From Fedora Project Wiki

Revision as of 03:03, 11 July 2014 by Zbyszek (talk | contribs) (→‎Documentation: one more link)

Migrate to systemd-sysusers

Summary

Currently, packages which add system users call out to useradd (from shadow-utils) in %post. This Change is to use the new systemd-sysusers functionality instead.

Owner

  • Name: Colin Walters
  • Email: walters@verbum.org
  • Release notes owner:
  • Product: Fedora (all)
  • Responsible WG: Fedora Base

Current status

  • Targeted release: Fedora 22
  • Last updated: 2014-07-08
  • Tracker bug: None yet

Detailed Description

All packages today contain duplicative code to add system users and groups (where applicable) via calls to useradd/groupadd in %post. This Change is to migrate to systemd-sysusers .

Starting with core packages, change them to instead install (usually one) snippet into /usr/lib/sysusers.d, and change their %post to call %sysusers_create.

Benefit to Fedora

The primary benefit is in allowing "factory reset" scenarios, as well as enabling atomic upgrades via mechanisms such as rpm-ostree.

For more details on factory reset, see systemd stateless blog post. With this change for example, it is easier to wipe all system-local changes to /etc.

For more details on atomic upgrades, see this post.

Scope

Affects potentially all RPMs that add users or groups.

  • Proposal owners:
    • Help migrating RPMs and testing systemd-sysusers
  • Other developers: N/A
  • Release engineering: N/A
  • Policies and guidelines: Packaging guidelines should be updated to include recommended syntax

Upgrade/compatibility impact

By design, sysusers interoperates with other user/group mechanisms. It has no effect if the user or group already exists.

This may cause issues with live yum upgrades from Fedora 21 if the sysusers functionality changes between 21 and 22. The easy fix for that will be to release an updated systemd in 21.

How To Test

  • Install modified RPMs, verify they add the user/group

User Experience

None.

Dependencies

systemd.

Contingency Plan

  • Contingency mechanism: (What to do? Who will do it?)
    • Back out changes to RPMs.
  • Contingency deadline: Beta Freeze
  • Blocks release? Yes
  • Blocks product? All

Documentation

See systemd-sysusers(8), sysusers.d(5).

Release Notes