You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Rpm >= 4.19 has native support for declarative user and group creation through integration with systemd’s sysusers.d format. Packagers will only need to package a sysusers.d file for their custom users and groups in /usr/lib/sysusers.d and rpm will take care of the rest.
I tried that, and an initial version with a clean approach just adds %{_sysusersdir}/cockpit-ws.conf file to the rpm. The diff doesn't show the existing
On install it does create the sysusers, but it tries to apply the %attrbefore creating the users:
# rpm -i --verbose /var/tmp/build/cockpit-ws-316.dev27+g1dc9d3b8f-1.fc40.x86_64.rpm
Verifying packages...
Preparing packages...
cockpit-ws-316.dev27+g1dc9d3b8f-1.fc40.x86_64
warning: group cockpit-wsinstance does not exist - using root
Creating group 'cockpit-ws' with GID 979.
Creating user 'cockpit-ws' (User for cockpit web service) with UID 979 and GID 979.
Creating group 'cockpit-wsinstance' with GID 978.
Creating user 'cockpit-wsinstance' (User for cockpit-ws instances) with UID 978 and GID 978.
and after installation, /usr/libexec/cockpit-session has the wrong ownership (group root).
So for the docs to actually work, it needs to create the sysusers before unpacking (i.e. what a %pre script would do) from its "magic" provides or other internal .rpm metadata, or defer the %attr() application after the initial unpacking of the files and sysusers creation.
I suppose that is the reason why the Fedora packaging guidelines have a completely different, and very hackish approach -- that suggests to duplicate the sysusers file downstream in the packaging dist-git, and using %sysusers_create_compat to basically create some useradd shell script out of the sysusers.d file. But this is awkward, error prone, a bit hard to automate for releases. It also feels backwards -- the whole point is to move and standardize all of this upstream.
I didn't find any existing upstream or Fedora downstream (bugzilla) bug report, so filing this one.
We are currently trying to move our project to systemd-sysusers, away from manual
useradd
calls in the package's%pre
script. The rpm manual claimsI tried that, and an initial version with a clean approach just adds
%{_sysusersdir}/cockpit-ws.conf
file to the rpm. The diff doesn't show the existingin the spec which makes use of the dynamic group.
The rpm build does create the "magic" provides:
On install it does create the sysusers, but it tries to apply the
%attr
before creating the users:and after installation, /usr/libexec/cockpit-session has the wrong ownership (group root).
So for the docs to actually work, it needs to create the sysusers before unpacking (i.e. what a
%pre
script would do) from its "magic" provides or other internal .rpm metadata, or defer the%attr()
application after the initial unpacking of the files and sysusers creation.I suppose that is the reason why the Fedora packaging guidelines have a completely different, and very hackish approach -- that suggests to duplicate the sysusers file downstream in the packaging dist-git, and using
%sysusers_create_compat
to basically create someuseradd
shell script out of the sysusers.d file. But this is awkward, error prone, a bit hard to automate for releases. It also feels backwards -- the whole point is to move and standardize all of this upstream.I didn't find any existing upstream or Fedora downstream (bugzilla) bug report, so filing this one.
Thanks!
CC: @travier
The text was updated successfully, but these errors were encountered: