Re: How to deal with sysusers files inside the package
On Fri, Jun 30, 2023 at 10:15:35PM +0200, Björn Persson wrote:
Ewoud Kohl van Wijngaarden wrote:
I'm looking at converting my package (where I'm also the upstream) to
use sysusers.d but I'd prefer shipping the sysusers.d file inside the
source tarball rather than in packaging. This allows me to use the same
definition on Debian, which I think is a huge benefit of systemd
standardizing these kinds of things.
Yes, of course you'd want to do it that way, but Fedora isn't ready.
I got the same impression.
The documentation[1] only mentions shipping it as a separate source, not
inside the tarball. Should I simply replace %{SOURCE3} in the docs with
the path from the extracted tarball?
My experience is that sysusers_create_compat can't be made to work with
a file extracted from the tarball. It requires a separate source file.
As long as user and group accounts must be added in the packaging, it's
more convenient to do it in the spec file than in a separate sysusers
file. Thus sysusers_create_compat seems rather useless to me.
I wouldn't say completely useless, but useless in the ideal case.
If your program needs its user account only at run time (such as a
daemon that runs as non-root), then it's enough to drop the sysusers
file into /usr/lib/sysusers.d. The account will then be created at the
end of the RPM transaction, after all the packages have been installed.
In that case shipping the sysusers file inside the tarball should work,
and you don't need sysusers_create_compat.
If your package contains any files owned by the account it creates,
then installing the sysusers file is not sufficient. In that case the
account must be created in %pre before the files are installed, either
with sysusers_create_compat (which requires a separate source file) or
with plain old useradd or groupadd.
Sadly, this is the case (owning /var/lib/%{name}).
I've seen some discussion recently about integrating sysusers support
into RPM. That should allow an upstream sysusers file to work in all
cases, if I understand correctly. If your package currently works, then
I suggest waiting until the RPM integration is done before you change
how user accounts are created.
Thanks for the advice.
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
Re: How to deal with sysusers files inside the package
Ewoud Kohl van Wijngaarden wrote:
> I'm looking at converting my package (where I'm also the upstream) to
> use sysusers.d but I'd prefer shipping the sysusers.d file inside the
> source tarball rather than in packaging. This allows me to use the same
> definition on Debian, which I think is a huge benefit of systemd
> standardizing these kinds of things.
Yes, of course you'd want to do it that way, but Fedora isn't ready.
> The documentation[1] only mentions shipping it as a separate source, not
> inside the tarball. Should I simply replace %{SOURCE3} in the docs with
> the path from the extracted tarball?
My experience is that sysusers_create_compat can't be made to work with
a file extracted from the tarball. It requires a separate source file.
As long as user and group accounts must be added in the packaging, it's
more convenient to do it in the spec file than in a separate sysusers
file. Thus sysusers_create_compat seems rather useless to me.
If your program needs its user account only at run time (such as a
daemon that runs as non-root), then it's enough to drop the sysusers
file into /usr/lib/sysusers.d. The account will then be created at the
end of the RPM transaction, after all the packages have been installed.
In that case shipping the sysusers file inside the tarball should work,
and you don't need sysusers_create_compat.
If your package contains any files owned by the account it creates,
then installing the sysusers file is not sufficient. In that case the
account must be created in %pre before the files are installed, either
with sysusers_create_compat (which requires a separate source file) or
with plain old useradd or groupadd.
I've seen some discussion recently about integrating sysusers support
into RPM. That should allow an upstream sysusers file to work in all
cases, if I understand correctly. If your package currently works, then
I suggest waiting until the RPM integration is done before you change
how user accounts are created.
Björn Persson
pgpBEXmS0YDu0.pgp
Description: OpenPGP digital signatur
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
How to deal with sysusers files inside the package
I'm looking at converting my package (where I'm also the upstream) to
use sysusers.d but I'd prefer shipping the sysusers.d file inside the
source tarball rather than in packaging. This allows me to use the same
definition on Debian, which I think is a huge benefit of systemd
standardizing these kinds of things.
The documentation[1] only mentions shipping it as a separate source, not
inside the tarball. Should I simply replace %{SOURCE3} in the docs with
the path from the extracted tarball? If so, is this something that the
packaging-guidelines should document?
I also noticed that %sysusers_create_compat isn't in EL8 and I'd rather
not depend on epel-rpm-macros. Today we build completely outside of EPEL
and I'd prefer to keep it that way. Is the recommended way to use
%sysusers_create_package (provided by systemd-rpm-macros) instead?
[1]: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/
___
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
