On Thu, 30 May 2019 14:50:30 +0200 Michał Górny <mgo...@gentoo.org> wrote:
> Please review the following patches, implementing the user/group package > concept. The patches incorporate some of the feedback to the proposed > GLEP, and I'd like to get them reviewed before I submit the next GLEP > update. They are based on earlier work by mjo. I like the idea and the changes look good. I gather this doesn't address the ROOT problem. That's fine, it wasn't one of the stated goals, I just want to keep it in mind. I still stand by what I said in https://bugs.gentoo.org/541406#c2. The various tools such as useradd do have a -R option to specify a root directory but this performs an actual chroot, making it useless for non-native environments. Even if this somehow worked or if it were run through QEMU, it would still not be sufficient because Portage needs to know about these users and groups from the perspective of the build system. I believe what is needed is some way to intelligently sync the accounts between / and ROOT. If a user or group already exists in / then use the same ID in ROOT. If it doesn't already exist then create it in / first, ensuring that the new ID doesn't clash with one already in ROOT. If there is an unresolvable ID clash then error out. If we're looking to keep all UIDs/GIDs fixed going forwards then clashes obviously become less of an issue. Since writing the above, I've become aware that you can bind mount individual files such as /etc/passwd and there are also new tricks like user namespacing. We could probably come up with something workable but this hasn't reached the top of my pile. -- James Le Cuirot (chewi) Gentoo Linux Developer
pgp7vErIW_k0d.pgp
Description: OpenPGP digital signature
