompa wrote:
On Sat, Nov 27, 2021 at 9:02 AM Frank Ch. Eigler
<fche(a)redhat.com> wrote:
>
> Adam Williamson <adamwill(a)fedoraproject.org> writes:
>
>> [...]
>>
>>
https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/...
>>
>> say:
>>
>> "Create a <package-name>.sysusers file with the user definition and
add
>> where usr/lib/sysusers.d/geekotest.conf is the path to one of the
>> sysusers config file within the upstream source, but it doesn't seem to
>> work. [...]
>
> One problem with these sysusers rpm macros is that they expand to the
> scriptlets very early: before even the main source tarball is extracted.
> This is why the fedora packaging guideline more or less forces them to
> be first-class spec sources.
There's a way around this: change the %sysusers_create_package stuff to
use "%pre -f <scriptfile>". Just like with %files -f, the script can be
generated during build/install stages so you can use both separate
sources and tarballed ones. And like with %files -f, the -f included
script file gets appended to what else may be in that script.
So basically you'd want to turn %sysusers_create_package into a
standalone script which can be called from %build/install, and included
with %pre -f. Much like %find_lang is used.
> In the case of systemtap, we worked around this by moving the
sysusers
> config files right into the spec file - out of the source tarball - and
> feed them to %pre and %install scripts by hand.
>
>
https://src.fedoraproject.org/rpms/systemtap/blob/rawhide/f/systemtap.spe...
>
https://src.fedoraproject.org/rpms/systemtap/blob/rawhide/f/systemtap.spe...
>
https://src.fedoraproject.org/rpms/systemtap/blob/rawhide/f/systemtap.spe...
>
> IMO this is ugly and unfortunate.
>
The design around sysusers expects a model where files are unpacked
and *then* scripts are run. RPM doesn't work that way, which makes all
Actually, in rpm >= 4.17 there technically is a window where users could
be created based on content unpacked from the package itself. What's
missing is a hook (aka script) to run after unpacking all files but
prior to setting metadata on them all.
of this fall apart. In the ideal case, we could generate preinstall
scriptlets for this stuff from detected sysusers files on the fly, but
there's currently no way to do that.
A more practical way to work around this is to always subpackage out
sysusers and use dependencies to guarantee that it's installed before
the package itself is. This would require the systemd file trigger to
make it so that sysusers is run per-package instead of
per-transaction, though. Alternatively, you could just manually run
systemd-sysusers in %post for those cases.
Yeah, conceptually user-only subpackages is a kinda neat solution, but
not sure its tolerable in terms of package number explosion / metadata
overhead.
- Panu -
--
真実はいつも一つ!/ Always, there's only one truth!
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure