Re: How to deal with sysusers files inside the package
On Fri, Jun 30, 2023 at 10:15:35PM +0200, Björn Persson wrote: Ewoud Kohl van Wijngaarden wrote: I'm looking at converting my package (where I'm also the upstream) to use sysusers.d but I'd prefer shipping the sysusers.d file inside the source tarball rather than in packaging. This allows me to use the same definition on Debian, which I think is a huge benefit of systemd standardizing these kinds of things. Yes, of course you'd want to do it that way, but Fedora isn't ready. I got the same impression. The documentation[1] only mentions shipping it as a separate source, not inside the tarball. Should I simply replace %{SOURCE3} in the docs with the path from the extracted tarball? My experience is that sysusers_create_compat can't be made to work with a file extracted from the tarball. It requires a separate source file. As long as user and group accounts must be added in the packaging, it's more convenient to do it in the spec file than in a separate sysusers file. Thus sysusers_create_compat seems rather useless to me. I wouldn't say completely useless, but useless in the ideal case. If your program needs its user account only at run time (such as a daemon that runs as non-root), then it's enough to drop the sysusers file into /usr/lib/sysusers.d. The account will then be created at the end of the RPM transaction, after all the packages have been installed. In that case shipping the sysusers file inside the tarball should work, and you don't need sysusers_create_compat. If your package contains any files owned by the account it creates, then installing the sysusers file is not sufficient. In that case the account must be created in %pre before the files are installed, either with sysusers_create_compat (which requires a separate source file) or with plain old useradd or groupadd. Sadly, this is the case (owning /var/lib/%{name}). I've seen some discussion recently about integrating sysusers support into RPM. That should allow an upstream sysusers file to work in all cases, if I understand correctly. If your package currently works, then I suggest waiting until the RPM integration is done before you change how user accounts are created. Thanks for the advice. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
Re: How to deal with sysusers files inside the package
Ewoud Kohl van Wijngaarden wrote: > I'm looking at converting my package (where I'm also the upstream) to > use sysusers.d but I'd prefer shipping the sysusers.d file inside the > source tarball rather than in packaging. This allows me to use the same > definition on Debian, which I think is a huge benefit of systemd > standardizing these kinds of things. Yes, of course you'd want to do it that way, but Fedora isn't ready. > The documentation[1] only mentions shipping it as a separate source, not > inside the tarball. Should I simply replace %{SOURCE3} in the docs with > the path from the extracted tarball? My experience is that sysusers_create_compat can't be made to work with a file extracted from the tarball. It requires a separate source file. As long as user and group accounts must be added in the packaging, it's more convenient to do it in the spec file than in a separate sysusers file. Thus sysusers_create_compat seems rather useless to me. If your program needs its user account only at run time (such as a daemon that runs as non-root), then it's enough to drop the sysusers file into /usr/lib/sysusers.d. The account will then be created at the end of the RPM transaction, after all the packages have been installed. In that case shipping the sysusers file inside the tarball should work, and you don't need sysusers_create_compat. If your package contains any files owned by the account it creates, then installing the sysusers file is not sufficient. In that case the account must be created in %pre before the files are installed, either with sysusers_create_compat (which requires a separate source file) or with plain old useradd or groupadd. I've seen some discussion recently about integrating sysusers support into RPM. That should allow an upstream sysusers file to work in all cases, if I understand correctly. If your package currently works, then I suggest waiting until the RPM integration is done before you change how user accounts are created. Björn Persson pgpBEXmS0YDu0.pgp Description: OpenPGP digital signatur ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
How to deal with sysusers files inside the package
I'm looking at converting my package (where I'm also the upstream) to use sysusers.d but I'd prefer shipping the sysusers.d file inside the source tarball rather than in packaging. This allows me to use the same definition on Debian, which I think is a huge benefit of systemd standardizing these kinds of things. The documentation[1] only mentions shipping it as a separate source, not inside the tarball. Should I simply replace %{SOURCE3} in the docs with the path from the extracted tarball? If so, is this something that the packaging-guidelines should document? I also noticed that %sysusers_create_compat isn't in EL8 and I'd rather not depend on epel-rpm-macros. Today we build completely outside of EPEL and I'd prefer to keep it that way. Is the recommended way to use %sysusers_create_package (provided by systemd-rpm-macros) instead? [1]: https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue