On Nov 1, 2012, at 2:29 PM, Elan Ruusamäe wrote:
> On 01.11.2012 15:10, Jakub Bogusz wrote:
>> On Wed, Oct 31, 2012 at 07:42:21AM +0100, glen wrote:
>>> >commit aefd25979c44a66fc4eecfc32a27d2d119f31d76
>>> >Author: Elan Ruusamäe<g...@delfi.ee>
>>> >Date: Wed Oct 31 08:41:13 2012 +0200
>>> >
>>> > - can't use any non-root groups in this package and not depend on
>>> > setup package, do similar workardound as FHS package
>> And what is the problem with requiring setup here?
>> setup requires just FHS, not filesystem.
>>
>> Your change causes rpm -V to report /var/log/archive group inconsistency on
>> every system.
>>
>>
> so does it in FHS, no-one complained.
>
> we need proper fix here.
Yes you do.
> simplistic one would be if rpm allowed numeric ownership in %files
> specification
>
Numeric was what was used in RPM in 1997, changed to use strings through
/etc/passwd
lookup in 1998 (with libc5) for maximum flexibility/configurability.
Meanwhile here is what is wrong with "modern" distros
The /etc/passwd file MUST exist for lookups to occur in packages that
follow.
The original intent was setup was first pkg installed with /etc/passwd, and
filesystem (or FHS or …)
carried a prerequisite (which is Requires: in modern RPM).
The problem there is that dependency LOOP's cause setup (or whatever carries
/etc/passwd)
_NOT_ to be installed first.
So there is a band-aid in RPM where certain users/groups are hardwired for
lookup. Unless additional users/groups (in this case the "logs" group) are
compiled into RPM, then there are --verify failures.
The simplest fix is to ensure that /etc/passwd (and group) is _ALWAYS_ present
in empty chroot's.
The next simplest fix is to ensure that /etc/passwd (and group) ALWAYS contains
all
users/groups for libc prerequisites (libc carries the name service libraries
needed to do
the lookup).
There are also "probe dependencies" to ensure that user/group can be looked up
_BEFORE_
any package is installed. These look like
Requires: user(root)
or (with numeric id assertion)
Requires: user(root) = 0
and group(…) for group lookups.
At this point in time, there is simple,y no reason _NOT_ to hardwire a check
that all
user/group strings mentioned in _EVERY_ package can be looked up, with a virtual
Provides: user(foo) = 1234
to hint that a script let is about to invoke user add etc.
Since shadowutils (yes _ALL_ of shadowutils) is carried in rpm-5.x.y through lua
bindings, there is no need to add snarly dependencies on user add packages etc.
RPM+LUA+SHADOWUTILS is every bit as functional as /usr/sbin/useradd is.
hth
73 de Jeff
> --
> glen
>
> _______________________________________________
> pld-devel-en mailing list
> pld-devel-en@lists.pld-linux.org
> http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
_______________________________________________
pld-devel-en mailing list
pld-devel-en@lists.pld-linux.org
http://lists.pld-linux.org/mailman/listinfo/pld-devel-en
