[ovs-dev,v2] rhel: user/group openvswitch does not exist

Message ID	20180418145143.17364-1-aconole@redhat.com
State	Superseded
Headers	show Return-Path: <ovs-dev-bounces@openvswitch.org> From: Aaron Conole <aconole@redhat.com> To: dev@openvswitch.org Date: Wed, 18 Apr 2018 10:51:43 -0400 Message-Id: <20180418145143.17364-1-aconole@redhat.com> Cc: Alan Pevec <alan.pevec@redhat.com>, Flavio Leitner <fbl@redhat.com> Subject: [ovs-dev] [PATCH v2] rhel: user/group openvswitch does not exist Precedence: list MIME-Version: 1.0 Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Sender: ovs-dev-bounces@openvswitch.org Errors-To: ovs-dev-bounces@openvswitch.org
Series	[ovs-dev,v2] rhel: user/group openvswitch does not exist \| expand [ovs-dev,v2] rhel: user/group openvswitch does not exist

Message ID

20180418145143.17364-1-aconole@redhat.com

State

Superseded

Headers

From: Aaron Conole <aconole@redhat.com>
To: dev@openvswitch.org
Date: Wed, 18 Apr 2018 10:51:43 -0400
Message-Id: <20180418145143.17364-1-aconole@redhat.com>
Cc: Alan Pevec <alan.pevec@redhat.com>, Flavio Leitner <fbl@redhat.com>
Subject: [ovs-dev] [PATCH v2] rhel: user/group openvswitch does not exist
Precedence: list
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ovs-dev-bounces@openvswitch.org
Errors-To: ovs-dev-bounces@openvswitch.org

Series

[ovs-dev,v2] rhel: user/group openvswitch does not exist | expand

Commit Message

Aaron Conole April 18, 2018, 2:51 p.m. UTC

From: Alan Pevec <alan.pevec@redhat.com>

Default ownership[1] for config files is failing on an empty system:
  Running scriptlet: openvswitch-2.9.0-3.fc28.x86_64
warning: user openvswitch does not exist - using root
warning: group openvswitch does not exist - using root
...

Required user/group need to be created in %pre as documented in
Fedora guideline[2]

[1] https://github.com/openvswitch/ovs/commit/951d79e638ecdb3b1dcd19df1adb2ff91fe61af8

[2] https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation

Submitted-at: https://github.com/openvswitch/ovs/pull/223
Signed-off-by: Alan Pevec <alan.pevec@redhat.com>
Co-authored-by: Aaron Conole <aconole@redhat.com>
Signed-off-by: Aaron Conole <aconole@redhat.com>
---
v2:
 * Removed the requires(post) lines
 * Removed 'exit 0'

 rhel/openvswitch-fedora.spec.in | 20 ++++++++++++--------
 1 file changed, 12 insertions(+), 8 deletions(-)

Comments

Markos Chandras April 18, 2018, 3:03 p.m. UTC | #1

Hi Aaron,

On 18/04/18 15:51, Aaron Conole wrote:
> v2:
>  * Removed the requires(post) lines
>  * Removed 'exit 0'

I realize that I was the one suggested to drop 'exit 0', but right at
the bottom of
https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation

it seems that 'exit 0' may do more good than bad. Having said that, this
could make it easy to miss useradd/usermod/etc failure so I am not too
sure if we want to do that :)

Aaron Conole April 18, 2018, 3:54 p.m. UTC | #2

Markos Chandras <mchandras@suse.de> writes:

> Hi Aaron,
>
> On 18/04/18 15:51, Aaron Conole wrote:
>> v2:
>>  * Removed the requires(post) lines
>>  * Removed 'exit 0'
>
> I realize that I was the one suggested to drop 'exit 0', but right at
> the bottom of
> https://fedoraproject.org/wiki/Packaging:UsersAndGroups#Dynamic_allocation
>
> it seems that 'exit 0' may do more good than bad. Having said that, this
> could make it easy to miss useradd/usermod/etc failure so I am not too
> sure if we want to do that :)

I can certainly re-add it.  The rationale section calls adding the 'exit
0' "...suboptimal but has less potential for system wide breakage..."

I can go either way.  Maybe Alan or Timothy have opinions?

Alan Pevec April 19, 2018, 9:28 a.m. UTC | #3

On Wed, Apr 18, 2018 at 5:54 PM, Aaron Conole <aconole@redhat.com> wrote:
> I can certainly re-add it.  The rationale section calls adding the 'exit
> 0' "...suboptimal but has less potential for system wide breakage..."
>
> I can go either way.  Maybe Alan or Timothy have opinions?

I'd stick to Fedora guideline.

Alan

diff --git a/rhel/openvswitch-fedora.spec.in b/rhel/openvswitch-fedora.spec.in
index 658eb206c..817e65baf 100644
--- a/rhel/openvswitch-fedora.spec.in
+++ b/rhel/openvswitch-fedora.spec.in
@@ -92,8 +92,7 @@  Requires: openssl hostname iproute module-init-tools
 #Upstream kernel commit 4f647e0a3c37b8d5086214128614a136064110c3
 #Requires: kernel >= 3.15.0-0
 
-Requires(post): /usr/bin/getent
-Requires(post): /usr/sbin/useradd
+Requires(pre): shadow-utils
 Requires(post): /usr/bin/sed
 %if %{with dpdk}
 Requires(post): /usr/sbin/usermod
@@ -384,17 +383,22 @@  rm -rf $RPM_BUILD_ROOT
     fi
 %endif
 
+%pre
+getent group openvswitch >/dev/null || groupadd -r openvswitch
+getent passwd openvswitch >/dev/null || \
+    useradd -r -g openvswitch -d / -s /sbin/nologin \
+    -c "Open vSwitch Daemons" openvswitch
+
+%if %{with dpdk}
+    getent group hugetlbfs >/dev/null || groupadd hugetlbfs
+    usermod -a -G hugetlbfs openvswitch
+%endif
+
 %post
 if [ $1 -eq 1 ]; then
-    getent passwd openvswitch >/dev/null || \
-        useradd -r -d / -s /sbin/nologin -c "Open vSwitch Daemons" openvswitch
-
     sed -i 's:^#OVS_USER_ID=:OVS_USER_ID=:' /etc/sysconfig/openvswitch
 
 %if %{with dpdk}
-    getent group hugetlbfs >/dev/null || \
-        groupadd hugetlbfs
-    usermod -a -G hugetlbfs openvswitch
     sed -i \
         's@OVS_USER_ID="openvswitch:openvswitch"@OVS_USER_ID="openvswitch:hugetlbfs"@'\
         /etc/sysconfig/openvswitch

[ovs-dev,v2] rhel: user/group openvswitch does not exist

Commit Message

Comments

Patch