* [gentoo-dev] [PATCH v4 00/19] User/group packages
@ 2019-06-11 16:23 Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 01/19] user.eclass: Remove dead/broken Darwin support Michał Górny
` (19 more replies)
0 siblings, 20 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Hi,
Here's hopefully the final iteration of the patches. Changes since v3:
- changed description to 'System user/group' (from 'service'),
- fixed acct-user to fail when ACCT_USER_GROUPS is empty (and not just
when it is unset).
Please review.
--
Best regards,
Michał Górny
Michał Górny (19):
user.eclass: Remove dead/broken Darwin support
user.eclass: NetBSD has 'getent'
user.eclass: Do not create user-group automatically
user.eclass: Prevent automated home creation in useradd
user.eclass: Support disabling home directory creation
user.eclass: Support forcing specified UID/GID
user.eclass: Die if no free UID/GID is found
user.eclass: Factor out finding nologin into separate function
user.eclass: Introduce esetshell
user.eclass: Introduce eget{user,group}name
user.eclass: Also permit using functions in pkg_*rm phases
user.eclass: Support getting & setting comment field
user.eclass: Introduce e{get,set}groups
acct-group.eclass: A new eclass to maintain group accounts
acct-user.eclass: A new eclass to maintain user accounts
acct-user.eclass: Supporting locking & unlocking accounts
acct-group/ftp: Add 'ftp' group (GID 21)
acct-user/ftp: Add 'ftp' user (UID 21)
net-ftp/ftpbase: Utilize {group,user}/ftp
acct-group/ftp/ftp-0.ebuild | 9 +
acct-group/ftp/metadata.xml | 5 +
acct-user/ftp/ftp-0.ebuild | 14 +
acct-user/ftp/metadata.xml | 5 +
eclass/acct-group.eclass | 124 ++++++++
eclass/acct-user.eclass | 373 ++++++++++++++++++++++++
eclass/user.eclass | 385 ++++++++++++++++++++-----
net-ftp/ftpbase/ftpbase-0.01-r3.ebuild | 39 +++
profiles/categories | 2 +
9 files changed, 886 insertions(+), 70 deletions(-)
create mode 100644 acct-group/ftp/ftp-0.ebuild
create mode 100644 acct-group/ftp/metadata.xml
create mode 100644 acct-user/ftp/ftp-0.ebuild
create mode 100644 acct-user/ftp/metadata.xml
create mode 100644 eclass/acct-group.eclass
create mode 100644 eclass/acct-user.eclass
create mode 100644 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
--
2.22.0
^ permalink raw reply [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 01/19] user.eclass: Remove dead/broken Darwin support
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 02/19] user.eclass: NetBSD has 'getent' Michał Górny
` (18 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Closes: https://bugs.gentoo.org/687568
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 54 +++-------------------------------------------
1 file changed, 3 insertions(+), 51 deletions(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index f6a10a6bee28..ef5d3bc5e6e0 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -1,4 +1,4 @@
-# Copyright 1999-2017 Gentoo Foundation
+# Copyright 1999-2019 Gentoo Authors
# Distributed under the terms of the GNU General Public License v2
# @ECLASS: user.eclass
@@ -44,32 +44,6 @@ egetent() {
esac
case ${CHOST} in
- *-darwin[678])
- case ${key} in
- *[!0-9]*) # Non numeric
- nidump ${db} . | awk -F: "(\$1 ~ /^${key}\$/) {print;exit;}"
- ;;
- *) # Numeric
- nidump ${db} . | awk -F: "(\$3 == ${key}) {print;exit;}"
- ;;
- esac
- ;;
- *-darwin*)
- local mykey
- case ${db} in
- passwd) db="Users" mykey="UniqueID" ;;
- group) db="Groups" mykey="PrimaryGroupID" ;;
- esac
-
- case ${key} in
- *[!0-9]*) # Non numeric
- dscl . -read /${db}/${key} 2>/dev/null |grep RecordName
- ;;
- *) # Numeric
- dscl . -search /${db} ${mykey} ${key} 2>/dev/null
- ;;
- esac
- ;;
*-freebsd*|*-dragonfly*)
case ${db} in
passwd) db="user" ;;
@@ -219,18 +193,6 @@ enewuser() {
# add the user
case ${CHOST} in
- *-darwin*)
- ### Make the user
- dscl . create "/users/${euser}" uid ${euid}
- dscl . create "/users/${euser}" shell "${eshell}"
- dscl . create "/users/${euser}" home "${ehome}"
- dscl . create "/users/${euser}" realname "added by portage for ${PN}"
- ### Add the user to the groups specified
- for g in "${egroups_arr[@]}" ; do
- dscl . merge "/groups/${g}" users "${euser}"
- done
- ;;
-
*-freebsd*|*-dragonfly*)
pw useradd "${euser}" "${opts[@]}" || die
;;
@@ -318,12 +280,6 @@ enewgroup() {
# add the group
case ${CHOST} in
- *-darwin*)
- _enewgroup_next_gid
- dscl . create "/groups/${egroup}" gid ${egid}
- dscl . create "/groups/${egroup}" passwd '*'
- ;;
-
*-freebsd*|*-dragonfly*)
_enewgroup_next_gid
pw groupadd "${egroup}" -g ${egid} || die
@@ -358,7 +314,7 @@ egethome() {
[[ $# -eq 1 ]] || die "usage: egethome <user>"
case ${CHOST} in
- *-darwin*|*-freebsd*|*-dragonfly*)
+ *-freebsd*|*-dragonfly*)
pos=9
;;
*) # Linux, NetBSD, OpenBSD, etc...
@@ -379,7 +335,7 @@ egetshell() {
[[ $# -eq 1 ]] || die "usage: egetshell <user>"
case ${CHOST} in
- *-darwin*|*-freebsd*|*-dragonfly*)
+ *-freebsd*|*-dragonfly*)
pos=10
;;
*) # Linux, NetBSD, OpenBSD, etc...
@@ -444,10 +400,6 @@ esethome() {
# update the home directory
case ${CHOST} in
- *-darwin*)
- dscl . change "/users/${euser}" home "${ehome}"
- ;;
-
*-freebsd*|*-dragonfly*)
pw usermod "${euser}" -d "${ehome}" && return 0
[[ $? == 8 ]] && eerror "${euser} is in use, cannot update home"
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 02/19] user.eclass: NetBSD has 'getent'
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 01/19] user.eclass: Remove dead/broken Darwin support Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 03/19] user.eclass: Do not create user-group automatically Michał Górny
` (17 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 3 ++-
1 file changed, 2 insertions(+), 1 deletion(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index ef5d3bc5e6e0..18940f1505f1 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -4,6 +4,7 @@
# @ECLASS: user.eclass
# @MAINTAINER:
# base-system@gentoo.org (Linux)
+# Michał Górny <mgorny@gentoo.org> (NetBSD)
# @BLURB: user management in ebuilds
# @DESCRIPTION:
# The user eclass contains a suite of functions that allow ebuilds
@@ -58,7 +59,7 @@ egetent() {
pw show ${db} ${opts} "${key}" -q
;;
- *-netbsd*|*-openbsd*)
+ *-openbsd*)
grep "${key}:\*:" /etc/${db}
;;
*)
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 03/19] user.eclass: Do not create user-group automatically
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 01/19] user.eclass: Remove dead/broken Darwin support Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 02/19] user.eclass: NetBSD has 'getent' Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 04/19] user.eclass: Prevent automated home creation in useradd Michał Górny
` (16 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Closes: https://bugs.gentoo.org/512220
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 18940f1505f1..8935c338e1bb 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -209,7 +209,7 @@ enewuser() {
;;
*)
- useradd -r "${opts[@]}" "${euser}" || die
+ useradd -N -r "${opts[@]}" "${euser}" || die
;;
esac
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 04/19] user.eclass: Prevent automated home creation in useradd
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (2 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 03/19] user.eclass: Do not create user-group automatically Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 05/19] user.eclass: Support disabling home directory creation Michał Górny
` (15 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Pass '-M' to prevent useradd from automatically creating the home
directory (depending on system configuration). We create the home
directory ourselves anyway, and we have better control over how it's
created this way.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 8935c338e1bb..a24920af13f1 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -209,7 +209,7 @@ enewuser() {
;;
*)
- useradd -N -r "${opts[@]}" "${euser}" || die
+ useradd -M -N -r "${opts[@]}" "${euser}" || die
;;
esac
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 05/19] user.eclass: Support disabling home directory creation
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (3 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 04/19] user.eclass: Prevent automated home creation in useradd Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 06/19] user.eclass: Support forcing specified UID/GID Michał Górny
` (14 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 16 ++++++++++++++--
1 file changed, 14 insertions(+), 2 deletions(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index a24920af13f1..0577df81ae78 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -71,12 +71,15 @@ egetent() {
}
# @FUNCTION: enewuser
-# @USAGE: <user> [uid] [shell] [homedir] [groups]
+# @USAGE: <user> [-M] [uid] [shell] [homedir] [groups]
# @DESCRIPTION:
# Same as enewgroup, you are not required to understand how to properly add
# a user to the system. The only required parameter is the username.
# Default uid is (pass -1 for this) next available, default shell is
# /bin/false, default homedir is /dev/null, and there are no default groups.
+#
+# If -M is passed, enewuser does not create the home directory if it does not
+# exist.
enewuser() {
if [[ ${EUID} != 0 ]] ; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
@@ -84,6 +87,15 @@ enewuser() {
fi
_assert_pkg_ebuild_phase ${FUNCNAME}
+ local create_home=1
+ while [[ $1 == -* ]]; do
+ case $1 in
+ -M) create_home=;;
+ *) die "${FUNCNAME}: invalid option ${1}";;
+ esac
+ shift
+ done
+
# get the username
local euser=$1; shift
if [[ -z ${euser} ]] ; then
@@ -213,7 +225,7 @@ enewuser() {
;;
esac
- if [[ ! -e ${ROOT}/${ehome} ]] ; then
+ if [[ -n ${create_home} && ! -e ${ROOT}/${ehome} ]] ; then
einfo " - Creating ${ehome} in ${ROOT}"
mkdir -p "${ROOT}/${ehome}"
chown "${euser}" "${ROOT}/${ehome}"
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 06/19] user.eclass: Support forcing specified UID/GID
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (4 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 05/19] user.eclass: Support disabling home directory creation Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 07/19] user.eclass: Die if no free UID/GID is found Michał Górny
` (13 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 23 +++++++++++++++++++++--
1 file changed, 21 insertions(+), 2 deletions(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 0577df81ae78..92a07bb6b41b 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -71,13 +71,15 @@ egetent() {
}
# @FUNCTION: enewuser
-# @USAGE: <user> [-M] [uid] [shell] [homedir] [groups]
+# @USAGE: <user> [-F] [-M] [uid] [shell] [homedir] [groups]
# @DESCRIPTION:
# Same as enewgroup, you are not required to understand how to properly add
# a user to the system. The only required parameter is the username.
# Default uid is (pass -1 for this) next available, default shell is
# /bin/false, default homedir is /dev/null, and there are no default groups.
#
+# If -F is passed, enewuser will always enforce specified UID and fail if it
+# can not be assigned.
# If -M is passed, enewuser does not create the home directory if it does not
# exist.
enewuser() {
@@ -87,9 +89,10 @@ enewuser() {
fi
_assert_pkg_ebuild_phase ${FUNCNAME}
- local create_home=1
+ local create_home=1 force_uid=
while [[ $1 == -* ]]; do
case $1 in
+ -F) force_uid=1;;
-M) create_home=;;
*) die "${FUNCNAME}: invalid option ${1}";;
esac
@@ -117,6 +120,7 @@ enewuser() {
if [[ -n ${euid} && ${euid} != -1 ]] ; then
if [[ ${euid} -gt 0 ]] ; then
if [[ -n $(egetent passwd ${euid}) ]] ; then
+ [[ -n ${force_uid} ]] && die "${FUNCNAME}: UID ${euid} already taken"
euid="next"
fi
else
@@ -124,6 +128,7 @@ enewuser() {
die "${euid} is not a valid UID"
fi
else
+ [[ -n ${force_uid} ]] && die "${FUNCNAME}: -F with uid==-1 makes no sense"
euid="next"
fi
if [[ ${euid} == "next" ]] ; then
@@ -240,6 +245,9 @@ enewuser() {
# group to the system. Just give it a group name to add and enewgroup will
# do the rest. You may specify the gid for the group or allow the group to
# allocate the next available one.
+#
+# If -F is passed, enewgroup will always enforce specified GID and fail if it
+# can not be assigned.
enewgroup() {
if [[ ${EUID} != 0 ]] ; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
@@ -247,6 +255,15 @@ enewgroup() {
fi
_assert_pkg_ebuild_phase ${FUNCNAME}
+ local force_gid=
+ while [[ $1 == -* ]]; do
+ case $1 in
+ -F) force_gid=1;;
+ *) die "${FUNCNAME}: invalid option ${1}";;
+ esac
+ shift
+ done
+
# get the group
local egroup=$1; shift
if [[ -z ${egroup} ]] ; then
@@ -265,6 +282,7 @@ enewgroup() {
if [[ ! -z ${egid} ]] ; then
if [[ ${egid} -gt 0 ]] ; then
if [[ -n $(egetent group ${egid}) ]] ; then
+ [[ -n ${force_gid} ]] && die "${FUNCNAME}: GID ${egid} already taken"
egid="next available; requested gid taken"
fi
else
@@ -272,6 +290,7 @@ enewgroup() {
die "${egid} is not a valid GID"
fi
else
+ [[ -n ${force_gid} ]] && die "${FUNCNAME}: -F with gid==-1 makes no sense"
egid="next available"
fi
einfo " - Groupid: ${egid}"
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 07/19] user.eclass: Die if no free UID/GID is found
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (5 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 06/19] user.eclass: Support forcing specified UID/GID Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function Michał Górny
` (12 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 2 ++
1 file changed, 2 insertions(+)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 92a07bb6b41b..8afbc101fac3 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -135,6 +135,7 @@ enewuser() {
for ((euid = 101; euid <= 999; euid++)); do
[[ -z $(egetent passwd ${euid}) ]] && break
done
+ [[ ${euid} -le 999 ]] || die "${FUNCNAME}: no free UID found"
fi
opts+=( -u ${euid} )
einfo " - Userid: ${euid}"
@@ -307,6 +308,7 @@ enewgroup() {
for ((egid = 101; egid <= 999; egid++)) ; do
[[ -z $(egetent group ${egid}) ]] && break
done
+ [[ ${egid} -le 999 ]] || die "${FUNCNAME}: no free GID found"
fi
}
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (6 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 07/19] user.eclass: Die if no free UID/GID is found Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-13 1:11 ` Michael Orlitzky
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 09/19] user.eclass: Introduce esetshell Michał Górny
` (11 subsequent siblings)
19 siblings, 1 reply; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 39 ++++++++++++++++++++++++++-------------
1 file changed, 26 insertions(+), 13 deletions(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 8afbc101fac3..54d7a3fdbe28 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -70,6 +70,31 @@ egetent() {
esac
}
+# @FUNCTION: user_get_nologin
+# @INTERNAL
+# @DESCRIPTION:
+# Find an appropriate 'nologin' shell for the platform, and output
+# its path.
+user_get_nologin() {
+ local eshell
+
+ for eshell in /sbin/nologin /usr/sbin/nologin /bin/false /usr/bin/false /dev/null ; do
+ [[ -x ${ROOT}${eshell} ]] && break
+ done
+
+ if [[ ${eshell} == "/dev/null" ]] ; then
+ ewarn "Unable to identify the shell to use, proceeding with userland default."
+ case ${USERLAND} in
+ GNU) eshell="/bin/false" ;;
+ BSD) eshell="/sbin/nologin" ;;
+ Darwin) eshell="/usr/sbin/nologin" ;;
+ *) die "Unable to identify the default shell for userland ${USERLAND}"
+ esac
+ fi
+
+ echo "${eshell}"
+}
+
# @FUNCTION: enewuser
# @USAGE: <user> [-F] [-M] [uid] [shell] [homedir] [groups]
# @DESCRIPTION:
@@ -152,19 +177,7 @@ enewuser() {
die "Pass '-1' as the shell parameter"
fi
else
- for eshell in /sbin/nologin /usr/sbin/nologin /bin/false /usr/bin/false /dev/null ; do
- [[ -x ${ROOT}${eshell} ]] && break
- done
-
- if [[ ${eshell} == "/dev/null" ]] ; then
- eerror "Unable to identify the shell to use, proceeding with userland default."
- case ${USERLAND} in
- GNU) eshell="/bin/false" ;;
- BSD) eshell="/sbin/nologin" ;;
- Darwin) eshell="/usr/sbin/nologin" ;;
- *) die "Unable to identify the default shell for userland ${USERLAND}"
- esac
- fi
+ eshell=$(user_get_nologin)
fi
einfo " - Shell: ${eshell}"
opts+=( -s "${eshell}" )
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 09/19] user.eclass: Introduce esetshell
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (7 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 10/19] user.eclass: Introduce eget{user,group}name Michał Górny
` (10 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
---
eclass/user.eclass | 61 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 61 insertions(+)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 54d7a3fdbe28..3bd381b0c089 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -465,4 +465,65 @@ esethome() {
esac
}
+# @FUNCTION: esetshell
+# @USAGE: <user> <shell>
+# @DESCRIPTION:
+# Update the shell in a platform-agnostic way.
+# Required parameters is the username and the new shell.
+# Specify -1 if you want to set shell to platform-specific nologin.
+esetshell() {
+ _assert_pkg_ebuild_phase ${FUNCNAME}
+
+ # get the username
+ local euser=$1; shift
+ if [[ -z ${euser} ]] ; then
+ eerror "No username specified !"
+ die "Cannot call esetshell without a username"
+ fi
+
+ # lets see if the username already exists
+ if [[ -z $(egetent passwd "${euser}") ]] ; then
+ ewarn "User does not exist, cannot set shell -- skipping."
+ return 1
+ fi
+
+ # handle shell
+ local eshell=$1; shift
+ if [[ -z ${eshell} ]] ; then
+ eerror "No shell specified !"
+ die "Cannot call esetshell without a shell or '-1'"
+ fi
+
+ if [[ ${eshell} == "-1" ]] ; then
+ eshell=$(user_get_nologin)
+ fi
+
+ # exit with no message if shell is up to date
+ if [[ $(egetshell "${euser}") == ${eshell} ]]; then
+ return 0
+ fi
+
+ einfo "Updating shell for user '${euser}' ..."
+ einfo " - Shell: ${eshell}"
+
+ # update the shell
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pw usermod "${euser}" -s "${eshell}" && return 0
+ [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
+ eerror "There was an error when attempting to update the shell for ${euser}"
+ eerror "Please update it manually on your system:"
+ eerror "\t pw usermod \"${euser}\" -s \"${eshell}\""
+ ;;
+
+ *)
+ usermod -s "${eshell}" "${euser}" && return 0
+ [[ $? == 8 ]] && eerror "${euser} is in use, cannot update shell"
+ eerror "There was an error when attempting to update the shell for ${euser}"
+ eerror "Please update it manually on your system (as root):"
+ eerror "\t usermod -s \"${eshell}\" \"${euser}\""
+ ;;
+ esac
+}
+
fi
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 10/19] user.eclass: Introduce eget{user,group}name
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (8 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 09/19] user.eclass: Introduce esetshell Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 11/19] user.eclass: Also permit using functions in pkg_*rm phases Michał Górny
` (9 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 20 ++++++++++++++++++++
1 file changed, 20 insertions(+)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 3bd381b0c089..7592ee3bba23 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -351,6 +351,26 @@ enewgroup() {
esac
}
+# @FUNCTION: egetusername
+# @USAGE: <uid>
+# @DESCRIPTION:
+# Gets the username for given UID.
+egetusername() {
+ [[ $# -eq 1 ]] || die "usage: egetusername <uid>"
+
+ id -u -n "$1"
+}
+
+# @FUNCTION: egetgroupname
+# @USAGE: <gid>
+# @DESCRIPTION:
+# Gets the group name for given GID.
+egetgroupname() {
+ [[ $# -eq 1 ]] || die "usage: egetgroupname <gid>"
+
+ id -g -n "$1"
+}
+
# @FUNCTION: egethome
# @USAGE: <user>
# @DESCRIPTION:
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 11/19] user.eclass: Also permit using functions in pkg_*rm phases
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (9 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 10/19] user.eclass: Introduce eget{user,group}name Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 12/19] user.eclass: Support getting & setting comment field Michał Górny
` (8 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 7592ee3bba23..fc883c965352 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -18,10 +18,10 @@ _USER_ECLASS=1
# @USAGE: <calling func name>
_assert_pkg_ebuild_phase() {
case ${EBUILD_PHASE} in
- setup|preinst|postinst) ;;
+ setup|preinst|postinst|prerm|postrm) ;;
*)
eerror "'$1()' called from '${EBUILD_PHASE}' phase which is not OK:"
- eerror "You may only call from pkg_{setup,preinst,postinst} functions."
+ eerror "You may only call from pkg_{setup,{pre,post}{inst,rm}} functions."
eerror "Package fails at QA and at life. Please file a bug."
die "Bad package! $1 is only for use in some pkg_* functions!"
esac
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 12/19] user.eclass: Support getting & setting comment field
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (10 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 11/19] user.eclass: Also permit using functions in pkg_*rm phases Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-12 7:08 ` Jaco Kroon
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 13/19] user.eclass: Introduce e{get,set}groups Michał Górny
` (7 subsequent siblings)
19 siblings, 1 reply; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/user.eclass | 77 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 77 insertions(+)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index fc883c965352..0e7aa43d8932 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -413,6 +413,27 @@ egetshell() {
egetent passwd "$1" | cut -d: -f${pos}
}
+# @FUNCTION: egetcomment
+# @USAGE: <user>
+# @DESCRIPTION:
+# Gets the comment field for the specified user.
+egetcomment() {
+ local pos
+
+ [[ $# -eq 1 ]] || die "usage: egetshell <user>"
+
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pos=8
+ ;;
+ *) # Linux, NetBSD, OpenBSD, etc...
+ pos=5
+ ;;
+ esac
+
+ egetent passwd "$1" | cut -d: -f${pos}
+}
+
# @FUNCTION: esethome
# @USAGE: <user> <homedir>
# @DESCRIPTION:
@@ -546,4 +567,60 @@ esetshell() {
esac
}
+# @FUNCTION: esetcomment
+# @USAGE: <user> <comment>
+# @DESCRIPTION:
+# Update the comment field in a platform-agnostic way.
+# Required parameters is the username and the new comment.
+esetcomment() {
+ _assert_pkg_ebuild_phase ${FUNCNAME}
+
+ # get the username
+ local euser=$1; shift
+ if [[ -z ${euser} ]] ; then
+ eerror "No username specified !"
+ die "Cannot call esetcomment without a username"
+ fi
+
+ # lets see if the username already exists
+ if [[ -z $(egetent passwd "${euser}") ]] ; then
+ ewarn "User does not exist, cannot set comment -- skipping."
+ return 1
+ fi
+
+ # handle comment
+ local ecomment=$1; shift
+ if [[ -z ${ecomment} ]] ; then
+ eerror "No comment specified !"
+ die "Cannot call esetcomment without a comment"
+ fi
+
+ # exit with no message if comment is up to date
+ if [[ $(egetcomment "${euser}") == ${ecomment} ]]; then
+ return 0
+ fi
+
+ einfo "Updating comment for user '${euser}' ..."
+ einfo " - Comment: ${ecomment}"
+
+ # update the comment
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pw usermod "${euser}" -c "${ecomment}" && return 0
+ [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
+ eerror "There was an error when attempting to update the comment for ${euser}"
+ eerror "Please update it manually on your system:"
+ eerror "\t pw usermod \"${euser}\" -c \"${ecomment}\""
+ ;;
+
+ *)
+ usermod -c "${ecomment}" "${euser}" && return 0
+ [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
+ eerror "There was an error when attempting to update the comment for ${euser}"
+ eerror "Please update it manually on your system (as root):"
+ eerror "\t usermod -c \"${ecomment}\" \"${euser}\""
+ ;;
+ esac
+}
+
fi
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 13/19] user.eclass: Introduce e{get,set}groups
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (11 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 12/19] user.eclass: Support getting & setting comment field Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 14/19] acct-group.eclass: A new eclass to maintain group accounts Michał Górny
` (6 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
---
eclass/user.eclass | 88 ++++++++++++++++++++++++++++++++++++++++++++++
1 file changed, 88 insertions(+)
diff --git a/eclass/user.eclass b/eclass/user.eclass
index 0e7aa43d8932..fdf98caa6099 100644
--- a/eclass/user.eclass
+++ b/eclass/user.eclass
@@ -434,6 +434,24 @@ egetcomment() {
egetent passwd "$1" | cut -d: -f${pos}
}
+# @FUNCTION: egetgroups
+# @USAGE: <user>
+# @DESCRIPTION:
+# Gets all the groups user belongs to. The primary group is returned
+# first, then all supplementary groups. Groups are ','-separated.
+egetgroups() {
+ [[ $# -eq 1 ]] || die "usage: egetgroups <user>"
+
+ local egroups_arr
+ read -r -a egroups_arr < <(id -G -n "$1")
+
+ local defgroup=${egroups_arr[0]}
+ # sort supplementary groups to make comparison possible
+ readarray -t exgroups_arr < <(printf '%s\n' "${egroups_arr[@]:1}" | sort)
+ local exgroups=${exgroups_arr[*]}
+ echo "${defgroup}${exgroups:+,${exgroups// /,}}"
+}
+
# @FUNCTION: esethome
# @USAGE: <user> <homedir>
# @DESCRIPTION:
@@ -623,4 +641,74 @@ esetcomment() {
esac
}
+# @FUNCTION: esetgroups
+# @USAGE: <user> <groups>
+# @DESCRIPTION:
+# Update the group field in a platform-agnostic way.
+# Required parameters is the username and the new list of groups,
+# primary group first.
+esetgroups() {
+ _assert_pkg_ebuild_phase ${FUNCNAME}
+
+ [[ ${#} -eq 2 ]] || die "Usage: ${FUNCNAME} <user> <groups>"
+
+ # get the username
+ local euser=$1; shift
+
+ # lets see if the username already exists
+ if [[ -z $(egetent passwd "${euser}") ]] ; then
+ ewarn "User does not exist, cannot set group -- skipping."
+ return 1
+ fi
+
+ # handle group
+ local egroups=$1; shift
+
+ local g egroups_arr=()
+ IFS="," read -r -a egroups_arr <<<"${egroups}"
+ [[ ${#egroups_arr[@]} -gt 0 ]] || die "${FUNCNAME}: no groups specified"
+
+ for g in "${egroups_arr[@]}" ; do
+ if [[ -z $(egetent group "${g}") ]] ; then
+ eerror "You must add group ${g} to the system first"
+ die "${g} is not a valid GID"
+ fi
+ done
+
+ local defgroup=${egroups_arr[0]} exgroups_arr=()
+ # sort supplementary groups to make comparison possible
+ readarray -t exgroups_arr < <(printf '%s\n' "${egroups_arr[@]:1}" | sort)
+ local exgroups=${exgroups_arr[*]}
+ exgroups=${exgroups// /,}
+ egroups=${defgroup}${exgroups:+,${exgroups}}
+
+ # exit with no message if group membership is up to date
+ if [[ $(egetgroups "${euser}") == ${egroups} ]]; then
+ return 0
+ fi
+
+ local opts=( -g "${defgroup}" -G "${exgroups}" )
+ einfo "Updating groups for user '${euser}' ..."
+ einfo " - Groups: ${egroups}"
+
+ # update the group
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pw usermod "${euser}" "${opts[@]}" && return 0
+ [[ $? == 8 ]] && eerror "${euser} is in use, cannot update groups"
+ eerror "There was an error when attempting to update the groups for ${euser}"
+ eerror "Please update it manually on your system:"
+ eerror "\t pw usermod \"${euser}\" ${opts[*]}"
+ ;;
+
+ *)
+ usermod "${opts[@]}" "${euser}" && return 0
+ [[ $? == 8 ]] && eerror "${euser} is in use, cannot update groups"
+ eerror "There was an error when attempting to update the groups for ${euser}"
+ eerror "Please update it manually on your system (as root):"
+ eerror "\t usermod ${opts[*]} \"${euser}\""
+ ;;
+ esac
+}
+
fi
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 14/19] acct-group.eclass: A new eclass to maintain group accounts
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (12 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 13/19] user.eclass: Introduce e{get,set}groups Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 15/19] acct-user.eclass: A new eclass to maintain user accounts Michał Górny
` (5 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
A GLEP 81-compliant eclass to create group packages.
---
eclass/acct-group.eclass | 124 +++++++++++++++++++++++++++++++++++++++
1 file changed, 124 insertions(+)
create mode 100644 eclass/acct-group.eclass
diff --git a/eclass/acct-group.eclass b/eclass/acct-group.eclass
new file mode 100644
index 000000000000..7fe9f19effc7
--- /dev/null
+++ b/eclass/acct-group.eclass
@@ -0,0 +1,124 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# @ECLASS: acct-group.eclass
+# @MAINTAINER:
+# Michał Górny <mgorny@gentoo.org>
+# @AUTHOR:
+# Michael Orlitzky <mjo@gentoo.org>
+# Michał Górny <mgorny@gentoo.org>
+# @BLURB: Eclass used to create and maintain a single group entry
+# @DESCRIPTION:
+# This eclass represents and creates a single group entry. The name
+# of the group is derived from ${PN}, while (preferred) GID needs to
+# be specified via ACCT_GROUP_ID. Packages (and users) needing the group
+# in question should depend on the package providing it.
+#
+# Example:
+# If your package needs group 'foo', you create 'acct-group/foo' package
+# and add an ebuild with the following contents:
+#
+# @CODE
+# EAPI=7
+# inherit acct-group
+# ACCT_GROUP_ID=200
+# @CODE
+#
+# Then you add appropriate dependency to your package. The dependency
+# type(s) should be:
+# - DEPEND (+ RDEPEND) if the group is already needed at build time,
+# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
+# in pkg_preinst) or run time.
+
+if [[ -z ${_ACCT_GROUP_ECLASS} ]]; then
+_ACCT_GROUP_ECLASS=1
+
+case ${EAPI:-0} in
+ 7) ;;
+ *) die "EAPI=${EAPI} not supported";;
+esac
+
+inherit user
+
+[[ ${CATEGORY} == acct-group ]] ||
+ die "Ebuild error: this eclass can be used only in acct-group category!"
+
+
+# << Eclass variables >>
+
+# @ECLASS-VARIABLE: ACCT_GROUP_NAME
+# @INTERNAL
+# @DESCRIPTION:
+# The name of the group. This is forced to ${PN} and the policy
+# prohibits it from being changed.
+ACCT_GROUP_NAME=${PN}
+readonly ACCT_GROUP_NAME
+
+# @ECLASS-VARIABLE: ACCT_GROUP_ID
+# @REQUIRED
+# @DESCRIPTION:
+# Preferred GID for the new group. This variable is obligatory, and its
+# value must be unique across all group packages.
+
+# @ECLASS-VARIABLE: ACCT_GROUP_ENFORCE_ID
+# @DESCRIPTION:
+# If set to a non-null value, the eclass will require the group to have
+# specified GID. If the group already exists with another GID, or
+# the GID is taken by another group, the install will fail.
+: ${ACCT_GROUP_ENFORCE_ID:=}
+
+
+# << Boilerplate ebuild variables >>
+: ${DESCRIPTION:="System group: ${ACCT_GROUP_NAME}"}
+: ${HOMEPAGE:=https://www.gentoo.org/}
+: ${SLOT:=0}
+: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
+S=${WORKDIR}
+
+
+# << Phase functions >>
+EXPORT_FUNCTIONS pkg_pretend pkg_preinst
+
+# @FUNCTION: acct-group_pkg_pretend
+# @DESCRIPTION:
+# Performs sanity checks for correct eclass usage, and early-checks
+# whether requested GID can be enforced.
+acct-group_pkg_pretend() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ # verify ACCT_GROUP_ID
+ [[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be set!"
+ [[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!"
+
+ # check for ACCT_GROUP_ID collisions early
+ if [[ -n ${ACCT_GROUP_ENFORCE_ID} ]]; then
+ local group_by_id=$(egetgroupname "${ACCT_GROUP_ID}")
+ local group_by_name=$(egetent group "${ACCT_GROUP_NAME}")
+ if [[ -n ${group_by_id} ]]; then
+ if [[ ${group_by_id} != ${ACCT_GROUP_NAME} ]]; then
+ eerror "The required GID is already taken by another group."
+ eerror " GID: ${ACCT_GROUP_ID}"
+ eerror " needed for: ${ACCT_GROUP_NAME}"
+ eerror " current group: ${group_by_id}"
+ die "GID ${ACCT_GROUP_ID} taken already"
+ fi
+ elif [[ -n ${group_by_name} ]]; then
+ eerror "The requested group exists already with wrong GID."
+ eerror " groupname: ${ACCT_GROUP_NAME}"
+ eerror " requested UID: ${ACCT_GROUP_ID}"
+ eerror " current entry: ${group_by_name}"
+ die "Group ${ACCT_GROUP_NAME} exists with wrong GID"
+ fi
+ fi
+}
+
+# @FUNCTION: acct-group_pkg_preinst
+# @DESCRIPTION:
+# Creates the group if it does not exist yet.
+acct-group_pkg_preinst() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ enewgroup -F "${ACCT_GROUP_NAME}" "${ACCT_GROUP_ID}"
+}
+
+fi
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 15/19] acct-user.eclass: A new eclass to maintain user accounts
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (13 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 14/19] acct-group.eclass: A new eclass to maintain group accounts Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 16/19] acct-user.eclass: Supporting locking & unlocking accounts Michał Górny
` (4 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
A GLEP 81-compliant eclass to create user account packages.
---
eclass/acct-user.eclass | 246 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 246 insertions(+)
create mode 100644 eclass/acct-user.eclass
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
new file mode 100644
index 000000000000..4a37bf3e1d95
--- /dev/null
+++ b/eclass/acct-user.eclass
@@ -0,0 +1,246 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+# @ECLASS: acct-user.eclass
+# @MAINTAINER:
+# Michał Górny <mgorny@gentoo.org>
+# @AUTHOR:
+# Michael Orlitzky <mjo@gentoo.org>
+# Michał Górny <mgorny@gentoo.org>
+# @BLURB: Eclass used to create and maintain a single user entry
+# @DESCRIPTION:
+# This eclass represents and creates a single user entry. The name
+# of the user is derived from ${PN}, while (preferred) UID needs to
+# be specified via ACCT_USER_ID. Additional variables are provided
+# to override the default home directory, shell and add group
+# membership. Packages needing the user in question should depend
+# on the package providing it.
+#
+# The ebuild needs to call acct-user_add_deps after specifying
+# ACCT_USER_GROUPS.
+#
+# Example:
+# If your package needs user 'foo' belonging to same-named group, you
+# create 'acct-user/foo' package and add an ebuild with the following
+# contents:
+#
+# @CODE
+# EAPI=7
+# inherit acct-user
+# ACCT_USER_ID=200
+# ACCT_USER_GROUPS=( foo )
+# acct-user_add_deps
+# @CODE
+#
+# Then you add appropriate dependency to your package. The dependency
+# type(s) should be:
+# - DEPEND (+ RDEPEND) if the user is already needed at build time,
+# - RDEPEND if it is needed at install time (e.g. you 'fowners' files
+# in pkg_preinst) or run time.
+
+if [[ -z ${_ACCT_USER_ECLASS} ]]; then
+_ACCT_USER_ECLASS=1
+
+case ${EAPI:-0} in
+ 7) ;;
+ *) die "EAPI=${EAPI} not supported";;
+esac
+
+inherit user
+
+[[ ${CATEGORY} == acct-user ]] ||
+ die "Ebuild error: this eclass can be used only in acct-user category!"
+
+
+# << Eclass variables >>
+
+# @ECLASS-VARIABLE: ACCT_USER_NAME
+# @INTERNAL
+# @DESCRIPTION:
+# The name of the user. This is forced to ${PN} and the policy prohibits
+# it from being changed.
+ACCT_USER_NAME=${PN}
+readonly ACCT_USER_NAME
+
+# @ECLASS-VARIABLE: ACCT_USER_ID
+# @REQUIRED
+# @DESCRIPTION:
+# Preferred UID for the new user. This variable is obligatory, and its
+# value must be unique across all user packages.
+
+# @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
+# @DESCRIPTION:
+# If set to a non-null value, the eclass will require the user to have
+# specified UID. If the user already exists with another UID, or
+# the UID is taken by another user, the install will fail.
+: ${ACCT_USER_ENFORCE_ID:=}
+
+# @ECLASS-VARIABLE: ACCT_USER_SHELL
+# @DESCRIPTION:
+# The shell to use for the user. If not specified, a 'nologin' variant
+# for the system is used.
+: ${ACCT_USER_SHELL:=-1}
+
+# @ECLASS-VARIABLE: ACCT_USER_HOME
+# @DESCRIPTION:
+# The home directory for the user. If not specified, /dev/null is used.
+# The directory will be created with appropriate permissions if it does
+# not exist. When updating, existing home directory will not be moved.
+: ${ACCT_USER_HOME:=/dev/null}
+
+# @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# The ownership to use for the home directory, in chown ([user][:group])
+# syntax. Defaults to the newly created user, and its primary group.
+
+# @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS
+# @DESCRIPTION:
+# The permissions to use for the home directory, in chmod (octal
+# or verbose) form.
+: ${ACCT_USER_HOME_PERMS:=0755}
+
+# @ECLASS-VARIABLE: ACCT_USER_GROUPS
+# @REQUIRED
+# @DESCRIPTION:
+# List of groups the user should belong to. This must be a bash
+# array.
+
+
+# << Boilerplate ebuild variables >>
+: ${DESCRIPTION:="System user: ${ACCT_USER_NAME}"}
+: ${HOMEPAGE:=https://www.gentoo.org/}
+: ${SLOT:=0}
+: ${KEYWORDS:=alpha amd64 arm arm64 hppa ia64 m68k ~mips ppc ppc64 ~riscv s390 sh sparc x86 ~ppc-aix ~x64-cygwin ~amd64-fbsd ~x86-fbsd ~amd64-linux ~x86-linux ~ppc-macos ~x64-macos ~x86-macos ~m68k-mint ~sparc-solaris ~sparc64-solaris ~x64-solaris ~x86-solaris}
+S=${WORKDIR}
+
+
+# << API functions >>
+
+# @FUNCTION: acct-user_add_deps
+# @DESCRIPTION:
+# Generate appropriate RDEPEND from ACCT_USER_GROUPS. This must be
+# called if ACCT_USER_GROUPS are set.
+acct-user_add_deps() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ # ACCT_USER_GROUPS sanity check
+ if [[ $(declare -p ACCT_USER_GROUPS) != "declare -a"* ]]; then
+ die 'ACCT_USER_GROUPS must be an array.'
+ elif [[ ${#ACCT_USER_GROUPS[@]} -eq 0 ]]; then
+ die 'ACCT_USER_GROUPS must not be empty.'
+ fi
+
+ RDEPEND+=${ACCT_USER_GROUPS[*]/#/ acct-group/}
+ _ACCT_USER_ADD_DEPS_CALLED=1
+}
+
+
+# << Phase functions >>
+EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_postinst \
+ pkg_prerm
+
+# @FUNCTION: acct-user_pkg_pretend
+# @DESCRIPTION:
+# Performs sanity checks for correct eclass usage, and early-checks
+# whether requested UID can be enforced.
+acct-user_pkg_pretend() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ # verify that acct-user_add_deps() has been called
+ # (it verifies ACCT_USER_GROUPS itself)
+ if [[ -z ${_ACCT_USER_ADD_DEPS_CALLED} ]]; then
+ die "Ebuild error: acct-user_add_deps must have been called in global scope!"
+ fi
+
+ # verify ACCT_USER_ID
+ [[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!"
+ [[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
+
+ # check for ACCT_USER_ID collisions early
+ if [[ -n ${ACCT_USER_ENFORCE_ID} ]]; then
+ local user_by_id=$(egetusername "${ACCT_USER_ID}")
+ local user_by_name=$(egetent passwd "${ACCT_USER_NAME}")
+ if [[ -n ${user_by_id} ]]; then
+ if [[ ${user_by_id} != ${ACCT_USER_NAME} ]]; then
+ eerror "The required UID is already taken by another user."
+ eerror " UID: ${ACCT_USER_ID}"
+ eerror " needed for: ${ACCT_USER_NAME}"
+ eerror " current user: ${user_by_id}"
+ die "UID ${ACCT_USER_ID} taken already"
+ fi
+ elif [[ -n ${user_by_name} ]]; then
+ eerror "The requested user exists already with wrong UID."
+ eerror " username: ${ACCT_USER_NAME}"
+ eerror " requested UID: ${ACCT_USER_ID}"
+ eerror " current entry: ${user_by_name}"
+ die "Username ${ACCT_USER_NAME} exists with wrong UID"
+ fi
+ fi
+}
+
+# @FUNCTION: acct-user_src_install
+# @DESCRIPTION:
+# Installs a keep-file into the user's home directory to ensure it is
+# owned by the package.
+acct-user_src_install() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
+ # note: we can't set permissions here since the user isn't
+ # created yet
+ keepdir "${ACCT_USER_HOME}"
+ fi
+}
+
+# @FUNCTION: acct-user_pkg_preinst
+# @DESCRIPTION:
+# Creates the user if it does not exist yet. Sets permissions
+# of the home directory in install image.
+acct-user_pkg_preinst() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ local groups=${ACCT_USER_GROUPS[*]}
+ enewuser -F -M "${ACCT_USER_NAME}" "${ACCT_USER_ID}" \
+ "${ACCT_USER_SHELL}" "${ACCT_USER_HOME}" "${groups// /,}"
+
+ if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
+ # default ownership to user:group
+ if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then
+ ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${ACCT_USER_GROUPS[0]}
+ fi
+ fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}"
+ fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}"
+ fi
+}
+
+# @FUNCTION: acct-user_pkg_postinst
+# @DESCRIPTION:
+# Updates user properties if necessary. This needs to be done after
+# new home directory is installed.
+acct-user_pkg_postinst() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ # NB: eset* functions check current value
+ esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"
+ esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"
+ local groups=${ACCT_USER_GROUPS[*]}
+ esetgroups "${ACCT_USER_NAME}" "${groups// /,}"
+ # comment field can not contain colons
+ esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}"
+}
+
+# @FUNCTION: acct-user_pkg_prerm
+# @DESCRIPTION:
+# Ensures that the user account is locked out when it is removed.
+acct-user_pkg_prerm() {
+ debug-print-function ${FUNCNAME} "${@}"
+
+ if [[ -z ${REPLACED_BY_VERSION} ]]; then
+ esetshell "${ACCT_USER_NAME}" -1
+ esetcomment "${ACCT_USER_NAME}" \
+ "$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)"
+ fi
+}
+
+fi
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 16/19] acct-user.eclass: Supporting locking & unlocking accounts
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (14 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 15/19] acct-user.eclass: A new eclass to maintain user accounts Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 17/19] acct-group/ftp: Add 'ftp' group (GID 21) Michał Górny
` (3 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/acct-user.eclass | 127 ++++++++++++++++++++++++++++++++++++++++
1 file changed, 127 insertions(+)
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index 4a37bf3e1d95..1b8a0bf94a62 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -136,6 +136,131 @@ acct-user_add_deps() {
}
+# << Helper functions >>
+
+# @FUNCTION: eislocked
+# @INTERNAL
+# @USAGE: <user>
+# @DESCRIPTION:
+# Check whether the specified user account is currently locked.
+# Returns 0 if it is locked, 1 if it is not, 2 if the platform
+# does not support determining it.
+eislocked() {
+ [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
+
+ if [[ ${EUID} != 0 ]] ; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return 0
+ fi
+
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*|*-netbsd*)
+ [[ $(egetent "$1" | cut -d: -f2) == '*LOCKED*'* ]]
+ ;;
+
+ *-openbsd*)
+ return 2
+ ;;
+
+ *)
+ # NB: 'no password' and 'locked' are indistinguishable
+ # but we also expire the account which is more clear
+ [[ $(getent shadow ftp | cut -d: -f2) == '!'* ]] &&
+ [[ $(getent shadow ftp | cut -d: -f8) == 1 ]]
+ ;;
+ esac
+}
+
+# @FUNCTION: elockuser
+# @INTERNAL
+# @USAGE: <user>
+# @DESCRIPTION:
+# Lock the specified user account, using the available platform-specific
+# functions. This should prevent any login to the account.
+#
+# Established lock can be reverted using eunlockuser.
+#
+# This function returns 0 if locking succeeded, 2 if it is not supported
+# by the platform code or dies if it fails.
+elockuser() {
+ [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
+
+ if [[ ${EUID} != 0 ]] ; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return 0
+ fi
+
+ eislocked "$1"
+ [[ $? -eq 0 ]] && return 0
+
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pw lock "$1" || die "Locking account $1 failed"
+ pw user mod "$1" -e 1 || die "Expiring account $1 failed"
+ ;;
+
+ *-netbsd*)
+ usermod -e 1 -C yes "$1" || die "Locking account $1 failed"
+ ;;
+
+ *-openbsd*)
+ return 2
+ ;;
+
+ *)
+ usermod -e 1 -L "$1" || die "Locking account $1 failed"
+ ;;
+ esac
+
+ elog "User account $1 locked"
+ return 0
+}
+
+# @FUNCTION: eunlockuser
+# @INTERNAL
+# @USAGE: <user>
+# @DESCRIPTION:
+# Unlock the specified user account, using the available platform-
+# specific functions.
+#
+# This function returns 0 if unlocking succeeded, 1 if it is not
+# supported by the platform code or dies if it fails.
+eunlockuser() {
+ [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
+
+ if [[ ${EUID} != 0 ]] ; then
+ einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
+ return 0
+ fi
+
+ eislocked "$1"
+ [[ $? -eq 1 ]] && return 0
+
+ case ${CHOST} in
+ *-freebsd*|*-dragonfly*)
+ pw user mod "$1" -e 0 || die "Unexpiring account $1 failed"
+ pw unlock "$1" || die "Unlocking account $1 failed"
+ ;;
+
+ *-netbsd*)
+ usermod -e 0 -C no "$1" || die "Unlocking account $1 failed"
+ ;;
+
+ *-openbsd*)
+ return 1
+ ;;
+
+ *)
+ # silence warning if account does not have a password
+ usermod -e "" -U "$1" 2>/dev/null || die "Unlocking account $1 failed"
+ ;;
+ esac
+
+ ewarn "User account $1 unlocked after reinstating."
+ return 0
+}
+
+
# << Phase functions >>
EXPORT_FUNCTIONS pkg_pretend src_install pkg_preinst pkg_postinst \
pkg_prerm
@@ -228,6 +353,7 @@ acct-user_pkg_postinst() {
esetgroups "${ACCT_USER_NAME}" "${groups// /,}"
# comment field can not contain colons
esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}"
+ eunlockuser "${ACCT_USER_NAME}"
}
# @FUNCTION: acct-user_pkg_prerm
@@ -240,6 +366,7 @@ acct-user_pkg_prerm() {
esetshell "${ACCT_USER_NAME}" -1
esetcomment "${ACCT_USER_NAME}" \
"$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)"
+ elockuser "${ACCT_USER_NAME}"
fi
}
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 17/19] acct-group/ftp: Add 'ftp' group (GID 21)
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (15 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 16/19] acct-user.eclass: Supporting locking & unlocking accounts Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 18/19] acct-user/ftp: Add 'ftp' user (UID 21) Michał Górny
` (2 subsequent siblings)
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
acct-group/ftp/ftp-0.ebuild | 9 +++++++++
acct-group/ftp/metadata.xml | 5 +++++
profiles/categories | 1 +
3 files changed, 15 insertions(+)
create mode 100644 acct-group/ftp/ftp-0.ebuild
create mode 100644 acct-group/ftp/metadata.xml
diff --git a/acct-group/ftp/ftp-0.ebuild b/acct-group/ftp/ftp-0.ebuild
new file mode 100644
index 000000000000..73978ac12484
--- /dev/null
+++ b/acct-group/ftp/ftp-0.ebuild
@@ -0,0 +1,9 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit acct-group
+
+DESCRIPTION="File Transfer Protocol server user"
+ACCT_GROUP_ID=21
diff --git a/acct-group/ftp/metadata.xml b/acct-group/ftp/metadata.xml
new file mode 100644
index 000000000000..7a38bb900964
--- /dev/null
+++ b/acct-group/ftp/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+</pkgmetadata>
diff --git a/profiles/categories b/profiles/categories
index 4ff0d5562001..ebfc72f70759 100644
--- a/profiles/categories
+++ b/profiles/categories
@@ -1,3 +1,4 @@
+acct-group
app-accessibility
app-admin
app-antivirus
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 18/19] acct-user/ftp: Add 'ftp' user (UID 21)
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (16 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 17/19] acct-group/ftp: Add 'ftp' group (GID 21) Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 19/19] net-ftp/ftpbase: Utilize {group,user}/ftp Michał Górny
2019-06-13 8:54 ` [gentoo-dev] [PATCH v4 00/19] User/group packages Alexey Shvetsov
19 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
acct-user/ftp/ftp-0.ebuild | 14 ++++++++++++++
acct-user/ftp/metadata.xml | 5 +++++
profiles/categories | 1 +
3 files changed, 20 insertions(+)
create mode 100644 acct-user/ftp/ftp-0.ebuild
create mode 100644 acct-user/ftp/metadata.xml
diff --git a/acct-user/ftp/ftp-0.ebuild b/acct-user/ftp/ftp-0.ebuild
new file mode 100644
index 000000000000..e33e289397a2
--- /dev/null
+++ b/acct-user/ftp/ftp-0.ebuild
@@ -0,0 +1,14 @@
+# Copyright 2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit acct-user
+
+DESCRIPTION="File Transfer Protocol server user"
+ACCT_USER_ID=21
+ACCT_USER_HOME=/home/ftp
+ACCT_USER_HOME_OWNER=root:ftp
+ACCT_USER_GROUPS=( ftp )
+
+acct-user_add_deps
diff --git a/acct-user/ftp/metadata.xml b/acct-user/ftp/metadata.xml
new file mode 100644
index 000000000000..7a38bb900964
--- /dev/null
+++ b/acct-user/ftp/metadata.xml
@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!DOCTYPE pkgmetadata SYSTEM "http://www.gentoo.org/dtd/metadata.dtd">
+<pkgmetadata>
+ <!-- maintainer-needed -->
+</pkgmetadata>
diff --git a/profiles/categories b/profiles/categories
index ebfc72f70759..0f45f8cd1732 100644
--- a/profiles/categories
+++ b/profiles/categories
@@ -1,4 +1,5 @@
acct-group
+acct-user
app-accessibility
app-admin
app-antivirus
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* [gentoo-dev] [PATCH v4 19/19] net-ftp/ftpbase: Utilize {group,user}/ftp
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (17 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 18/19] acct-user/ftp: Add 'ftp' user (UID 21) Michał Górny
@ 2019-06-11 16:23 ` Michał Górny
2019-06-13 1:15 ` Michael Orlitzky
2019-06-13 8:54 ` [gentoo-dev] [PATCH v4 00/19] User/group packages Alexey Shvetsov
19 siblings, 1 reply; 28+ messages in thread
From: Michał Górny @ 2019-06-11 16:23 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
net-ftp/ftpbase/ftpbase-0.01-r3.ebuild | 39 ++++++++++++++++++++++++++
1 file changed, 39 insertions(+)
create mode 100644 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
diff --git a/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild b/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
new file mode 100644
index 000000000000..c333840faa18
--- /dev/null
+++ b/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
@@ -0,0 +1,39 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+
+inherit eutils pam user
+
+DESCRIPTION="FTP layout package"
+HOMEPAGE="https://www.gentoo.org/"
+SRC_URI=""
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd"
+IUSE="pam"
+
+DEPEND="pam? ( virtual/pam )
+ !<net-ftp/proftpd-1.2.10-r6
+ !<net-ftp/pure-ftpd-1.0.20-r2
+ !<net-ftp/vsftpd-2.0.3-r1"
+RDEPEND="
+ acct-group/ftp
+ acct-user/ftp"
+
+S=${WORKDIR}
+
+src_install() {
+ # The ftpusers file is a list of people who are NOT allowed
+ # to use the ftp service.
+ insinto /etc
+ doins "${FILESDIR}/ftpusers" || die
+
+ cp "${FILESDIR}/ftp-pamd-include" "${T}" || die
+ if use elibc_FreeBSD; then
+ sed -i -e "/pam_listfile.so/s/^.*$/account required pam_ftpusers.so no_warn disallow/" \
+ "${T}"/ftp-pamd-include || die
+ fi
+ newpamd "${T}"/ftp-pamd-include ftp
+}
--
2.22.0
^ permalink raw reply related [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 12/19] user.eclass: Support getting & setting comment field
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 12/19] user.eclass: Support getting & setting comment field Michał Górny
@ 2019-06-12 7:08 ` Jaco Kroon
0 siblings, 0 replies; 28+ messages in thread
From: Jaco Kroon @ 2019-06-12 7:08 UTC (permalink / raw
To: gentoo-dev, Michał Górny
Hi,
> + # update the comment
> + case ${CHOST} in
> + *-freebsd*|*-dragonfly*)
> + pw usermod "${euser}" -c "${ecomment}" && return 0
> + [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
> + eerror "There was an error when attempting to update the comment for ${euser}"
> + eerror "Please update it manually on your system:"
> + eerror "\t pw usermod \"${euser}\" -c \"${ecomment}\""
> + ;;
> +
> + *)
> + usermod -c "${ecomment}" "${euser}" && return 0
> + [[ $? == 8 ]] && eerror "${euser} is in use, cannot update comment"
> + eerror "There was an error when attempting to update the comment for ${euser}"
> + eerror "Please update it manually on your system (as root):"
> + eerror "\t usermod -c \"${ecomment}\" \"${euser}\""
> + ;;
> + esac
> +}
> +
> fi
Those error messages are duplicate and can move to after the case.
You should probably also explicitly return with an error if the case
drops through.
Kind Regards,
Jaco
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function Michał Górny
@ 2019-06-13 1:11 ` Michael Orlitzky
2019-06-13 5:33 ` Michał Górny
0 siblings, 1 reply; 28+ messages in thread
From: Michael Orlitzky @ 2019-06-13 1:11 UTC (permalink / raw
To: gentoo-dev
On 6/11/19 12:23 PM, Michał Górny wrote:
>
> +# @FUNCTION: user_get_nologin
> +# @INTERNAL
> +# @DESCRIPTION:
> +# Find an appropriate 'nologin' shell for the platform, and output
> +# its path.
> +user_get_nologin() {
This isn't a great name for this function, because it doesn't have
anything to do with the user being added. How about
userland_get_nologin? Then it could take the userland as an argument...
> + case ${USERLAND} in
> + GNU) eshell="/bin/false" ;;
to eliminate that dependency on the global variable. In other words, the
above could become "case $1..." to make the function self-contained.
> + eshell=$(user_get_nologin)
Then this would have to become
eshell=$(userland_get_nologin "${USERLAND}")
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 19/19] net-ftp/ftpbase: Utilize {group,user}/ftp
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 19/19] net-ftp/ftpbase: Utilize {group,user}/ftp Michał Górny
@ 2019-06-13 1:15 ` Michael Orlitzky
0 siblings, 0 replies; 28+ messages in thread
From: Michael Orlitzky @ 2019-06-13 1:15 UTC (permalink / raw
To: gentoo-dev
On 6/11/19 12:23 PM, Michał Górny wrote:
> +++ b/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
> @@ -0,0 +1,39 @@
> +# Copyright 1999-2019 Gentoo Authors
> +# Distributed under the terms of the GNU General Public License v2
> +
> +EAPI=7
> +
> +inherit eutils pam user
> +
user.eclass can go, and I'm pretty sure eutils can too.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function
2019-06-13 1:11 ` Michael Orlitzky
@ 2019-06-13 5:33 ` Michał Górny
2019-06-13 13:01 ` Michael Orlitzky
0 siblings, 1 reply; 28+ messages in thread
From: Michał Górny @ 2019-06-13 5:33 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 990 bytes --]
On Wed, 2019-06-12 at 21:11 -0400, Michael Orlitzky wrote:
> On 6/11/19 12:23 PM, Michał Górny wrote:
> >
> > +# @FUNCTION: user_get_nologin
> > +# @INTERNAL
> > +# @DESCRIPTION:
> > +# Find an appropriate 'nologin' shell for the platform, and output
> > +# its path.
> > +user_get_nologin() {
>
> This isn't a great name for this function, because it doesn't have
> anything to do with the user being added. How about
> userland_get_nologin? Then it could take the userland as an argument...
user_ is eclass name prefix.
>
>
> > + case ${USERLAND} in
> > + GNU) eshell="/bin/false" ;;
>
> to eliminate that dependency on the global variable. In other words, the
> above could become "case $1..." to make the function self-contained.
>
>
>
> > + eshell=$(user_get_nologin)
>
> Then this would have to become
>
> eshell=$(userland_get_nologin "${USERLAND}")
Do you have any real use for that?
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 00/19] User/group packages
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
` (18 preceding siblings ...)
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 19/19] net-ftp/ftpbase: Utilize {group,user}/ftp Michał Górny
@ 2019-06-13 8:54 ` Alexey Shvetsov
2019-06-13 12:58 ` Michael Orlitzky
19 siblings, 1 reply; 28+ messages in thread
From: Alexey Shvetsov @ 2019-06-13 8:54 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Hi!
Its a good thing that you're reviewing user class. I write some thought
previosly about it.
Why not create some set for standart uid:gid for services so they will
be identicall in all installations?
like slurm has uid:gid 500:500
nginx 80:80 or something...
Michał Górny писал 11-06-2019 19:23:
> Hi,
>
> Here's hopefully the final iteration of the patches. Changes since v3:
>
> - changed description to 'System user/group' (from 'service'),
>
> - fixed acct-user to fail when ACCT_USER_GROUPS is empty (and not just
> when it is unset).
>
> Please review.
>
> --
> Best regards,
> Michał Górny
>
>
> Michał Górny (19):
> user.eclass: Remove dead/broken Darwin support
> user.eclass: NetBSD has 'getent'
> user.eclass: Do not create user-group automatically
> user.eclass: Prevent automated home creation in useradd
> user.eclass: Support disabling home directory creation
> user.eclass: Support forcing specified UID/GID
> user.eclass: Die if no free UID/GID is found
> user.eclass: Factor out finding nologin into separate function
> user.eclass: Introduce esetshell
> user.eclass: Introduce eget{user,group}name
> user.eclass: Also permit using functions in pkg_*rm phases
> user.eclass: Support getting & setting comment field
> user.eclass: Introduce e{get,set}groups
> acct-group.eclass: A new eclass to maintain group accounts
> acct-user.eclass: A new eclass to maintain user accounts
> acct-user.eclass: Supporting locking & unlocking accounts
> acct-group/ftp: Add 'ftp' group (GID 21)
> acct-user/ftp: Add 'ftp' user (UID 21)
> net-ftp/ftpbase: Utilize {group,user}/ftp
>
> acct-group/ftp/ftp-0.ebuild | 9 +
> acct-group/ftp/metadata.xml | 5 +
> acct-user/ftp/ftp-0.ebuild | 14 +
> acct-user/ftp/metadata.xml | 5 +
> eclass/acct-group.eclass | 124 ++++++++
> eclass/acct-user.eclass | 373 ++++++++++++++++++++++++
> eclass/user.eclass | 385 ++++++++++++++++++++-----
> net-ftp/ftpbase/ftpbase-0.01-r3.ebuild | 39 +++
> profiles/categories | 2 +
> 9 files changed, 886 insertions(+), 70 deletions(-)
> create mode 100644 acct-group/ftp/ftp-0.ebuild
> create mode 100644 acct-group/ftp/metadata.xml
> create mode 100644 acct-user/ftp/ftp-0.ebuild
> create mode 100644 acct-user/ftp/metadata.xml
> create mode 100644 eclass/acct-group.eclass
> create mode 100644 eclass/acct-user.eclass
> create mode 100644 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
--
Best Regards,
Alexey 'Alexxy' Shvetsov
Best Regards,
Alexey 'Alexxy' Shvetsov, PhD
Department of Molecular and Radiation Biophysics
FSBI Petersburg Nuclear Physics Institute, NRC Kurchatov Institute,
Leningrad region, Gatchina, Russia
Gentoo Team Ru
Gentoo Linux Dev
mailto:alexxyum@gmail.com
mailto:alexxy@gentoo.org
mailto:alexxy@omrb.pnpi.spb.ru
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 00/19] User/group packages
2019-06-13 8:54 ` [gentoo-dev] [PATCH v4 00/19] User/group packages Alexey Shvetsov
@ 2019-06-13 12:58 ` Michael Orlitzky
0 siblings, 0 replies; 28+ messages in thread
From: Michael Orlitzky @ 2019-06-13 12:58 UTC (permalink / raw
To: gentoo-dev
On 6/13/19 4:54 AM, Alexey Shvetsov wrote:
> Hi!
>
> Its a good thing that you're reviewing user class. I write some thought
> previosly about it.
>
> Why not create some set for standart uid:gid for services so they will
> be identicall in all installations?
>
> like slurm has uid:gid 500:500
> nginx 80:80 or something...
>
This is what we're doing =)
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function
2019-06-13 5:33 ` Michał Górny
@ 2019-06-13 13:01 ` Michael Orlitzky
2019-06-13 13:18 ` Michał Górny
0 siblings, 1 reply; 28+ messages in thread
From: Michael Orlitzky @ 2019-06-13 13:01 UTC (permalink / raw
To: gentoo-dev
On 6/13/19 1:33 AM, Michał Górny wrote:
>>
>>> + eshell=$(user_get_nologin)
>>
>> Then this would have to become
>>
>> eshell=$(userland_get_nologin "${USERLAND}")
>
> Do you have any real use for that?
>
No. It's a better design IMO since you can e.g. test the function by
passing it an argument rather than by setting a global variable (which
has other consequences). But no immediate application.
^ permalink raw reply [flat|nested] 28+ messages in thread
* Re: [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function
2019-06-13 13:01 ` Michael Orlitzky
@ 2019-06-13 13:18 ` Michał Górny
0 siblings, 0 replies; 28+ messages in thread
From: Michał Górny @ 2019-06-13 13:18 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 930 bytes --]
On Thu, 2019-06-13 at 09:01 -0400, Michael Orlitzky wrote:
> On 6/13/19 1:33 AM, Michał Górny wrote:
> > > > + eshell=$(user_get_nologin)
> > >
> > > Then this would have to become
> > >
> > > eshell=$(userland_get_nologin "${USERLAND}")
> >
> > Do you have any real use for that?
> >
>
> No. It's a better design IMO since you can e.g. test the function by
> passing it an argument rather than by setting a global variable (which
> has other consequences). But no immediate application.
>
I'm sorry but this makes no sense. The function already depends on ROOT
variable, and on presence of specific files in the filesystem. I see no
reason to make USERLAND special here.
Furthermore, it's an internal function with no external application.
It has two call sites, and in both we want the same value of USERLAND
(which is defined by profiles) to apply.
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
^ permalink raw reply [flat|nested] 28+ messages in thread
end of thread, other threads:[~2019-06-13 13:18 UTC | newest]
Thread overview: 28+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-06-11 16:23 [gentoo-dev] [PATCH v4 00/19] User/group packages Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 01/19] user.eclass: Remove dead/broken Darwin support Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 02/19] user.eclass: NetBSD has 'getent' Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 03/19] user.eclass: Do not create user-group automatically Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 04/19] user.eclass: Prevent automated home creation in useradd Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 05/19] user.eclass: Support disabling home directory creation Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 06/19] user.eclass: Support forcing specified UID/GID Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 07/19] user.eclass: Die if no free UID/GID is found Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 08/19] user.eclass: Factor out finding nologin into separate function Michał Górny
2019-06-13 1:11 ` Michael Orlitzky
2019-06-13 5:33 ` Michał Górny
2019-06-13 13:01 ` Michael Orlitzky
2019-06-13 13:18 ` Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 09/19] user.eclass: Introduce esetshell Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 10/19] user.eclass: Introduce eget{user,group}name Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 11/19] user.eclass: Also permit using functions in pkg_*rm phases Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 12/19] user.eclass: Support getting & setting comment field Michał Górny
2019-06-12 7:08 ` Jaco Kroon
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 13/19] user.eclass: Introduce e{get,set}groups Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 14/19] acct-group.eclass: A new eclass to maintain group accounts Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 15/19] acct-user.eclass: A new eclass to maintain user accounts Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 16/19] acct-user.eclass: Supporting locking & unlocking accounts Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 17/19] acct-group/ftp: Add 'ftp' group (GID 21) Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 18/19] acct-user/ftp: Add 'ftp' user (UID 21) Michał Górny
2019-06-11 16:23 ` [gentoo-dev] [PATCH v4 19/19] net-ftp/ftpbase: Utilize {group,user}/ftp Michał Górny
2019-06-13 1:15 ` Michael Orlitzky
2019-06-13 8:54 ` [gentoo-dev] [PATCH v4 00/19] User/group packages Alexey Shvetsov
2019-06-13 12:58 ` Michael Orlitzky
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox