Re: opentmpfiles & opensysusers, and its use in the Debian policy
On 1/2/20 6:28 PM, Simon McVittie wrote:
> On systemd systems, that's approximately:
>
> - run systemd-tmpfiles when a package installs a tmpfiles.d snippet
> (this is added to the package's postinst by dh_installsystemd)
>
> - run systemd-sysusers when a package installs a sysusers.d snippet
> (I don't think we have tools to add this to the postinst yet, because
> packages are currently meant to run adduser --system instead, but
> more-systemd-centric distributions probably already do this in their
> equivalent of the postinst)
>
> - run systemd-tmpfiles during boot (this is systemd-tmpfiles-setup.service,
> part of systemd)
>
> - run systemd-sysusers during boot (this is
> systemd-sysusers.service, part of systemd)
>
> The opentmpfiles and opensysusers packaging will need to arrange to do
> something analogous, most likely in cooperation with dh_installsystemd
> or some other debhelper step for the first two points, and with LSB init
> scripts for the tasks where systemd uses one-shot services.
Right, and I haven't implemented this yet. Contributions welcome!
> At the moment, the policy is that system users are created by running
> adduser, and installing sysusers.d files is allowed but redundant. For
> example, dbus installs /usr/lib/sysusers.d/dbus.conf, but doesn't rely
> on it being processed - the postinst calls adduser, so the sysusers.d
> snippet will only have any effect if the messagebus user somehow gets
> deleted, in which case systemd-booted systems will recover by recreating
> it during the next boot.
I suppose we all agree that the goal is to have adduser manual call go
away and being replaced by the automated declarative way. Probably we
would need to have the system user be installed *before* the postinst
runs, so that the eventual daemon used in the package has the system
user available.
Cheers,
Thomas Goirand (zigo)
Reply to: