Date: Mon, 08 Dec 2008 03:32:50 +0900 (JST) From: Hiroki Sato <hrs@FreeBSD.org> To: ports@FreeBSD.org Subject: RFC: $USE_[GU]ID for consistent [GU]ID handling Message-ID: <20081208.033250.137441016.hrs@allbsd.org>
next in thread | raw e-mail | index | archive | help
----Security_Multipart0(Mon_Dec__8_03_32_50_2008_342)--
Content-Type: Multipart/Mixed;
boundary="--Next_Part(Mon_Dec__8_03_32_50_2008_083)--"
Content-Transfer-Encoding: 7bit
----Next_Part(Mon_Dec__8_03_32_50_2008_083)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Hello,
I would like your comments about the attached patch. This is for
adding USE_UID and USE_GID which allow uid/gid addition on
installation and the removal on deinstallation. It uses
${PORTSDIR}/[GU]IDs for the detail information and can eliminate
complex shell scripts from individual ports.
For example, if you define
USE_UID= foo
in Makefile, the uid "foo" is added before pre-su-install, and
removed on deinstallation by using pw(8). If the uid already exists,
no error occurred. The multiple uids are also allowed.
The attached patch includes an example of rewrite of an existing
ports (japanese/sj3-server). After investigating ~300 ports in the
ports tree which add uid/gid I think the attached implementation can
cover most of the use case, but there may be something I missed.
Comments are welcome.
--
| Hiroki SATO
----Next_Part(Mon_Dec__8_03_32_50_2008_083)--
Content-Type: Text/Plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline; filename="ports_uid.diff"
Index: Mk/bsd.port.mk
===================================================================
RCS file: /home/ncvs/ports/Mk/bsd.port.mk,v
retrieving revision 1.604
diff -d -u -I\$FreeBSD:.*\$ -I\$NetBSD:.*\$ -I\$OpenBSD:.*\$ -I\$DragonFly:.*\$ -I\$Id:.*\$ -I\$Translation:.*\$ -I\$hrs:.*\$ -r1.604 bsd.port.mk
--- Mk/bsd.port.mk 5 Sep 2008 19:41:43 -0000 1.604
+++ Mk/bsd.port.mk 23 Nov 2008 18:48:13 -0000
@@ -524,6 +524,16 @@
# RC_SUBR_SUFFIX
# - Contains the suffix of installed rc.subr scripts.
##
+#
+# USE_UID - List UIDs to be used by the port/package. The UID must be
+# a symbolic name defined in ${PORTSDIR}/UIDs, and
+# added on installation and removed on uninstallation.
+#
+# USE_GID - List GIDs to be used by the port/package. The GID must be
+# a symbolic name defined in ${PORTSDIR}/GIDs, and
+# added on installation and removed on uninstallation.
+#
+##
# USE_APACHE - If set, this port relies on an apache webserver.
#
# USE_CDRTOOLS - If set, this port depends on sysutils/cdrtools, unless
@@ -2109,6 +2119,50 @@
.endif
.endif
+.if defined(USE_UID)
+UIDFILE?= ${PORTSDIR}/UIDs
+.for U in ${USE_UID}
+_PASSWDREGEX+= ^${U}:\\\|
+.endfor
+_PASSWDLINES= set -- ${_PASSWDREGEX}; IFS=''; ${GREP} "$${*%\|}" ${UIDFILE}
+add-uid:
+ @${_PASSWDLINES} > /dev/null 2>&1 || ( ${ECHO_MSG} '===> $$USE_UID consistency error.' && ${FALSE} )
+ @( ${_PASSWDLINES} ) | while read L; do \
+ IFS=":"; set -f; set -- $${L}; \
+ ${ECHO_MSG} "===> Adding user account: \"$${1}($${3})\""; \
+ if ! ${PW} usershow $${1} > /dev/null 2>&1; then \
+ ${PW} useradd -n "$${1}" -u "$${3}" -g "$${4}" -c "$${8}" -d "$${9}" -s "$${10}"; \
+ fi; \
+ ${ECHO_CMD} "@exec if ! ${PW} usershow $${1} > /dev/null 2>&1; then ${PW} useradd -n \"$${1}\" -u \"$${3}\" -g \"$${4}\" -c \"$${8}\" -d \"$${9}\" -s \"$${10}\"; fi" >> ${TMPPLIST}; \
+ ${ECHO_CMD} "@unexec if ${PW} usershow $${1} > /dev/null 2>&1; then ${PW} userdel -n \"$${1}\" -u \"$${3}\"; fi" >> ${TMPPLIST}; \
+ done
+.else
+add-uid:
+ @${DO_NADA}
+.endif
+
+.if defined(USE_GID)
+GIDFILE?= ${PORTSDIR}/GIDs
+.for G in ${USE_GID}
+_GROUPREGEX+= ^${G}:\\\|
+.endfor
+_GROUPLINES= set -- ${_GROUPREGEX}; IFS=''; ${GREP} "$${*%\|}" ${GIDFILE}
+add-gid:
+ @${_GROUPLINES} > /dev/null 2>&1 || ( ${ECHO_MSG} '===> $$USE_GID consistency error.' && ${FALSE} )
+ @( ${_GROUPLINES} || false ) | while read L; do \
+ IFS=":"; set -f; set -- $${L}; \
+ ${ECHO_MSG} "===> Adding group account: \"$${1}($${3})\""; \
+ if ! ${PW} groupshow $${1} > /dev/null 2>&1; then \
+ ${PW} groupadd -n "$${1}" -g "$${3}"; \
+ fi; \
+ ${ECHO_CMD} "@exec if ! ${PW} groupshow \"$${1}\" > /dev/null 2>&1; then ${PW} groupadd -n \"$${1}\" -g \"$${3}\"; fi" >> ${TMPPLIST}; \
+ ${ECHO_CMD} "@unexec if ${PW} groupshow \"$${1}\" > /dev/null 2>&1; then ${PW} groupdel -n \"$${1}\" -g \"$${3}\"; fi" >> ${TMPPLIST}; \
+ done
+.else
+add-gid:
+ @${DO_NADA}
+.endif
+
# Macro for doing in-place file editing using regexps
REINPLACE_ARGS?= -i.bak
REINPLACE_CMD?= ${SED} ${REINPLACE_ARGS}
@@ -4136,7 +4190,7 @@
_INSTALL_SEQ= install-message check-conflicts \
run-depends lib-depends apply-slist pre-install \
pre-install-script generate-plist check-already-installed
-_INSTALL_SUSEQ= check-umask install-mtree pre-su-install \
+_INSTALL_SUSEQ= check-umask install-mtree add-gid add-uid pre-su-install \
pre-su-install-script do-install install-desktop-entries \
post-install post-install-script add-plist-info \
add-plist-docs add-plist-examples add-plist-data \
Index: japanese/sj3-server/Makefile
===================================================================
RCS file: /home/ncvs/ports/japanese/sj3-server/Makefile,v
retrieving revision 1.31
diff -d -u -I\$FreeBSD:.*\$ -I\$NetBSD:.*\$ -I\$OpenBSD:.*\$ -I\$DragonFly:.*\$ -I\$Id:.*\$ -I\$Translation:.*\$ -I\$hrs:.*\$ -r1.31 Makefile
--- japanese/sj3-server/Makefile 26 Oct 2008 23:12:53 -0000 1.31
+++ japanese/sj3-server/Makefile 23 Nov 2008 18:36:44 -0000
@@ -7,7 +7,7 @@
PORTNAME= sj3
PORTVERSION= 2.0.1.20
-PORTREVISION= 6
+PORTREVISION= 7
CATEGORIES= japanese
MASTER_SITES= LOCAL/nork
PKGNAMESUFFIX= -server
@@ -23,6 +23,8 @@
USE_RC_SUBR= sj3.sh
USE_IMAKE= yes
+USE_UID= _sj3
+USE_GID= _sj3
SUB_FILES= sj3_freebsd.tmpl
SUB_LIST= DESTDIR=${DESTDIR}
@@ -52,7 +54,4 @@
pre-configure: apply-slist
${INSTALL_DATA} ${WRKDIR}/sj3_freebsd.tmpl ${WRKSRC}/sj3_freebsd.tmpl
-pre-su-install:
- @${SETENV} ${SCRIPTS_ENV} PKG_PREFIX="${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL
-
.include <bsd.port.post.mk>
Index: japanese/sj3-server/pkg-install
===================================================================
RCS file: japanese/sj3-server/pkg-install
diff -N japanese/sj3-server/pkg-install
--- japanese/sj3-server/pkg-install 26 Oct 2008 19:35:08 -0000 1.6
+++ /dev/null 1 Jan 1970 00:00:00 -0000
@@ -1,37 +0,0 @@
-#!/bin/sh
-# $FreeBSD: ports/japanese/sj3-server/pkg-install,v 1.6 2008/10/26 19:35:08 hrs Exp $
-
-PATH=/bin:/usr/sbin
-
-case $2 in
- PRE-INSTALL)
- USER=_sj3
- GROUP=${USER}
- UID=912
- GID=${UID}
-
- if pw group show "${GROUP}" 2>/dev/null; then
- echo "You already have a group \"${GROUP}\", so I will use it."
- else
- if pw groupadd ${GROUP} -g ${GID}; then
- echo "Added group \"${GROUP}\"."
- else
- echo "Adding group \"${GROUP}\" failed..."
- exit 1
- fi
- fi
-
- if pw user show "${USER}" 2>/dev/null; then
- echo "You already have a user \"${USER}\", so I will use it."
- else
- if pw useradd ${USER} -u ${UID} -g ${GROUP} -h - \
- -d /nonexistent -s /usr/sbin/nologin -c "SJ3 Daemon"
- then
- echo "Added user \"${USER}\"."
- else
- echo "Adding user \"${USER}\" failed..."
- exit 1
- fi
- fi
- ;;
-esac
----Next_Part(Mon_Dec__8_03_32_50_2008_083)----
----Security_Multipart0(Mon_Dec__8_03_32_50_2008_342)--
Content-Type: application/pgp-signature
Content-Transfer-Encoding: 7bit
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (FreeBSD)
iEYEABECAAYFAkk8FtIACgkQTyzT2CeTzy3OoQCfUr4PjMMPagFYA5Xwloc2JCVD
r3IAnRhOYe4h713YVVolFCXl/5/qoQYA
=5XP3
-----END PGP SIGNATURE-----
----Security_Multipart0(Mon_Dec__8_03_32_50_2008_342)----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20081208.033250.137441016.hrs>