jobserver: Add group for system wide jobservers, v0

Michał Górny Sat, 13 Dec 2025 19:26:43 -0800

Add a dedicated group to control system-wide jobserver access, such
as the one provided by dev-build/steve.  This will replace the current
portage:portage ownership, and make it possible to grant users access
without giving them full portage group access.  Note that we don't want
open access to system-wide jobservers, as an untrusted user could then
grab all tokens and effectively block other processes from building.


Signed-off-by: Michał Górny <[email protected]>
---
 acct-group/jobserver/jobserver-0.ebuild | 9 +++++++++
 acct-group/jobserver/metadata.xml       | 8 ++++++++
 2 files changed, 17 insertions(+)
 create mode 100644 acct-group/jobserver/jobserver-0.ebuild
 create mode 100644 acct-group/jobserver/metadata.xml

diff --git a/acct-group/jobserver/jobserver-0.ebuild 
b/acct-group/jobserver/jobserver-0.ebuild
new file mode 100644
index 0000000000000..4a7bb9457daf1
--- /dev/null
+++ b/acct-group/jobserver/jobserver-0.ebuild
@@ -0,0 +1,9 @@
+# Copyright 2025 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=8
+
+inherit acct-group
+
+ACCT_GROUP_ID=556
+DESCRIPTION="Access to system-wide jobservers"
diff --git a/acct-group/jobserver/metadata.xml 
b/acct-group/jobserver/metadata.xml
new file mode 100644
index 0000000000000..076793e3f54be
--- /dev/null
+++ b/acct-group/jobserver/metadata.xml
@@ -0,0 +1,8 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "https://www.gentoo.org/dtd/metadata.dtd";>
+<pkgmetadata>
+       <maintainer type="person">
+               <email>[email protected]</email>
+               <name>Michał Górny</name>
+       </maintainer>
+</pkgmetadata>

[gentoo-dev] [PATCH 1/3] acct-group/jobserver: Add group for system wide jobservers, v0

Reply via email to