summaryrefslogtreecommitdiff
path: root/eclass
diff options
context:
space:
mode:
authorMichał Górny <mgorny@gentoo.org>2022-10-19 15:33:22 +0200
committerMichał Górny <mgorny@gentoo.org>2022-10-19 15:34:22 +0200
commitd7c0f985fa817e7c48b1c1aadbe057afcca5c4ea (patch)
tree333ecb011c02f6a13132e80386bdf406560f6960 /eclass
parentacct-user.eclass: Revert "drop elockuser and eunlockuser" (diff)
downloadgentoo-d7c0f985fa817e7c48b1c1aadbe057afcca5c4ea.tar.gz
gentoo-d7c0f985fa817e7c48b1c1aadbe057afcca5c4ea.tar.bz2
gentoo-d7c0f985fa817e7c48b1c1aadbe057afcca5c4ea.zip
acct-user.eclass: Revert "inline useradd and usermod"
Reverts: 308c02b897fa7fba442441fd3a7da17ce07ec8ee Signed-off-by: Michał Górny <mgorny@gentoo.org>
Diffstat (limited to 'eclass')
-rw-r--r--eclass/acct-user.eclass113
1 files changed, 29 insertions, 84 deletions
diff --git a/eclass/acct-user.eclass b/eclass/acct-user.eclass
index a49279b542a1..6e7f6811a76f 100644
--- a/eclass/acct-user.eclass
+++ b/eclass/acct-user.eclass
@@ -48,7 +48,7 @@ case ${EAPI:-0} in
*) die "EAPI=${EAPI:-0} not supported";;
esac
-inherit user-info
+inherit user
[[ ${CATEGORY} == acct-user ]] ||
die "Ebuild error: this eclass can be used only in acct-user category!"
@@ -105,7 +105,7 @@ readonly ACCT_USER_NAME
# The shell to use for the user. If not specified, a 'nologin' variant
# for the system is used. This can be overriden in make.conf through
# ACCT_USER_<UPPERCASE_USERNAME>_SHELL variable.
-: ${ACCT_USER_SHELL:=/sbin/nologin}
+: ${ACCT_USER_SHELL:=-1}
# @ECLASS_VARIABLE: ACCT_USER_HOME
# @DESCRIPTION:
@@ -437,51 +437,27 @@ acct-user_src_install() {
acct-user_pkg_preinst() {
debug-print-function ${FUNCNAME} "${@}"
- if [[ ${EUID} -ne 0 ]]; then
- einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
- return
+ # check if user already exists
+ _ACCT_USER_ALREADY_EXISTS=
+ if [[ -n $(egetent passwd "${ACCT_USER_NAME}") ]]; then
+ _ACCT_USER_ALREADY_EXISTS=1
fi
+ readonly _ACCT_USER_ALREADY_EXISTS
- if egetent passwd "${ACCT_USER_NAME}" >/dev/null; then
- elog "User ${ACCT_USER_NAME} already exists"
- return
- fi
-
- local groups=( ${_ACCT_USER_GROUPS} )
- local aux_groups=${groups[*]:1}
- local opts=(
- --system
- --no-create-home
- --no-user-group
- --comment "${_ACCT_USER_COMMENT}"
- --home-dir "${_ACCT_USER_HOME}"
- --shell "${_ACCT_USER_SHELL}"
- --gid "${groups[0]}"
- --groups "${aux_groups// /,}"
- )
-
- if [[ ${_ACCT_USER_ID} -ne -1 ]] &&
- ! egetent passwd "${_ACCT_USER_ID}" >/dev/null; then
- opts+=( --uid "${_ACCT_USER_ID}" )
- fi
-
- if [[ -n ${ROOT} ]]; then
- opts+=( --prefix "${ROOT}" )
- fi
-
- elog "Adding user ${ACCT_USER_NAME}"
- useradd "${opts[@]}" "${ACCT_USER_NAME}" || die
- _ACCT_USER_ADDED=1
+ enewuser ${ACCT_USER_ENFORCE_ID:+-F} -M "${ACCT_USER_NAME}" \
+ "${_ACCT_USER_ID}" "${_ACCT_USER_SHELL}" "${_ACCT_USER_HOME}" \
+ "${_ACCT_USER_GROUPS// /,}"
if [[ ${_ACCT_USER_HOME} != /dev/null ]]; then
# default ownership to user:group
if [[ -z ${_ACCT_USER_HOME_OWNER} ]]; then
- if [[ -n ${ROOT} ]]; then
+ local group_array=( ${_ACCT_USER_GROUPS} )
+ if [[ -n "${ROOT}" ]]; then
local euid=$(egetent passwd ${ACCT_USER_NAME} | cut -d: -f3)
local egid=$(egetent passwd ${ACCT_USER_NAME} | cut -d: -f4)
_ACCT_USER_HOME_OWNER=${euid}:${egid}
else
- _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${groups[0]}
+ _ACCT_USER_HOME_OWNER=${ACCT_USER_NAME}:${group_array[0]}
fi
fi
# Path might be missing due to INSTALL_MASK, etc.
@@ -504,48 +480,26 @@ acct-user_pkg_preinst() {
acct-user_pkg_postinst() {
debug-print-function ${FUNCNAME} "${@}"
- if [[ -n ${_ACCT_USER_ADDED} ]]; then
- # We just added the user; no need to update it
- return
- fi
-
if [[ ${EUID} -ne 0 ]]; then
einfo "Insufficient privileges to execute ${FUNCNAME[0]}"
- return
+ return 0
fi
- if [[ -n ${ACCT_USER_NO_MODIFY} ]]; then
+ if [[ -n ${ACCT_USER_NO_MODIFY} && -n ${_ACCT_USER_ALREADY_EXISTS} ]]; then
+ eunlockuser "${ACCT_USER_NAME}"
+
ewarn "User ${ACCT_USER_NAME} already exists; Not touching existing user"
ewarn "due to set ACCT_USER_NO_MODIFY."
- return
- fi
-
- local groups=( ${_ACCT_USER_GROUPS} )
- local aux_groups=${groups[*]:1}
- local opts=(
- --comment "${_ACCT_USER_COMMENT}"
- --home "${_ACCT_USER_HOME}"
- --shell "${_ACCT_USER_SHELL}"
- --gid "${groups[0]}"
- --groups "${aux_groups// /,}"
- )
-
- if eislocked "${ACCT_USER_NAME}"; then
- opts+=( --expiredate "" --unlock )
- fi
-
- if [[ -n ${ROOT} ]]; then
- opts+=( --prefix "${ROOT}" )
+ return 0
fi
- elog "Updating user ${ACCT_USER_NAME}"
- if ! usermod "${opts[@]}" "${ACCT_USER_NAME}" 2>"${T}/usermod-error.log"; then
- # usermod outputs a warning if unlocking the account would result in an
- # empty password. Hide stderr in a text file and display it if usermod
- # fails.
- cat "${T}/usermod-error.log" >&2
- die
- fi
+ # NB: eset* functions check current value
+ esethome "${ACCT_USER_NAME}" "${_ACCT_USER_HOME}"
+ esetshell "${ACCT_USER_NAME}" "${_ACCT_USER_SHELL}"
+ esetgroups "${ACCT_USER_NAME}" "${_ACCT_USER_GROUPS// /,}"
+ # comment field can not contain colons
+ esetcomment "${ACCT_USER_NAME}" "${_ACCT_USER_COMMENT}"
+ eunlockuser "${ACCT_USER_NAME}"
}
# @FUNCTION: acct-user_pkg_prerm
@@ -579,19 +533,10 @@ acct-user_pkg_prerm() {
return
fi
- local opts=(
- --expiredate 1
- --lock
- --comment "$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)"
- --shell /sbin/nologin
- )
-
- if [[ -n ${ROOT} ]]; then
- opts+=( --prefix "${ROOT}" )
- fi
-
- elog "Locking user ${ACCT_USER_NAME}"
- usermod "${opts[@]}" "${ACCT_USER_NAME}" || die
+ esetshell "${ACCT_USER_NAME}" -1
+ esetcomment "${ACCT_USER_NAME}" \
+ "$(egetcomment "${ACCT_USER_NAME}"); user account removed @ $(date +%Y-%m-%d)"
+ elockuser "${ACCT_USER_NAME}"
}
fi