[pacman-dev] Breaking change in pacman from 5.0.1 -> 5.0.2 with regards to user account resolution

Eli Schwartz eschwartz93 at gmail.com
Tue Jun 20 21:03:23 UTC 2017 

On 06/20/2017 10:52 AM, Thomas Karlsson wrote:
> Hello!
> 
> I have several packages that install files that need to be owned by
> specific users on the target system. To achieve that I'm using the
> install command with the -o <username> and -g <group name> flags in
> the package() function. I'm not using a install script with a
> post_install() function.
> 
> Example of the relevant part of the package function
> 
> package() { install -m 600 -o username -g groupname the_file
> "$pkgdir"/some/path/to/the_file }
> 
> The package is built on a build server and then installed on a number
> of targets. This has worked fine up until I upgraded to 5.0.2
> 
> After upgrading pacman to 5.0.2 the file does not get the correct
> owner on the target system any more. It gets own by the user that has
> the UID that the user has on the build server which is not the same
> UID as the user has on the target.
> 
> To clarify. In my setup the UID of the user is different on the build
> server compared to the UID of the target system. Before this did not
> matter. The file got the correct ownership anyway. After 5.0.2 the
> file gets owned by whatever user account that has the UID and GID
> that the user has on the build server no matter what UID and GID the
> user has on the target system.
> 
> As far as I can tell this is probably the commit that changed the
> behavior 
> https://git.archlinux.org/pacman.git/commit/?h=release/5.0.x&id=908769b54002e104b90ab2b3e5ca8066affd4394
>
> 
> 
> Temporarily I have changed my PKGBUILD file to specify UID and GID
> that the target system has instead of the username and groupname on
> the install command but this seems fragile as it now requires that
> the UID/GID is the same on all target systems. Both existing and
> future.

This is eminently reasonable, since it is after all the recommended,
proper way to do things. It is also why we have
https://wiki.archlinux.org/index.php/DeveloperWiki:UID_/_GID_Database to
track standardized UID/GID numbers for packages in the official repos.

You can specify the desired UID/GID for a new system user in the
sysusers.d(5) snippet that originally created the user.

> Is this an unintended side effect of the commit referenced above, or
> is this the expected behavior?

Seems to me as though your workflow *was* the bug that this commit fixed. :)

-- 
Eli Schwartz

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <https://lists.archlinux.org/pipermail/pacman-dev/attachments/20170620/e51a72d5/attachment.asc>

More information about the pacman-dev mailing list