Le 16/12/2014 10:03, Jussi Laako a écrit :
On 15.12.2014 17:56, Dominig ar Foll wrote:
I think that the best would be to provide a packages which provides
adduser and addgroup facility via gumd.
That specific package should only be required during image creation as a
backward compatibility. It should in no way get in the image.
Then we could use the build (OBS or Yocto) config to replace pwdutil by
this new package.
Alternative would be to build pwdutil with the emulation when a
"with_gumd" flag is enable. but it would likely drag adduser in the
image what is a bad idea.
How would you deal with package updates that may need to create new
system users?
One thing that seems to be forgotten in Tizen all the time is OTA
package updates. There are various places where meta package scripts
modify files from real packages, which would get replaced if the
original package gets updated...
Support of legacy use of useradd should not make it further than initial
image creation.
Package update (which is very unlikely to be used in any OTA model as
far too risky) should be written using the clean new gumd API.
This is due to the fact that once the system is running you will need to
have the right Smack label to do anything serious and that will requires
to use the security manager which is linked to gumd and not to useradd
or userdel.
Removing support of useradd and userdel in the image will remove crash
risk later.
Developers will always have the option to load the required packages
when the have special needs linked to development or debug tasks.
Regards.
Dominig ar Foll
Senior Software Architect
Open Source Technology Centre
Intel SSG
_______________________________________________
Dev mailing list
[email protected]
https://lists.tizen.org/listinfo/dev
