On Mon, Aug 30, 2021 at 11:53:59AM +0100, Colin Watson wrote: > On Mon, Aug 30, 2021 at 12:30:49PM +0200, David Kalnischkies wrote: > > So, while for some/most usecases something akin to DynamicUser would be > > enough, for others a more stable user would be preferred and then there > > are also cases were it would be beneficial if the user had the same > > UID across all systems. > > And that's exactly the bit that seems tricky to achieve here. If we > only had deal with the bits that are internal to apt (as opposed to set > up manually by sysadmins) then it wouldn't be so bad. Personally, I don't think it is too bad as there shouldn't be too many actually effected and those who are we could try to catch. We could e.g. do static for new installs in bookworm and recommend transition in NEWS (and co), have apt warn if it deals with files owned by _apt while not being UID 42 and have trixie actually perform the transition for upgrades, to then have new and upgrades being the same. apt already tries for copy:/ and file:/ if _apt can access them and if not falls back to not using it (with a warning). We don't warn on unreadable https certificates explicitly currently, but it wouldn't be a bad idea to be a bit more friendly anyhow (well, ideally we wouldn't need to, like we managed for auth.conf, but I am not sure we can massage gnutls enough for that). > > > But I guess there's no way to do something like that > > > outside of systemd, much less on systems that don't run systemd at all. > > > > The problem with systemd in this context is that apt kinda needs to be > > its own systemd --user instance as apt is not a system service, but > > a service manager of its own. I doubt the systemd ecosystem offers that > > functionality, especially considering that these parts would need to be > > platform agnostic and reasonably light given they would be involved in > > (cross)bootstrap and all the other situations apt operates in. > > To be clear, I wasn't literally proposing that apt should use systemd; I > don't think that would make sense. It was just an analogy. To be clear, I said that only to preempt the peanut gallery. ☺ Best regards David Kalnischkies
Attachment:
signature.asc
Description: PGP signature