From owner-freebsd-stable@FreeBSD.ORG Wed Dec 19 23:43:48 2012 Return-Path: Delivered-To: stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [69.147.83.52]) by hub.freebsd.org (Postfix) with ESMTP id 860A4762 for ; Wed, 19 Dec 2012 23:43:48 +0000 (UTC) (envelope-from rwatson@FreeBSD.org) Received: from cyrus.watson.org (cyrus.watson.org [65.122.17.42]) by mx1.freebsd.org (Postfix) with ESMTP id 550828FC0A for ; Wed, 19 Dec 2012 23:43:48 +0000 (UTC) Received: from [192.168.2.119] (host86-129-88-139.range86-129.btcentralplus.com [86.129.88.139]) by cyrus.watson.org (Postfix) with ESMTPSA id 2690546B09; Wed, 19 Dec 2012 18:43:47 -0500 (EST) Subject: Re: MFC: Distributed audit daemon committed (was: svn commit: r243752 - in head: etc etc/defaults etc/mail etc/mtree etc/rc.d share/man/man4 usr.sbin usr.sbin/auditdistd (fwd)) (fwd) Mime-Version: 1.0 (Apple Message framework v1283) Content-Type: text/plain; charset=iso-8859-1 From: "Robert N. M. Watson" In-Reply-To: <50D0B813.5030100@shatow.net> Date: Wed, 19 Dec 2012 23:43:45 +0000 Content-Transfer-Encoding: quoted-printable Message-Id: <5416F71C-303F-4904-B87D-79F538573683@FreeBSD.org> References: <50D0B813.5030100@shatow.net> To: Bryan Drewery X-Mailer: Apple Mail (2.1283) Cc: stable@FreeBSD.org X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.14 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 19 Dec 2012 23:43:48 -0000 On 18 Dec 2012, at 18:38, Bryan Drewery wrote: >> Just an FYI that the new distributed audit daemon has been MFC'd to >> 9-STABLE. >>=20 >> As noted in UPDATING, you will need to run "mergemaster -p" before = using >> installkernel or installworld targets in order to add the new >> "auditdistd" system user. This should be part of the regular update >> cycle anyway, but after the experience of adding auditdistd in >> 10-CURRENT, we've discovered that many people are skipping that step = in >> the update cycle, so I figured it best to point out here. >>=20 >> (Technically, only installworld requires the user, but the user-check >> guards in the system Makefiles are enforced for both targets.) >=20 > Have you seen misc/174405? Apparently installkernel is requiring the > user as well. The documented process in UPDATING does not mention > running mergemaster -p before [install]kernel. Hi Bryan: I was not aware of the PR. However, yes, that was the point I was making = in my e-mail -- that the Makefile seems to put the user check on = installkernel and not just installworld. While I did MFC the change to = add the 'auditdistd' user to the requirements list, I didn't originate = that change, and agree that it's a "false positive". I hadn't originally = planned to add an UPDATING entry, or Makefile dependency, as mergemaster = -p is part of our standard upgrade procedure before installworld; = however, I got a lot of complaints :-). I did also add an explicit URL = pointing at the upgrade procedure in the handbook as part of UPDATING as = a result. It would be useful if someone would make the necessary changes = to the Makefile infrastructure to allow kernel vs. userspace = install-time dependencies on users (and groups) separate. Robert=