public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed
* [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
@ 2015-06-10 16:44 Joakim Tjernlund
  2015-06-10 17:52 ` Mike Gilbert
  2015-06-10 18:48 ` Robin H. Johnson
  0 siblings, 2 replies; 8+ messages in thread
From: Joakim Tjernlund @ 2015-06-10 16:44 UTC (permalink / raw
  To: gentoo-dev@lists.gentoo.org

I wonder if it would be possible to use the script from sys-apps/getent(included below)
to impl. getent in user.eclass instead of using glibc's getent? I cannot see any downside, is there one?

This would help a lot(just seed your groups/users is in ROOT/etc/{passwd,group ...} first)
when cross building or ROOT != / as it would be trivial for the script to respect ROOT/EPREFIX 

sys-apps/getent:
#!/bin/sh
#
# Closely (not perfectly) emulate the behavior of glibc's getent utility
#
#passwd|shadow|group|aliases|hosts|networks|ethers|netgroup|protocols|services|rpc
# only returns the first match (by design)
# dns based search is not supported (hosts,networks)
# case-insensitive matches not supported (ethers; others?)
# may return false-positives (hosts,protocols,rpc,services,ethers)

[ -z "$PATH" ] && PATH="/bin:/usr/bin" || PATH="${PATH}:/bin:/usr/bin" export PATH

file="/etc/$1"
case $1 in
        passwd|group)
                match="^$2:\|^[^:]*:[^:]*:$2:" ;;
        shadow)
                match="^$2:" ;;
        networks|netgroup)
                match="^[[:space:]]*$2\>" ;;
        hosts|protocols|rpc|services|ethers)
                match="\<$2\>" ;;
        aliases)
                match="^[[:space:]]*$2[[:space:]]*:" ;;
        ""|-h|--help)
                echo "USAGE: $0 database [key]"
                exit 0 ;;
        *)
                echo "$0: Unknown database: $1" 1>&2
                exit 1 ;;
esac

if [ ! -f "$file" ] ; then
        echo "$0: Could not find database file for $1" 1>&2
        exit 1
fi

if [ $# -eq 1 ] ; then
        exec cat "$file"
else
        sed "s/#.*//; /$match/q; d" "$file" | grep . || exit 2
fi

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
  2015-06-10 16:44 [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent? Joakim Tjernlund
@ 2015-06-10 17:52 ` Mike Gilbert
  2015-06-10 18:06   ` Anthony G. Basile
  2015-06-10 18:48 ` Robin H. Johnson
  1 sibling, 1 reply; 8+ messages in thread
From: Mike Gilbert @ 2015-06-10 17:52 UTC (permalink / raw
  To: Gentoo Dev

On Wed, Jun 10, 2015 at 12:44 PM, Joakim Tjernlund
<joakim.tjernlund@transmode.se> wrote:
> I wonder if it would be possible to use the script from sys-apps/getent(included below)
> to impl. getent in user.eclass instead of using glibc's getent? I cannot see any downside, is there one?
>

glibc's getent can get data from any NSS plugin (ie. LDAP, MySQL,
etc). Switching to use sys-apps/getent would mean that lookups would
only be performed against the local flat files.


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
  2015-06-10 17:52 ` Mike Gilbert
@ 2015-06-10 18:06   ` Anthony G. Basile
  2015-06-10 18:49     ` Joakim Tjernlund
  0 siblings, 1 reply; 8+ messages in thread
From: Anthony G. Basile @ 2015-06-10 18:06 UTC (permalink / raw
  To: gentoo-dev

On 6/10/15 1:52 PM, Mike Gilbert wrote:
> On Wed, Jun 10, 2015 at 12:44 PM, Joakim Tjernlund
> <joakim.tjernlund@transmode.se> wrote:
>> I wonder if it would be possible to use the script from sys-apps/getent(included below)
>> to impl. getent in user.eclass instead of using glibc's getent? I cannot see any downside, is there one?
>>
> glibc's getent can get data from any NSS plugin (ie. LDAP, MySQL,
> etc). Switching to use sys-apps/getent would mean that lookups would
> only be performed against the local flat files.
>

I added sys-apps/getent for musl and did not expect it to be used by 
anything else.   When I moved that script into sys-libs/musl, I masked 
getent:

# /usr/portage/profiles/package.mask:
# Anthony G. Basile <blueness@gentoo.org> (14 May 2015)
# No longer required by any packages in the tree.
# Masked for removal in 30 days.

If you want to keep it, we can remove the mask, but it does block 
against glibc and uclibc.

-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
  2015-06-10 16:44 [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent? Joakim Tjernlund
  2015-06-10 17:52 ` Mike Gilbert
@ 2015-06-10 18:48 ` Robin H. Johnson
  2015-06-10 18:56   ` Joakim Tjernlund
  1 sibling, 1 reply; 8+ messages in thread
From: Robin H. Johnson @ 2015-06-10 18:48 UTC (permalink / raw
  To: gentoo-dev

[-- Attachment #1: Type: text/plain, Size: 1133 bytes --]

On Wed, Jun 10, 2015 at 04:44:17PM +0000, Joakim Tjernlund wrote:
> I wonder if it would be possible to use the script from sys-apps/getent(included below)
> to impl. getent in user.eclass instead of using glibc's getent? I
> cannot see any downside, is there one?
> 
> This would help a lot(just seed your groups/users is in ROOT/etc/{passwd,group ...} first)
> when cross building or ROOT != / as it would be trivial for the script to respect ROOT/EPREFIX 
This would totally break when those services come from an NSS provider
other than files or compat.

There was a non-upstream patch to support NSS on non-root filesystems,
which would probably help a lot more; I haven't seen that original patch
in a while, so here's a very quick and completely untested
re-implementation of it.

In your case, you probably should MAKE sure that regardless of the
system nsswitch settings, the NSS file provider gets used.

Usage: NSS_FILES_ROOT=$ROOT/etc getent -s files passwd ...

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85

[-- Attachment #2: glibc-2.21-nss_files_root.patch --]
[-- Type: text/x-diff, Size: 1651 bytes --]

nss_files: non-/ root support via env

In building systems eg cross-compile, it can be very useful to run getent on a
different root path.

This is a very rough, completely untested patch to implement it, based on a
patch I recall seeing many years ago, but can't find anywhere not.

Untested-By: Robin H. Johnson <robbat2@gentoo.org>
Original-Author: Robin H. Johnson <robbat2@gentoo.org>
Not-Signed-Off-By: Robin H. Johnson <robbat2@gentoo.org>

diff -Nuar glibc-2.21.orig/nss/nss_files/files-XXX.c glibc-2.21/nss/nss_files/files-XXX.c
--- glibc-2.21.orig/nss/nss_files/files-XXX.c	2015-06-10 11:16:59.282269957 -0700
+++ glibc-2.21/nss/nss_files/files-XXX.c	2015-06-10 11:43:55.582631857 -0700
@@ -38,7 +38,8 @@
 
 #define ENTNAME_r	CONCAT(ENTNAME,_r)
 
-#define DATAFILE	"/etc/" DATABASE
+#define NSS_FILES_ROOT	"/etc/"
+#define DATAFILE	NSS_FILES_ROOT DATABASE
 
 #ifdef NEED_H_ERRNO
 # include <netdb.h>
@@ -75,7 +76,19 @@
 
   if (stream == NULL)
     {
-      stream = fopen (DATAFILE, "rce");
+      char* datafile = DATAFILE;
+      const char* datafile_root;
+      if(datafile_root = secure_getenv("NSS_FILES_ROOT")) {
+#define merged_datafile_len 1024
+	char merged_datafile[merged_datafile_len];
+	strncpy(merged_datafile, datafile_root, merged_datafile_len);
+	strncat(merged_datafile, DATABASE, merged_datafile_len - strlen(merged_datafile));
+	datafile = &merged_datafile;
+	/* If we are using a different root to the files, do not cache */
+        keep_stream = 0; 
+	stayopen = 0;
+      }
+      stream = fopen (datafile, "rce");
 
       if (stream == NULL)
 	status = errno == EAGAIN ? NSS_STATUS_TRYAGAIN : NSS_STATUS_UNAVAIL;

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
  2015-06-10 18:06   ` Anthony G. Basile
@ 2015-06-10 18:49     ` Joakim Tjernlund
  2015-06-10 19:02       ` Anthony G. Basile
  0 siblings, 1 reply; 8+ messages in thread
From: Joakim Tjernlund @ 2015-06-10 18:49 UTC (permalink / raw
  To: gentoo-dev@lists.gentoo.org

On Wed, 2015-06-10 at 14:06 -0400, Anthony G. Basile wrote:
> On 6/10/15 1:52 PM, Mike Gilbert wrote:
> > On Wed, Jun 10, 2015 at 12:44 PM, Joakim Tjernlund
> > <joakim.tjernlund@transmode.se> wrote:
> > > I wonder if it would be possible to use the script from sys-apps/getent(included below)
> > > to impl. getent in user.eclass instead of using glibc's getent? I cannot see any downside, is there one?
> > > 
> > glibc's getent can get data from any NSS plugin (ie. LDAP, MySQL,
> > etc). Switching to use sys-apps/getent would mean that lookups would
> > only be performed against the local flat files.
> > 
> 
> I added sys-apps/getent for musl and did not expect it to be used by 
> anything else.   When I moved that script into sys-libs/musl, I masked 
> getent:
> 
> # /usr/portage/profiles/package.mask:
> # Anthony G. Basile <blueness@gentoo.org> (14 May 2015)
> # No longer required by any packages in the tree.
> # Masked for removal in 30 days.
> 
> If you want to keep it, we can remove the mask, but it does block 
> against glibc and uclibc.
> 

I think one would have to take the guts of the script and transform it into an egetent eclass
function. Your script has done the hard part already so it should be easy to mangle into an eclass
fkn.
       Jocke

^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
  2015-06-10 18:48 ` Robin H. Johnson
@ 2015-06-10 18:56   ` Joakim Tjernlund
  2015-06-10 19:36     ` Alec Warner
  0 siblings, 1 reply; 8+ messages in thread
From: Joakim Tjernlund @ 2015-06-10 18:56 UTC (permalink / raw
  To: gentoo-dev@lists.gentoo.org

On Wed, 2015-06-10 at 18:48 +0000, Robin H. Johnson wrote:
> On Wed, Jun 10, 2015 at 04:44:17PM +0000, Joakim Tjernlund wrote:
> > I wonder if it would be possible to use the script from sys-apps/getent(included below)
> > to impl. getent in user.eclass instead of using glibc's getent? I
> > cannot see any downside, is there one?
> > 
> > This would help a lot(just seed your groups/users is in ROOT/etc/{passwd,group ...} first)
> > when cross building or ROOT != / as it would be trivial for the script to respect ROOT/EPREFIX 
> This would totally break when those services come from an NSS provider
> other than files or compat.

But does user.eclass support anything but local system users ?

> 
> There was a non-upstream patch to support NSS on non-root filesystems,
> which would probably help a lot more; I haven't seen that original patch
> in a while, so here's a very quick and completely untested
> re-implementation of it.
> 
> In your case, you probably should MAKE sure that regardless of the
> system nsswitch settings, the NSS file provider gets used.
> 
> Usage: NSS_FILES_ROOT=$ROOT/etc getent -s files passwd ...
> 


^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
  2015-06-10 18:49     ` Joakim Tjernlund
@ 2015-06-10 19:02       ` Anthony G. Basile
  0 siblings, 0 replies; 8+ messages in thread
From: Anthony G. Basile @ 2015-06-10 19:02 UTC (permalink / raw
  To: gentoo-dev

On 6/10/15 2:49 PM, Joakim Tjernlund wrote:
> On Wed, 2015-06-10 at 14:06 -0400, Anthony G. Basile wrote:
>> On 6/10/15 1:52 PM, Mike Gilbert wrote:
>>> On Wed, Jun 10, 2015 at 12:44 PM, Joakim Tjernlund
>>> <joakim.tjernlund@transmode.se> wrote:
>>>> I wonder if it would be possible to use the script from sys-apps/getent(included below)
>>>> to impl. getent in user.eclass instead of using glibc's getent? I cannot see any downside, is there one?
>>>>
>>> glibc's getent can get data from any NSS plugin (ie. LDAP, MySQL,
>>> etc). Switching to use sys-apps/getent would mean that lookups would
>>> only be performed against the local flat files.
>>>
>> I added sys-apps/getent for musl and did not expect it to be used by
>> anything else.   When I moved that script into sys-libs/musl, I masked
>> getent:
>>
>> # /usr/portage/profiles/package.mask:
>> # Anthony G. Basile <blueness@gentoo.org> (14 May 2015)
>> # No longer required by any packages in the tree.
>> # Masked for removal in 30 days.
>>
>> If you want to keep it, we can remove the mask, but it does block
>> against glibc and uclibc.
>>
> I think one would have to take the guts of the script and transform it into an egetent eclass
> function. Your script has done the hard part already so it should be easy to mangle into an eclass
> fkn.
>         Jocke
To be clear, not mine, but from uclibc.

-- 
Anthony G. Basile, Ph.D.
Gentoo Linux Developer [Hardened]
E-Mail    : blueness@gentoo.org
GnuPG FP  : 1FED FAD9 D82C 52A5 3BAB  DC79 9384 FA6E F52D 4BBA
GnuPG ID  : F52D4BBA



^ permalink raw reply	[flat|nested] 8+ messages in thread

* Re: [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent?
  2015-06-10 18:56   ` Joakim Tjernlund
@ 2015-06-10 19:36     ` Alec Warner
  0 siblings, 0 replies; 8+ messages in thread
From: Alec Warner @ 2015-06-10 19:36 UTC (permalink / raw
  To: Gentoo Dev

[-- Attachment #1: Type: text/plain, Size: 1395 bytes --]

On Wed, Jun 10, 2015 at 11:56 AM, Joakim Tjernlund <
joakim.tjernlund@transmode.se> wrote:

> On Wed, 2015-06-10 at 18:48 +0000, Robin H. Johnson wrote:
> > On Wed, Jun 10, 2015 at 04:44:17PM +0000, Joakim Tjernlund wrote:
> > > I wonder if it would be possible to use the script from
> sys-apps/getent(included below)
> > > to impl. getent in user.eclass instead of using glibc's getent? I
> > > cannot see any downside, is there one?
> > >
> > > This would help a lot(just seed your groups/users is in
> ROOT/etc/{passwd,group ...} first)
> > > when cross building or ROOT != / as it would be trivial for the script
> to respect ROOT/EPREFIX
> > This would totally break when those services come from an NSS provider
> > other than files or compat.
>
> But does user.eclass support anything but local system users ?
>

https://github.com/google/nsscache for example.

They are still 'local', but not via files or compat ;0)

-A


>
> >
> > There was a non-upstream patch to support NSS on non-root filesystems,
> > which would probably help a lot more; I haven't seen that original patch
> > in a while, so here's a very quick and completely untested
> > re-implementation of it.
> >
> > In your case, you probably should MAKE sure that regardless of the
> > system nsswitch settings, the NSS file provider gets used.
> >
> > Usage: NSS_FILES_ROOT=$ROOT/etc getent -s files passwd ...
> >
>
>

[-- Attachment #2: Type: text/html, Size: 2299 bytes --]

^ permalink raw reply	[flat|nested] 8+ messages in thread

end of thread, other threads:[~2015-06-10 19:36 UTC | newest]

Thread overview: 8+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2015-06-10 16:44 [gentoo-dev] Impl. egetent in user.eclass using script from sys-apps/getent? Joakim Tjernlund
2015-06-10 17:52 ` Mike Gilbert
2015-06-10 18:06   ` Anthony G. Basile
2015-06-10 18:49     ` Joakim Tjernlund
2015-06-10 19:02       ` Anthony G. Basile
2015-06-10 18:48 ` Robin H. Johnson
2015-06-10 18:56   ` Joakim Tjernlund
2015-06-10 19:36     ` Alec Warner

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox