Basically, I'm not sure what the dscl/OSX code in eutils.eclass is doing on OSX. It can create users, but it's using the short names for the keys to do so, which is confusing. Also, it adds all users as default system users, and they appear in the login window, which is not what you want when creating daemons. My patch fixes or changes the following specific things: 1) Daemon user's shells were always /sbin/nologin, instead of $EPREFIX/bin/false (i.e. it was using the system /sbin/nologin, not Prefix's first match, which is /bin/false) 2) Shell and Home cosmetic output text as users get created reflects the EPREFIX 3) When using dscl, use the long name for the keys, as that's what is reported when you use dscl . -read to inspect a path and its keys and values. 4) Add an idiosyncrasy, on OSX, where if 'staff' is the default group, then don't create a Password key set to (literally) a single star '*', as this is what differentiates a user that shows up in the login window, with one that does not. 5) Conversely, this allows Prefix to create actual system users, which Home directories in Prefix of course, if that's what one really wants to do. You still have to set a password manuall, however. 6) Logic for adding a user to a default group, and secondary groups, actually works. This is all tested on Mac OSX 10.5 Leopard. I have no way to test on Tiger. Bug #257954 talks about eutils using dscl on all Darwin platforms (e.g. 10.4 Tiger), which is most likely incorrect. I have no way to test this new code, or that issue, on Tiger, so it'd be great if someone could. I've keyed this to run on only *-darwin9. Also, all changes not in that section, that affect all platforms, should work well in Prefix and non-Prefix, as they are largely cosmetic. I've marked some comment sections with "FAFHRD" -- please take a look at them and redact and edit accordingly. This stuff is confusing, and it'd be good to have a second pair of eyes make my comments make sense for posterity. Reproducible: Always
Created attachment 182779 [details, diff] Fixes eutils.eclass support for Mac OS X 10.5 on Prefix
Comment on attachment 182779 [details, diff] Fixes eutils.eclass support for Mac OS X 10.5 on Prefix This patch doesn't /remove/ the code it replaces, it just supersedes it.
Created attachment 182781 [details] A bzip2 of an overlay that contains useful QA ebuilds. $ tar tjvf overlay.tar.bz2 drwxr-xr-x fafhrd/staff 0 2009-02-21 17:44 overlay/ drwxr-xr-x fafhrd/staff 0 2009-02-22 10:29 overlay/eclass/ -rw-r--r-- fafhrd/staff 55214 2009-02-22 10:18 overlay/eclass/eutils.eclass drwxr-xr-x fafhrd/staff 0 2009-02-21 17:40 overlay/profiles/ -rw-r--r-- fafhrd/staff 5 2009-02-21 17:40 overlay/profiles/categories -rw-r--r-- fafhrd/staff 12 2009-02-21 17:40 overlay/profiles/repo_name drwxr-xr-x fafhrd/staff 0 2009-02-21 19:47 overlay/test/ drwxr-xr-x fafhrd/staff 0 2009-02-21 23:12 overlay/test/enewgroup/ -rw-r--r-- fafhrd/staff 1485 2009-02-21 19:35 overlay/test/enewgroup/enewgroup-1.ebuild -rw-r--r-- root/staff 197 2009-02-21 23:12 overlay/test/enewgroup/Manifest drwxr-xr-x fafhrd/staff 0 2009-02-21 23:12 overlay/test/enewuser/ -rw-r--r-- fafhrd/staff 2229 2009-02-21 22:41 overlay/test/enewuser/enewuser-1.ebuild -rw-r--r-- fafhrd/staff 196 2009-02-21 23:12 overlay/test/enewuser/Manifest drwxr-xr-x fafhrd/staff 0 2009-02-21 23:13 overlay/test/userland/ -rw-r--r-- root/staff 195 2009-02-21 23:13 overlay/test/userland/Manifest -rw-r--r-- fafhrd/staff 443 2009-02-21 19:49 overlay/test/userland/userland-1.ebuild
Comment on attachment 182781 [details] A bzip2 of an overlay that contains useful QA ebuilds. You can use the enewgroup and enewuser ebuilds in this overlay like so: * emerge enewuser ** Make sure all tests pass * Take a look on the system, and see if everything make sense and was created. * emerge enewuser -C ** Make sure all tests pass. Oh -- You shouldn't emerge enewgroup and enewuser at the same time -- do one, remove it, then do the other.
I don't think we should use (E)ROOT when creating the user account for shell, but ${EPREFIX}${eshell} instead.
Sure, it's a small change. I moved it from ROOT -> EROOT, only because it was less of a change.
The only relevant part of the eclass patch nowadays is a darwin9 bit that tries harder to create useful users on OSX. Yet is remains questionable if it's really necessary, but that is only relevant when we will dive into the privileged area more seriously.
Yeah, it's still pretty much necessary. Funny, I was actually finally updating this particular part of my permissions/privileges stuff for 10.6 just last week. I'm might be the only one out there using prefix portage in a privileged / more-osx-integrated way, though.
I believe since this bug Apple has changed their ways once or twice, so I'm affraid the content is no longer current.
