On Sun, Aug 03, 2003 at 10:23:10PM +0200, Jakob Bohm wrote: > On Sat, Aug 02, 2003 at 09:59:13AM +1000, Herbert Xu wrote: > > A single pre-dependency is not enough. You will need to convert all > > of adduser's dependencies into pre-dependencies, and probably most of > > the things it depends on as well. > > > > You also need to ensure that adduser and anything that it depends on to > > function are always available at all times just like libc6. > > Note that only a few packages will need these dependencies, > unlike libc6. Specifically, these packages will be needed by a > subset of the packages that currently Depends: adduser . > > Of those packages, only two are non-optional: ssh and pidentd. > To fix that, the sshd and ??? accounts would need to be added to > base-passwd.
The ssh package does not contain any files owned by the sshd user, even after configuration, although it does arrange for /usr/bin/ssh-agent to be setgid ssh. > Policy-wise, there would be a rule that packages with priority > standard or above cannot use the option to add needed users during > installation, but must coordinate their needs with base-passwd. I disagree (as base-passwd maintainer, although only for some months) with this principle; if it's necessary then I think we've made a design error. The intention for base-passwd is to reduce the number of entries in the globally allocated space, and thus the number of mandatory entries in /etc/passwd and /etc/group, not to increase them. In the long term I'm hoping that we can find a way to have even some of the current mandatory entries merely allocated in a registry somewhere in /usr/share/base-passwd which adduser can use to create those entries on demand, although clearly that would need delicate transitional handling. Furthermore, the priority standard line appears to be entirely arbitrary. I assume it's designed to reduce the number of entries that must be allocated in base-passwd. However, there is no reason why problems encountered by Priority: standard packages and above (provided they aren't Essential or in adduser's dependency chain) should not also be encountered by Priority: optional and Priority: extra packages. Therefore, in solving these problems for the latter class of packages we can also solve it for the former. Cheers, -- Colin Watson [EMAIL PROTECTED]