[gentoo-dev] [PATCH v2 0/9] User/group packages

[gentoo-dev] [PATCH v2 0/9] User/group packages

[Michał Górny]

Hi,

Here's the second iteration of user/group package implementation part.

Changes from v1:

- renamed categories and eclasses to acct-user and acct-group,

- added ACCT_USER_HOME_{OWNER,PERMS} to control ownership
  and permissions of created home directories.

--
Best regards,
Michał Górny


Michał Górny (9):
  user.eclass: Do not create user-group automatically
  user.eclass: Prevent automated home creation in useradd
  user.eclass: Support disabling home directory creation
  user.eclass: Support forcing specified UID/GID
  user.eclass: Die if no free UID/GID is found
  acct-{group,user}.eclass: WIP eclasses to maintain users/groups
  acct-group/ftp: Add 'ftp' group (GID 21)
  acct-user/ftp: Add 'ftp' user (UID 21)
  net-ftp/ftpbase: Utilize {group,user}/ftp

 acct-group/ftp/ftp-0.ebuild            |   8 +
 acct-group/ftp/metadata.xml            |   5 +
 acct-user/ftp/ftp-0.ebuild             |  13 ++
 acct-user/ftp/metadata.xml             |   5 +
 eclass/acct-group.eclass               | 105 ++++++++++++
 eclass/acct-user.eclass                | 217 +++++++++++++++++++++++++
 eclass/user.eclass                     |  39 ++++-
 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild |  39 +++++
 profiles/categories                    |   2 +
 9 files changed, 430 insertions(+), 3 deletions(-)
 create mode 100644 acct-group/ftp/ftp-0.ebuild
 create mode 100644 acct-group/ftp/metadata.xml
 create mode 100644 acct-user/ftp/ftp-0.ebuild
 create mode 100644 acct-user/ftp/metadata.xml
 create mode 100644 eclass/acct-group.eclass
 create mode 100644 eclass/acct-user.eclass
 create mode 100644 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild

-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 1/9] user.eclass: Do not create user-group automatically

[Michał Górny]

Closes: https://bugs.gentoo.org/512220
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/user.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclass/user.eclass b/eclass/user.eclass
index f6a10a6bee28..a6c6ad82b7a0 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -246,7 +246,7 @@ enewuser() {
 		;;
 
 	*)
-		useradd -r "${opts[@]}" "${euser}" || die
+		useradd -N -r "${opts[@]}" "${euser}" || die
 		;;
 	esac
 
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 2/9] user.eclass: Prevent automated home creation in useradd

[Michał Górny]

Pass '-M' to prevent useradd from automatically creating the home
directory (depending on system configuration).  We create the home
directory ourselves anyway, and we have better control over how it's
created this way.

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/user.eclass | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/eclass/user.eclass b/eclass/user.eclass
index a6c6ad82b7a0..6be76666d9f3 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -246,7 +246,7 @@ enewuser() {
 		;;
 
 	*)
-		useradd -N -r "${opts[@]}" "${euser}" || die
+		useradd -M -N -r "${opts[@]}" "${euser}" || die
 		;;
 	esac
 
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 3/9] user.eclass: Support disabling home directory creation

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/user.eclass | 16 ++++++++++++++--
 1 file changed, 14 insertions(+), 2 deletions(-)

diff --git a/eclass/user.eclass b/eclass/user.eclass
index 6be76666d9f3..7eda668974f0 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -96,12 +96,15 @@ egetent() {
 }
 
 # @FUNCTION: enewuser
-# @USAGE: <user> [uid] [shell] [homedir] [groups]
+# @USAGE: <user> [-M] [uid] [shell] [homedir] [groups]
 # @DESCRIPTION:
 # Same as enewgroup, you are not required to understand how to properly add
 # a user to the system.  The only required parameter is the username.
 # Default uid is (pass -1 for this) next available, default shell is
 # /bin/false, default homedir is /dev/null, and there are no default groups.
+#
+# If -M is passed, enewuser does not create the home directory if it does not
+# exist.
 enewuser() {
 	if [[ ${EUID} != 0 ]] ; then
 		einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
@@ -109,6 +112,15 @@ enewuser() {
 	fi
 	_assert_pkg_ebuild_phase ${FUNCNAME}
 
+	local create_home=1
+	while [[ $1 == -* ]]; do
+		case $1 in
+			-M) create_home=;;
+			*) die "${FUNCNAME}: invalid option ${1}";;
+		esac
+		shift
+	done
+
 	# get the username
 	local euser=$1; shift
 	if [[ -z ${euser} ]] ; then
@@ -250,7 +262,7 @@ enewuser() {
 		;;
 	esac
 
-	if [[ ! -e ${ROOT}/${ehome} ]] ; then
+	if [[ -n ${create_home} && ! -e ${ROOT}/${ehome} ]] ; then
 		einfo " - Creating ${ehome} in ${ROOT}"
 		mkdir -p "${ROOT}/${ehome}"
 		chown "${euser}" "${ROOT}/${ehome}"
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 4/9] user.eclass: Support forcing specified UID/GID

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/user.eclass | 23 +++++++++++++++++++++--
 1 file changed, 21 insertions(+), 2 deletions(-)

diff --git a/eclass/user.eclass b/eclass/user.eclass
index 7eda668974f0..1ffeaae29569 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -96,13 +96,15 @@ egetent() {
 }
 
 # @FUNCTION: enewuser
-# @USAGE: <user> [-M] [uid] [shell] [homedir] [groups]
+# @USAGE: <user> [-F] [-M] [uid] [shell] [homedir] [groups]
 # @DESCRIPTION:
 # Same as enewgroup, you are not required to understand how to properly add
 # a user to the system.  The only required parameter is the username.
 # Default uid is (pass -1 for this) next available, default shell is
 # /bin/false, default homedir is /dev/null, and there are no default groups.
 #
+# If -F is passed, enewuser will always enforce specified UID and fail if it
+# can not be assigned.
 # If -M is passed, enewuser does not create the home directory if it does not
 # exist.
 enewuser() {
@@ -112,9 +114,10 @@ enewuser() {
 	fi
 	_assert_pkg_ebuild_phase ${FUNCNAME}
 
-	local create_home=1
+	local create_home=1 force_uid=
 	while [[ $1 == -* ]]; do
 		case $1 in
+			-F) force_uid=1;;
 			-M) create_home=;;
 			*) die "${FUNCNAME}: invalid option ${1}";;
 		esac
@@ -142,6 +145,7 @@ enewuser() {
 	if [[ -n ${euid} && ${euid} != -1 ]] ; then
 		if [[ ${euid} -gt 0 ]] ; then
 			if [[ -n $(egetent passwd ${euid}) ]] ; then
+				[[ -n ${force_uid} ]] && die "${FUNCNAME}: UID ${euid} already taken"
 				euid="next"
 			fi
 		else
@@ -149,6 +153,7 @@ enewuser() {
 			die "${euid} is not a valid UID"
 		fi
 	else
+		[[ -n ${force_uid} ]] && die "${FUNCNAME}: -F with uid==-1 makes no sense"
 		euid="next"
 	fi
 	if [[ ${euid} == "next" ]] ; then
@@ -277,6 +282,9 @@ enewuser() {
 # group to the system.  Just give it a group name to add and enewgroup will
 # do the rest.  You may specify the gid for the group or allow the group to
 # allocate the next available one.
+#
+# If -F is passed, enewgroup will always enforce specified GID and fail if it
+# can not be assigned.
 enewgroup() {
 	if [[ ${EUID} != 0 ]] ; then
 		einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
@@ -284,6 +292,15 @@ enewgroup() {
 	fi
 	_assert_pkg_ebuild_phase ${FUNCNAME}
 
+	local force_gid=
+	while [[ $1 == -* ]]; do
+		case $1 in
+			-F) force_gid=1;;
+			*) die "${FUNCNAME}: invalid option ${1}";;
+		esac
+		shift
+	done
+
 	# get the group
 	local egroup=$1; shift
 	if [[ -z ${egroup} ]] ; then
@@ -302,6 +319,7 @@ enewgroup() {
 	if [[ ! -z ${egid} ]] ; then
 		if [[ ${egid} -gt 0 ]] ; then
 			if [[ -n $(egetent group ${egid}) ]] ; then
+				[[ -n ${force_gid} ]] && die "${FUNCNAME}: GID ${egid} already taken"
 				egid="next available; requested gid taken"
 			fi
 		else
@@ -309,6 +327,7 @@ enewgroup() {
 			die "${egid} is not a valid GID"
 		fi
 	else
+		[[ -n ${force_gid} ]] && die "${FUNCNAME}: -F with gid==-1 makes no sense"
 		egid="next available"
 	fi
 	einfo " - Groupid: ${egid}"
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 5/9] user.eclass: Die if no free UID/GID is found

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 eclass/user.eclass | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/eclass/user.eclass b/eclass/user.eclass
index 1ffeaae29569..b16c4c6d69b7 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -160,6 +160,7 @@ enewuser() {
 		for ((euid = 101; euid <= 999; euid++)); do
 			[[ -z $(egetent passwd ${euid}) ]] && break
 		done
+		[[ ${euid} -le 999 ]] || die "${FUNCNAME}: no free UID found"
 	fi
 	opts+=( -u ${euid} )
 	einfo " - Userid: ${euid}"
@@ -344,6 +345,7 @@ enewgroup() {
 			for ((egid = 101; egid <= 999; egid++)) ; do
 				[[ -z $(egetent group ${egid}) ]] && break
 			done
+			[[ ${egid} -le 999 ]] || die "${FUNCNAME}: no free GID found"
 		fi
 	}
 
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Michał Górny]

---
 eclass/acct-group.eclass | 105 +++++++++++++++++++
 eclass/acct-user.eclass  | 217 +++++++++++++++++++++++++++++++++++++++
 2 files changed, 322 insertions(+)
 create mode 100644 eclass/acct-group.eclass
 create mode 100644 eclass/acct-user.eclass

diff --git a/eclass/acct-group.eclass b/eclass/acct-group.eclass
new file mode 100644
index 000000000000..8b3b2202aa35
--- /dev/null
+++ b/eclass/acct-group.eclass
@@ -0,0 +1,105 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# @ECLASS: acct-group.eclass
+# @MAINTAINER:
+# Michał Górny <mgorny@gentoo.org>
+# @AUTHOR:
+# Michael Orlitzky <mjo@gentoo.org>
+# Michał Górny <mgorny@gentoo.org>
+# @BLURB: Eclass used to create and maintain a single group entry
+# @DESCRIPTION:
+# This eclass represents and creates a single group entry.  The name
+# of the group is derived from ${PN}, while (preferred) GID needs to
+# be specified via ACCT_GROUP_ID.  Packages (and users) needing the group
+# in question should depend on the package providing it.
+#
+# Example:
+# If your package needs group 'foo', you create 'acct-group/foo' package
+# and add an ebuild with the following contents:
+#
+# @CODE
+# EAPI=7
+# inherit acct-group
+# ACCT_GROUP_ID=200
+# @CODE
+#
+# Then you add appropriate dependency to your package.  The dependency
+# type(s) should be:
+# - DEPEND (+ RDEPEND) if the group is already needed at build time,
+# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
+#   in pkg_preinst),
+# - PDEPEND if it is only needed at runtime.
+
+
+if [[ -z ${_ACCT_GROUP_ECLASS} ]]; then
+_ACCT_GROUP_ECLASS=1
+
+case ${EAPI:-0} in
+	7) ;;
+	*) die "EAPI=${EAPI} not supported";;
+esac
+
+inherit user
+
+
+# << Eclass variables >>
+
+# @ECLASS-VARIABLE: ACCT_GROUP_ID
+# @REQUIRED
+# @DESCRIPTION:
+# Preferred GID for the new group.  This variable is obligatory, and its
+# value must be unique across all group packages.
+
+# @ECLASS-VARIABLE: ACCT_GROUP_ENFORCE_ID
+# @DESCRIPTION:
+# If set to a non-null value, the eclass will require the group to have
+# specified GID.  If the group already exists with another GID, or
+# the GID is taken by another group, the install will fail.
+: ${ACCT_GROUP_ENFORCE_ID:=}
+
+
+# << Boilerplate ebuild variables >>
+: ${DESCRIPTION:="Service group: ${PN}"}
+: ${HOMEPAGE:=https://www.gentoo.org/}
+: ${SLOT:=0}
+: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
+S=${WORKDIR}
+
+
+# << Phase functions >>
+EXPORT_FUNCTIONS pkg_pretend pkg_preinst
+
+# @FUNCTION: acct-group_pkg_pretend
+# @DESCRIPTION:
+# Performs sanity checks for correct eclass usage, and early-checks
+# whether requested GID can be enforced.
+acct-group_pkg_pretend() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	# verify ACCT_GROUP_ID
+	[[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be set!"
+	[[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!"
+
+	# check for ACCT_GROUP_ID collisions early
+	if [[ -n ${ACCT_GROUP_ENFORCE_ID} ]]; then
+		local grp=$(egetent group "${ACCT_GROUP_ID}")
+		if [[ -n ${grp} ]]; then
+			eerror "The required GID is already taken by another group."
+			eerror "  GID: ${ACCT_GROUP_ID} (needed for ${PN})"
+			eerror "  current group: ${grp}"
+			die "GID ${ACCT_GROUP_ID} taken already"
+		fi
+	fi
+}
+
+# @FUNCTION: acct-group_pkg_preinst
+# @DESCRIPTION:
+# Creates the group if it does not exist yet.
+acct-group_pkg_preinst() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	enewgroup -F "${PN}" "${ACCT_GROUP_ID}"
+}
+
+fi
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
new file mode 100644
index 000000000000..12bc3652f333
--- /dev/null
+++ b/eclass/acct-user.eclass
@@ -0,0 +1,217 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# @ECLASS: acct-user.eclass
+# @MAINTAINER:
+# Michał Górny <mgorny@gentoo.org>
+# @AUTHOR:
+# Michael Orlitzky <mjo@gentoo.org>
+# Michał Górny <mgorny@gentoo.org>
+# @BLURB: Eclass used to create and maintain a single user entry
+# @DESCRIPTION:
+# This eclass represents and creates a single user entry.  The name
+# of the user is derived from ${PN}, while (preferred) UID needs to
+# be specified via ACCT_USER_ID.  Additional variables are provided
+# to override the default home directory, shell and add group
+# membership.  Packages needing the user in question should depend
+# on the package providing it.
+#
+# Example:
+# If your package needs user 'foo' belonging to same-named group, you
+# create 'acct-user/foo' package and add an ebuild with the following
+# contents:
+#
+# @CODE
+# EAPI=7
+# inherit acct-user
+# ACCT_USER_ID=200
+# ACCT_USER_GROUPS=( foo )
+# acct-user_add_deps
+# @CODE
+#
+# Then you add appropriate dependency to your package.  The dependency
+# type(s) should be:
+# - DEPEND (+ RDEPEND) if the user is already needed at build time,
+# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
+#   in pkg_preinst),
+# - PDEPEND if it is only needed at runtime.
+
+if [[ -z ${_ACCT_USER_ECLASS} ]]; then
+_ACCT_USER_ECLASS=1
+
+case ${EAPI:-0} in
+	7) ;;
+	*) die "EAPI=${EAPI} not supported";;
+esac
+
+inherit user
+
+
+# << Eclass variables >>
+
+# @ECLASS-VARIABLE: ACCT_USER_ID
+# @REQUIRED
+# @DESCRIPTION:
+# Preferred UID for the new user.  This variable is obligatory, and its
+# value must be unique across all user packages.
+
+# @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
+# @DESCRIPTION:
+# If set to a non-null value, the eclass will require the user to have
+# specified UID.  If the user already exists with another UID, or
+# the UID is taken by another user, the install will fail.
+: ${ACCT_USER_ENFORCE_ID:=}
+
+# @ECLASS-VARIABLE: ACCT_USER_SHELL
+# @DESCRIPTION:
+# The shell to use for the new user.  If not specified, a 'nologin'
+# variant for the system is used.  This affects only new user accounts.
+: ${ACCT_USER_SHELL:=-1}
+
+# @ECLASS-VARIABLE: ACCT_USER_HOME
+# @DESCRIPTION:
+# The home directory for the new user.  If not specified, /dev/null
+# is used.  This affects only new user accounts.  The directory will
+# be created with appropriate permissions if it does not exist.
+: ${ACCT_USER_HOME:=/dev/null}
+
+# @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# The ownership to use for the home directory, in chown ([user][:group])
+# syntax.  Defaults to the newly created user, and its primary group
+# (if any; :root otherwise).
+
+# @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS
+# @DESCRIPTION:
+# The permissions to use for the home directory, in chmod (octal
+# or verbose) form.
+: ${ACCT_USER_HOME_PERMS:=0755}
+
+# @ECLASS-VARIABLE: ACCT_USER_GROUPS
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# List of groups the user should belong to.  This must be a bash
+# array.  If not specified, the user is not added to any groups.
+# This affects only new user accounts.
+#
+# If ACCT_USER_GROUPS is specified, the ebuild needs to call
+# acct-user_add_deps in global scope to add appropriate dependencies.
+
+
+# << Boilerplate ebuild variables >>
+: ${DESCRIPTION:="Service user: ${PN}"}
+: ${HOMEPAGE:=https://www.gentoo.org/}
+: ${SLOT:=0}
+: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
+S=${WORKDIR}
+
+
+# << API functions >>
+
+# @FUNCTION: acct-user_add_deps
+# @DESCRIPTION:
+# Generate appropriate RDEPEND from ACCT_USER_GROUPS.  This must be
+# called if ACCT_USER_GROUPS are set.
+acct-user_add_deps() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	# ACCT_USER_GROUPS sanity check
+	if ! declare -p ACCT_USER_GROUPS &>/dev/null; then
+		return
+	elif [[ $(declare -p ACCT_USER_GROUPS) != "declare -a"* ]]; then
+		die 'ACCT_USER_GROUPS must be an array.'
+	fi
+
+	RDEPEND+=${ACCT_USER_GROUPS[*]/#/ acct-group/}
+	_ACCT_USER_ADD_DEPS_CALLED=1
+}
+
+
+# << Phase functions >>
+EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_prerm
+
+# @FUNCTION: acct-user_pkg_pretend
+# @DESCRIPTION:
+# Performs sanity checks for correct eclass usage, and early-checks
+# whether requested UID can be enforced.
+acct-user_pkg_pretend() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	# verify that acct-user_add_deps() has been called
+	# (it verifies ACCT_USER_GROUPS itself)
+	if [[ -z ${_ACCT_USER_ADD_DEPS_CALLED} ]]; then
+		if declare -p ACCT_USER_GROUPS &>/dev/null; then
+			die "Ebuild error: acct-user_add_deps must have been called in global scope!"
+		fi
+	fi
+
+	# verify ACCT_USER_ID
+	[[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!"
+	[[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
+
+	# check for ACCT_USER_ID collisions early
+	if [[ -n ${ACCT_USER_ENFORCE_ID} ]]; then
+		local pwd=$(egetent passwd "${ACCT_USER_ID}")
+		if [[ -n ${pwd} ]]; then
+			eerror "The required UID is already taken by another user."
+			eerror "  UID: ${ACCT_USER_ID} (needed for ${PN})"
+			eerror "  current user: ${pwd}"
+			die "UID ${ACCT_USER_ID} taken already"
+		fi
+	fi
+}
+
+# @FUNCTION: acct-user_src_install
+# @DESCRIPTION:
+# Installs a keep-file into the user's home directory to ensure it is
+# owned by the package.
+acct-user_src_install() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
+		# note: we can't set permissions here since the user isn't
+		# created yet
+		keepdir "${ACCT_USER_HOME}"
+	fi
+}
+
+# @FUNCTION: acct-user_pkg_preinst
+# @DESCRIPTION:
+# Creates the user if it does not exist yet.  Sets permissions
+# of the home directory in install image.
+acct-user_pkg_preinst() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	local groups=${ACCT_USER_GROUPS[*]}
+	enewuser -F -M "${PN}" "${ACCT_USER_ID}" "${ACCT_USER_SHELL}" \
+		"${ACCT_USER_HOME}" "${groups// /,}"
+
+	if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
+		# default ownership to user:group
+		if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then
+			ACCT_USER_HOME_OWNER=${PN}
+			if [[ -n ${ACCT_USER_GROUPS[0]} ]]; then
+				ACCT_USER_HOME_OWNER+=:${ACCT_USER_GROUPS[0]}
+			fi
+		fi
+		fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}"
+		fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}"
+	fi
+}
+
+# @FUNCTION: acct-user_pkg_prerm
+# @DESCRIPTION:
+# Ensures that the user account is locked out when it is removed.
+acct-user_pkg_prerm() {
+	debug-print-function ${FUNCNAME} "${@}"
+
+	if [[ -z ${REPLACED_BY_VERSION} ]]; then
+		:
+		# TODO: what should we do here, exactly?  we shouldn't touch
+		# shell, and it should be nologin anyway.  we could reset
+		# the password but it should not be set anyway.
+	fi
+}
+
+fi
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 7/9] acct-group/ftp: Add 'ftp' group (GID 21)

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 acct-group/ftp/ftp-0.ebuild | 8 ++++++++
 acct-group/ftp/metadata.xml | 5 +++++
 profiles/categories         | 1 +
 3 files changed, 14 insertions(+)
 create mode 100644 acct-group/ftp/ftp-0.ebuild
 create mode 100644 acct-group/ftp/metadata.xml

diff --git a/acct-group/ftp/ftp-0.ebuild b/acct-group/ftp/ftp-0.ebuild
new file mode 100644
index 000000000000..d0912739a2fe
--- /dev/null
+++ b/acct-group/ftp/ftp-0.ebuild
@@ -0,0 +1,8 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit acct-group
+
+ACCT_GROUP_ID=21
diff --git a/acct-group/ftp/metadata.xml b/acct-group/ftp/metadata.xml
new file mode 100644
index 000000000000..7a38bb900964
--- /dev/null
+++ b/acct-group/ftp/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<!-- maintainer-needed -->
+</pkgmetadata>
diff --git a/profiles/categories b/profiles/categories
index 4ff0d5562001..ebfc72f70759 100644
--- a/profiles/categories
+++ b/profiles/categories
@@ -1,3 +1,4 @@
+acct-group
 app-accessibility
 app-admin
 app-antivirus
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 8/9] acct-user/ftp: Add 'ftp' user (UID 21)

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 acct-user/ftp/ftp-0.ebuild | 13 +++++++++++++
 acct-user/ftp/metadata.xml |  5 +++++
 profiles/categories        |  1 +
 3 files changed, 19 insertions(+)
 create mode 100644 acct-user/ftp/ftp-0.ebuild
 create mode 100644 acct-user/ftp/metadata.xml

diff --git a/acct-user/ftp/ftp-0.ebuild b/acct-user/ftp/ftp-0.ebuild
new file mode 100644
index 000000000000..86a3ef04f278
--- /dev/null
+++ b/acct-user/ftp/ftp-0.ebuild
@@ -0,0 +1,13 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit acct-user
+
+ACCT_USER_ID=21
+ACCT_USER_HOME=/home/ftp
+ACCT_USER_HOME_OWNER=root:ftp
+ACCT_USER_GROUPS=( ftp )
+
+acct-user_add_deps
diff --git a/acct-user/ftp/metadata.xml b/acct-user/ftp/metadata.xml
new file mode 100644
index 000000000000..7a38bb900964
--- /dev/null
+++ b/acct-user/ftp/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+	<!-- maintainer-needed -->
+</pkgmetadata>
diff --git a/profiles/categories b/profiles/categories
index ebfc72f70759..0f45f8cd1732 100644
--- a/profiles/categories
+++ b/profiles/categories
@@ -1,4 +1,5 @@
 acct-group
+acct-user
 app-accessibility
 app-admin
 app-antivirus
-- 
2.22.0.rc3

[gentoo-dev] [PATCH v2 9/9] net-ftp/ftpbase: Utilize {group,user}/ftp

[Michał Górny]

Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild | 39 ++++++++++++++++++++++++++
 1 file changed, 39 insertions(+)
 create mode 100644 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild

diff --git a/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild b/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
new file mode 100644
index 000000000000..fe3338141437
--- /dev/null
+++ b/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils pam user
+
+DESCRIPTION="FTP layout package"
+HOMEPAGE="https://www.gentoo.org/"
+SRC_URI=""
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="pam"
+
+DEPEND="pam? ( virtual/pam )
+	!<net-ftp/proftpd-1.2.10-r6
+	!<net-ftp/pure-ftpd-1.0.20-r2
+	!<net-ftp/vsftpd-2.0.3-r1"
+PDEPEND="
+	acct-group/ftp
+	acct-user/ftp"
+
+S=${WORKDIR}
+
+src_install() {
+	# The ftpusers file is a list of people who are NOT allowed
+	# to use the ftp service.
+	insinto /etc
+	doins "${FILESDIR}/ftpusers" || die
+
+	cp "${FILESDIR}/ftp-pamd-include" "${T}" || die
+	if use elibc_FreeBSD; then
+		sed -i -e "/pam_listfile.so/s/^.*$/account  required  pam_ftpusers.so no_warn disallow/" \
+			"${T}"/ftp-pamd-include || die
+	fi
+	newpamd "${T}"/ftp-pamd-include ftp
+}
-- 
2.22.0.rc3

Re: [gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 1109 bytes --]

>>>>> On Wed, 05 Jun 2019, Michał Górny wrote:

> +# @FUNCTION: acct-group_pkg_pretend
> +# @DESCRIPTION:
> +# Performs sanity checks for correct eclass usage, and early-checks
> +# whether requested GID can be enforced.
> +acct-group_pkg_pretend() {
> +	debug-print-function ${FUNCNAME} "${@}"
> +
> +	# verify ACCT_GROUP_ID
> +	[[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be set!"
> +	[[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!"

Add a sanity check for [[ ${CATEGORY} == acct-group ]] too?

> +
> +	# check for ACCT_GROUP_ID collisions early
> +	if [[ -n ${ACCT_GROUP_ENFORCE_ID} ]]; then
> +		local grp=$(egetent group "${ACCT_GROUP_ID}")
> +		if [[ -n ${grp} ]]; then
> +			eerror "The required GID is already taken by another group."
> +			eerror "  GID: ${ACCT_GROUP_ID} (needed for ${PN})"
> +			eerror "  current group: ${grp}"
> +			die "GID ${ACCT_GROUP_ID} taken already"
> +		fi
> +	fi
> +}

> [...]

> +# @FUNCTION: acct-user_pkg_pretend

And a similar check for acct-user here.

Ulrich

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

Re: [gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Pacho Ramos]

[-- Attachment #1: Type: text/plain, Size: 650 bytes --]

El mié, 05-06-2019 a las 11:12 +0200, Michał Górny escribió:
> [...]
> +# Then you add appropriate dependency to your package.  The dependency
> +# type(s) should be:
> +# - DEPEND (+ RDEPEND) if the group is already needed at build time,
> +# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
> +#   in pkg_preinst),
> +# - PDEPEND if it is only needed at runtime.

Maybe is a stupid question but, why is PDEPEND preferred over RDEPEND for
packages needing the group only at runtime? 

If I don't misremember, PDEPEND was meant to be used to avoid circular deps
issues, while using RDEPEND otherwise

Thanks :)

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 488 bytes --]

Re: [gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Michael Orlitzky]

On 6/5/19 5:12 AM, Michał Górny wrote:
> +
> +	# check for ACCT_USER_ID collisions early
> +	if [[ -n ${ACCT_USER_ENFORCE_ID} ]]; then
> +		local pwd=$(egetent passwd "${ACCT_USER_ID}")
> +		if [[ -n ${pwd} ]]; then
> +			eerror "The required UID is already taken by another user."
> +			eerror "  UID: ${ACCT_USER_ID} (needed for ${PN})"
> +			eerror "  current user: ${pwd}"
> +			die "UID ${ACCT_USER_ID} taken already"
> +		fi
> +	fi
> +}

If we set ACCT_USER_ENFORCE_ID=true in ftp-0.ebuild and then "emerge
acct-user/ftp" again, the second one dies with

  * The required UID is already taken by another user.
  *   UID: 21 (needed for ftp)

This prevents "emerge -e @world" from working, and would prevent an
upgrade to ftp-1.ebuild in the future.

We could augment the checks to ignore the existing user/group if its
name agrees with the one we're trying to create, but now I'm having deja
vu. I think this is another reason why I decided to go with a dummy file
installed under /var/lib to catch collisions: the PM will necessarily
ignore collisions from the same package.

Re: [gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1383 bytes --]

On Wed, 2019-06-05 at 13:46 +0200, Ulrich Mueller wrote:
> > > > > > On Wed, 05 Jun 2019, Michał Górny wrote:
> > +# @FUNCTION: acct-group_pkg_pretend
> > +# @DESCRIPTION:
> > +# Performs sanity checks for correct eclass usage, and early-checks
> > +# whether requested GID can be enforced.
> > +acct-group_pkg_pretend() {
> > +	debug-print-function ${FUNCNAME} "${@}"
> > +
> > +	# verify ACCT_GROUP_ID
> > +	[[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be set!"
> > +	[[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!"
> 
> Add a sanity check for [[ ${CATEGORY} == acct-group ]] too?

Done.  I've actually went for adding it in global scope since CATEGORY
is reliably available there already.

> 
> > +
> > +	# check for ACCT_GROUP_ID collisions early
> > +	if [[ -n ${ACCT_GROUP_ENFORCE_ID} ]]; then
> > +		local grp=$(egetent group "${ACCT_GROUP_ID}")
> > +		if [[ -n ${grp} ]]; then
> > +			eerror "The required GID is already taken by another group."
> > +			eerror "  GID: ${ACCT_GROUP_ID} (needed for ${PN})"
> > +			eerror "  current group: ${grp}"
> > +			die "GID ${ACCT_GROUP_ID} taken already"
> > +		fi
> > +	fi
> > +}
> > [...]
> > +# @FUNCTION: acct-user_pkg_pretend
> 
> And a similar check for acct-user here.
> 
> Ulrich

-- 
Best regards,
Michał Górny


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]

Re: [gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 945 bytes --]

On Wed, 2019-06-05 at 21:10 +0200, Pacho Ramos wrote:
> El mié, 05-06-2019 a las 11:12 +0200, Michał Górny escribió:
> > [...]
> > +# Then you add appropriate dependency to your package.  The dependency
> > +# type(s) should be:
> > +# - DEPEND (+ RDEPEND) if the group is already needed at build time,
> > +# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
> > +#   in pkg_preinst),
> > +# - PDEPEND if it is only needed at runtime.
> 
> Maybe is a stupid question but, why is PDEPEND preferred over RDEPEND for
> packages needing the group only at runtime? 

To delay user creation as far as possible, in case the package failed to
build.  Not that it will usually work since Portage will install
the user early anyway.

> 
> If I don't misremember, PDEPEND was meant to be used to avoid circular deps
> issues, while using RDEPEND otherwise
> 
> Thanks :)

-- 
Best regards,
Michał Górny


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]

Re: [gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1417 bytes --]

On Wed, 2019-06-05 at 17:14 -0400, Michael Orlitzky wrote:
> On 6/5/19 5:12 AM, Michał Górny wrote:
> > +
> > +	# check for ACCT_USER_ID collisions early
> > +	if [[ -n ${ACCT_USER_ENFORCE_ID} ]]; then
> > +		local pwd=$(egetent passwd "${ACCT_USER_ID}")
> > +		if [[ -n ${pwd} ]]; then
> > +			eerror "The required UID is already taken by another user."
> > +			eerror "  UID: ${ACCT_USER_ID} (needed for ${PN})"
> > +			eerror "  current user: ${pwd}"
> > +			die "UID ${ACCT_USER_ID} taken already"
> > +		fi
> > +	fi
> > +}
> 
> If we set ACCT_USER_ENFORCE_ID=true in ftp-0.ebuild and then "emerge
> acct-user/ftp" again, the second one dies with
> 
>   * The required UID is already taken by another user.
>   *   UID: 21 (needed for ftp)
> 
> This prevents "emerge -e @world" from working, and would prevent an
> upgrade to ftp-1.ebuild in the future.
> 
> We could augment the checks to ignore the existing user/group if its
> name agrees with the one we're trying to create, but now I'm having deja
> vu. I think this is another reason why I decided to go with a dummy file
> installed under /var/lib to catch collisions: the PM will necessarily
> ignore collisions from the same package.

Good catch.  Let's see what others have to say.

If we're going to check for username patches, we'd need another
user.eclass portability knob.

-- 
Best regards,
Michał Górny


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]

Re: [gentoo-dev] [PATCH v2 6/9] acct-{group,user}.eclass: WIP eclasses to maintain users/groups

[Ulrich Mueller]

[-- Attachment #1: Type: text/plain, Size: 1125 bytes --]

>>>>> On Thu, 06 Jun 2019, Michał Górny wrote:

> On Wed, 2019-06-05 at 21:10 +0200, Pacho Ramos wrote:
>> > +# Then you add appropriate dependency to your package.  The dependency
>> > +# type(s) should be:
>> > +# - DEPEND (+ RDEPEND) if the group is already needed at build time,
>> > +# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
>> > +#   in pkg_preinst),
>> > +# - PDEPEND if it is only needed at runtime.
>> 
>> Maybe is a stupid question but, why is PDEPEND preferred over RDEPEND
>> for packages needing the group only at runtime?

> To delay user creation as far as possible, in case the package failed
> to build.  Not that it will usually work since Portage will install
> the user early anyway.

It isn't very useful then, and is more error prone than having RDEPEND
in both the second and third case. Plus, errors won't be necessarily
caught, because Portage will treat PDEPEND in the same way as RDEPEND
(unless there would be circular dependencies, but I don't see how that
could happen).

So, simplify and go for RDEPEND (+DEPEND if needed) only?

Ulrich

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 487 bytes --]

Re: [gentoo-dev] [PATCH v2 7/9] acct-group/ftp: Add 'ftp' group (GID 21)

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1869 bytes --]

On Thu, 2019-06-06 at 23:09 -0400, desultory wrote:
> On 06/05/19 05:12, Michał Górny wrote:
> > Signed-off-by: Michał Górny <mgorny@gentoo.org>
> > ---
> >  acct-group/ftp/ftp-0.ebuild | 8 ++++++++
> >  acct-group/ftp/metadata.xml | 5 +++++
> >  profiles/categories         | 1 +
> >  3 files changed, 14 insertions(+)
> >  create mode 100644 acct-group/ftp/ftp-0.ebuild
> >  create mode 100644 acct-group/ftp/metadata.xml
> > 
> > diff --git a/acct-group/ftp/ftp-0.ebuild b/acct-group/ftp/ftp-0.ebuild
> > new file mode 100644
> > index 000000000000..d0912739a2fe
> > --- /dev/null
> > +++ b/acct-group/ftp/ftp-0.ebuild
> > @@ -0,0 +1,8 @@
> > +# Copyright 2019 Gentoo Authors
> > +# Distributed under the terms of the GNU General Public License v2
> > +
> > +EAPI=7
> > +
> > +inherit acct-group
> > +
> > +ACCT_GROUP_ID=21
> > diff --git a/acct-group/ftp/metadata.xml b/acct-group/ftp/metadata.xml
> > new file mode 100644
> > index 000000000000..7a38bb900964
> > --- /dev/null
> > +++ b/acct-group/ftp/metadata.xml
> > @@ -0,0 +1,5 @@
> > +<?xml version="1.0" encoding="UTF-8"?>
> > +<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
> > +<pkgmetadata>
> > +	<!-- maintainer-needed -->
> > +</pkgmetadata>
> As apparently needs explicitly stated: this is merely feedback on a
> technical matter, not a personal attack; nor is it meant to be passive
> aggressive, despite requesting clarification of a technical point.
> 
> It seems wrong to add packages to gentoo.git as maintainer-needed in
> general, not least given the noise that would either need to be ignored
> or special cased out from the QA relevant reports. [...]

This is because this user is effectively split from ftpbase which is
maintainer-needed.  Normally users will have maintainers.

-- 
Best regards,
Michał Górny


[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]