Re: Pre-Depends for postgresql
On Fri, 17 Oct 2003 02:18:00 +0100 Colin Watson [EMAIL PROTECTED] wrote: Uid 31 is reserved forever (speaking as the base-passwd maintainer), but new installations of postgresql should have a uid in the system range, namely 100-999, as created by 'adduser --system'. See the changelog for base-passwd 3.5.0. What for, out of curiosity? Just part of the standard range of 0-99? pgpZoZaNdEesN.pgp Description: PGP signature
Re: Pre-Depends for postgresql
On Sat, Oct 18, 2003 at 04:29:37AM -0400, David B Harris wrote:
On Fri, 17 Oct 2003 02:18:00 +0100
Colin Watson [EMAIL PROTECTED] wrote:
Uid 31 is reserved forever (speaking as the base-passwd maintainer), but
new installations of postgresql should have a uid in the system range,
namely 100-999, as created by 'adduser --system'. See the changelog for
base-passwd 3.5.0.
What for, out of curiosity? Just part of the standard range of 0-99?
Ids in 0-99 that have once been allocated for a particular purpose are
reserved for that purpose forever even if they're no longer created,
because it's very difficult to deallocate a global static id once it's
been installed on people's systems and packages have started using it
for random files they create. This is one reason why it's much better to
use dynamic ids where possible.
const struct _info specialusers[] = {
[...]
{ 31, (FL_NOAUTOREMOVE) }, /* postgres */
[...]
};
const struct _info specialgroups[] = {
[...]
{ 32, (FL_NOAUTOREMOVE) }, /* postgres */
[...]
};
Cheers,
--
Colin Watson [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
Hi! Am 2003-10-17 2:18 +0100 schrieb Colin Watson: Use adduser. It's your friend. This is a word! :-) Fine, I'll make it so then. Russell, thanks for your explanation, I know what you mean now. Have a nice weekend! Martin -- Martin Pitt home: www.piware.de eMail: [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
I've just got home and read this thread. It's OK by me, Martin, to make the change, in view of the tenor of the replies. On Thu, 2003-10-16 at 15:17, Andreas Metzler wrote: Mathieu Roy [EMAIL PROTECTED] wrote: Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. IBTD. Apart from the fact that using adduser is explicitely recommended in policy having _all_ packages use the same interface for user-allocation IMHO is valuable on its own and outweighs getting rid of a predependency. If any package that needs to add a user should always use adduser, should that not be a required package rather than just important? I had always thought that Pre-Dependencies were very much discouraged. -- Oliver Elphick[EMAIL PROTECTED] Isle of Wight, UK http://www.lfix.co.uk/oliver GPG: 1024D/3E1D0C1C: CA12 09E0 E8D5 8870 5839 932A 614D 4C34 3E1D 0C1C Trust in the LORD, and do good...Psalms 37:3
Re: Pre-Depends for postgresql
On Fri, Oct 17, 2003 at 08:27:17PM +0100, Oliver Elphick wrote: If any package that needs to add a user should always use adduser, should that not be a required package rather than just important? The priority has nothing to do with how many packages use it; there is an explicit definition in the policy manual. http://www.debian.org/doc/debian-policy/ch-archive.html#s-priorities required Packages which are necessary for the proper functioning of the system. You must not remove these packages or your system may become totally broken and you may not even be able to use dpkg to put things back. Systems with only the required packages are probably unusable, but they do have enough functionality to allow the sysadmin to boot and install more software. I had always thought that Pre-Dependencies were very much discouraged. Caution and review are the rules for pre-dependencies. They are sometimes necessary, but should not be used without good reason. -- - mdz
Re: Pre-Depends for postgresql
Martin Pitt [EMAIL PROTECTED] wrote:
Pre-Dependencies are supposed to be discussed at d-devel which I want
to do now. If anybody objects I will just do it.
I have some reservations about using pre-dependencies on a package
like adduser. Since adduser was not designed as something that worked
at all times, a pre-dependency may not be sufficient to guarantee
that it is working when your postinst runs.
In particular, the packages that adduser itself depends on may not
haven been configured at that time. For example, you may end up in
a state where the passwd package is not operational due to a libpam
upgrade. Please refer to the discussion that arose on debian-policy
when this last came up.
Cheers,
--
Debian GNU/Linux 3.0 is out! ( http://www.debian.org/ )
Email: Herbert Xu ~{PmVHI~} [EMAIL PROTECTED]
Home Page: http://gondor.apana.org.au/~herbert/
PGP Key: http://gondor.apana.org.au/~herbert/pubkey.txt
Re: Pre-Depends for postgresql
On Thu, Oct 16, 2003 at 11:00:47AM +0200, Martin Pitt wrote: Pre-Dependencies are supposed to be discussed at d-devel which I want to do now. If anybody objects I will just do it. Doesn't that kind of defeat the purpose of discussing these sorts of things? As it stands, I don't see a problem with the pre-depends, but your attitude is... disquieting. - Matt
Re: Pre-Depends for postgresql
Hi! On 2003-10-16 19:24 +1000, Matthew Palmer wrote: On Thu, Oct 16, 2003 at 11:00:47AM +0200, Martin Pitt wrote: Pre-Dependencies are supposed to be discussed at d-devel which I want to do now. If anybody objects I will just do it. Doesn't that kind of defeat the purpose of discussing these sorts of things? As it stands, I don't see a problem with the pre-depends, but your attitude is... disquieting. Please take my excuse, I guess my English fooled me this morning. I just read that again and see what you are meaning... Actually I meant if nobody objects I will do it (*slapping my head*). In the sense that I don't require twenty replies saying just yes, but would rather be interested in opinions why it should _not_ be done. Sorry again and have a nice day! Martin -- Martin Pitt home: www.piware.de eMail: [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
On Thu, Oct 16, 2003 at 07:24:21PM +1000, Matthew Palmer wrote: On Thu, Oct 16, 2003 at 11:00:47AM +0200, Martin Pitt wrote: Pre-Dependencies are supposed to be discussed at d-devel which I want to do now. If anybody objects I will just do it. Doesn't that kind of defeat the purpose of discussing these sorts of things? As it stands, I don't see a problem with the pre-depends, but your attitude is... disquieting. To me, it read like a typo for If nobody objects. -- Colin Watson [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
On Thu, 16 Oct 2003 19:00, Martin Pitt wrote: The package postgresql needs to use 'adduser' and 'addgroup' in its preinst script to properly save the current database before upgrading (cf. Bug #180199). Therefore it should pre-depend on 'adduser'. Why would there be an issue on depending on a more important package? Having an optional/misc package pre-depend on an important/base package seems like a non-issue to me. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Pre-Depends for postgresql
Hi Russell and all others, On 2003-10-16 21:39 +1000, Russell Coker wrote: On Thu, 16 Oct 2003 19:00, Martin Pitt wrote: The package postgresql needs to use 'adduser' and 'addgroup' in its preinst script to properly save the current database before upgrading (cf. Bug #180199). Therefore it should pre-depend on 'adduser'. Why would there be an issue on depending on a more important package? Having an optional/misc package pre-depend on an important/base package seems like a non-issue to me. adduser is neither essential nor required, thus does not need to be installed when installing postgres. I'm not quite sure what you mean, could you please explain this? Thanks in advance! Martin P.S. No need to CC me, I'm subscribed (see mail-followup-to). Thanks. -- Martin Pitt home: www.piware.de eMail: [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
Martin Pitt [EMAIL PROTECTED] a tapoté : Hi Russell and all others, On 2003-10-16 21:39 +1000, Russell Coker wrote: On Thu, 16 Oct 2003 19:00, Martin Pitt wrote: The package postgresql needs to use 'adduser' and 'addgroup' in its preinst script to properly save the current database before upgrading (cf. Bug #180199). Therefore it should pre-depend on 'adduser'. Why would there be an issue on depending on a more important package? Having an optional/misc package pre-depend on an important/base package seems like a non-issue to me. adduser is neither essential nor required, thus does not need to be installed when installing postgres. I'm not quite sure what you mean, could you please explain this? Thanks in advance! Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. -- Mathieu Roy Homepage: http://yeupou.coleumes.org Not a native english speaker: http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english
Re: Pre-Depends for postgresql
On Thu, Oct 16, 2003 at 03:51:33PM +0200, Mathieu Roy wrote: Martin Pitt [EMAIL PROTECTED] a tapoté : adduser is neither essential nor required, thus does not need to be installed when installing postgres. I'm not quite sure what you mean, could you please explain this? Thanks in advance! Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. No, packages that need to add users or groups should use adduser so that the appropriate uid and gid ranges are used as configured by the sysadmin. -- Colin Watson [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
On Thu, Oct 16, 2003 at 03:51:33PM +0200, Mathieu Roy wrote: Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. Please ignore this dangerous moron. -- .''`. ** Debian GNU/Linux ** | Andrew Suffield : :' : http://www.debian.org/ | `. `' | `- -- | signature.asc Description: Digital signature
Re: Pre-Depends for postgresql
Colin Watson [EMAIL PROTECTED] a tapoté : On Thu, Oct 16, 2003 at 03:51:33PM +0200, Mathieu Roy wrote: Martin Pitt [EMAIL PROTECTED] a tapoté : adduser is neither essential nor required, thus does not need to be installed when installing postgres. I'm not quite sure what you mean, could you please explain this? Thanks in advance! Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. No, packages that need to add users or groups should use adduser so that the appropriate uid and gid ranges are used as configured by the sysadmin. Even for system users automatically created by postinst scripts, on a system where adduser has not even been already installed before? (The postinst script may detect whether adduser is installed or not and use useradd if adduser is missing.) -- Mathieu Roy Homepage: http://yeupou.coleumes.org Not a native english speaker: http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english
Re: Pre-Depends for postgresql
Mathieu Roy [EMAIL PROTECTED] wrote: Martin Pitt [EMAIL PROTECTED] a tapoté : On 2003-10-16 21:39 +1000, Russell Coker wrote: On Thu, 16 Oct 2003 19:00, Martin Pitt wrote: The package postgresql needs to use 'adduser' and 'addgroup' in its preinst script to properly save the current database before upgrading (cf. Bug #180199). Therefore it should pre-depend on 'adduser'. Why would there be an issue on depending on a more important package? Having an optional/misc package pre-depend on an important/base package seems like a non-issue to me. adduser is neither essential nor required, thus does not need to be installed when installing postgres. I'm not quite sure what you mean, could you please explain this? Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. IBTD. Apart from the fact that using adduser is explicitely recommended in policy having _all_ packages use the same interface for user-allocation IMHO is valuable on its own and outweighs getting rid of a predependency. cu andreas
Re: Pre-Depends for postgresql
On Thu, Oct 16, 2003 at 04:27:42PM +0200, Mathieu Roy wrote: Colin Watson [EMAIL PROTECTED] a tapoté : On Thu, Oct 16, 2003 at 03:51:33PM +0200, Mathieu Roy wrote: Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. No, packages that need to add users or groups should use adduser so that the appropriate uid and gid ranges are used as configured by the sysadmin. Even for system users automatically created by postinst scripts, on a system where adduser has not even been already installed before? Yes, especially for system users automatically created by postinst scripts. This is important for consistency, which is why it's in policy (9.2.2). (The postinst script may detect whether adduser is installed or not and use useradd if adduser is missing.) Blech. We have dependencies and tools that install them automatically for a reason. (By the way, please don't cc me on replies; I read the list.) Cheers, -- Colin Watson [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
Colin Watson [EMAIL PROTECTED] a tapoté : On Thu, Oct 16, 2003 at 04:27:42PM +0200, Mathieu Roy wrote: Colin Watson [EMAIL PROTECTED] a tapoté : On Thu, Oct 16, 2003 at 03:51:33PM +0200, Mathieu Roy wrote: Hum, instead of adduser, useradd should be used by the posgresql package. useradd is included in the package passwd, which is required package from the base section. No, packages that need to add users or groups should use adduser so that the appropriate uid and gid ranges are used as configured by the sysadmin. Even for system users automatically created by postinst scripts, on a system where adduser has not even been already installed before? Yes, especially for system users automatically created by postinst scripts. This is important for consistency, which is why it's in policy (9.2.2). So there's no reason to avoid that dependancy on adduser, even if it's not clearly a required package (yes, that was the beginning of the thread), because of the policy it's de facto a required package (yes, that was my point). -- Mathieu Roy Homepage: http://yeupou.coleumes.org Not a native english speaker: http://stock.coleumes.org/doc.php?i=/misc-files/flawed-english
Re: Pre-Depends for postgresql
On Thu, 16 Oct 2003 23:01, Martin Pitt wrote: Why would there be an issue on depending on a more important package? Having an optional/misc package pre-depend on an important/base package seems like a non-issue to me. adduser is neither essential nor required, thus does not need to be installed when installing postgres. I'm not quite sure what you mean, could you please explain this? If you depend on a less important package then it would be an indication that one of the packages in question has the wrong priority and therefore a bug. If you pre-depend on an equally important package then there may be issues related to circular-dependencies at some future time. If you have a non-base package pre-depend on a base package then the base package can never depend on it (base packages must not depend on non-base packages). If you have an optional package depend on a package that is important or required then again it would be a bug for any other package to have a dependency that results in a circle leading back to your package. So no matter what happens if you have postgres keep it's current section and priority (I can't see postgres becoming a base part of Debian or being considered important in the Debian priority system) then any problem related to your pre-depends will be a fairly obvious and unambiguous bug in someone else's package. I've recently learnt about some of these things the hard way... ;) -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
Re: Pre-Depends for postgresql
Hi! Please don't get me wrong, I don't insist of using adduser. IMHO Mathieu's solution of checking whether adduser is available is acceptable, if adduser is not installed then I can't break any admin preferences anyway. In addition, user postgres has uid 31, thus base-passwd should have given its blessings to postgres :-) But I would like to understand this issue properly. Thus I am bothering you again (sorry :-) ): On 2003-10-17 2:14 +1000, Russell Coker wrote: If you depend on a less important package then it would be an indication that one of the packages in question has the wrong priority and therefore a bug. That's obvious. If you pre-depend on an equally important package then there may be issues related to circular-dependencies at some future time. I understand, but that doesn't hold here. If you have a non-base package pre-depend on a base package then the base package can never depend on it (base packages must not depend on non-base packages). That's basically the same as the first paragraph. If you have an optional package depend on a package that is important or required then again it would be a bug for any other package to have a dependency that results in a circle leading back to your package. This confuses me. If a package can neither pre-depend on a package that has a lower, an equal, nor a higher priority, then we wouldn't need pre-dependencies at all. Could you convince an example? So no matter what happens if you have postgres keep it's current section and priority (I can't see postgres becoming a base part of Debian or being considered important in the Debian priority system) Well, making a huge beast like postgres standard or even part of base is certainly not desirable... then any problem related to your pre-depends will be a fairly obvious and unambiguous bug in someone else's package. Could you explain this in more detail, please? Maybe with an example? Currently, postgres is already using adduser in its preinst, but only depends on it (which is kind of too late). The question is now, should we make it officially pre-depend on it or should I convince Oliver to rewrite the stuff to fall back to useradd (BTW: Oliver, do you follow this?) I've recently learnt about some of these things the hard way... ;) I believe that and that's the reason why I want to understand this thoroughly. Thanks in advance for the time you spent to teach newbies! :-) The policy only explains the purpose of pre-depends and I didn't find anything in the Developer's Reference. Have a nice day, Martin -- Martin Pitt home: www.piware.de eMail: [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
On Thu, Oct 16, 2003 at 11:36:04PM +0200, Martin Pitt wrote: Please don't get me wrong, I don't insist of using adduser. IMHO Mathieu's solution of checking whether adduser is available is acceptable, if adduser is not installed then I can't break any admin preferences anyway. In addition, user postgres has uid 31, thus base-passwd should have given its blessings to postgres :-) Uid 31 is reserved forever (speaking as the base-passwd maintainer), but new installations of postgresql should have a uid in the system range, namely 100-999, as created by 'adduser --system'. See the changelog for base-passwd 3.5.0. Currently, postgres is already using adduser in its preinst, but only depends on it (which is kind of too late). The question is now, should we make it officially pre-depend on it or should I convince Oliver to rewrite the stuff to fall back to useradd (BTW: Oliver, do you follow this?) No, you should definitely not attempt to fall back to useradd: that whole subthread is just a distraction. Pre-depending on adduser is perfectly fine and reasonable for a package like postgresql, and it is wrong for a Debian package to try to use anything else other than adduser to create system users. Using adduser means that we, or local sysadmins, only have one thing to change if we need to change how system users work. Use adduser. It's your friend. Cheers, -- Colin Watson [EMAIL PROTECTED]
Re: Pre-Depends for postgresql
On Fri, 17 Oct 2003 07:36, Martin Pitt wrote: If you have an optional package depend on a package that is important or required then again it would be a bug for any other package to have a dependency that results in a circle leading back to your package. This confuses me. If a package can neither pre-depend on a package that has a lower, an equal, nor a higher priority, then we wouldn't need pre-dependencies at all. Could you convince an example? I am saying that if you depend on more important packages, then the only way it breaks is if something else is broken. EG if postgresql pre-depends on adduser and adduser pre-depends on postgresql then there would be a problem, but this would be an obvious bug in adduser and nothing that you would have to be concerned with as maintainer of postgresql. Also if postgresql p-d on adduser, adduser p-d on libpam-pgsql (assuming there is such a package), and libpam-pgsql p-d on postgresql then there will be a problem. But again it would not be a problem with postgresql, so while working on postgresql you don't have to be concerned with that risk. -- http://www.coker.com.au/selinux/ My NSA Security Enhanced Linux packages http://www.coker.com.au/bonnie++/ Bonnie++ hard drive benchmark http://www.coker.com.au/postal/Postal SMTP/POP benchmark http://www.coker.com.au/~russell/ My home page
