[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Integration with systemd

On 11/1/19 1:51 AM, Russ Allbery wrote:
> Thomas Goirand <zigo@debian.org> writes:
> 
>> IMO, this type of decision should go in the policy, case by case, and
>> I'm not sure a GR is the solution: it's going to be a generic "use all
>> of systemd" vs a "be careful to use only things implemented elsewhere".
>> I don't think this works, as often, there is maybe a middle ground
>> "well, it depends on the situation". For the systemd-sysusers in
>> tomcat9, probably best would have been to keep thinks as they were
>> rather than using an implementation that only has the side effect as to
>> get locked-in, especially when it's easy to avoid the problem. For other
>> cases, maybe it's nice to be able to use systemd-only features, and here
>> I'm thinking namely about cgroup stuff, for example.
> 
> So, let's explore this "Policy on a case-by-case basis" approach.
> 
> I think we should adopt sysusers.d fragments as the preferred mechanism
> for creating system users (with some rules, such as a standard for how to
> name the users and a requirement that the UID be specified as - unless one
> goes through the normal base-passwd registration process).  It supports a
> declarative syntax, doesn't require putting runes of code into a shell
> script, moves us farther down the path towards reducing us of maintainer
> scripts for most packages, and avoids the whole dependency and
> pre-dependency mess with adduser that took forever to sort out.  The
> syntax for sysusers.d is straighforward to parse, and support for
> non-systemd init systems via a trigger or boot-time script (or both) via
> adduser could be easily written, hiding the distinction between init
> systems.
> 
> So I should propose putting that into Policy, right?  Presumably you would
> object.
> 
> And presumably you would instead propose banning use of systemd-sysusers
> and sysusers.d and requiring continuing to use adduser from maintainer
> scripts as we currently do.  I would object because to me that's obviously
> inferior to a declarative syntax.  I've been beating the drum for
> declarative syntax to replace maintainer scripts in Debian since before
> systemd existed, and I personally don't care whether systemd happens to be
> the project that came up with a good facility or not.  If I see a good
> opportunity for moving to declarative syntax, I'll support it.
> 
> So now neither of our proposals has consensus, and Policy continues to be
> somewhat ambiguous about systemd-sysusers.  (Policy currently says, in
> kind of a weird place, that using adduser is a "should," which makes it a
> non-RC bug to not do so, but shoulds are often interpreted by the project
> to imply a certain amount of maintainer discretion.)
> 
> Now what?

I agree with some of the things you wrote above, but...

...the bigger question is: why systemd-sysusers is part of systemd, and
not a standalone thing, which we could make an essential package. If we
want it to be part of a package standard toolkit, it means systemd
becomes an essential package, which isn't really what we want (we don't
need an init system in a chroot, as you know). For that reason alone,
it's probably a bad idea to recommend systemd-sysusers everywhere.

Cheers,

Thomas Goirand (zigo)
Reply to: