* [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1
@ 2019-08-07 17:10 Michał Górny
2019-08-07 17:29 ` Michael Orlitzky
2019-08-17 20:37 ` Michał Górny
0 siblings, 2 replies; 5+ messages in thread
From: Michał Górny @ 2019-08-07 17:10 UTC (permalink / raw
To: gentoo-dev; +Cc: Michał Górny
Allow a special value of '-1' to dynamically assign UID/GID for the user
or group. This is intended to be used in overlays where proper
assignment does not take place but whose owners wish to switch to acct-*
packages.
While technically it is possible to choose a free UID/GID, it could be
taken afterwards by some Gentoo package and unnecessarily introduce
a conflict. Using '999' was also suggested (as the first dynamic
UID/GID) but it would cause issues for people enabling
ACCT_*_ENFORCE_ID. To avoid this, '-1' does not trigger collision
checks.
Signed-off-by: Michał Górny <mgorny@gentoo.org>
---
eclass/acct-group.eclass | 4 ++++
eclass/acct-user.eclass | 4 ++++
2 files changed, 8 insertions(+)
diff --git a/eclass/acct-group.eclass b/eclass/acct-group.eclass
index 9eab00db690f..d5ccd209c9e3 100644
--- a/eclass/acct-group.eclass
+++ b/eclass/acct-group.eclass
@@ -59,6 +59,9 @@ readonly ACCT_GROUP_NAME
# @DESCRIPTION:
# Preferred GID for the new group. This variable is obligatory, and its
# value must be unique across all group packages.
+#
+# Overlays should set this to -1 to dynamically allocate GID. Using -1
+# in ::gentoo is prohibited by policy.
# @ECLASS-VARIABLE: ACCT_GROUP_ENFORCE_ID
# @DESCRIPTION:
@@ -87,6 +90,7 @@ acct-group_pkg_pretend() {
# verify ACCT_GROUP_ID
[[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be set!"
+ [[ ${ACCT_GROUP_ID} -eq -1 ]] && return
[[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!"
# check for ACCT_GROUP_ID collisions early
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index 60009643c144..17a58e9126e4 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -67,6 +67,9 @@ readonly ACCT_USER_NAME
# @DESCRIPTION:
# Preferred UID for the new user. This variable is obligatory, and its
# value must be unique across all user packages.
+#
+# Overlays should set this to -1 to dynamically allocate GID. Using -1
+# in ::gentoo is prohibited by policy.
# @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
# @DESCRIPTION:
@@ -279,6 +282,7 @@ acct-user_pkg_pretend() {
# verify ACCT_USER_ID
[[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!"
+ [[ ${ACCT_USER_ID} -eq -1 ]] && return
[[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
# check for ACCT_USER_ID collisions early
--
2.23.0.rc1
^ permalink raw reply related [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1
2019-08-07 17:10 [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1 Michał Górny
@ 2019-08-07 17:29 ` Michael Orlitzky
2019-08-07 17:45 ` Michał Górny
2019-08-17 20:37 ` Michał Górny
1 sibling, 1 reply; 5+ messages in thread
From: Michael Orlitzky @ 2019-08-07 17:29 UTC (permalink / raw
To: gentoo-dev
On 8/7/19 1:10 PM, Michał Górny wrote:
>
> Using '999' was also suggested (as the first dynamic
> UID/GID) but it would cause issues for people enabling
> ACCT_*_ENFORCE_ID. To avoid this, '-1' does not trigger collision
> checks.
>
Feel free to proceed with this, I'm just curious: what's the problem
with 999 and enforced IDs?
> +#
> +# Overlays should set this to -1 to dynamically allocate GID. Using -1
> +# in ::gentoo is prohibited by policy.
>
Should say "UID" in the user eclass.
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1
2019-08-07 17:29 ` Michael Orlitzky
@ 2019-08-07 17:45 ` Michał Górny
0 siblings, 0 replies; 5+ messages in thread
From: Michał Górny @ 2019-08-07 17:45 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 735 bytes --]
On Wed, 2019-08-07 at 13:29 -0400, Michael Orlitzky wrote:
> On 8/7/19 1:10 PM, Michał Górny wrote:
> > Using '999' was also suggested (as the first dynamic
> > UID/GID) but it would cause issues for people enabling
> > ACCT_*_ENFORCE_ID. To avoid this, '-1' does not trigger collision
> > checks.
> >
>
> Feel free to proceed with this, I'm just curious: what's the problem
> with 999 and enforced IDs?
They will fail once the first package allocates 999 ;-).
>
>
> > +#
> > +# Overlays should set this to -1 to dynamically allocate GID. Using -1
> > +# in ::gentoo is prohibited by policy.
> >
>
> Should say "UID" in the user eclass.
>
Fixed, thanks.
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1
2019-08-07 17:10 [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1 Michał Górny
2019-08-07 17:29 ` Michael Orlitzky
@ 2019-08-17 20:37 ` Michał Górny
2019-08-19 9:47 ` Jaco Kroon
1 sibling, 1 reply; 5+ messages in thread
From: Michał Górny @ 2019-08-17 20:37 UTC (permalink / raw
To: gentoo-dev
[-- Attachment #1: Type: text/plain, Size: 2726 bytes --]
On Wed, 2019-08-07 at 19:10 +0200, Michał Górny wrote:
> Allow a special value of '-1' to dynamically assign UID/GID for the user
> or group. This is intended to be used in overlays where proper
> assignment does not take place but whose owners wish to switch to acct-*
> packages.
>
> While technically it is possible to choose a free UID/GID, it could be
> taken afterwards by some Gentoo package and unnecessarily introduce
> a conflict. Using '999' was also suggested (as the first dynamic
> UID/GID) but it would cause issues for people enabling
> ACCT_*_ENFORCE_ID. To avoid this, '-1' does not trigger collision
> checks.
>
> Signed-off-by: Michał Górny <mgorny@gentoo.org>
> ---
> eclass/acct-group.eclass | 4 ++++
> eclass/acct-user.eclass | 4 ++++
> 2 files changed, 8 insertions(+)
>
> diff --git a/eclass/acct-group.eclass b/eclass/acct-group.eclass
> index 9eab00db690f..d5ccd209c9e3 100644
> --- a/eclass/acct-group.eclass
> +++ b/eclass/acct-group.eclass
> @@ -59,6 +59,9 @@ readonly ACCT_GROUP_NAME
> # @DESCRIPTION:
> # Preferred GID for the new group. This variable is obligatory, and its
> # value must be unique across all group packages.
> +#
> +# Overlays should set this to -1 to dynamically allocate GID. Using -1
> +# in ::gentoo is prohibited by policy.
>
> # @ECLASS-VARIABLE: ACCT_GROUP_ENFORCE_ID
> # @DESCRIPTION:
> @@ -87,6 +90,7 @@ acct-group_pkg_pretend() {
>
> # verify ACCT_GROUP_ID
> [[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be set!"
> + [[ ${ACCT_GROUP_ID} -eq -1 ]] && return
> [[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!"
>
> # check for ACCT_GROUP_ID collisions early
> diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
> index 60009643c144..17a58e9126e4 100644
> --- a/eclass/acct-user.eclass
> +++ b/eclass/acct-user.eclass
> @@ -67,6 +67,9 @@ readonly ACCT_USER_NAME
> # @DESCRIPTION:
> # Preferred UID for the new user. This variable is obligatory, and its
> # value must be unique across all user packages.
> +#
> +# Overlays should set this to -1 to dynamically allocate GID. Using -1
> +# in ::gentoo is prohibited by policy.
>
> # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
> # @DESCRIPTION:
> @@ -279,6 +282,7 @@ acct-user_pkg_pretend() {
>
> # verify ACCT_USER_ID
> [[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!"
> + [[ ${ACCT_USER_ID} -eq -1 ]] && return
> [[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
>
> # check for ACCT_USER_ID collisions early
Pushed now.
--
Best regards,
Michał Górny
[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 618 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
* Re: [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1
2019-08-17 20:37 ` Michał Górny
@ 2019-08-19 9:47 ` Jaco Kroon
0 siblings, 0 replies; 5+ messages in thread
From: Jaco Kroon @ 2019-08-19 9:47 UTC (permalink / raw
To: gentoo-dev, Michał Górny
[-- Attachment #1: Type: text/plain, Size: 2763 bytes --]
Thank you.
Kind Regards,
Jaco
On 2019/08/17 22:37, Michał Górny wrote:
> On Wed, 2019-08-07 at 19:10 +0200, Michał Górny wrote:
>> Allow a special value of '-1' to dynamically assign UID/GID for the user
>> or group. This is intended to be used in overlays where proper
>> assignment does not take place but whose owners wish to switch to acct-*
>> packages.
>>
>> While technically it is possible to choose a free UID/GID, it could be
>> taken afterwards by some Gentoo package and unnecessarily introduce
>> a conflict. Using '999' was also suggested (as the first dynamic
>> UID/GID) but it would cause issues for people enabling
>> ACCT_*_ENFORCE_ID. To avoid this, '-1' does not trigger collision
>> checks.
>>
>> Signed-off-by: Michał Górny <mgorny@gentoo.org>
>> ---
>> eclass/acct-group.eclass | 4 ++++
>> eclass/acct-user.eclass | 4 ++++
>> 2 files changed, 8 insertions(+)
>>
>> diff --git a/eclass/acct-group.eclass b/eclass/acct-group.eclass
>> index 9eab00db690f..d5ccd209c9e3 100644
>> --- a/eclass/acct-group.eclass
>> +++ b/eclass/acct-group.eclass
>> @@ -59,6 +59,9 @@ readonly ACCT_GROUP_NAME
>> # @DESCRIPTION:
>> # Preferred GID for the new group. This variable is obligatory, and its
>> # value must be unique across all group packages.
>> +#
>> +# Overlays should set this to -1 to dynamically allocate GID. Using -1
>> +# in ::gentoo is prohibited by policy.
>>
>> # @ECLASS-VARIABLE: ACCT_GROUP_ENFORCE_ID
>> # @DESCRIPTION:
>> @@ -87,6 +90,7 @@ acct-group_pkg_pretend() {
>>
>> # verify ACCT_GROUP_ID
>> [[ -n ${ACCT_GROUP_ID} ]] || die "Ebuild error: ACCT_GROUP_ID must be set!"
>> + [[ ${ACCT_GROUP_ID} -eq -1 ]] && return
>> [[ ${ACCT_GROUP_ID} -ge 0 ]] || die "Ebuild errors: ACCT_GROUP_ID=${ACCT_GROUP_ID} invalid!"
>>
>> # check for ACCT_GROUP_ID collisions early
>> diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
>> index 60009643c144..17a58e9126e4 100644
>> --- a/eclass/acct-user.eclass
>> +++ b/eclass/acct-user.eclass
>> @@ -67,6 +67,9 @@ readonly ACCT_USER_NAME
>> # @DESCRIPTION:
>> # Preferred UID for the new user. This variable is obligatory, and its
>> # value must be unique across all user packages.
>> +#
>> +# Overlays should set this to -1 to dynamically allocate GID. Using -1
>> +# in ::gentoo is prohibited by policy.
>>
>> # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
>> # @DESCRIPTION:
>> @@ -279,6 +282,7 @@ acct-user_pkg_pretend() {
>>
>> # verify ACCT_USER_ID
>> [[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!"
>> + [[ ${ACCT_USER_ID} -eq -1 ]] && return
>> [[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
>>
>> # check for ACCT_USER_ID collisions early
> Pushed now.
[-- Attachment #2: Type: text/html, Size: 3601 bytes --]
^ permalink raw reply [flat|nested] 5+ messages in thread
end of thread, other threads:[~2019-08-19 9:47 UTC | newest]
Thread overview: 5+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2019-08-07 17:10 [gentoo-dev] [PATCH] acct-*.eclass: Allow dynamic UID/GID assignment via -1 Michał Górny
2019-08-07 17:29 ` Michael Orlitzky
2019-08-07 17:45 ` Michał Górny
2019-08-17 20:37 ` Michał Górny
2019-08-19 9:47 ` Jaco Kroon
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox