lego12239

Hi, all. Looking at nginx-1.17.5 ebuild src_install(). Can't understand why ${EROOT} is used instead of ${EPREFIX}.

Hi, all. Can anybody explain why we need ${ED}? We already have ${D} and if somebody need, its value can be replaced with "${D}/${EPREFIX}" without entering ED. The same for EROOT vs ROOT.

Hi, all. Am i understand correctly, that the difference between doins and newins only in the presence of second argument?

user-uid.map can contain shell, homedir and groups in addition to uid. Thus, enewuser can derive all needed parameters from the map file(so, if many packages really need the same user, they can create it independently).

Yes. acct-user/* and acct-group/* are ugly a little less than completely :-D.

emap*() here - just a prototypes. imho, it should be implemented as small static C binary and included in the portage package.

My considerations about "problem" with constant uid/gid between machines. Hope i understood correctly motivations from glep 81. If we need a constant uid/gid for some packages, then we need something like /etc/services for uid and gid. For example, /var/git/meta-repo/user-uid.map and /var/git/meta-repo/group-gid.map. Format of these files could be: user-uid.map: UNAME SP UID group-gid.map: GNAME SP GID Where: UNAME - user name GNAME - group name UID - user id GID - group id SP - spaces and/or tabs ([ \t]+) Then we should modify user.eclass a little. In such a way that enewuser and enewgroup must do 2 things: - consult these files for constant uid/gid(if, for example, -S is specified) - place package name which call enewgroup/enewuser in /var/lib/portage/group-pkg.map and /var/lib/portage/user-pkg.map respectively Example changes for enewgroup: --- user.eclass.orig 2020-05-06 09:27:19.264986735 +0000 +++ user.eclass 2020-05-06 16:09:38.664894650 +0000 @@ -262,6 +262,8 @@ # # If -F is passed, enewgroup will always enforce specified GID and fail if it # can not be assigned. +# If -S is passed, gid is got from group-gid.map; if -F is also passed and +# such user already exist with different gid, then enewgroup fail. enewgroup() { if [[ ${EUID} != 0 ]] ; then einfo "Insufficient privileges to execute ${FUNCNAME[0]}" @@ -269,10 +271,11 @@ fi _assert_pkg_ebuild_phase ${FUNCNAME} - local force_gid= + local force_gid= strict_gid= while [[ $1 == -* ]]; do case $1 in -F) force_gid=1;; + -S) strict_gid=1;; *) die "${FUNCNAME}: invalid option ${1}";; esac shift @@ -287,6 +290,12 @@ # see if group already exists if [[ -n $(egetent group "${egroup}") ]] ; then + local egid=$(emapget /var/git/meta-repo/group-gid.map ${egroup}) + if [[ -n ${strict_gid} && -n ${force_gid} && \ + $(egetent group "${egroup}" | cut -d: -f3) != ${egid} ]] ; then + die "${egroup} exist, but GID for ${egroup} group must be ${egid}" + fi + emapaddval /var/lib/portage/user-pkg.map ${egroup} ${PN} return 0 fi einfo "Adding group '${egroup}' to your system ..." @@ -294,6 +303,9 @@ # handle gid local egid=$1; shift if [[ ! -z ${egid} ]] ; then + if [[ -n ${strict_gid} ]] ; then + die "${FUNCNAME}: -S can't be specified with GID" + fi if [[ ${egid} -gt 0 ]] ; then if [[ -n $(egetent group ${egid}) ]] ; then [[ -n ${force_gid} ]] && die "${FUNCNAME}: GID ${egid} already taken" @@ -304,8 +316,16 @@ die "${egid} is not a valid GID" fi else - [[ -n ${force_gid} ]] && die "${FUNCNAME}: -F with gid==-1 makes no sense" - egid="next available" + if [[ -n ${strict_gid} ]] ; then + egid=$(emapget /var/git/meta-repo/group-gid.map ${egroup}) + if [[ -z ${egid} ]] ; then + die "${FUNCNAME}: group ${egroup} doesn't exist in /var/git/meta-repo/group-gid.map" + fi + elif [[ -n ${force_gid} ]] ; then + die "${FUNCNAME}: -F with gid==-1 makes no sense" + else + egid="next available" + fi fi einfo " - Groupid: ${egid}" @@ -349,6 +369,158 @@ groupadd -r ${opts} "${egroup}" || die ;; esac + emapaddval /var/lib/portage/user-pkg.map ${egroup} ${PN} +} + +emapget() { + local mapfile=$1 key=$2 + + # TODO: here must be a file lock + if [[ ! -f ${mapfile} ]]; then + return 0 + fi + awk -v key=$key ' + $1 == key { + values=$2 + for(i = 3; i <= NF; i++) { + values=values " " $i + } + print values + exit + }' ${mapfile} +} + +emapset() { + local mapfile=$1 key=$2 + shift 2 + local values="$@" + + # TODO: here must be a file lock + if [[ ! -f ${mapfile} ]]; then + touch ${mapfile} + fi + awk -v key=$key -v values="$values" ' + $1 != key { + print $0 + } + $1 == key { + is_found=1 + print key " " values + } + END { + if (!is_found) { + print key " " values + } + }' ${mapfile} > ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + if [[ $? -ne 0 ]] ; then + rm ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + die "emapset error: awk error" + fi + mv ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP ${mapfile} + if [[ $? -ne 0 ]] ; then + rm ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + die "emapset error: mv error" + fi +} + +emaprm() { + local mapfile=$1 key=$2 + + # TODO: here must be a file lock + if [[ ! -f ${mapfile} ]]; then + return 0 + fi + awk -v key=$key ' + $1 != key { + print $0 + }' ${mapfile} > $PORTAGE_TMPDIR/$(basename ${mapfile}).$$.TMP + if [[ $? -ne 0 ]] ; then + rm $PORTAGE_TMPDIR/$(basename ${mapfile}).$$.TMP + die "emaprm error: awk error" + fi + mv $PORTAGE_TMPDIR/$(basename ${mapfile}).$$.TMP ${mapfile} + if [[ $? -ne 0 ]] ; then + rm $PORTAGE_TMPDIR/$(basename ${mapfile}).$$.TMP + die "emaprm error: mv error" + fi +} + +emapaddval() { + local mapfile=$1 key=$2 + shift 2 + local values="$@" + + # TODO: here must be a file lock + if [[ ! -f ${mapfile} ]]; then + touch ${mapfile} + fi + awk -v key=$key -v values="$values" ' + $1 != key { + print $0 + } + $1 == key { + is_found = 1 + vtoadd = "" + n = split(values, vals) + for(i = 1; i <= n; i++) { + for(j = 2; j <= NF; j++) + if ($j == vals[i]) + break + if (j == (NF+1)) + vtoadd = vtoadd " " vals[i] + } + print $0 vtoadd + } + END { + if (!is_found) { + print key " " values + } + }' ${mapfile} > $PORTAGE_TMPDIR/$(basename ${mapfile}).$$.TMP + if [[ $? -ne 0 ]] ; then + rm ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + die "${FUNCNAME}: awk error" + fi + mv $PORTAGE_TMPDIR/$(basename ${mapfile}).$$.TMP ${mapfile} + if [[ $? -ne 0 ]] ; then + rm ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + die "${FUNCNAME}: mv error" + fi +} + +emaprmval() { + local mapfile=$1 key=$2 + shift 2 + local values="$@" + + # TODO: here must be a file lock + if [[ ! -f ${mapfile} ]]; then + return 0 + fi + awk -v key=$key -v values="$values" ' + $1 != key { + print $0 + } + $1 == key { + vnew = "" + n = split(values, vals) + for(i = 2; i <= NF; i++) { + for(j = 1; j <= n; j++) + if ($i == vals[j]) + break + if (j == (n+1)) + vnew = vnew " " $i + } + print key vnew + }' ${mapfile} > ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + if [[ $? -ne 0 ]] ; then + rm ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + die "emaprmval error: awk error" + fi + mv ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP ${mapfile} + if [[ $? -ne 0 ]] ; then + rm ${PORTAGE_TMPDIR}/$(basename ${mapfile}).$$.TMP + die "emaprmval error: can't do mv" + fi } # @FUNCTION: egetusername After that we have info in /var/lib/portage/user-pkg.map and /var/lib/portage/group-pkg.map about what user/group is used by what packages. And can show this with equery module. If we see user/group without packages - this entry is orphaned. We can show this with a same equery module and give a user possibility to remove this with some ego module(something like "ego user cleanup" and "ego group cleanup").

Hi, all. Is /var/git/ a right location to place custom overlay/kit (for example, /var/git/my)? Can i sure that it willn't be removed by ego/portage?

$ equery l corenetwork * Searching for corenetwork ... [IP-] [ ] sys-apps/corenetwork-1.6.5:0 I have 1.6.5 version of corenetwork and there is nothing about virtfn. May be this changes aren't accessible yet.

Hi. Show please your /etc/conf.d/net.test.

Hi, all. Am only for me this seems strange? User/group management with packages is wrong, imho. If gentoo wants constant uid/gid for some daemons, why doesn't simply tell package maintainers to do this with enewuser/enewgroup? Why this strange idea?..

You can't avoid systemd simply by installing openrc. Many binaries of systemd package can still be in a system. In funtoo you can easily do: epro mix-ins no-systemd In gentoo(when i tried it) this can't be done so easy. I didn't say that in gentoo net conf is complex, i said that funtoo do it better ;-).

Gentoo doesn't allow easily eliminate systemd. Networking configuration in funtoo is better. The one thing annoying - i can't find in-system documentation for net stuff (man pages); and every time i configure nic, i need to go to /etc/netif.d/ to remember how parameters are written.

I can, but i wan't :-). And funtoo give me this possibility to live as i want.

Except other significant things, funtoo allow you to live without systemd. In our days this is very important.