[Rpm-maint] [rpm-software-management/rpm] Native sysusers support is missing dependencies (Issue #2697)

Zbigniew Jędrzejewski-Szmek notifications at github.com
Wed Oct 4 16:03:32 UTC 2023


Please correct me if I got something wrong. My understanding is the following:
- rpmbuild will generate `Provides: user(foo) = <hash>` and `Provides: group(foo) = <hash>` (??, see below) for packages which have sysusers.d files
- rpmbuild will generate `Requires: {user,group}(foo)` or `Recommends: {user,group}(foo)` for packages which carry files owned by user or group `foo` (depending on `%_use_weak_usergroup_deps`)
- rpm carries `/usr/lib/rpm/sysusers.sh` and will invoke it when installing packages which have the appropriate Provides.
- `sysusers.sh` is in bash (provided by `bash.rpm`) and calls `useradd`, `groupadd`, `usermod`, `groupmod` (provided by `shadow-utils.rpm`), `touch`, `cut`, `mkdir` (provided by `coreutils.rpm`), and `grep` (provided by `grep.rpm`).
- `rpm.rpm` declares dependency on `bash` and `coreutils`, but **not** `grep` or `shadow-utils`
- `sysusers.sh` implements `u`, `g`, and `m`, but **not** `r`
- `sysusers.sh` knows about `/usr/lib/sysusers.d`, `/run/sysusers.d`, and `/etc/sysusers.d`, but **not** about `/usr/local/lib/sysusers.d`.
- `sysusers.sh` also doesn't know about specifiers

The lack of dependencies seems to be a problem. A package may have `Requires: user(foo)`, which will pull in some package that has `Provides: user(foo)`, but this is not enough. Something else needs to pull in both `rpm` and `shadow-utils` and `grep`.

Those tool dependencies are a problem: `rpm` is a very big dependency. It is strange to install it in images just to create users. Maybe it should be split out to `rpm-sysusers-impl` (name TBD), so it can be installed without the rest of the stack? Also, that package should probably get dependencies on the appropriate tools.

Packages which are supposed to provide a user should get a Requires or Recommends dependency on the implementing tool (depending on `%_use_weak_usergroup_deps`).

I understand the decision to move away from `systemd-sysusers` as the implementation, but it would be great if it was still allowed as an option. In fact, systemd provides two implementations: one in `systemd.rpm` and the second one in `systemd-standalone-sysusers`. The latter has dependencies only on `glibc`, `libcap`, `libgcc`, `libselinux`, and `libgcrypt`, and is much smaller than `shadow-utils`.

For example, packages that have `Provides: {user,group}(…)`, could have a dependency on `rpm-sysusers-impl | systemd-sysusers`, and `rpm` should attempt to call both `systemd-sysusers` and `sysusers.sh`.

Please explain how this is all supposed to be integrated by a distro…

---

I was testing this with `dbus` package, and I noticed the following:
- `dbus-common` has `Provides: user(dbus) = dSBkYnVzIDgxICJTeXN0ZW0gTWVzc2FnZSBCdXMiIC0gLQAA` but `Provides: group(dbus)`, with no `= …`. Looking at the code, this provides will be ignored. Is this intentional?
- I can't get this to work at all. After calling `sudo dnf5 install --use-host-config --installroot=/var/tmp/inst5 noarch/dbus-common-1.14.10-1.fc40.noarch.rpm` I get no dbus in `/var/tmp/inst5/etc/{group,passwd}`. I tried installing `rpm`, `grep`, `shadow-utils` and part of the same transaction, or in an earlier transaction, and the result is the same.


/cc @DaanDeMeyer 

-- 
Reply to this email directly or view it on GitHub:
https://github.com/rpm-software-management/rpm/issues/2697
You are receiving this because you are subscribed to this thread.

Message ID: <rpm-software-management/rpm/issues/2697 at github.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-maint/attachments/20231004/418c54fa/attachment-0001.html>


More information about the Rpm-maint mailing list