From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from pigeon.gentoo.org ([208.92.234.80] helo=lists.gentoo.org) by finch.gentoo.org with esmtp (Exim 4.60) (envelope-from ) id 1RXFdF-0005Ch-PB for garchives@archives.gentoo.org; Sun, 04 Dec 2011 17:13:42 +0000 Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 2C19321C11D; Sun, 4 Dec 2011 17:13:32 +0000 (UTC) Received: from smtp.gentoo.org (smtp.gentoo.org [140.211.166.183]) by pigeon.gentoo.org (Postfix) with ESMTP id 09F7121C15B for ; Sun, 4 Dec 2011 17:12:37 +0000 (UTC) Received: from [192.168.0.4] (d14-69-47-19.try.wideopenwest.com [69.14.19.47]) (using TLSv1 with cipher ECDHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: floppym) by smtp.gentoo.org (Postfix) with ESMTPSA id 510CE642C2 for ; Sun, 4 Dec 2011 17:12:36 +0000 (UTC) Message-ID: <4EDBA9FD.4040104@gentoo.org> Date: Sun, 04 Dec 2011 12:12:29 -0500 From: Mike Gilbert User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:8.0) Gecko/20111116 Thunderbird/8.0 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org MIME-Version: 1.0 To: gentoo-dev@lists.gentoo.org Subject: Re: [gentoo-dev] user management mitigation References: <4732345.520.1323009889903.JavaMail.geo-discussion-forums@yqbg11> In-Reply-To: <4732345.520.1323009889903.JavaMail.geo-discussion-forums@yqbg11> X-Enigmail-Version: 1.3.3 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="------------enig2ABC06214F36D77CCB713E44" X-Archives-Salt: b9197ddb-84e5-4252-8094-07c84c908426 X-Archives-Hash: 19fd84e4913d2f5f45b730af0c9a1c59 This is an OpenPGP/MIME signed message (RFC 2440 and 3156) --------------enig2ABC06214F36D77CCB713E44 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 12/04/2011 09:44 AM, Leho Kraav wrote: > So after a reading through a bunch of stuff [1][2][3][4][5], what I'm g= oing to do for the goal above is: >=20 > * move to sys-apps/shadow trunk [6] > * fork my own user.eclass from v1.17, modify it to use --root $ROOT wh= en calling shadow stuff I think a possible problem here would be a build system that uses user/group id's from the host root during the build process. If any packages do this, it is possible that the users/groups would need to be added in both /etc/passwd and ${ROOT}etc/passwd. > * stick my user.eclass into myoverlay/eclass/ > * # echo "lkraav" > myoverlay/profiles/repo_name > * # echo "[DEFAULT]\neclass-overrides =3D lkraav" > /etc/portage/repos= =2Econf > * # echo "PORTAGE_RSYNC_EXTRA_OPTS=3D\"--exclude=3D/metadata/cache\"" = >> /etc/make.conf > * # rm -rf /usr/portage/metadata/cache > * # echo "emerge --regen" >> /etc/cron.weekly/09-my-portage-update-scr= ipt That sounds about right. > * subscribe to atom feed of portage user.eclass changes, merge stuff u= ntil sys-apps/shadow-4.1.4.5 surfaces and maybe main tree user.eclass get= s patched to use --root We have one of those!? --------------enig2ABC06214F36D77CCB713E44 Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.17 (GNU/Linux) iF4EAREIAAYFAk7bqgEACgkQC77qH+pIQ6RJAAD9GJkSXEep81o0l64NLte3uCsp yL4RFC7mqSz196YjrEwA/jjXCLkuxgKwlYZ6RwC28tCHjpUJ7uANkoLsYtEznoa9 =/lf/ -----END PGP SIGNATURE----- --------------enig2ABC06214F36D77CCB713E44--