From abaa75b10f899ada8dd05b23cc03205064394bc6 Mon Sep 17 00:00:00 2001 From: V3n3RiX Date: Fri, 22 Jan 2021 20:28:19 +0000 Subject: gentoo resync : 22.01.2021 --- eclass/acct-user.eclass | 146 ++++++++++++++++++++++++++++++++++++------------ 1 file changed, 109 insertions(+), 37 deletions(-) (limited to 'eclass/acct-user.eclass') diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass index 47890e48409a..ee4358b5c75c 100644 --- a/eclass/acct-user.eclass +++ b/eclass/acct-user.eclass @@ -67,11 +67,17 @@ readonly ACCT_USER_NAME # @REQUIRED # @DESCRIPTION: # Preferred UID for the new user. This variable is obligatory, and its -# value must be unique across all user packages. +# value must be unique across all user packages. This can be overriden +# in make.conf through ACCT_USER__ID variable. # # Overlays should set this to -1 to dynamically allocate UID. Using -1 # in ::gentoo is prohibited by policy. +# @ECLASS-VARIABLE: _ACCT_USER_ALREADY_EXISTS +# @INTERNAL +# @DESCRIPTION: +# Status variable which indicates if user already exists. + # @ECLASS-VARIABLE: ACCT_USER_ENFORCE_ID # @DESCRIPTION: # If set to a non-null value, the eclass will require the user to have @@ -79,10 +85,18 @@ readonly ACCT_USER_NAME # the UID is taken by another user, the install will fail. : ${ACCT_USER_ENFORCE_ID:=} +# @ECLASS-VARIABLE: ACCT_USER_NO_MODIFY +# @DEFAULT_UNSET +# @DESCRIPTION: +# If set to a non-null value, the eclass will not make any changes +# to an already existing user. +: ${ACCT_USER_NO_MODIFY:=} + # @ECLASS-VARIABLE: ACCT_USER_SHELL # @DESCRIPTION: # The shell to use for the user. If not specified, a 'nologin' variant -# for the system is used. +# for the system is used. This can be overriden in make.conf through +# ACCT_USER__SHELL variable. : ${ACCT_USER_SHELL:=-1} # @ECLASS-VARIABLE: ACCT_USER_HOME @@ -90,6 +104,8 @@ readonly ACCT_USER_NAME # The home directory for the user. If not specified, /dev/null is used. # The directory will be created with appropriate permissions if it does # not exist. When updating, existing home directory will not be moved. +# This can be overriden in make.conf through +# ACCT_USER__HOME variable. : ${ACCT_USER_HOME:=/dev/null} # @ECLASS-VARIABLE: ACCT_USER_HOME_OWNER @@ -97,11 +113,14 @@ readonly ACCT_USER_NAME # @DESCRIPTION: # The ownership to use for the home directory, in chown ([user][:group]) # syntax. Defaults to the newly created user, and its primary group. +# This can be overriden in make.conf through +# ACCT_USER__HOME_OWNER variable. # @ECLASS-VARIABLE: ACCT_USER_HOME_PERMS # @DESCRIPTION: # The permissions to use for the home directory, in chmod (octal -# or verbose) form. +# or verbose) form. This can be overriden in make.conf through +# ACCT_USER__HOME_PERMS variable. : ${ACCT_USER_HOME_PERMS:=0755} # @ECLASS-VARIABLE: ACCT_USER_GROUPS @@ -110,6 +129,12 @@ readonly ACCT_USER_NAME # List of groups the user should belong to. This must be a bash # array. The first group specified is the user's primary group, while # the remaining groups (if any) become supplementary groups. +# +# This can be overriden in make.conf through +# ACCT_USER__GROUPS variable, or appended to +# via ACCT_USER__GROUPS_ADD. Please note that +# due to technical limitations, the override variables are not arrays +# but space-separated lists. # << Boilerplate ebuild variables >> @@ -152,7 +177,7 @@ acct-user_add_deps() { eislocked() { [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} " - if [[ ${EUID} != 0 ]] ; then + if [[ ${EUID} != 0 ]]; then einfo "Insufficient privileges to execute ${FUNCNAME[0]}" return 0 fi @@ -189,7 +214,7 @@ eislocked() { elockuser() { [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} " - if [[ ${EUID} != 0 ]] ; then + if [[ ${EUID} != 0 ]]; then einfo "Insufficient privileges to execute ${FUNCNAME[0]}" return 0 fi @@ -232,7 +257,7 @@ elockuser() { eunlockuser() { [[ $# -eq 1 ]] || die "usage: ${FUNCNAME} " - if [[ ${EUID} != 0 ]] ; then + if [[ ${EUID} != 0 ]]; then einfo "Insufficient privileges to execute ${FUNCNAME[0]}" return 0 fi @@ -284,25 +309,33 @@ acct-user_pkg_pretend() { # verify ACCT_USER_ID [[ -n ${ACCT_USER_ID} ]] || die "Ebuild error: ACCT_USER_ID must be set!" - [[ ${ACCT_USER_ID} -eq -1 ]] && return - [[ ${ACCT_USER_ID} -ge 0 ]] || die "Ebuild errors: ACCT_USER_ID=${ACCT_USER_ID} invalid!" + [[ ${ACCT_USER_ID} -ge -1 ]] || die "Ebuild error: ACCT_USER_ID=${ACCT_USER_ID} invalid!" + local user_id=${ACCT_USER_ID} + + # check for the override + local override_name=${ACCT_USER_NAME^^} + local override_var=ACCT_USER_${override_name//-/_}_ID + if [[ -n ${!override_var} ]]; then + user_id=${!override_var} + [[ ${user_id} -ge -1 ]] || die "${override_var}=${user_id} invalid!" + fi # check for ACCT_USER_ID collisions early - if [[ -n ${ACCT_USER_ENFORCE_ID} ]]; then - local user_by_id=$(egetusername "${ACCT_USER_ID}") + if [[ ${user_id} -ne -1 && -n ${ACCT_USER_ENFORCE_ID} ]]; then + local user_by_id=$(egetusername "${user_id}") local user_by_name=$(egetent passwd "${ACCT_USER_NAME}") if [[ -n ${user_by_id} ]]; then if [[ ${user_by_id} != ${ACCT_USER_NAME} ]]; then eerror "The required UID is already taken by another user." - eerror " UID: ${ACCT_USER_ID}" + eerror " UID: ${user_id}" eerror " needed for: ${ACCT_USER_NAME}" eerror " current user: ${user_by_id}" - die "UID ${ACCT_USER_ID} taken already" + die "UID ${user_id} taken already" fi elif [[ -n ${user_by_name} ]]; then eerror "The requested user exists already with wrong UID." eerror " username: ${ACCT_USER_NAME}" - eerror " requested UID: ${ACCT_USER_ID}" + eerror " requested UID: ${user_id}" eerror " current entry: ${user_by_name}" die "Username ${ACCT_USER_NAME} exists with wrong UID" fi @@ -316,23 +349,48 @@ acct-user_pkg_pretend() { acct-user_src_install() { debug-print-function ${FUNCNAME} "${@}" - if [[ ${ACCT_USER_HOME} != /dev/null ]]; then + # serialize for override support + local ACCT_USER_GROUPS=${ACCT_USER_GROUPS[*]} + + # support make.conf overrides + local override_name=${ACCT_USER_NAME^^} + override_name=${override_name//-/_} + local var + for var in ACCT_USER_{ID,SHELL,HOME{,_OWNER,_PERMS},GROUPS}; do + local var_name=ACCT_USER_${override_name}_${var#ACCT_USER_} + if [[ -n ${!var_name} ]]; then + ewarn "${var_name}=${!var_name} override in effect, support will not be provided." + else + var_name=${var} + fi + declare -g "_${var}=${!var_name}" + done + var_name=ACCT_USER_${override_name}_GROUPS_ADD + if [[ -n ${!var_name} ]]; then + ewarn "${var_name}=${!var_name} override in effect, support will not be provided." + _ACCT_USER_GROUPS+=" ${!var_name}" + fi + + # deserialize into an array + local groups=( ${_ACCT_USER_GROUPS} ) + + if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then # note: we can't set permissions here since the user isn't # created yet - keepdir "${ACCT_USER_HOME}" + keepdir "${_ACCT_USER_HOME}" fi insinto /usr/lib/sysusers.d newins - ${CATEGORY}-${ACCT_USER_NAME}.conf < <( printf "u\t%q\t%q\t%q\t%q\t%q\n" \ "${ACCT_USER_NAME}" \ - "${ACCT_USER_ID/#-*/-}:${ACCT_USER_GROUPS[0]}" \ + "${_ACCT_USER_ID/#-*/-}:${groups[0]}" \ "${DESCRIPTION//[:,=]/;}" \ - "${ACCT_USER_HOME}" \ - "${ACCT_USER_SHELL/#-*/-}" - if [[ ${#ACCT_USER_GROUPS[@]} -gt 1 ]]; then + "${_ACCT_USER_HOME}" \ + "${_ACCT_USER_SHELL/#-*/-}" + if [[ ${#groups[@]} -gt 1 ]]; then printf "m\t${ACCT_USER_NAME}\t%q\n" \ - "${ACCT_USER_GROUPS[@]:1}" + "${groups[@]:1}" fi ) } @@ -344,26 +402,33 @@ acct-user_src_install() { acct-user_pkg_preinst() { debug-print-function ${FUNCNAME} "${@}" - local groups=${ACCT_USER_GROUPS[*]} + # check if user already exists + _ACCT_USER_ALREADY_EXISTS= + if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then + _ACCT_USER_ALREADY_EXISTS=1 + fi + readonly _ACCT_USER_ALREADY_EXISTS + enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \ - "${ACCT_USER_ID}" "${ACCT_USER_SHELL}" "${ACCT_USER_HOME}" \ - "${groups// /,}" + "${_ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \ + "${_ACCT_USER_GROUPS// /,}" - if [[ ${ACCT_USER_HOME} != /dev/null ]]; then + if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then # default ownership to user:group - if [[ -z ${ACCT_USER_HOME_OWNER} ]]; then - ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${ACCT_USER_GROUPS[0]} + if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then + local group_array=( ${_ACCT_USER_GROUPS} ) + _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]} fi # Path might be missing due to INSTALL_MASK, etc. # https://bugs.gentoo.org/691478 - if [[ ! -e "${ED}/${ACCT_USER_HOME#/}" ]]; then + if [[ ! -e "${ED}/${_ACCT_USER_HOME#/}" ]]; then eerror "Home directory is missing from the installation image:" - eerror " ${ACCT_USER_HOME}" + eerror " ${_ACCT_USER_HOME}" eerror "Check INSTALL_MASK for entries that would cause this." - die "${ACCT_USER_HOME} does not exist" + die "${_ACCT_USER_HOME} does not exist" fi - fowners "${ACCT_USER_HOME_OWNER}" "${ACCT_USER_HOME}" - fperms "${ACCT_USER_HOME_PERMS}" "${ACCT_USER_HOME}" + fowners "${_ACCT_USER_HOME_OWNER}" "${_ACCT_USER_HOME}" + fperms "${_ACCT_USER_HOME_PERMS}" "${_ACCT_USER_HOME}" fi } @@ -374,16 +439,23 @@ acct-user_pkg_preinst() { acct-user_pkg_postinst() { debug-print-function ${FUNCNAME} "${@}" - if [[ ${EUID} != 0 ]] ; then + if [[ ${EUID} != 0 ]]; then einfo "Insufficient privileges to execute ${FUNCNAME[0]}" return 0 fi + if [[ -n ${ACCT_USER_NO_MODIFY} && -n ${_ACCT_USER_ALREADY_EXISTS} ]]; then + eunlockuser "${ACCT_USER_NAME}" + + ewarn "User ${ACCT_USER_NAME} already exists; Not touching existing user" + ewarn "due to set ACCT_USER_NO_MODIFY." + return 0 + fi + # NB: eset* functions check current value - esethome "${ACCT_USER_NAME}" "${ACCT_USER_HOME}" - esetshell "${ACCT_USER_NAME}" "${ACCT_USER_SHELL}" - local groups=${ACCT_USER_GROUPS[*]} - esetgroups "${ACCT_USER_NAME}" "${groups// /,}" + esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}" + esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}" + esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}" # comment field can not contain colons esetcomment "${ACCT_USER_NAME}" "${DESCRIPTION//[:,=]/;}" eunlockuser "${ACCT_USER_NAME}" @@ -395,7 +467,7 @@ acct-user_pkg_postinst() { acct-user_pkg_prerm() { debug-print-function ${FUNCNAME} "${@}" - if [[ ${EUID} != 0 ]] ; then + if [[ ${EUID} != 0 ]]; then einfo "Insufficient privileges to execute ${FUNCNAME[0]}" return 0 fi -- cgit v1.2.3