-
Notifications
You must be signed in to change notification settings - Fork 252
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
use systemd-sysusers in RPMs #6807
Conversation
I'm not sure how to properly add the new source file (sssd.sysusers) into all of the CI/automated builds. |
Can you provide some type of background (i.e. description, links) to what you are trying to achieve? |
This is about adopting to the new preferred implementation for adding users/groups to replace 'useradd/groupadd' commands. https://fedoraproject.org/wiki/Changes/Adopting_sysusers.d_format |
IIUC we need to add an additional input variable to https://github.com/SSSD/action-build-srpm which accepts a file, that can be used for any additional SourceX files, in this case
Do you agree @pbrezina ? |
2b91dcd
to
578ce13
Compare
Signed-off-by: Jonathan <[email protected]>
578ce13
to
8382699
Compare
Yes, but it must be able to take more files not just one. |
PR Created next-actions/build-srpm#1 |
I added the changes justin-stephenson@8308be0 to have this pass in CI. @ikerexxe does it look good from your side? If so then @jonathanspw can cherry-pick this commit into this PR. I am not sure if we want to make this change for RHEL8 and RHEL9, if yes then we need to change this condition in the spec file. I will defer to @alexey-tikhonov on this.
|
@@ -188,7 +189,8 @@ Requires: (sssd-nfs-idmap = %{version}-%{release} if libnfsidmap) | |||
Requires: libsss_idmap = %{version}-%{release} | |||
Requires: libsss_certmap = %{version}-%{release} | |||
%if 0%{?rhel} | |||
Requires(pre): shadow-utils | |||
BuildRequires: systemd-rpm-macros |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Why is it BuildRequires (and not Requires)?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This, and several of your other concerns, are explained in https://docs.fedoraproject.org/en-US/packaging-guidelines/UsersAndGroups/#_allocation_strategies
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Guide says "add a BuildRequires" but doesn't actually explain.
@@ -701,6 +703,8 @@ do | |||
cat $subpackage.lang | |||
done | |||
|
|||
install -D -p -m 0644 %{SOURCE1} %{buildroot}%{_sysusersdir}/sssd.conf |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this name - 'sssd.conf' - mandated anywhere?
It's confusing because it matches name of SSSD config file.
Would it be possible to use different name for a file with sysuser definition?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I checked _sysusersdir
location (/usr/lib/sysusers.d/) and I only saw one exception, which I guess makes it valid to use another extension
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Per man sysusers.d
CONFIGURATION DIRECTORIES AND PRECEDENCE
Each configuration file shall be named in the style of package.conf or package-part.conf. The second variant should be used when it is desirable to make it easy to override just this part of configuration.
@@ -54,6 +54,7 @@ Summary: System Security Services Daemon | |||
License: GPLv3+ | |||
URL: https://github.com/SSSD/sssd/ | |||
Source0: %{url}/archive/%{version}/%{name}-%{version}.tar.gz | |||
Source1: sssd.sysusers |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Is this file has to be maintained in downstream dist-git like spec-file?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
@@ -804,6 +808,10 @@ done | |||
%{_datadir}/systemtap/tapset/sssd.stp | |||
%{_datadir}/systemtap/tapset/sssd_functions.stp | |||
%{_mandir}/man5/sssd-systemtap.5* | |||
%if 0%{?rhel} >= 9 || 0%{?fedora} |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Either I misunderstand something, or this condition is inconsistent:
install
above is unconditional.- config is packaged for rhel >= 9 and fedora
- below users are created for rhel only (any version)
Frankly I wouldn't touch RHEL8 and RHEL9 and only bring this to F40+/RHEL10
@@ -0,0 +1 @@ | |||
u sssd - "User for sssd" / /sbin/nologin |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
At the beginning of the spec-file we have:
# define SSSD user
%if 0%{?rhel}
%global sssd_user sssd
...
Would it be possible to avoid copy-paste of 'sssd' user name?
It's failing for centos stream 8, and if we follow Alexey's proposal it will also fail in centos stream 9. For those distributions we should remove |
Any update on this one? |
if @jonathanspw is okay with it, I can open a new PR and continue to move this forward (I already have a systemd sysusers ticket assigned to me) |
Sure, whatever keeps things moving forward. |
#6925 created to continue this PR. |
No description provided.