gentoo resync : 22.01.2021

author: V3n3RiX <venerix@redcorelinux.org> 2021-01-22 20:28:19 +0000
committer: V3n3RiX <venerix@redcorelinux.org> 2021-01-22 20:28:19 +0000
commit: abaa75b10f899ada8dd05b23cc03205064394bc6 (patch)
tree: eca3dd248b73b92013cba00a0fcc1edf2696e19a /eclass/acct-user.eclass
parent: 24fd814c326e282c4321965c31f341dad77e270d (diff)
1 files changed, 109 insertions, 37 deletions
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index 47890e48409a..ee4358b5c75c 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -67,11 +67,17 @@ readonly ACCT_USER_NAME
 # @REQUIRED
 # @DESCRIPTION:
 # Preferred UID for the new user.  This variable is obligatory, and its
-# value must be unique across all user packages.
+# value must be unique across all user packages.  This can be overriden
+# in make.conf through ACCT_USER_<UPPERCASE_USERNAME>_ID variable.
 #
 # Overlays should set this to -1 to dynamically allocate UID.  Using -1
 # in ::gentoo is prohibited by policy.
 
+# @ECLASS-VARIABLE: _ACCT_USER_ALREADY_EXISTS
+# @INTERNAL
+# @DESCRIPTION:
+# Status variable which indicates if user already exists.
+
 # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID
 # @DESCRIPTION:
 # If set to a non-null value, the eclass will require the user to have
@@ -79,10 +85,18 @@ readonly ACCT_USER_NAME
 # the UID is taken by another user, the install will fail.
 : ${ACCT_USER_ENFORCE_ID:=}
 
+# @ECLASS-VARIABLE: ACCT_USER_NO_MODIFY
+# @DEFAULT_UNSET
+# @DESCRIPTION:
+# If set to a non-null value, the eclass will not make any changes
+# to an already existing user.
+: ${ACCT_USER_NO_MODIFY:=}
+
 # @ECLASS-VARIABLE: ACCT_USER_SHELL
 # @DESCRIPTION:
 # The shell to use for the user.  If not specified, a 'nologin' variant
-# for the system is used.
+# for the system is used.  This can be overriden in make.conf through
+# ACCT_USER_<UPPERCASE_USERNAME>_SHELL variable.
 : ${ACCT_USER_SHELL:=-1}
 
 # @ECLASS-VARIABLE: ACCT_USER_HOME
@@ -90,6 +104,8 @@ readonly ACCT_USER_NAME
 # The home directory for the user.  If not specified, /dev/null is used.
 # The directory will be created with appropriate permissions if it does
 # not exist.  When updating, existing home directory will not be moved.
+# This can be overriden in make.conf through
+# ACCT_USER_<UPPERCASE_USERNAME>_HOME variable.
 : ${ACCT_USER_HOME:=/dev/null}
 
 # @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER
@@ -97,11 +113,14 @@ readonly ACCT_USER_NAME
 # @DESCRIPTION:
 # The ownership to use for the home directory, in chown ([user][:group])
 # syntax.  Defaults to the newly created user, and its primary group.
+# This can be overriden in make.conf through
+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_OWNER variable.
 
 # @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS
 # @DESCRIPTION:
 # The permissions to use for the home directory, in chmod (octal
-# or verbose) form.
+# or verbose) form.  This can be overriden in make.conf through
+# ACCT_USER_<UPPERCASE_USERNAME>_HOME_PERMS variable.
 : ${ACCT_USER_HOME_PERMS:=0755}
 
 # @ECLASS-VARIABLE: ACCT_USER_GROUPS
@@ -110,6 +129,12 @@ readonly ACCT_USER_NAME
 # List of groups the user should belong to.  This must be a bash
 # array.  The first group specified is the user's primary group, while
 # the remaining groups (if any) become supplementary groups.
+#
+# This can be overriden in make.conf through
+# ACCT_USER_<UPPERCASE_USERNAME>_GROUPS variable, or appended to
+# via ACCT_USER_<UPPERCASE_USERNAME>_GROUPS_ADD.  Please note that
+# due to technical limitations, the override variables are not arrays
+# but space-separated lists.
 
 
 # << Boilerplate ebuild variables >>
@@ -152,7 +177,7 @@ acct-user_add_deps() {
 eislocked() {
 	[[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
 
-	if [[ ${EUID} != 0 ]] ; then
+	if [[ ${EUID} != 0 ]]; then
 		einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
 		return 0
 	fi
@@ -189,7 +214,7 @@ eislocked() {
 elockuser() {
 	[[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
 
-	if [[ ${EUID} != 0 ]] ; then
+	if [[ ${EUID} != 0 ]]; then
 		einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
 		return 0
 	fi
@@ -232,7 +257,7 @@ elockuser() {
 eunlockuser() {
 	[[ $# -eq 1 ]] || die "usage: ${FUNCNAME} <user>"
 
-	if [[ ${EUID} != 0 ]] ; then
+	if [[ ${EUID} != 0 ]]; then
 		einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
 		return 0
 	fi
@@ -284,25 +309,33 @@ acct-user_pkg_pretend() {
 
 	# verify ACCT_USER_ID
 	[[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!"
-	[[ ${ACCT_USER_ID} -eq -1 ]] && return
-	[[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
+	[[ ${ACCT_USER_ID} -ge -1 ]] || die "Ebuild error: ACCT_USER_ID=${ACCT_USER_ID} invalid!"
+	local user_id=${ACCT_USER_ID}
+
+	# check for the override
+	local override_name=${ACCT_USER_NAME^^}
+	local override_var=ACCT_USER_${override_name//-/_}_ID
+	if [[ -n ${!override_var} ]]; then
+		user_id=${!override_var}
+		[[ ${user_id} -ge -1 ]] || die "${override_var}=${user_id} invalid!"
+	fi
 
 	# check for ACCT_USER_ID collisions early
-	if [[ -n ${ACCT_USER_ENFORCE_ID} ]]; then
-		local user_by_id=$(egetusername "${ACCT_USER_ID}")
+	if [[ ${user_id} -ne -1 && -n ${ACCT_USER_ENFORCE_ID} ]]; then
+		local user_by_id=$(egetusername "${user_id}")
 		local user_by_name=$(egetent passwd "${ACCT_USER_NAME}")
 		if [[ -n ${user_by_id} ]]; then
 			if [[ ${user_by_id} != ${ACCT_USER_NAME} ]]; then
 				eerror "The required UID is already taken by another user."
-				eerror "  UID: ${ACCT_USER_ID}"
+				eerror "  UID: ${user_id}"
 				eerror "  needed for: ${ACCT_USER_NAME}"
 				eerror "  current user: ${user_by_id}"
-				die "UID ${ACCT_USER_ID} taken already"
+				die "UID ${user_id} taken already"
 			fi
 		elif [[ -n ${user_by_name} ]]; then
 			eerror "The requested user exists already with wrong UID."
 			eerror "  username: ${ACCT_USER_NAME}"
-			eerror "  requested UID: ${ACCT_USER_ID}"
+			eerror "  requested UID: ${user_id}"
 			eerror "  current entry: ${user_by_name}"
 			die "Username ${ACCT_USER_NAME} exists with wrong UID"
 		fi
@@ -316,23 +349,48 @@ acct-user_pkg_pretend() {
 acct-user_src_install() {
 	debug-print-function ${FUNCNAME} "${@}"
 
-	if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
+	# serialize for override support
+	local ACCT_USER_GROUPS=${ACCT_USER_GROUPS[*]}
+
+	# support make.conf overrides
+	local override_name=${ACCT_USER_NAME^^}
+	override_name=${override_name//-/_}
+	local var
+	for var in ACCT_USER_{ID,SHELL,HOME{,_OWNER,_PERMS},GROUPS}; do
+		local var_name=ACCT_USER_${override_name}_${var#ACCT_USER_}
+		if [[ -n ${!var_name} ]]; then
+			ewarn "${var_name}=${!var_name} override in effect, support will not be provided."
+		else
+			var_name=${var}
+		fi
+		declare -g "_${var}=${!var_name}"
+	done
+	var_name=ACCT_USER_${override_name}_GROUPS_ADD
+	if [[ -n ${!var_name} ]]; then
+		ewarn "${var_name}=${!var_name} override in effect, support will not be provided."
+		_ACCT_USER_GROUPS+=" ${!var_name}"
+	fi
+
+	# deserialize into an array
+	local groups=( ${_ACCT_USER_GROUPS} )
+
+	if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then
 		# note: we can't set permissions here since the user isn't
 		# created yet
-		keepdir "${ACCT_USER_HOME}"
+		keepdir "${_ACCT_USER_HOME}"
 	fi
 
 	insinto /usr/lib/sysusers.d
 	newins - ${CATEGORY}-${ACCT_USER_NAME}.conf < <(
 		printf "u\t%q\t%q\t%q\t%q\t%q\n" \
 			"${ACCT_USER_NAME}" \
-			"${ACCT_USER_ID/#-*/-}:${ACCT_USER_GROUPS[0]}" \
+			"${_ACCT_USER_ID/#-*/-}:${groups[0]}" \
 			"${DESCRIPTION//[:,=]/;}" \
-			"${ACCT_USER_HOME}" \
-			"${ACCT_USER_SHELL/#-*/-}"
-		if [[ ${#ACCT_USER_GROUPS[@]} -gt 1 ]]; then
+			"${_ACCT_USER_HOME}" \
+			"${_ACCT_USER_SHELL/#-*/-}"
+		if [[ ${#groups[@]} -gt 1 ]]; then
 			printf "m\t${ACCT_USER_NAME}\t%q\n" \
-				"${ACCT_USER_GROUPS[@]:1}"
+				"${groups[@]:1}"
 		fi
 	)
 }
@@ -344,26 +402,33 @@ acct-user_src_install() {
 acct-user_pkg_preinst() {
 	debug-print-function ${FUNCNAME} "${@}"
 
-	local groups=${ACCT_USER_GROUPS[*]}
+	# check if user already exists
+	_ACCT_USER_ALREADY_EXISTS=
+	if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then
+		_ACCT_USER_ALREADY_EXISTS=1
+	fi
+	readonly _ACCT_USER_ALREADY_EXISTS
+
 	enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \
-		"${ACCT_USER_ID}" "${ACCT_USER_SHELL}" "${ACCT_USER_HOME}" \
-		"${groups// /,}"
+		"${_ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \
+		"${_ACCT_USER_GROUPS// /,}"
 
-	if [[ ${ACCT_USER_HOME} != /dev/null ]]; then
+	if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then
 		# default ownership to user:group
-		if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then
-			ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${ACCT_USER_GROUPS[0]}
+		if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then
+			local group_array=( ${_ACCT_USER_GROUPS} )
+			_ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]}
 		fi
 		# Path might be missing due to INSTALL_MASK, etc.
 		# https://bugs.gentoo.org/691478
-		if [[ ! -e "${ED}/${ACCT_USER_HOME#/}" ]]; then
+		if [[ ! -e "${ED}/${_ACCT_USER_HOME#/}" ]]; then
 			eerror "Home directory is missing from the installation image:"
-			eerror "  ${ACCT_USER_HOME}"
+			eerror "  ${_ACCT_USER_HOME}"
 			eerror "Check INSTALL_MASK for entries that would cause this."
-			die "${ACCT_USER_HOME} does not exist"
+			die "${_ACCT_USER_HOME} does not exist"
 		fi
-		fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}"
-		fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}"
+		fowners "${_ACCT_USER_HOME_OWNER}" "${_ACCT_USER_HOME}"
+		fperms "${_ACCT_USER_HOME_PERMS}" "${_ACCT_USER_HOME}"
 	fi
 }
 
@@ -374,16 +439,23 @@ acct-user_pkg_preinst() {
 acct-user_pkg_postinst() {
 	debug-print-function ${FUNCNAME} "${@}"
 
-	if [[ ${EUID} != 0 ]] ; then
+	if [[ ${EUID} != 0 ]]; then
 		einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
 		return 0
 	fi
 
+	if [[ -n ${ACCT_USER_NO_MODIFY} && -n ${_ACCT_USER_ALREADY_EXISTS} ]]; then
+		eunlockuser "${ACCT_USER_NAME}"
+
+		ewarn "User ${ACCT_USER_NAME} already exists; Not touching existing user"
+		ewarn "due to set ACCT_USER_NO_MODIFY."
+		return 0
+	fi
+
 	# NB: eset* functions check current value
-	esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}"
-	esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}"
-	local groups=${ACCT_USER_GROUPS[*]}
-	esetgroups "${ACCT_USER_NAME}" "${groups// /,}"
+	esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}"
+	esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}"
+	esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}"
 	# comment field can not contain colons
 	esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}"
 	eunlockuser "${ACCT_USER_NAME}"
@@ -395,7 +467,7 @@ acct-user_pkg_postinst() {
 acct-user_pkg_prerm() {
 	debug-print-function ${FUNCNAME} "${@}"
 
-	if [[ ${EUID} != 0 ]] ; then
+	if [[ ${EUID} != 0 ]]; then
 		einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
 		return 0
 	fi
author	V3n3RiX <venerix@redcorelinux.org>	2021-01-22 20:28:19 +0000
committer	V3n3RiX <venerix@redcorelinux.org>	2021-01-22 20:28:19 +0000
commit	abaa75b10f899ada8dd05b23cc03205064394bc6 (patch)
tree	eca3dd248b73b92013cba00a0fcc1edf2696e19a /eclass/acct-user.eclass
parent	24fd814c326e282c4321965c31f341dad77e270d (diff)