1
0
mirror of https://github.com/systemd/systemd.git synced 2024-10-30 23:21:22 +03:00

sysusers: make sysusers work with dnf --installroot

This is not very pretty, but the code in fs-util.c already provisions for
missing /proc. We ourselves are careful to set up /proc, but not everybody
is and it is important for sysusers to also work where shadow-utils would:
I would like to replace calls to useradd and groupadd in Fedora systemd rpm
scriptlets with a call to sysusers. It has a number of advantages:
- dogfooding
- we don't need to manually duplicate the information from our sysusers
  files to scriptlets
- a dependency on shadow-utils is dropped, which transitively drops dependencies
  on setup and fedora-repos and bunch of other stuff.

We could try to get 'dnf' and 'rpm --root' and such to be reworked,
but not in any reasonable timeframe. And even if this was done, we'd still
want to support older rpm/dnf versions.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2021-05-24 11:34:16 +02:00
parent 0520564dcf
commit 82855aa610

View File

@ -396,7 +396,11 @@ static int write_temporary_passwd(const char *passwd_path, FILE **tmpfile, char
original = fopen(passwd_path, "re"); original = fopen(passwd_path, "re");
if (original) { if (original) {
r = copy_rights(fileno(original), fileno(passwd)); /* Allow fallback path for when /proc is not mounted. On any normal system /proc will be
* mounted, but e.g. when 'dnf --installroot' is used, it might not be. There is no security
* relevance here, since the environment is ultimately trusted, and not requiring /proc makes
* it easier to depend on sysusers in packaging scripts and suchlike. */
r = copy_rights_with_fallback(fileno(original), fileno(passwd), passwd_tmp);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m",
passwd_path, passwd_tmp); passwd_path, passwd_tmp);
@ -513,7 +517,7 @@ static int write_temporary_shadow(const char *shadow_path, FILE **tmpfile, char
original = fopen(shadow_path, "re"); original = fopen(shadow_path, "re");
if (original) { if (original) {
r = copy_rights(fileno(original), fileno(shadow)); r = copy_rights_with_fallback(fileno(original), fileno(shadow), shadow_tmp);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m",
shadow_path, shadow_tmp); shadow_path, shadow_tmp);
@ -644,7 +648,7 @@ static int write_temporary_group(const char *group_path, FILE **tmpfile, char **
original = fopen(group_path, "re"); original = fopen(group_path, "re");
if (original) { if (original) {
r = copy_rights(fileno(original), fileno(group)); r = copy_rights_with_fallback(fileno(original), fileno(group), group_tmp);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m",
group_path, group_tmp); group_path, group_tmp);
@ -746,7 +750,7 @@ static int write_temporary_gshadow(const char * gshadow_path, FILE **tmpfile, ch
if (original) { if (original) {
struct sgrp *sg; struct sgrp *sg;
r = copy_rights(fileno(original), fileno(gshadow)); r = copy_rights_with_fallback(fileno(original), fileno(gshadow), gshadow_tmp);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m", return log_debug_errno(r, "Failed to copy permissions from %s to %s: %m",
gshadow_path, gshadow_tmp); gshadow_path, gshadow_tmp);