maintenance of "setup" and https://fedoraproject.org/wiki/Packaging:UsersAndGroups

Ondrej Vasik ovasik at redhat.com
Mon Jul 14 13:34:34 UTC 2014 

On Fri, 2014-07-11 at 15:55 -0700, Colin Walters wrote:
> Hi,
> 
> I was looking at user/group stuff more as part of the other thread on
> https://fedoraproject.org/wiki/Changes/SystemdSysusers - but let's
> ignore that for a second.
> 
> So on
> https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Soft_static_allocation
> - I followed the link to the "uidgid" section, and noticed "Hey, we have
> another uid/gid listing here".
> 
> Scanning that list, I saw "polkituser"...which:
> 1) Doesn't exist - the polkit package allocates a user named "polkit"
> 2) Isn't used even if it did: polkit allocates a dynamic uid/gid.
> 
> Now Mirek and I currently maintain polkit, and at least I was unaware of
> the existence of this reservation.
> 
> Basically, because this list isn't actually *used* by RPM at
> installation time, it is prone to desynchronization with the actual code
> in the spec files, and it happened in at least this case for polkit.

For the history - https://bugzilla.redhat.com/show_bug.cgi?id=244950 and
https://bugzilla.redhat.com/show_bug.cgi?id=480776 are the pointers.
Static id was requested by former polkit maintainer - and reserved by
Phil - long time ago.
If the id was actually never in use or it is just rename of the former
polkituser id, it is safe to use it now for polkit ...

> I did a bit of archaeology in the git log through several whitespace
> cleanups/reorganizations and then hit a wall on this commit:
> https://git.fedorahosted.org/cgit/setup.git/commit/?id=08258e0f748c4f372fcbf1dd7947c132ee0b8a12

Good google query is more powerful than gitlog in some cases ;) .
> 
> Hard to know what was going on at that time.
> 
> Anyways at least nowadays there appears to be a relatively sane SOP for
> this wrt filing a trac ticket or bug against setup, but it seems like we
> have an opportunity now for some sort of static check to ensure that the
> systemd-sysusers snippets shipped by packages actually match that of
> setup.

If you plan to use this 87 uid/gid for polkit, just let me know or file
bugzilla against setup - otherwise, I can likely just remove the
reservation from uidgid file.
> 
> Also, we should audit now to see if there are other packages besides
> polkit that are out of sync.

There were such packages - I remember I notified maintainers of one or
two packages in the past about different/wrong uid/gid/name used.
However - afaik noone did full audit of id's - at least not recently -
and I don't plan it in near future - too long todo list...

Greetings,
         Ondrej

More information about the devel mailing list