Re: [gentoo-dev] PSA: 13.0 profiles will be removed in a week
On Wed, 19 Jun 2019 15:29:33 -0400 "Anthony G. Basile" wrote: > On 6/19/19 3:19 AM, Sergei Trofimovich wrote: > > > > This is now tracked as https://bugs.gentoo.org/688342. I hope to get > > at least some followup there. > > > > When I try to look at that bug, it says I'm not authorized. I'm > concerned about two remaining mips profiles (uclibc and musl) which I'm > working to migrate to 17.0. I don't think that the removal of the 13.0 > profiles will affect them, but I'd like to know. > > The reason this is taking so long is 1) mips is a ~arch profile so > there's a lot of blockers and 2) my mips equipment is slow. Those don't seem to inherit releases/13.0. I've dropped releases/13.0 again: https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=d40fdcf1e4bdd370a13800e73a383537beef365a It it happens to break other profiles missing from profiles.desc please shout and we'll reinstate those until they are sorted. -- Sergei
Re: [gentoo-dev] [PATCH v3] glep-0081: User and group management via dedicated packages
Hi! On Thu, 20 Jun 2019 09:53:46 -0400 Brian Evans wrote: > > + > > +Before adding a new user and/or group, the developer must send a RFC > > +to the ``gentoo-dev`` mailing list. > > This paragraph should go away. It is a complete waste of time. > > +Requiring mailing list RFC > > +-- > > + > > +The policy explicitly requires RFC-es for new users and groups, as they > > +have global scopes and effects of mistakes while adding them are hard > > +to fix. Wider review should decrease the risk of major design mistakes. > > + > > +To provide one example, right now we have two different packages > > +creating ``git`` user and requiring a different home directory for > > +the user. As a result, the first package being installed defines > > +the actual home directory, and both technically can not be installed > > +at the same time. > > This section should go away. It is a complete waste of time. Mail list discussion may make sense only if users or groups and intended to be shared between different applications (e.g. ftp, mail, ntp). If user or group are intended to be application specific, there is no need for such discussions as they will just hinder development process. Best regards, Andrew Savchenko pgp1O4TymKEO2.pgp Description: PGP signature
Re: [gentoo-dev] [PATCH v3] glep-0081: User and group management via dedicated packages
On Thu, 20 Jun 2019 16:32:56 +0200 Michał Górny wrote: > On Thu, 2019-06-20 at 09:53 -0400, Brian Evans wrote: > > On 6/9/2019 7:39 AM, Michał Górny wrote: > > > +Tracking of user/group usage is done through dependencies. As long > > > +as any installed package depends on a specific user/group package, > > > +the respective user/group is assumed to be used. If no package > > > +requiring the specific user/group is left, the package manager > > > +automatically prunes the package clearly indicating it is no longer > > > +used. > > > > You cannot know when a name is "no longer used". An administrator could > > have adopted a username for other purposes. > > That's why we don't remove the actual user/group. However, this is > a valuable information to the administrator that no package is using > the user/group in question. So how do you propose to clean them up? Or let user systems trash with unused uids/gids? The GLEP 81 only mensions some possible tooling for cleanup. Is there an implementation available? I don't see it within proposed patch sets. This GLEP should not be accepted unless all necessary tools are available including a cleanup tool. Best regards, Andrew Savchenko pgpDkqP5Gug7l.pgp Description: PGP signature
Re: [gentoo-dev] [PATCH 0/7] User/group assignment: ftp, mail, postmaster
On Thu, 2019-06-20 at 11:33 -0700, Georgy Yakovlev wrote: > On Thursday, June 20, 2019 3:11:07 AM PDT Michał Górny wrote: > > Hi, > > Please review. > > > > [1] > > https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment > > > > it's probably wort adding links to other distro standard UIDs as a reference. > > RHEL[1] > Fedora[2] > Arch[3] > > [1] > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users > [2] https://pagure.io/setup/blob/master/f/uidgid > [3] https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database Added, thanks. If you find any further entries, feel free to edit the page directly. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH 0/7] User/group assignment: ftp, mail, postmaster
On Thu, 2019-06-20 at 18:35 +, Robin H. Johnson wrote: > On Thu, Jun 20, 2019 at 11:33:04AM -0700, Georgy Yakovlev wrote: > > On Thursday, June 20, 2019 3:11:07 AM PDT Michał Górny wrote: > > > Hi, > > > Please review. > > > > > > [1] > > > https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment > > > > > > > it's probably wort adding links to other distro standard UIDs as a > > reference. > > > > RHEL[1] > > Fedora[2] > > Arch[3] > > > > [1] > > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users > > [2] https://pagure.io/setup/blob/master/f/uidgid > > [3] https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database > > Here's the Debian ones to add: > https://www.debian.org/doc/debian-policy/ch-opersys.html#users-and-groups > https://salsa.debian.org/debian/base-passwd That actually looks like baselayout in Gentoo, so not much value there. > > I don't know if Ubuntu has extra ones beyond that, probably worth > researching. > -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH 0/7] User/group assignment: ftp, mail, postmaster
On Thu, Jun 20, 2019 at 11:33:04AM -0700, Georgy Yakovlev wrote: > On Thursday, June 20, 2019 3:11:07 AM PDT Michał Górny wrote: > > Hi, > > > > > Please review. > > > > [1] > > https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment > > > > it's probably wort adding links to other distro standard UIDs as a reference. > > RHEL[1] > Fedora[2] > Arch[3] > > [1] > https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users > [2] https://pagure.io/setup/blob/master/f/uidgid > [3] https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database Here's the Debian ones to add: https://www.debian.org/doc/debian-policy/ch-opersys.html#users-and-groups https://salsa.debian.org/debian/base-passwd I don't know if Ubuntu has extra ones beyond that, probably worth researching. -- Robin Hugh Johnson Gentoo Linux: Dev, Infra Lead, Foundation Treasurer E-Mail : robb...@gentoo.org GnuPG FP : 11ACBA4F 4778E3F6 E4EDF38E B27B944E 34884E85 GnuPG FP : 7D0B3CEB E9B85B1F 825BCECF EE05E6F6 A48F6136 signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH 0/7] User/group assignment: ftp, mail, postmaster
On Thursday, June 20, 2019 3:11:07 AM PDT Michał Górny wrote: > Hi, > > Please review. > > [1] > https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment > it's probably wort adding links to other distro standard UIDs as a reference. RHEL[1] Fedora[2] Arch[3] [1] https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/5/html/deployment_guide/s1-users-groups-standard-users [2] https://pagure.io/setup/blob/master/f/uidgid [3] https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database signature.asc Description: This is a digitally signed message part.
Re: [gentoo-dev] [PATCH v3] glep-0081: User and group management via dedicated packages
On Thu, 2019-06-20 at 09:53 -0400, Brian Evans wrote: > On 6/9/2019 7:39 AM, Michał Górny wrote: > > +Tracking of user/group usage is done through dependencies. As long > > +as any installed package depends on a specific user/group package, > > +the respective user/group is assumed to be used. If no package > > +requiring the specific user/group is left, the package manager > > +automatically prunes the package clearly indicating it is no longer > > +used. > > You cannot know when a name is "no longer used". An administrator could > have adopted a username for other purposes. That's why we don't remove the actual user/group. However, this is a valuable information to the administrator that no package is using the user/group in question. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
[gentoo-dev] [PATCH 2/2] package.mask: Mask vulnerable FreeBSD base packages
Signed-off-by: Michał Górny --- profiles/package.mask | 22 ++ 1 file changed, 22 insertions(+) diff --git a/profiles/package.mask b/profiles/package.mask index ec22b0c89967..2065a8980d0e 100644 --- a/profiles/package.mask +++ b/profiles/package.mask @@ -29,6 +29,28 @@ #--- END OF EXAMPLES --- +# Michał Górny (20 Jun 2019) +# The core FreeBSD packages are outdated, and have not been subject +# to FreeBSD erratas for quite some time. As a result, at least some +# of them are vulnerable (especially the kernel). The Gentoo/FreeBSD +# project is on life support, and we can't provide quality packages +# at the moment. Use at your own risk. +sys-freebsd/boot0 +sys-freebsd/freebsd-bin +sys-freebsd/freebsd-cddl +sys-freebsd/freebsd-lib +sys-freebsd/freebsd-libexec +sys-freebsd/freebsd-mk-defs +sys-freebsd/freebsd-pam-modules +sys-freebsd/freebsd-pf +sys-freebsd/freebsd-rescue +sys-freebsd/freebsd-sbin +sys-freebsd/freebsd-share +sys-freebsd/freebsd-sources +sys-freebsd/freebsd-ubin +sys-freebsd/freebsd-usbin +sys-freebsd/ubin-wrappers + # Sobhan Mohammadpour (19 Jun 2019) # this is new and it needs testing >=app-misc/geoclue-2.5.3 -- 2.22.0
[gentoo-dev] [PATCH 1/2] profiles.desc: Mark last amd64-fbsd profile exp
The G/FBSD team is not really capable of supporting a stable profile anymore. More and more packages are failing due to upstream relying on Linux userland and/or newer FreeBSD version. At the same time, our core packages are outdated and vulnerable, and nobody worked on them for a long time. Signed-off-by: Michał Górny --- profiles/profiles.desc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/profiles/profiles.desc b/profiles/profiles.desc index 4b490671c213..192ad5df25ac 100644 --- a/profiles/profiles.desc +++ b/profiles/profiles.desc @@ -200,7 +200,7 @@ x86 default/linux/x86/17.0/systemd stable # Gentoo/FreeBSD Profiles # @MAINTAINER: b...@gentoo.org -amd64-fbsd default/bsd/fbsd/amd64/11.1 stable +amd64-fbsd default/bsd/fbsd/amd64/11.1 exp amd64-fbsd default/bsd/fbsd/amd64/11.1/clang exp x86-fbsd default/bsd/fbsd/x86/11.1 exp -- 2.22.0
Re: [gentoo-dev] [PATCH v3] glep-0081: User and group management via dedicated packages
On 6/20/19 9:53 AM, Brian Evans wrote: >> + >> +Following the acceptance of this GLEP, all new users and groups must >> +be created via user/group packages as defined in this GLEP. The old >> +method may still be used for existing users/groups, in existing >> +packages. >> + >> +All new users and groups must have unique UIDs/GIDs assigned >> +by developers. The developer adding them is responsible for checking >> +for collisions. > > What significance will such numbers have when a daemon uses a new > UID/GID and really doesn't care what it is? Why do we have to go > through the effort of assigning fixed IDs at random? > People want this. Here's the thread from 2017: https://archives.gentoo.org/gentoo-dev/message/2355afd4f5b72651e2ff47ea8b10c1fe Selectively quoting: * I might be not following correctly, but due to how filesystems/etc work it is probably desirable to have consistent UID/GIDs as much as reasonably possible. -rich0 * I don't think we need to have stable UIDs/GIDs in the "normal" case of standalone users with a single Gentoo system at home. The people who need predictable UIDs/GIDs are the "enterprise" users or the home users who use things such as NFS. I work for a company that uses Gentoo, we have a bunch of workarounds to make sure that UIDs and GIDs are stable. -chutzpah * I for one am more than willing to do whatever shell commands necessary to make all my Gentoo installs agree on UIDs and get [fixed UID proposal] now, but I realise most people are not. -A. Wilcox * YES! I think after [fixed UIDs] is finalized, it should be part of the handbook installation as a default, but selectable. -james * If the user does not exist then create it. Preferably use a pre- assigned UID/GID so there is some consistency with most other Gentoo things out there. -Alan McKinnon This will make a lot of peoples' lives easier, and is very easy to do.
Re: [gentoo-dev] [PATCH v3] glep-0081: User and group management via dedicated packages
On 6/9/2019 7:39 AM, Michał Górny wrote: > +Specification > += > + > +Policy > +-- > + > +Following the acceptance of this GLEP, all new users and groups must > +be created via user/group packages as defined in this GLEP. The old > +method may still be used for existing users/groups, in existing > +packages. > + > +All new users and groups must have unique UIDs/GIDs assigned > +by developers. The developer adding them is responsible for checking > +for collisions. What significance will such numbers have when a daemon uses a new UID/GID and really doesn't care what it is? Why do we have to go through the effort of assigning fixed IDs at random? > + > +Before adding a new user and/or group, the developer must send a RFC > +to the ``gentoo-dev`` mailing list. This paragraph should go away. It is a complete waste of time. > + > + > +Logical structure > +- > + > +In this proposal, system users and groups are represented by regular > +packages. Those packages logically represent the ownership of > +the respective users and group, and technically implement their > +creation. > + > +User packages are placed in ``acct-user`` category. Each user package > +defines the properties of the particular user, and must be named after > +the user it creates. It must depend at build and run time on the groups > +the user belongs to. > + > +Group packages are placed in ``acct-group`` category. Each group > +package defines the properties of the particular group, and must be > +named after the group it creates. > + > +All user and group packages must define preferred fixed UIDs/GIDs, > +and they must be unique within the repository. The packages should > +indicate whether the value needs to be strictly enforced, or whether > +another UID/GID is acceptable when the user exists already or requested > +UID/GID is taken. > + > +Packages needing a specific user or group use dependencies to pull > +the required user/group packages. If the user is needed at build time, > +a build time dependency (``DEPEND``) must be used. If the user is > +needed at install and/or run time, a run time dependency (``RDEPEND``) > +must be used. Sounds like extra upgrade dependency time in an already crowded resolution tree. > + > +Rationale > += > + > +Requiring mailing list RFC > +-- > + > +The policy explicitly requires RFC-es for new users and groups, as they > +have global scopes and effects of mistakes while adding them are hard > +to fix. Wider review should decrease the risk of major design mistakes. > + > +To provide one example, right now we have two different packages > +creating ``git`` user and requiring a different home directory for > +the user. As a result, the first package being installed defines > +the actual home directory, and both technically can not be installed > +at the same time. This section should go away. It is a complete waste of time. > + > + > +Satisfied goals > +--- > + > +Tracking of user/group usage is done through dependencies. As long > +as any installed package depends on a specific user/group package, > +the respective user/group is assumed to be used. If no package > +requiring the specific user/group is left, the package manager > +automatically prunes the package clearly indicating it is no longer > +used. You cannot know when a name is "no longer used". An administrator could have adopted a username for other purposes. > + > +Each user and group has a single respective package creating it. > +If multiple packages need it, they depend on the same package. This > +ensures that all properties are kept in a single location, and do not > +need to be synced. > + > +Having a single location with all predefined user/group ranges makes it > +possible to maintain fixed UID/GID definitions. This GLEP makes > +allocating them obligatory. While this isn't enforced for existing > +users, it provides a way forward for new installations. > + > +Local overrides can be trivially implemented via local repository, > +through overriding the respective user/group ebuilds. The proposal also > +respects direct sysadmin modifications. > + > +Avoiding unnecessary user/group creation at build time is implemented > +via correct dependency types. While this was possible with the status > +quo, the dependency model should be more natural to developers and cause > +less mistakes. > + > + signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] User/group packages: the masterplan
On Thu, 2019-06-20 at 09:07 -0400, Brian Evans wrote:
> On 6/18/2019 7:31 AM, Michał Górny wrote:
> > 3. Give people some time for wider testing.
> >
> > At this point, the new eclasses would be non-binding, i.e. you will
> > still be able to commit new packages using user.eclass old style.
> > The eclasses would be bound with usual eclass stability requirements,
> > i.e. some API changes may happen if necessary.
> >
> > 4. If no major issues arise, submit GLEP 81 for formal approval.
> >
> > Once GLEP 81 is formally approved, using user.eclass directly becomes
> > deprecated and new packages are expected to use acct-*/*.
> >
>
> I object to this as some packages just need a user/group for a single
> daemon that is not shared with another package. The numbering does not
> really matter in this case as it will never leave the machine.
>
> user.eclass should exist for this purpose and the acct-{group/user}
> should exist for static purposes which I find to be rather rare.
>
You should read the relevant discussion. The use cases for fixed
UIDs/GIDs go beyond sharing users/groups. Most notably, they involve
sharing filesystems, archives etc. I'm aware those things can't work
reliably today but that's no reason to prevent users from trying to get
them working in the future.
--
Best regards,
Michał Górny
signature.asc
Description: This is a digitally signed message part
Re: [gentoo-dev] [PATCH 4/7] acct-group/mail: Add 'mail' group (GID 12 on Linux)
On Thu, 2019-06-20 at 14:57 +0200, Ulrich Mueller wrote: > > > > > > On Thu, 20 Jun 2019, Michał Górny wrote: > > --- /dev/null > > +++ b/acct-group/mail/mail-0.ebuild > > @@ -0,0 +1,9 @@ > > +# Copyright 2019 Gentoo Authors > > +# Distributed under the terms of the GNU General Public License v2 > > + > > +EAPI=7 > > + > > +inherit acct-group > > + > > +DESCRIPTION="Mail program group" > > +ACCT_GROUP_ID=12 > > Shouldn't this one have KEYWORDS for Linux only? > I was thinking about it but then we'd have to conditionally depend on it everywhere, and this will make things painful e.g. for acct- user/postmaster. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
Re: [gentoo-dev] User/group packages: the masterplan
On 6/18/2019 7:31 AM, Michał Górny wrote:
>
> 3. Give people some time for wider testing.
>
> At this point, the new eclasses would be non-binding, i.e. you will
> still be able to commit new packages using user.eclass old style.
> The eclasses would be bound with usual eclass stability requirements,
> i.e. some API changes may happen if necessary.
>
> 4. If no major issues arise, submit GLEP 81 for formal approval.
>
> Once GLEP 81 is formally approved, using user.eclass directly becomes
> deprecated and new packages are expected to use acct-*/*.
>
I object to this as some packages just need a user/group for a single
daemon that is not shared with another package. The numbering does not
really matter in this case as it will never leave the machine.
user.eclass should exist for this purpose and the acct-{group/user}
should exist for static purposes which I find to be rather rare.
Brian
signature.asc
Description: OpenPGP digital signature
Re: [gentoo-dev] [PATCH 4/7] acct-group/mail: Add 'mail' group (GID 12 on Linux)
> On Thu, 20 Jun 2019, Michał Górny wrote: > --- /dev/null > +++ b/acct-group/mail/mail-0.ebuild > @@ -0,0 +1,9 @@ > +# Copyright 2019 Gentoo Authors > +# Distributed under the terms of the GNU General Public License v2 > + > +EAPI=7 > + > +inherit acct-group > + > +DESCRIPTION="Mail program group" > +ACCT_GROUP_ID=12 Shouldn't this one have KEYWORDS for Linux only? Ulrich signature.asc Description: PGP signature
Re: [gentoo-dev] [PATCH 0/7] User/group assignment: ftp, mail, postmaster
> On Thu, 20 Jun 2019, Michał Górny wrote: > Here's the RFC for first acct-* packages I'd like to commit. This is > also a request to reserve the respective UIDs/GIDs. Namely: > Groups: > ftp - 21 > mail - 12 (on Linux, FreeBSD has it in baselayout) > Users: > ftp - 21 > mail - 8 (on Linux, likewise) > postmaster - 14 This is what is currently used by packages in the tree, and I see no conflicts for either names or ids. Ulrich signature.asc Description: PGP signature
Re: [gentoo-dev] Re: EAPI 2 must die
Am 06.06.19 um 17:28 schrieb Anthony G. Basile: > Didn't we have some "archive" for old ebuilds? Maybe we can move > it there. What about an overlay for this purpose? Its like in real life they come into life and leave the same way... Despite that, I usually dig in the git repository when I look for deleted files et.al. like described here https://stackoverflow.com/questions/7203515/git-how-to-find-a-deleted-file-in-the-project-commit-history signature.asc Description: OpenPGP digital signature
Re: [gentoo-dev] RFC: acct-group/gamestat
On Thu, 2019-06-20 at 13:49 +0200, Ulrich Mueller wrote: > "gamestat" group with gid 36, as defined by QA policy: > https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Policies#Games > > Not attaching the ebuild, because it's standard boilerplate, defining > only two variables: > >DESCRIPTION="Group for shared game state files" >ACCT_GROUP_ID=36 > > Its first reverse dependency would be app-editors/emacs[games]. > LGTM. FWICS GID 36 is used consistently across different packages. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
[gentoo-dev] RFC: acct-group/gamestat
"gamestat" group with gid 36, as defined by QA policy: https://wiki.gentoo.org/wiki/Project:Quality_Assurance/Policies#Games Not attaching the ebuild, because it's standard boilerplate, defining only two variables: DESCRIPTION="Group for shared game state files" ACCT_GROUP_ID=36 Its first reverse dependency would be app-editors/emacs[games]. Ulrich signature.asc Description: PGP signature
[gentoo-dev] [PATCH 7/7] net-mail/mailbase: Migrate to use acct-*/{mail,postmaster}
Signed-off-by: Michał Górny
---
net-mail/mailbase/mailbase-1.5-r1.ebuild | 45
1 file changed, 45 insertions(+)
create mode 100644 net-mail/mailbase/mailbase-1.5-r1.ebuild
diff --git a/net-mail/mailbase/mailbase-1.5-r1.ebuild
b/net-mail/mailbase/mailbase-1.5-r1.ebuild
new file mode 100644
index ..8a212cf0d798
--- /dev/null
+++ b/net-mail/mailbase/mailbase-1.5-r1.ebuild
@@ -0,0 +1,45 @@
+# Copyright 1999-2019 Gentoo Authors
+# Distributed under the terms of the GNU General Public License v2
+
+EAPI=7
+inherit pam
+
+DESCRIPTION="MTA layout package"
+SRC_URI=""
+HOMEPAGE="https://www.gentoo.org/";
+
+LICENSE="GPL-2"
+SLOT="0"
+KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390
~sh ~sparc ~x86 ~amd64-fbsd ~x86-fbsd"
+IUSE="pam"
+
+RDEPEND="
+ acct-group/mail
+ acct-user/mail
+ acct-user/postmaster
+ pam? ( virtual/pam )"
+
+S=${WORKDIR}
+
+src_install() {
+ dodir /etc/mail
+ insinto /etc/mail
+ doins "${FILESDIR}"/aliases
+ insinto /etc
+ doins "${FILESDIR}"/mailcap
+ doman "${FILESDIR}"/mailcap.5
+
+ dosym spool/mail /var/mail
+
+ newpamd "${FILESDIR}"/common-pamd-include pop
+ newpamd "${FILESDIR}"/common-pamd-include imap
+ if use pam ; then
+ local p
+ for p in pop3 pop3s pops ; do
+ dosym pop /etc/pam.d/${p}
+ done
+ for p in imap4 imap4s imaps ; do
+ dosym imap /etc/pam.d/${p}
+ done
+ fi
+}
--
2.22.0
[gentoo-dev] [PATCH 6/7] acct-user/postmaster: Add 'postmaster' user (UID 14)
Signed-off-by: Michał Górny --- acct-user/postmaster/metadata.xml| 8 acct-user/postmaster/postmaster-0.ebuild | 15 +++ 2 files changed, 23 insertions(+) create mode 100644 acct-user/postmaster/metadata.xml create mode 100644 acct-user/postmaster/postmaster-0.ebuild diff --git a/acct-user/postmaster/metadata.xml b/acct-user/postmaster/metadata.xml new file mode 100644 index ..e6f3bf582ab7 --- /dev/null +++ b/acct-user/postmaster/metadata.xml @@ -0,0 +1,8 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + +e...@gentoo.org +Eray Aslan + + diff --git a/acct-user/postmaster/postmaster-0.ebuild b/acct-user/postmaster/postmaster-0.ebuild new file mode 100644 index ..6f182fb97170 --- /dev/null +++ b/acct-user/postmaster/postmaster-0.ebuild @@ -0,0 +1,15 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-user + +DESCRIPTION="Postmaster user" +ACCT_USER_ID=14 +ACCT_USER_HOME=/var/spool/mail +ACCT_USER_HOME_OWNER=root:mail +ACCT_USER_HOME_PERMS=03775 +ACCT_USER_GROUPS=( mail ) + +acct-user_add_deps -- 2.22.0
[gentoo-dev] [PATCH 4/7] acct-group/mail: Add 'mail' group (GID 12 on Linux)
Signed-off-by: Michał Górny --- acct-group/mail/mail-0.ebuild | 9 + acct-group/mail/metadata.xml | 8 2 files changed, 17 insertions(+) create mode 100644 acct-group/mail/mail-0.ebuild create mode 100644 acct-group/mail/metadata.xml diff --git a/acct-group/mail/mail-0.ebuild b/acct-group/mail/mail-0.ebuild new file mode 100644 index ..3e6491a31e24 --- /dev/null +++ b/acct-group/mail/mail-0.ebuild @@ -0,0 +1,9 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-group + +DESCRIPTION="Mail program group" +ACCT_GROUP_ID=12 diff --git a/acct-group/mail/metadata.xml b/acct-group/mail/metadata.xml new file mode 100644 index ..e6f3bf582ab7 --- /dev/null +++ b/acct-group/mail/metadata.xml @@ -0,0 +1,8 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + +e...@gentoo.org +Eray Aslan + + -- 2.22.0
[gentoo-dev] [PATCH 5/7] acct-user/mail: Add 'mail' user (UID 8 on Linux)
Signed-off-by: Michał Górny --- acct-user/mail/mail-0.ebuild | 15 +++ acct-user/mail/metadata.xml | 8 2 files changed, 23 insertions(+) create mode 100644 acct-user/mail/mail-0.ebuild create mode 100644 acct-user/mail/metadata.xml diff --git a/acct-user/mail/mail-0.ebuild b/acct-user/mail/mail-0.ebuild new file mode 100644 index ..0b4854eb984e --- /dev/null +++ b/acct-user/mail/mail-0.ebuild @@ -0,0 +1,15 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-user + +DESCRIPTION="Mail program user" +ACCT_USER_ID=8 +ACCT_USER_HOME=/var/spool/mail +ACCT_USER_HOME_OWNER=root:mail +ACCT_USER_HOME_PERMS=03775 +ACCT_USER_GROUPS=( mail ) + +acct-user_add_deps diff --git a/acct-user/mail/metadata.xml b/acct-user/mail/metadata.xml new file mode 100644 index ..e6f3bf582ab7 --- /dev/null +++ b/acct-user/mail/metadata.xml @@ -0,0 +1,8 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + +e...@gentoo.org +Eray Aslan + + -- 2.22.0
[gentoo-dev] [PATCH 3/7] net-ftp/ftpbase: Utilize {group,user}/ftp
Signed-off-by: Michał Górny --- net-ftp/ftpbase/ftpbase-0.01-r3.ebuild | 39 ++ 1 file changed, 39 insertions(+) create mode 100644 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild diff --git a/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild b/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild new file mode 100644 index ..c333840faa18 --- /dev/null +++ b/net-ftp/ftpbase/ftpbase-0.01-r3.ebuild @@ -0,0 +1,39 @@ +# Copyright 1999-2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit eutils pam user + +DESCRIPTION="FTP layout package" +HOMEPAGE="https://www.gentoo.org/"; +SRC_URI="" + +LICENSE="GPL-2" +SLOT="0" +KEYWORDS="~alpha ~amd64 ~arm ~arm64 ~hppa ~ia64 ~m68k ~mips ~ppc ~ppc64 ~s390 ~sh ~sparc ~x86 ~x86-fbsd" +IUSE="pam" + +DEPEND="pam? ( virtual/pam ) + !
[gentoo-dev] [PATCH 2/7] acct-user/ftp: Add 'ftp' user (UID 21)
Signed-off-by: Michał Górny --- acct-user/ftp/ftp-0.ebuild | 14 ++ acct-user/ftp/metadata.xml | 5 + profiles/categories| 1 + 3 files changed, 20 insertions(+) create mode 100644 acct-user/ftp/ftp-0.ebuild create mode 100644 acct-user/ftp/metadata.xml diff --git a/acct-user/ftp/ftp-0.ebuild b/acct-user/ftp/ftp-0.ebuild new file mode 100644 index ..e33e289397a2 --- /dev/null +++ b/acct-user/ftp/ftp-0.ebuild @@ -0,0 +1,14 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-user + +DESCRIPTION="File Transfer Protocol server user" +ACCT_USER_ID=21 +ACCT_USER_HOME=/home/ftp +ACCT_USER_HOME_OWNER=root:ftp +ACCT_USER_GROUPS=( ftp ) + +acct-user_add_deps diff --git a/acct-user/ftp/metadata.xml b/acct-user/ftp/metadata.xml new file mode 100644 index ..7a38bb900964 --- /dev/null +++ b/acct-user/ftp/metadata.xml @@ -0,0 +1,5 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + + diff --git a/profiles/categories b/profiles/categories index ebfc72f70759..0f45f8cd1732 100644 --- a/profiles/categories +++ b/profiles/categories @@ -1,4 +1,5 @@ acct-group +acct-user app-accessibility app-admin app-antivirus -- 2.22.0
[gentoo-dev] [PATCH 1/7] acct-group/ftp: Add 'ftp' group (GID 21)
Signed-off-by: Michał Górny --- acct-group/ftp/ftp-0.ebuild | 9 + acct-group/ftp/metadata.xml | 5 + profiles/categories | 1 + 3 files changed, 15 insertions(+) create mode 100644 acct-group/ftp/ftp-0.ebuild create mode 100644 acct-group/ftp/metadata.xml diff --git a/acct-group/ftp/ftp-0.ebuild b/acct-group/ftp/ftp-0.ebuild new file mode 100644 index ..73978ac12484 --- /dev/null +++ b/acct-group/ftp/ftp-0.ebuild @@ -0,0 +1,9 @@ +# Copyright 2019 Gentoo Authors +# Distributed under the terms of the GNU General Public License v2 + +EAPI=7 + +inherit acct-group + +DESCRIPTION="File Transfer Protocol server user" +ACCT_GROUP_ID=21 diff --git a/acct-group/ftp/metadata.xml b/acct-group/ftp/metadata.xml new file mode 100644 index ..7a38bb900964 --- /dev/null +++ b/acct-group/ftp/metadata.xml @@ -0,0 +1,5 @@ + +http://www.gentoo.org/dtd/metadata.dtd";> + + + diff --git a/profiles/categories b/profiles/categories index 4ff0d5562001..ebfc72f70759 100644 --- a/profiles/categories +++ b/profiles/categories @@ -1,3 +1,4 @@ +acct-group app-accessibility app-admin app-antivirus -- 2.22.0
[gentoo-dev] [PATCH 0/7] User/group assignment: ftp, mail, postmaster
Hi,
Here's the RFC for first acct-* packages I'd like to commit. This is
also a request to reserve the respective UIDs/GIDs. Namely:
Groups:
ftp - 21
mail - 12 (on Linux, FreeBSD has it in baselayout)
Users:
ftp - 21
mail - 8 (on Linux, likewise)
postmaster - 14
I have included updates for respective *base packages, and copied
maintainers from those packages.
I have also started a proposed page to maintain list of used group
and user identifiers on the wiki [1].
Please review.
[1] https://wiki.gentoo.org/wiki/Project:Quality_Assurance/UID_GID_Assignment
--
Best regards,
Michał Górny
Michał Górny (7):
acct-group/ftp: Add 'ftp' group (GID 21)
acct-user/ftp: Add 'ftp' user (UID 21)
net-ftp/ftpbase: Utilize {group,user}/ftp
acct-group/mail: Add 'mail' group (GID 12 on Linux)
acct-user/mail: Add 'mail' user (UID 8 on Linux)
acct-user/postmaster: Add 'postmaster' user (UID 14)
net-mail/mailbase: Migrate to use acct-*/{mail,postmaster}
acct-group/ftp/ftp-0.ebuild | 9 +
acct-group/ftp/metadata.xml | 5 +++
acct-group/mail/mail-0.ebuild| 9 +
acct-group/mail/metadata.xml | 8 +
acct-user/ftp/ftp-0.ebuild | 14
acct-user/ftp/metadata.xml | 5 +++
acct-user/mail/mail-0.ebuild | 15
acct-user/mail/metadata.xml | 8 +
acct-user/postmaster/metadata.xml| 8 +
acct-user/postmaster/postmaster-0.ebuild | 15
net-ftp/ftpbase/ftpbase-0.01-r3.ebuild | 39
net-mail/mailbase/mailbase-1.5-r1.ebuild | 45
profiles/categories | 2 ++
13 files changed, 182 insertions(+)
create mode 100644 acct-group/ftp/ftp-0.ebuild
create mode 100644 acct-group/ftp/metadata.xml
create mode 100644 acct-group/mail/mail-0.ebuild
create mode 100644 acct-group/mail/metadata.xml
create mode 100644 acct-user/ftp/ftp-0.ebuild
create mode 100644 acct-user/ftp/metadata.xml
create mode 100644 acct-user/mail/mail-0.ebuild
create mode 100644 acct-user/mail/metadata.xml
create mode 100644 acct-user/postmaster/metadata.xml
create mode 100644 acct-user/postmaster/postmaster-0.ebuild
create mode 100644 net-ftp/ftpbase/ftpbase-0.01-r3.ebuild
create mode 100644 net-mail/mailbase/mailbase-1.5-r1.ebuild
--
2.22.0
Re: [gentoo-dev] User/group packages: the masterplan
On Tue, 2019-06-18 at 13:31 +0200, Michał Górny wrote: > Hi, everyone. > > Since there were no major objections raised against the proposal of > switching user/group management to dedicated acct-*/* packages, I'd like > to proceed as follows: > > 1. Commit GLEP 81 draft (as of last posting [1], plus patchset links > update). > > 2. Commit eclass change part of patchset v4 [2]. Pushed now. -- Best regards, Michał Górny signature.asc Description: This is a digitally signed message part
