[I haven't been following the rest of this discussion. Thanks for the CC - let me know if I'm egregiously missing anything.]
On Sun, Jan 05, 2020 at 10:25:37AM -0800, Russ Allbery wrote: > Philipp Kern <pk...@debian.org> writes: > > It looks like the range must be contiguous, as it is compiled in[1]. > > What are the preexisting ones apart from netplan that you have in mind? > > It feels like systemd's boundaries are pretty arbitrary (0xEF00 to > > 0xFFEF) but at the same time we might want to reserve a range for it in > > policy - given that right now it is effectively squatting in that range? > > Yes. We should also coordinate this with Colin as the base-passwd > maintainer. Let me cc him explicitly. > > It's possible that we can just use the existing systemd range, provided > that we can find some workable approach for netplan. As Simon said, EF00-FFEF = 61184-65519 covers more than just netplan (https://salsa.debian.org/debian/base-passwd/blob/master/README), and several of the IDs allocated there in the vaguely recent past are hard to change (their rationales included "needs to be the same across multiple machines"), so I don't think we can use the existing systemd range - it needs to be adjusted for Debian at least to some extent. I'm not prepared to cede all of 64000-64999 to systemd; perhaps it would have been better if base-passwd had started at 60000 instead, but we're here now. The rate of static allocations in 60000-64999 is low enough that I'm not concerned in principle about carving off a slice of it for dynamic allocations by systemd-sysusers, and in any case I wasn't expecting to ever need to allocate more static IDs under 64000 (netplan was before my time). Perhaps we could start by reserving 61184-63433, given the netplan allocation? Yes, it's a bit arbitrary, but also not really all that stingy, and base-passwd's allocations are meant to be permanent even if the package has been removed (since we can never guarantee that it's been removed from users' systems). An alternative would be to reserve 61184-63999, with a Debian patch to exclude netplan's 63434. That doesn't seem likely to be difficult; it could go in the same place where systemd is already doing NSS checks. I'm generally in favour of the underscore prefix recommendation in some form, and would be happy to enforce that for new static allocations in base-passwd. -- Colin Watson [cjwat...@debian.org]
