On 12/14/15 12:06 AM, Robin H. Johnson wrote: > On Mon, Dec 14, 2015 at 07:49:42AM +0300, Alexey Shvetsov wrote: >> Hi! >> >> Ok. Since there is GLEP27 we should make it reality. To do so i think we >> should >> 1. Have some list of system uid/gid (on wiki for example). Also we need >> to agree on uid/gid numbers for services > This database was already started, prior to GLEP27. > In CVS, you want gentoo-src/eid_database/ > >> 2. Add uid/gid from list to existing ebuilds > >> 3. Make a repoman (or may be eclass) check, that will no allow to commit >> ebuilds with enewuser enewgroup calls with undefined uids > I think in the original discussion, there were concerns that there were > cases where this was going to be valid. I think this check needs to come > later, after we rule those out. It should however start to warn about > them ASAP. > >> 4. Make some script or howto to migrate to determenistic uids/gids from > Much of the work was implemented for GSOC2006, "Creandus" by > developer pioto. > > Cardoe did more work on it later on. >
I'll try to find what I did but at one point I had the database of uid/gid updated to include everything in the tree. I had some patches for enewuser/enewgroup to not allow them to do anything unless the ids were in the database. Sadly, its been a long long time. But I still would love to see this happen. There just wasn't much interest from everyone in making this happen. -- Doug Goldstein
signature.asc
Description: OpenPGP digital signature
