Re: [Fink-devel] New fink release imminent
On 6/4/12 7:16 PM, Alexander Hansen wrote: snip OK, I think we may be close to ready for the 0.33.0 release. In addition to making --build-as-nobody the default build mode and recognizing 10.7.4: 1) Unless I get an objection within a few days, I'm going to merge into master https://github.com/fink/fink/tree/system-python which makes %p/Library/Python a directory recognized by the validator, and which disallows use of PYTHONPATH containing a system-global Python library directory (the aforementioned %p/Library/Python, %p/lib//sw/lib/pythonX.Y/site-packages). 2) Unless I get an objection within a few days, I'm going to merge into master https://github.com/fink/fink/tree/xcode_app, which changes the xcode virtual package to indicate installation of and the version of the Command Line Tools for Xcode 4.3+ rather than the version of Xcode.app; and which introduces an xcode.app virtual package whose version is the version of Xcode.app (the 'xcode' and 'xcode-app' packages carry essentially the same information for Xcode 4.2.1 and earlier). 3) And I'd like to merge into master https://github.com/fink/fink/tree/fink_configure_sets_up_fink_bld, which sets up the fink-bld user via fink configure and activates/checks it on build-relevant operations. If you can only check out and evaluate one branch this summer, this is the one! I've merged all 3 of these into the official master, and I plan to release 0.33.0 on June 7. So much for planning. ;-) It'll be June 11 barring any severe objections. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/28/12 11:23 AM, Alexander Hansen wrote: On 5/23/12 4:31 PM, Alexander Hansen wrote: On 5/22/12 10:04 AM, Alexander Hansen wrote: On 5/22/12 1:53 AM, Dustin Cartwright wrote: On Tue, May 22, 2012 at 6:46 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: Sorry, was in a bad mood. I was just trying to convince you to do less work, but I can see that I failed. :) Here's the thought process I was working under: fink configure is a natural place to do anything that has prompts for the user. However, it isn't supposed to have side effects, i.e. all that it currently does is set up the fink.conf file. So I figured we'd prompt for user input and do the sanity checking in fink configure, saving the results (FinkBldUid for immediate use, and AutoUid, AutoUidMin, AutoUidMax for the next 'fink configure'), and then actually write the fink-bld information (if required) elsewhere. To leave open the possibility of automatic UIDs replacing the current passwd in the future, would it be better to replace FinkBldUid with something more extensible? I don't know if the fink.conf parser can handle something like: FixedUids: fink-bld: 266 postfres: 252 I don't think fink.conf can handle that. Or maybe better would be just to take the UID and GID from %p/etc/passwd-fink and %p/etc/passwd-group if AutoUid is false? After all, this is where people were supposed to customized the added users in the past. Dustin Actually, what it does right now is: 1) Check whether fink-bld exists on the system, and grab its UID and GID--via 'id -P fink-bld'. That avoids worrying about whether the user happens to have changed fink-bld's configuration by means other than editing %p/etc/passwd-*, since we're using what is actually in place on the system. 2) If fink-bld exists and is properly configured (defined as having both a UID and GID) then the user is given the default option just to use the extant fink-bld, regardless of whether AutoUid is set. That way they'll be using whatever they had set up in the past, unless they specifically make the change. For users without fink-bld, the default is to get an ID automatically from the 600-699 range. I've put something online at https://github.com/fink/fink/tree/fink_configure_sets_up_fink_bld Configure.pm is where things get configured to set. I check the validity of prospective UID/GID values here as well as in Services.pm. If there's a pre-existing fink-bld user, it gets used by default, and its UID/GID (assumed to be the same) get stored in fink.conf. Services.pm has similar changes to what Dustin added in his branch, with a few tweaks. In this case, the FinkBldUid: field from fink.conf takes precedence over the current UID/GID of the fink-bld user, so if they differ the assumption is that the user wanted to change to the fink.conf value. Engine.pm actually runs ensure_fink_bld() thereby setting the fink-bld user up. It checks for every fink verb other than configure. We may want only to do that for build operations, perhaps--though it was convenient just to use fink index to test changes to the fink-bld user. :-) I'm not sure if everything is compliant with how things need to be set up when users are managed e.g. via OpenDirectory. OK, I think we may be close to ready for the 0.33.0 release. In addition to making --build-as-nobody the default build mode and recognizing 10.7.4: 1) Unless I get an objection within a few days, I'm going to merge into master https://github.com/fink/fink/tree/system-python which makes %p/Library/Python a directory recognized by the validator, and which disallows use of PYTHONPATH containing a system-global Python library directory (the aforementioned %p/Library/Python, %p/lib//sw/lib/pythonX.Y/site-packages). 2) Unless I get an objection within a few days, I'm going to merge into master https://github.com/fink/fink/tree/xcode_app, which changes the xcode virtual package to indicate installation of and the version of the Command Line Tools for Xcode 4.3+ rather than the version of Xcode.app; and which introduces an xcode.app virtual package whose version is the version of Xcode.app (the 'xcode' and 'xcode-app' packages carry essentially the same information for Xcode 4.2.1 and earlier). 3) And I'd like to merge into master https://github.com/fink/fink/tree/fink_configure_sets_up_fink_bld, which sets up the fink-bld user via fink configure and activates/checks it on build-relevant operations. If you can only check out and evaluate one branch this summer, this is the one! I've merged all 3 of these into the official master, and I plan to release 0.33.0 on June 7. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security
Re: [Fink-devel] New fink release imminent
On 5/23/12 4:31 PM, Alexander Hansen wrote: On 5/22/12 10:04 AM, Alexander Hansen wrote: On 5/22/12 1:53 AM, Dustin Cartwright wrote: On Tue, May 22, 2012 at 6:46 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: Sorry, was in a bad mood. I was just trying to convince you to do less work, but I can see that I failed. :) Here's the thought process I was working under: fink configure is a natural place to do anything that has prompts for the user. However, it isn't supposed to have side effects, i.e. all that it currently does is set up the fink.conf file. So I figured we'd prompt for user input and do the sanity checking in fink configure, saving the results (FinkBldUid for immediate use, and AutoUid, AutoUidMin, AutoUidMax for the next 'fink configure'), and then actually write the fink-bld information (if required) elsewhere. To leave open the possibility of automatic UIDs replacing the current passwd in the future, would it be better to replace FinkBldUid with something more extensible? I don't know if the fink.conf parser can handle something like: FixedUids: fink-bld: 266 postfres: 252 I don't think fink.conf can handle that. Or maybe better would be just to take the UID and GID from %p/etc/passwd-fink and %p/etc/passwd-group if AutoUid is false? After all, this is where people were supposed to customized the added users in the past. Dustin Actually, what it does right now is: 1) Check whether fink-bld exists on the system, and grab its UID and GID--via 'id -P fink-bld'. That avoids worrying about whether the user happens to have changed fink-bld's configuration by means other than editing %p/etc/passwd-*, since we're using what is actually in place on the system. 2) If fink-bld exists and is properly configured (defined as having both a UID and GID) then the user is given the default option just to use the extant fink-bld, regardless of whether AutoUid is set. That way they'll be using whatever they had set up in the past, unless they specifically make the change. For users without fink-bld, the default is to get an ID automatically from the 600-699 range. I've put something online at https://github.com/fink/fink/tree/fink_configure_sets_up_fink_bld Configure.pm is where things get configured to set. I check the validity of prospective UID/GID values here as well as in Services.pm. If there's a pre-existing fink-bld user, it gets used by default, and its UID/GID (assumed to be the same) get stored in fink.conf. Services.pm has similar changes to what Dustin added in his branch, with a few tweaks. In this case, the FinkBldUid: field from fink.conf takes precedence over the current UID/GID of the fink-bld user, so if they differ the assumption is that the user wanted to change to the fink.conf value. Engine.pm actually runs ensure_fink_bld() thereby setting the fink-bld user up. It checks for every fink verb other than configure. We may want only to do that for build operations, perhaps--though it was convenient just to use fink index to test changes to the fink-bld user. :-) I'm not sure if everything is compliant with how things need to be set up when users are managed e.g. via OpenDirectory. OK, I think we may be close to ready for the 0.33.0 release. In addition to making --build-as-nobody the default build mode and recognizing 10.7.4: 1) Unless I get an objection within a few days, I'm going to merge into master https://github.com/fink/fink/tree/system-python which makes %p/Library/Python a directory recognized by the validator, and which disallows use of PYTHONPATH containing a system-global Python library directory (the aforementioned %p/Library/Python, %p/lib//sw/lib/pythonX.Y/site-packages). 2) Unless I get an objection within a few days, I'm going to merge into master https://github.com/fink/fink/tree/xcode_app, which changes the xcode virtual package to indicate installation of and the version of the Command Line Tools for Xcode 4.3+ rather than the version of Xcode.app; and which introduces an xcode.app virtual package whose version is the version of Xcode.app (the 'xcode' and 'xcode-app' packages carry essentially the same information for Xcode 4.2.1 and earlier). 3) And I'd like to merge into master https://github.com/fink/fink/tree/fink_configure_sets_up_fink_bld, which sets up the fink-bld user via fink configure and activates/checks it on build-relevant operations. If you can only check out and evaluate one branch this summer, this is the one! -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats.
Re: [Fink-devel] New fink release imminent
On 5/22/12 10:04 AM, Alexander Hansen wrote: On 5/22/12 1:53 AM, Dustin Cartwright wrote: On Tue, May 22, 2012 at 6:46 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: Sorry, was in a bad mood. I was just trying to convince you to do less work, but I can see that I failed. :) Here's the thought process I was working under: fink configure is a natural place to do anything that has prompts for the user. However, it isn't supposed to have side effects, i.e. all that it currently does is set up the fink.conf file. So I figured we'd prompt for user input and do the sanity checking in fink configure, saving the results (FinkBldUid for immediate use, and AutoUid, AutoUidMin, AutoUidMax for the next 'fink configure'), and then actually write the fink-bld information (if required) elsewhere. To leave open the possibility of automatic UIDs replacing the current passwd in the future, would it be better to replace FinkBldUid with something more extensible? I don't know if the fink.conf parser can handle something like: FixedUids: fink-bld: 266 postfres: 252 I don't think fink.conf can handle that. Or maybe better would be just to take the UID and GID from %p/etc/passwd-fink and %p/etc/passwd-group if AutoUid is false? After all, this is where people were supposed to customized the added users in the past. Dustin Actually, what it does right now is: 1) Check whether fink-bld exists on the system, and grab its UID and GID--via 'id -P fink-bld'. That avoids worrying about whether the user happens to have changed fink-bld's configuration by means other than editing %p/etc/passwd-*, since we're using what is actually in place on the system. 2) If fink-bld exists and is properly configured (defined as having both a UID and GID) then the user is given the default option just to use the extant fink-bld, regardless of whether AutoUid is set. That way they'll be using whatever they had set up in the past, unless they specifically make the change. For users without fink-bld, the default is to get an ID automatically from the 600-699 range. I've put something online at https://github.com/fink/fink/tree/fink_configure_sets_up_fink_bld Configure.pm is where things get configured to set. I check the validity of prospective UID/GID values here as well as in Services.pm. If there's a pre-existing fink-bld user, it gets used by default, and its UID/GID (assumed to be the same) get stored in fink.conf. Services.pm has similar changes to what Dustin added in his branch, with a few tweaks. In this case, the FinkBldUid: field from fink.conf takes precedence over the current UID/GID of the fink-bld user, so if they differ the assumption is that the user wanted to change to the fink.conf value. Engine.pm actually runs ensure_fink_bld() thereby setting the fink-bld user up. It checks for every fink verb other than configure. We may want only to do that for build operations, perhaps--though it was convenient just to use fink index to test changes to the fink-bld user. :-) I'm not sure if everything is compliant with how things need to be set up when users are managed e.g. via OpenDirectory. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On Tue, May 22, 2012 at 6:46 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: Sorry, was in a bad mood. I was just trying to convince you to do less work, but I can see that I failed. :) Here's the thought process I was working under: fink configure is a natural place to do anything that has prompts for the user. However, it isn't supposed to have side effects, i.e. all that it currently does is set up the fink.conf file. So I figured we'd prompt for user input and do the sanity checking in fink configure, saving the results (FinkBldUid for immediate use, and AutoUid, AutoUidMin, AutoUidMax for the next 'fink configure'), and then actually write the fink-bld information (if required) elsewhere. To leave open the possibility of automatic UIDs replacing the current passwd in the future, would it be better to replace FinkBldUid with something more extensible? I don't know if the fink.conf parser can handle something like: FixedUids: fink-bld: 266 postfres: 252 Or maybe better would be just to take the UID and GID from %p/etc/passwd-fink and %p/etc/passwd-group if AutoUid is false? After all, this is where people were supposed to customized the added users in the past. Dustin -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/22/12 1:53 AM, Dustin Cartwright wrote: On Tue, May 22, 2012 at 6:46 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: Sorry, was in a bad mood. I was just trying to convince you to do less work, but I can see that I failed. :) Here's the thought process I was working under: fink configure is a natural place to do anything that has prompts for the user. However, it isn't supposed to have side effects, i.e. all that it currently does is set up the fink.conf file. So I figured we'd prompt for user input and do the sanity checking in fink configure, saving the results (FinkBldUid for immediate use, and AutoUid, AutoUidMin, AutoUidMax for the next 'fink configure'), and then actually write the fink-bld information (if required) elsewhere. To leave open the possibility of automatic UIDs replacing the current passwd in the future, would it be better to replace FinkBldUid with something more extensible? I don't know if the fink.conf parser can handle something like: FixedUids: fink-bld: 266 postfres: 252 I don't think fink.conf can handle that. Or maybe better would be just to take the UID and GID from %p/etc/passwd-fink and %p/etc/passwd-group if AutoUid is false? After all, this is where people were supposed to customized the added users in the past. Dustin Actually, what it does right now is: 1) Check whether fink-bld exists on the system, and grab its UID and GID--via 'id -P fink-bld'. That avoids worrying about whether the user happens to have changed fink-bld's configuration by means other than editing %p/etc/passwd-*, since we're using what is actually in place on the system. 2) If fink-bld exists and is properly configured (defined as having both a UID and GID) then the user is given the default option just to use the extant fink-bld, regardless of whether AutoUid is set. That way they'll be using whatever they had set up in the past, unless they specifically make the change. For users without fink-bld, the default is to get an ID automatically from the 600-699 range. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/19/12 12:35 PM, Alexander Hansen wrote: On 5/19/12 5:59 AM, Dustin Cartwright wrote: On Fri, May 18, 2012 at 10:55 PM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: My thought is to borrow from what you've done, but do like David and Merle suggested and store the following in fink.conf: AutoUid: boolean AutoUidBase: integer, default 600 AutoUidMax: integer, default 699 FinkBldUid: the UID FinkBldGid: the GID AutoUid, FinkBldUid, and FinkBldGid would get set via fink configure. Networked folks would set AutoUid: false via a prompt, and FinkBldUid and FinkBldGid would either be autogenerated, use an existing value (left over from passwd-fink-bld) or have values set explicitly, depending on what the user wants. (AutoUidBase and AutoUidMax wouldn't be set by prompts, but would be changed via manually editing fink.conf). As you like, but this seems excessively complicated to me for no real gain. What's the difference between: 1. Setting AutoUidBase to n 2. Setting AutoUidBase and AutoUidMax both to n 3. Setting AutoUid to false and setting FinkBldUid to n As I see it, these are basically telling fink: 1. Create fink-bld with UID n, unless it's already used, in which case take the next available UID. 2. Create fink-bld with UID n, unless it's already used, in which case fail and don't create fink-bld at all. 3. Create fink-bld with UID n, even if it's in use because I don't care whether or not I have to users with the same UID. 1 seems the most useful to me. Maybe some people would prefer the extra control that comes with 2. But why would anyone prefer 3 over 1 or 2? It seems like a good principle that fink should never create a user with a UID that already exists. If you believe that, then the only configuration options which make sense are those giving fink a range of UIDs to use. And for people who want to control which UIDs fink uses, there are options, even without extra configuration parameters. They can use AutoUidBase to restrict the UIDs to a specific range. They can create the fink-bld user themselves with dscl. As I've shown in this thread, this is fraught with peril. A fairly lengthy sequence of commands is required to provide a working fink-bld user, so why not put that sequence in fink so that an administrator or user can just use 'fink configure' and get the right setup with Even if fink has created fink-bld, they can change its UID using dscl. If they're on a network, they can create fink-bld on the central directory and then it will be on all the other computers with the same UID. When fink is invoked for a build, it will check whether the fink-bld user exists. If not, it will be created using these parameters from fink.conf. If the UID and GID from fink.conf are different than those in Directory Services, fink-bld will be updated to match fink.conf. As I said, if someone wants to change fink-bld's UID, they can type: sudo dscl . /Users/fink-bld UniqueID new id This is not really any more complicated than setting a line in fink.conf. On the other hand, putting some code into fink which will modify the user database under circumstances where it will only rarely get invoked seems like a dangerous idea to me. My opinion is that it would be best to just have two new configuration settings: AutoUidMin (rather than AutoUidBase) and AutoUidMax. Also, I've come around to the idea that there should be a prompt for AutoUidMin during configure (and thus during bootstrap). Probably there should also be a prompt the first time the user upgrades to a version of fink which uses this option. Updating ConfFileCompatVersion forces a prompt after fink is updated (though it just advises running 'fink configure', has a default choice of N, and then moves on.) I think I'm hesitant only because my annoyance at the passwd package for requiring user interaction during the build process makes me not want to add prompts where they don't normally exist. Dustin My thought was that _we_ should have an interface to control how _our_ user gets set up, and that the user should be involved, as David mentioned (we also discussed this on IRC). I'd thought that it would be nice to have that information in fink.conf so that we could maintain some internal consistency on people's systems when we're generating IDs dynamically. I'm done. We can come back to this once Mountain Lion is out. Sorry, was in a bad mood. Here's the thought process I was working under: fink configure is a natural place to do anything that has prompts for the user. However, it isn't supposed to have side effects, i.e. all that it currently does is set up the fink.conf file. So I figured we'd prompt for user input and do the sanity checking in fink configure, saving the results (FinkBldUid for immediate use, and AutoUid,
Re: [Fink-devel] New fink release imminent
On Fri, May 18, 2012 at 10:55 PM, Alexander Hansen alexanderk.han...@gmail.com wrote: My thought is to borrow from what you've done, but do like David and Merle suggested and store the following in fink.conf: AutoUid: boolean AutoUidBase: integer, default 600 AutoUidMax: integer, default 699 FinkBldUid: the UID FinkBldGid: the GID AutoUid, FinkBldUid, and FinkBldGid would get set via fink configure. Networked folks would set AutoUid: false via a prompt, and FinkBldUid and FinkBldGid would either be autogenerated, use an existing value (left over from passwd-fink-bld) or have values set explicitly, depending on what the user wants. (AutoUidBase and AutoUidMax wouldn't be set by prompts, but would be changed via manually editing fink.conf). As you like, but this seems excessively complicated to me for no real gain. What's the difference between: 1. Setting AutoUidBase to n 2. Setting AutoUidBase and AutoUidMax both to n 3. Setting AutoUid to false and setting FinkBldUid to n As I see it, these are basically telling fink: 1. Create fink-bld with UID n, unless it's already used, in which case take the next available UID. 2. Create fink-bld with UID n, unless it's already used, in which case fail and don't create fink-bld at all. 3. Create fink-bld with UID n, even if it's in use because I don't care whether or not I have to users with the same UID. 1 seems the most useful to me. Maybe some people would prefer the extra control that comes with 2. But why would anyone prefer 3 over 1 or 2? It seems like a good principle that fink should never create a user with a UID that already exists. If you believe that, then the only configuration options which make sense are those giving fink a range of UIDs to use. And for people who want to control which UIDs fink uses, there are options, even without extra configuration parameters. They can use AutoUidBase to restrict the UIDs to a specific range. They can create the fink-bld user themselves with dscl. Even if fink has created fink-bld, they can change its UID using dscl. If they're on a network, they can create fink-bld on the central directory and then it will be on all the other computers with the same UID. When fink is invoked for a build, it will check whether the fink-bld user exists. If not, it will be created using these parameters from fink.conf. If the UID and GID from fink.conf are different than those in Directory Services, fink-bld will be updated to match fink.conf. As I said, if someone wants to change fink-bld's UID, they can type: sudo dscl . /Users/fink-bld UniqueID new id This is not really any more complicated than setting a line in fink.conf. On the other hand, putting some code into fink which will modify the user database under circumstances where it will only rarely get invoked seems like a dangerous idea to me. My opinion is that it would be best to just have two new configuration settings: AutoUidMin (rather than AutoUidBase) and AutoUidMax. Also, I've come around to the idea that there should be a prompt for AutoUidMin during configure (and thus during bootstrap). Probably there should also be a prompt the first time the user upgrades to a version of fink which uses this option. I think I'm hesitant only because my annoyance at the passwd package for requiring user interaction during the build process makes me not want to add prompts where they don't normally exist. Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/19/12 5:59 AM, Dustin Cartwright wrote: On Fri, May 18, 2012 at 10:55 PM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: My thought is to borrow from what you've done, but do like David and Merle suggested and store the following in fink.conf: AutoUid: boolean AutoUidBase: integer, default 600 AutoUidMax: integer, default 699 FinkBldUid: the UID FinkBldGid: the GID AutoUid, FinkBldUid, and FinkBldGid would get set via fink configure. Networked folks would set AutoUid: false via a prompt, and FinkBldUid and FinkBldGid would either be autogenerated, use an existing value (left over from passwd-fink-bld) or have values set explicitly, depending on what the user wants. (AutoUidBase and AutoUidMax wouldn't be set by prompts, but would be changed via manually editing fink.conf). As you like, but this seems excessively complicated to me for no real gain. What's the difference between: 1. Setting AutoUidBase to n 2. Setting AutoUidBase and AutoUidMax both to n 3. Setting AutoUid to false and setting FinkBldUid to n As I see it, these are basically telling fink: 1. Create fink-bld with UID n, unless it's already used, in which case take the next available UID. 2. Create fink-bld with UID n, unless it's already used, in which case fail and don't create fink-bld at all. 3. Create fink-bld with UID n, even if it's in use because I don't care whether or not I have to users with the same UID. 1 seems the most useful to me. Maybe some people would prefer the extra control that comes with 2. But why would anyone prefer 3 over 1 or 2? It seems like a good principle that fink should never create a user with a UID that already exists. If you believe that, then the only configuration options which make sense are those giving fink a range of UIDs to use. And for people who want to control which UIDs fink uses, there are options, even without extra configuration parameters. They can use AutoUidBase to restrict the UIDs to a specific range. They can create the fink-bld user themselves with dscl. As I've shown in this thread, this is fraught with peril. A fairly lengthy sequence of commands is required to provide a working fink-bld user, so why not put that sequence in fink so that an administrator or user can just use 'fink configure' and get the right setup with Even if fink has created fink-bld, they can change its UID using dscl. If they're on a network, they can create fink-bld on the central directory and then it will be on all the other computers with the same UID. When fink is invoked for a build, it will check whether the fink-bld user exists. If not, it will be created using these parameters from fink.conf. If the UID and GID from fink.conf are different than those in Directory Services, fink-bld will be updated to match fink.conf. As I said, if someone wants to change fink-bld's UID, they can type: sudo dscl . /Users/fink-bld UniqueID new id This is not really any more complicated than setting a line in fink.conf. On the other hand, putting some code into fink which will modify the user database under circumstances where it will only rarely get invoked seems like a dangerous idea to me. My opinion is that it would be best to just have two new configuration settings: AutoUidMin (rather than AutoUidBase) and AutoUidMax. Also, I've come around to the idea that there should be a prompt for AutoUidMin during configure (and thus during bootstrap). Probably there should also be a prompt the first time the user upgrades to a version of fink which uses this option. Updating ConfFileCompatVersion forces a prompt after fink is updated (though it just advises running 'fink configure', has a default choice of N, and then moves on.) I think I'm hesitant only because my annoyance at the passwd package for requiring user interaction during the build process makes me not want to add prompts where they don't normally exist. Dustin My thought was that _we_ should have an interface to control how _our_ user gets set up, and that the user should be involved, as David mentioned (we also discussed this on IRC). I'd thought that it would be nice to have that information in fink.conf so that we could maintain some internal consistency on people's systems when we're generating IDs dynamically. I'm done. We can come back to this once Mountain Lion is out. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats.
Re: [Fink-devel] New fink release imminent
On 5/17/12 2:12 PM, Dustin Cartwright wrote: On Thu, May 17, 2012 at 9:35 PM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: Success! What passwd-fink-bld does, and which wasn't being done by fink either in my branch or Dustin's, is to run dscl . -delete /Users/fink-bld AuthenticationAuthority when generating the fink-bld user. By doing this, I get the proper results: Good to hear. I'd recommend rebasing your patch to da556100d53. The last commit to dustinac/add-fink-bld added a call to dsmemberutil, which was an apparently wrong attempt to resolve the caching issue. Leaving it in would be very confusing to anyone who later tries to understand the code. So, what about networked users? Dustin My thought is to borrow from what you've done, but do like David and Merle suggested and store the following in fink.conf: AutoUid: boolean AutoUidBase: integer, default 600 AutoUidMax: integer, default 699 FinkBldUid: the UID FinkBldGid: the GID AutoUid, FinkBldUid, and FinkBldGid would get set via fink configure. Networked folks would set AutoUid: false via a prompt, and FinkBldUid and FinkBldGid would either be autogenerated, use an existing value (left over from passwd-fink-bld) or have values set explicitly, depending on what the user wants. (AutoUidBase and AutoUidMax wouldn't be set by prompts, but would be changed via manually editing fink.conf). When fink is invoked for a build, it will check whether the fink-bld user exists. If not, it will be created using these parameters from fink.conf. If the UID and GID from fink.conf are different than those in Directory Services, fink-bld will be updated to match fink.conf. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/16/12 10:33 AM, Alexander Hansen wrote: On 5/15/12 2:42 PM, Dustin Cartwright wrote: On Tue, May 15, 2012 at 1:03 AM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: After injecting again, removing the fink-bld entries, and doing a selfupdate: $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) I'm at a loss for why this keeps happening. My best guess is that Merle was right and this is some sort of caching bug. But I don't see what's different between this code and the passwd package or what MacPorts does to install its use. Is it possible that this uid is transient and that if you tried to actually build something with the newly installed fink-bld, it would work out? Dustin Nope, it's not transient. I didn't see it when I installed fink-bld via shell scripts (fink's postinstall). Woops, I was wrong. I get the same thing on 10.7 from my fink-creates-fink-bld branch when I create fink-bld in fink's postinstall. -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/17/12 10:44 AM, Alexander Hansen wrote: On 5/16/12 10:33 AM, Alexander Hansen wrote: On 5/15/12 2:42 PM, Dustin Cartwright wrote: On Tue, May 15, 2012 at 1:03 AM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: After injecting again, removing the fink-bld entries, and doing a selfupdate: $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) I'm at a loss for why this keeps happening. My best guess is that Merle was right and this is some sort of caching bug. But I don't see what's different between this code and the passwd package or what MacPorts does to install its use. Is it possible that this uid is transient and that if you tried to actually build something with the newly installed fink-bld, it would work out? Dustin Nope, it's not transient. I didn't see it when I installed fink-bld via shell scripts (fink's postinstall). Woops, I was wrong. I get the same thing on 10.7 from my fink-creates-fink-bld branch when I create fink-bld in fink's postinstall. Success! What passwd-fink-bld does, and which wasn't being done by fink either in my branch or Dustin's, is to run dscl . -delete /Users/fink-bld AuthenticationAuthority when generating the fink-bld user. By doing this, I get the proper results: 10.7 $ id fink-bld uid=600(fink-bld) gid=600(fink-bld) groups=600(fink-bld),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) 10.6 $id fink-bld uid=600(fink-bld) gid=600(fink-bld) groups=600(fink-bld),101(com.apple.sharepoint.group.1),61(localaccounts),12(everyone),102(com.apple.sharepoint.group.2) 10.5 $ id fink-bld uid=600(fink-bld) gid=600(fink-bld) groups=600(fink-bld) -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On Thu, May 17, 2012 at 9:35 PM, Alexander Hansen alexanderk.han...@gmail.com wrote: Success! What passwd-fink-bld does, and which wasn't being done by fink either in my branch or Dustin's, is to run dscl . -delete /Users/fink-bld AuthenticationAuthority when generating the fink-bld user. By doing this, I get the proper results: Good to hear. I'd recommend rebasing your patch to da556100d53. The last commit to dustinac/add-fink-bld added a call to dsmemberutil, which was an apparently wrong attempt to resolve the caching issue. Leaving it in would be very confusing to anyone who later tries to understand the code. So, what about networked users? Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/15/12 2:42 PM, Dustin Cartwright wrote: On Tue, May 15, 2012 at 1:03 AM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: After injecting again, removing the fink-bld entries, and doing a selfupdate: $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) I'm at a loss for why this keeps happening. My best guess is that Merle was right and this is some sort of caching bug. But I don't see what's different between this code and the passwd package or what MacPorts does to install its use. Is it possible that this uid is transient and that if you tried to actually build something with the newly installed fink-bld, it would work out? Dustin Nope, it's not transient. I didn't see it when I installed fink-bld via shell scripts (fink's postinstall). -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On Tue, May 15, 2012 at 1:03 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: After injecting again, removing the fink-bld entries, and doing a selfupdate: $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) I'm at a loss for why this keeps happening. My best guess is that Merle was right and this is some sort of caching bug. But I don't see what's different between this code and the passwd package or what MacPorts does to install its use. Is it possible that this uid is transient and that if you tried to actually build something with the newly installed fink-bld, it would work out? Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
Alexander, can you try the latest branch of add-fink-bld again? Directory Services seems to map uid, passwd, etc. to UniqueID, Password respectively, but I thought it might be better just to use the latter directly. I also added an invocation of dsmemberutil flushcache. I know nothing about this command but it's name sounds promising. On Mon, May 14, 2012 at 12:14 AM, Merle Reinhart merlereinh...@mac.comwrote: Dustin, This is all potentially going to create issues for enterprise and school IT types (the dynamically assigning part). Also, a lot of those situations make use of AD for user/group administration and some might be using Open Directory via a central Mac OS X Server. If you just look at the local database and create a user/group based upon that, there is a possibility that you'll override a non-local account (a local account with the same uid will override a non-local account) with unpredictable and potentially bad results. Hi Merle, thanks for your concerns. I did two things. First, I changed the method of looking for unused UIDs from dscl to getpwuid and getgrgid, which should mean that fink will detect UIDs which are in use by either local or non-local users. Second, the block of UIDs that fink looks at can now be controlled with a configure option, called AutoUidBase. It seems to me that if users with Open Directory want fink-bld to have the same UID on all their computers, then the simplest way is to create this user on the central server and then on the other computers fink won't touch the user list. The whole point of Open Directory is to administer these things centrally, right? On the other hand, if they don't mind fink-bld being created locally, then AutoUidBase means that it can be forced into some fixed range which won't be used for centrally assigned UIDs. One thing that I'm keeping in the back of my mind is that it would be nice if someday all users created by fink had auto-assigned UIDs. For the near future only fink-bld will be created with auto-assigned UID, but I want to think through the design as if fink will potentially be creating further users with auto-assigned UIDs as it needs them for packages. Thus, the idea of AutoUidBase is to reserve a whole block of UIDs rather than requesting them one at a time. I've never used Open Directory, so maybe I'm all wrong. But does this make sense to you? If so, I think the remaining question is: should fink prompt the user before creating the fink-bld user, something like what the passwd package does now? My feeling is no, or maybe only on computers using Open Directory. Without Open Directory, there's no risk of a UID collision and we're not allowing users to opt out of fink-bld, so I don't see why anyone would prefer anything other than the auto-assigned UID. Does anyone know if there's a good way of determining whether or not Open Directory is enabled? Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/14/12 3:44 AM, Dustin Cartwright wrote: Alexander, can you try the latest branch of add-fink-bld again? Directory Services seems to map uid, passwd, etc. to UniqueID, Password respectively, but I thought it might be better just to use the latter directly. I also added an invocation of dsmemberutil flushcache. I know nothing about this command but it's name sounds promising. On Mon, May 14, 2012 at 12:14 AM, Merle Reinhart merlereinh...@mac.com mailto:merlereinh...@mac.com wrote: Dustin, This is all potentially going to create issues for enterprise and school IT types (the dynamically assigning part). Also, a lot of those situations make use of AD for user/group administration and some might be using Open Directory via a central Mac OS X Server. If you just look at the local database and create a user/group based upon that, there is a possibility that you'll override a non-local account (a local account with the same uid will override a non-local account) with unpredictable and potentially bad results. Hi Merle, thanks for your concerns. I did two things. First, I changed the method of looking for unused UIDs from dscl to getpwuid and getgrgid, which should mean that fink will detect UIDs which are in use by either local or non-local users. Second, the block of UIDs that fink looks at can now be controlled with a configure option, called AutoUidBase. It seems to me that if users with Open Directory want fink-bld to have the same UID on all their computers, then the simplest way is to create this user on the central server and then on the other computers fink won't touch the user list. The whole point of Open Directory is to administer these things centrally, right? On the other hand, if they don't mind fink-bld being created locally, then AutoUidBase means that it can be forced into some fixed range which won't be used for centrally assigned UIDs. One thing that I'm keeping in the back of my mind is that it would be nice if someday all users created by fink had auto-assigned UIDs. For the near future only fink-bld will be created with auto-assigned UID, but I want to think through the design as if fink will potentially be creating further users with auto-assigned UIDs as it needs them for packages. Thus, the idea of AutoUidBase is to reserve a whole block of UIDs rather than requesting them one at a time. I've never used Open Directory, so maybe I'm all wrong. But does this make sense to you? If so, I think the remaining question is: should fink prompt the user before creating the fink-bld user, something like what the passwd package does now? My feeling is no, or maybe only on computers using Open Directory. Without Open Directory, there's no risk of a UID collision and we're not allowing users to opt out of fink-bld, so I don't see why anyone would prefer anything other than the auto-assigned UID. Does anyone know if there's a good way of determining whether or not Open Directory is enabled? Dustin After injecting again, removing the fink-bld entries, and doing a selfupdate: $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On May 13, 2012, at 3:14 PM, Merle Reinhart wrote: One possibility would be make the id static or dynamic based upon a configuration setting in fink.conf. I think you'll wind up with a lot less push-back from IT admins. We've done things like this in the past. We can store the desired ID in fink.conf, and then the post install script can check to see if that setting is there. If not, it can prompt the user to see if the user wishes to specify the ID or allow it to be set dynamically. (A similar prompt would happen during bootstrap…) -- Dave -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
Hi, The DirectoryServices daemon turns out to be open source, so I tried looking at the source for insight into this problem. There's some code in there which seems to be defaulting the UID to -1, but I couldn't make sense of why it was getting invoked on 10.7 but not 10.6. I made some tweaks to my branch, including assigning a UID and creating the user in one step rather than as separate steps. Alexander, can you check to see if this works for you now? Also, it would be great if someone could test it on 10.5. The branch is at https://github.com/dustinac/fink/tree/add-fink-bld Also, I found a comment in a MacPorts bug report: https://github.com/dustinac/fink/tree/add-fink-bld which says that UIDs less than 500 are reserved by Apple. So, I decided to change the auto-assign range to 600-699, which is also separated from regular users, whose IDs start at 500. Dustin On Fri, May 11, 2012 at 1:23 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: On 5/10/12 3:06 PM, Alexander Hansen wrote: On 5/10/12 11:04 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 6:07 PM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: It didn't do the right thing for me, apparently: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) (OS 10.7.4, if it matters) Strange. It worked for me on 10.6.8. One difference I noticed between the passwd package and the new code is that the former adds the users and then the groups whereas the latter adds the fink-bld group and then the fink-bld user. I'm not really sure how, but this could be making the difference. I changed the order in my branch. Can you try again with the updated version? If that doesn't fix it, what happens if you delete the fink-bld user, but not the group? Dustin I made some debugging progress. On 10.7 I get: $ dscl . -read /Users/fink-bld gid dsAttrTypeNative:gid: 280 Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) On 10.6, on the other hand, from an absolutely identical fink checkout: $ id fink-bld uid=280(fink-bld) gid=280(fink-bld) groups=280(fink-bld),101(com.apple.sharepoint.group.1),61(localaccounts),12(everyone),102(com.apple.sharepoint.group.2) I'm not sure why it's being balky on 10.7. On 10.7, everything seems to get set properly after one more selfupdate: Alexanders-MacBook-Pro:web hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) Alexanders-MacBook-Pro:web hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) selfupdate here Alexanders-MacBook-Pro:web hansen$ id fink-bld uid=280(fink-bld) gid=280(fink-bld) groups=280(fink-bld),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/12/12 6:39 AM, Dustin Cartwright wrote: Hi, The DirectoryServices daemon turns out to be open source, so I tried looking at the source for insight into this problem. There's some code in there which seems to be defaulting the UID to -1, but I couldn't make sense of why it was getting invoked on 10.7 but not 10.6. I made some tweaks to my branch, including assigning a UID and creating the user in one step rather than as separate steps. Alexander, can you check to see if this works for you now? Also, it would be great if someone could test it on 10.5. The branch is at https://github.com/dustinac/fink/tree/add-fink-bld Also, I found a comment in a MacPorts bug report: https://github.com/dustinac/fink/tree/add-fink-bld which says that UIDs less than 500 are reserved by Apple. So, I decided to change the auto-assign range to 600-699, which is also separated from regular users, whose IDs start at 500. Dustin It doesn't work for me on 10.7. 10.7: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) $ fink selfupdate ... $ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) Though dscl gives: $ dscl . -read /Users/fink-bld uid dsAttrTypeNative:uid: 600 $ dscl . -read /Users/fink-bld gid dsAttrTypeNative:gid: 600 - 10.6: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. $ id fink-bld uid=600(fink-bld) gid=600(fink-bld) groups=600(fink-bld),101(com.apple.sharepoint.group.1),61(localaccounts),12(everyone),102(com.apple.sharepoint.group.2) - 10.5: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. $ id fink-bld uid=600(fink-bld) gid=600(fink-bld) groups=600(fink-bld) -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On Thu, May 10, 2012 at 12:45 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: We're approaching the May 16 planned deadline for a new Fink (0.33.0) release. The current plan is to incorporate: 2) moving creation of the fink-bld user from passwd-fink-bld into fink, as per https://github.com/fink/fink/pull/30 . Note that if there is already a fink-bld user, fink recognizes it. This will also entail using a dummy passwd-fink-bld package in the 10.7/ tree to replace the real package, and updating passwd in the 10.4/ tree so that it doesn't generate the passwd-fink-bld user anymore. I hacked together an alternative to this branch, which creates the fink-bld user and group during selfupdate or bootstrap, but selects a UID which is not on the system rather than using a fixed one: https://github.com/dustinac/fink/commits/add-fink-bld Some background: Currently, fink-bld is always created with UID 266. As was discussed on fink-core, this could be a problem in the rare case that UID 266 has already been assigned to a different user on the system prior to installing or updating fink. With an autoselected UID, there is no risk of such a collision. Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
I think Dustin's approach is a good one -- less intrusive to users' systems. -- Dave On May 10, 2012, at 4:32 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 12:45 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: We're approaching the May 16 planned deadline for a new Fink (0.33.0) release. The current plan is to incorporate: 2) moving creation of the fink-bld user from passwd-fink-bld into fink, as per https://github.com/fink/fink/pull/30 . Note that if there is already a fink-bld user, fink recognizes it. This will also entail using a dummy passwd-fink-bld package in the 10.7/ tree to replace the real package, and updating passwd in the 10.4/ tree so that it doesn't generate the passwd-fink-bld user anymore. I hacked together an alternative to this branch, which creates the fink-bld user and group during selfupdate or bootstrap, but selects a UID which is not on the system rather than using a fixed one: https://github.com/dustinac/fink/commits/add-fink-bld Some background: Currently, fink-bld is always created with UID 266. As was discussed on fink-core, this could be a problem in the rare case that UID 266 has already been assigned to a different user on the system prior to installing or updating fink. With an autoselected UID, there is no risk of such a collision. Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
the problem with it IIRC from WAY BACK want I worked on my uidgid branch is that dpkg stores the uid/gid and did not the name/group, so if the uid differs when a deb is installed instead of the the fink build process it will have the wrong perms, unless things have changed since then. --- TS http://www.southofheaven.org/ Life begins and ends with chaos, live between the chaos! On 2012-05-10, at 6:33 AM, David R. Morrison wrote: I think Dustin's approach is a good one -- less intrusive to users' systems. -- Dave On May 10, 2012, at 4:32 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 12:45 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: We're approaching the May 16 planned deadline for a new Fink (0.33.0) release. The current plan is to incorporate: 2) moving creation of the fink-bld user from passwd-fink-bld into fink, as per https://github.com/fink/fink/pull/30 . Note that if there is already a fink-bld user, fink recognizes it. This will also entail using a dummy passwd-fink-bld package in the 10.7/ tree to replace the real package, and updating passwd in the 10.4/ tree so that it doesn't generate the passwd-fink-bld user anymore. I hacked together an alternative to this branch, which creates the fink-bld user and group during selfupdate or bootstrap, but selects a UID which is not on the system rather than using a fixed one: https://github.com/dustinac/fink/commits/add-fink-bld Some background: Currently, fink-bld is always created with UID 266. As was discussed on fink-core, this could be a problem in the rare case that UID 266 has already been assigned to a different user on the system prior to installing or updating fink. With an autoselected UID, there is no risk of such a collision. Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
Hi Justin. Long time no see :) Actually, this particular user is only being used during fink build. No files are supposed to belong to that user at the end of the build process. So there shouldn't be a problem. (But maybe we should, if we don't already, do a validator check to make sure that no files are owed by fink-bld.) -- Dave On May 10, 2012, at 9:33 AM, TheSin wrote: the problem with it IIRC from WAY BACK want I worked on my uidgid branch is that dpkg stores the uid/gid and did not the name/group, so if the uid differs when a deb is installed instead of the the fink build process it will have the wrong perms, unless things have changed since then. --- TS http://www.southofheaven.org/ Life begins and ends with chaos, live between the chaos! On 2012-05-10, at 6:33 AM, David R. Morrison wrote: I think Dustin's approach is a good one -- less intrusive to users' systems. -- Dave On May 10, 2012, at 4:32 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 12:45 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: We're approaching the May 16 planned deadline for a new Fink (0.33.0) release. The current plan is to incorporate: 2) moving creation of the fink-bld user from passwd-fink-bld into fink, as per https://github.com/fink/fink/pull/30 . Note that if there is already a fink-bld user, fink recognizes it. This will also entail using a dummy passwd-fink-bld package in the 10.7/ tree to replace the real package, and updating passwd in the 10.4/ tree so that it doesn't generate the passwd-fink-bld user anymore. I hacked together an alternative to this branch, which creates the fink-bld user and group during selfupdate or bootstrap, but selects a UID which is not on the system rather than using a fixed one: https://github.com/dustinac/fink/commits/add-fink-bld Some background: Currently, fink-bld is always created with UID 266. As was discussed on fink-core, this could be a problem in the rare case that UID 266 has already been assigned to a different user on the system prior to installing or updating fink. With an autoselected UID, there is no risk of such a collision. Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
ahh that makes sense now ;) I thought this was suppose to replace passed like in my uidgid branch, I was going to say to counter that issue I created pastiest ownership scripts that auto generated. But since that isn't' the case I'll go back to my quiet corner and let the people that know wants going on talk and not interrupt ;) And for sure arm been a while I missed you guys so I decided to make more time for fink again. ;) --- TS http://www.southofheaven.org/ Life begins and ends with chaos, live between the chaos! On 2012-05-10, at 8:08 AM, David R. Morrison wrote: Hi Justin. Long time no see :) Actually, this particular user is only being used during fink build. No files are supposed to belong to that user at the end of the build process. So there shouldn't be a problem. (But maybe we should, if we don't already, do a validator check to make sure that no files are owed by fink-bld.) -- Dave On May 10, 2012, at 9:33 AM, TheSin wrote: the problem with it IIRC from WAY BACK want I worked on my uidgid branch is that dpkg stores the uid/gid and did not the name/group, so if the uid differs when a deb is installed instead of the the fink build process it will have the wrong perms, unless things have changed since then. --- TS http://www.southofheaven.org/ Life begins and ends with chaos, live between the chaos! On 2012-05-10, at 6:33 AM, David R. Morrison wrote: I think Dustin's approach is a good one -- less intrusive to users' systems. -- Dave On May 10, 2012, at 4:32 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 12:45 AM, Alexander Hansen alexanderk.han...@gmail.com wrote: We're approaching the May 16 planned deadline for a new Fink (0.33.0) release. The current plan is to incorporate: 2) moving creation of the fink-bld user from passwd-fink-bld into fink, as per https://github.com/fink/fink/pull/30 . Note that if there is already a fink-bld user, fink recognizes it. This will also entail using a dummy passwd-fink-bld package in the 10.7/ tree to replace the real package, and updating passwd in the 10.4/ tree so that it doesn't generate the passwd-fink-bld user anymore. I hacked together an alternative to this branch, which creates the fink-bld user and group during selfupdate or bootstrap, but selects a UID which is not on the system rather than using a fixed one: https://github.com/dustinac/fink/commits/add-fink-bld Some background: Currently, fink-bld is always created with UID 266. As was discussed on fink-core, this could be a problem in the rare case that UID 266 has already been assigned to a different user on the system prior to installing or updating fink. With an autoselected UID, there is no risk of such a collision. Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
It didn't do the right thing for me, apparently: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) (OS 10.7.4, if it matters) On 5/10/12 1:32 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 12:45 AM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: We're approaching the May 16 planned deadline for a new Fink (0.33.0) release. The current plan is to incorporate: 2) moving creation of the fink-bld user from passwd-fink-bld into fink, as per https://github.com/fink/fink/pull/30 . Note that if there is already a fink-bld user, fink recognizes it. This will also entail using a dummy passwd-fink-bld package in the 10.7/ tree to replace the real package, and updating passwd in the 10.4/ tree so that it doesn't generate the passwd-fink-bld user anymore. I hacked together an alternative to this branch, which creates the fink-bld user and group during selfupdate or bootstrap, but selects a UID which is not on the system rather than using a fixed one: https://github.com/dustinac/fink/commits/add-fink-bld Some background: Currently, fink-bld is always created with UID 266. As was discussed on fink-core, this could be a problem in the rare case that UID 266 has already been assigned to a different user on the system prior to installing or updating fink. With an autoselected UID, there is no risk of such a collision. Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On Thu, May 10, 2012 at 6:07 PM, Alexander Hansen alexanderk.han...@gmail.com wrote: It didn't do the right thing for me, apparently: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) (OS 10.7.4, if it matters) Strange. It worked for me on 10.6.8. One difference I noticed between the passwd package and the new code is that the former adds the users and then the groups whereas the latter adds the fink-bld group and then the fink-bld user. I'm not really sure how, but this could be making the difference. I changed the order in my branch. Can you try again with the updated version? If that doesn't fix it, what happens if you delete the fink-bld user, but not the group? Dustin -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/10/12 11:02 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 6:07 PM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: It didn't do the right thing for me, apparently: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) (OS 10.7.4, if it matters) Strange. It worked for me on 10.6.8. One difference I noticed between the passwd package and the new code is that the former adds the users and then the groups whereas the latter adds the fink-bld group and then the fink-bld user. I'm not really sure how, but this could be making the difference. I changed the order in my branch. Can you try again with the updated version? If that doesn't fix it, what happens if you delete the fink-bld user, but not the group? Dustin The updated version gave me the same thing (and this was definitely after deleting the fink-bld user and group): Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) When I deleted the fink-bld user and did another selfupdate, I got the same thing: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/10/12 11:04 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 6:07 PM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: It didn't do the right thing for me, apparently: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) (OS 10.7.4, if it matters) Strange. It worked for me on 10.6.8. One difference I noticed between the passwd package and the new code is that the former adds the users and then the groups whereas the latter adds the fink-bld group and then the fink-bld user. I'm not really sure how, but this could be making the difference. I changed the order in my branch. Can you try again with the updated version? If that doesn't fix it, what happens if you delete the fink-bld user, but not the group? Dustin I made some debugging progress. On 10.7 I get: $ dscl . -read /Users/fink-bld gid dsAttrTypeNative:gid: 280 Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) On 10.6, on the other hand, from an absolutely identical fink checkout: $ id fink-bld uid=280(fink-bld) gid=280(fink-bld) groups=280(fink-bld),101(com.apple.sharepoint.group.1),61(localaccounts),12(everyone),102(com.apple.sharepoint.group.2) I'm not sure why it's being balky on 10.7. -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel
Re: [Fink-devel] New fink release imminent
On 5/10/12 3:06 PM, Alexander Hansen wrote: On 5/10/12 11:04 AM, Dustin Cartwright wrote: On Thu, May 10, 2012 at 6:07 PM, Alexander Hansen alexanderk.han...@gmail.com mailto:alexanderk.han...@gmail.com wrote: It didn't do the right thing for me, apparently: Adding user and group fink-bld for building packages unprivileged No packages to install. The core packages have been updated. You should now update the other packages using commands like 'fink update-all'. Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) (OS 10.7.4, if it matters) Strange. It worked for me on 10.6.8. One difference I noticed between the passwd package and the new code is that the former adds the users and then the groups whereas the latter adds the fink-bld group and then the fink-bld user. I'm not really sure how, but this could be making the difference. I changed the order in my branch. Can you try again with the updated version? If that doesn't fix it, what happens if you delete the fink-bld user, but not the group? Dustin I made some debugging progress. On 10.7 I get: $ dscl . -read /Users/fink-bld gid dsAttrTypeNative:gid: 280 Alexanders-MacBook-Pro:my_fink hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) On 10.6, on the other hand, from an absolutely identical fink checkout: $ id fink-bld uid=280(fink-bld) gid=280(fink-bld) groups=280(fink-bld),101(com.apple.sharepoint.group.1),61(localaccounts),12(everyone),102(com.apple.sharepoint.group.2) I'm not sure why it's being balky on 10.7. On 10.7, everything seems to get set properly after one more selfupdate: Alexanders-MacBook-Pro:web hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) Alexanders-MacBook-Pro:web hansen$ id fink-bld uid=4294967294(fink-bld) gid=4294967294(nobody) groups=4294967294(nobody),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) selfupdate here Alexanders-MacBook-Pro:web hansen$ id fink-bld uid=280(fink-bld) gid=280(fink-bld) groups=280(fink-bld),402(com.apple.sharepoint.group.1),403(com.apple.sharepoint.group.2),12(everyone),61(localaccounts) -- Alexander Hansen, Ph.D. Fink User Liaison http://finkakh.wordpress.com/2012/02/21/got-job/ -- Live Security Virtual Conference Exclusive live event will cover all the ways today's security and threat landscape has changed and how IT managers can respond. Discussions will include endpoint security, mobile security and the latest in malware threats. http://www.accelacomm.com/jaw/sfrnl04242012/114/50122263/ ___ Fink-devel mailing list Fink-devel@lists.sourceforge.net List archive: http://news.gmane.org/gmane.os.apple.fink.devel Subscription management: https://lists.sourceforge.net/lists/listinfo/fink-devel