Created attachment 917437 [details]
[PATCH] 90-default.preset: Don't use systemd-sysusers yet
This already caused SELinux issues, which I fixed, but let's just do this all at once for F22 instead of having a halfway state for F21 where only systemd itself does it.
Hmm? sysusers is statically enabled, the preset stuff doesn't work for it...
Also, it is a noop unless people flush /etc out, or touch /usr manually...
it's designed to not break anything unless explicitly used...
I think sysusers was run because systemd 215 added new users/groups, but didn't update the spec file for them. For example, the systemd-journal-remote group.
Created attachment 920596 [details]
Don't use systemd-sysusers yet
New patch which uses the proper configure flag, and updates the spec files for new users.
What we have to decide here is whether it's worth having sysusers run for just systemd in F21 or not. I think it just makes things more confusing, and we should look at doing it for more RPMs for F22.
Is there a downside to delaying this until F22?
I applied a patch similar to attachment #920596 [details], to create the new users in the journal-remote-gateway package.
(In reply to Matthew Miller from comment #5)
> Is there a downside to delaying this until F22?
Why would we do that? Unless explicitly used (by adding a sysusers file without creating users in a packaging scriptlet), sysusers should almost have no effect (the only one I see is having /etc/.updated and /var/.updated files around). At this point, it is likely that we discovered (and fixed) bugs in the implementation, so keeping it around should be safe. Nobody is proposing to do a mass conversion to sysusers, but early adopters can play around with it.
I don't see how it differs from any other new technology which is opt-in.
So, are there any concrete concerns preventing leaving systemd-sysusers in F21?
(In reply to Zbigniew Jędrzejewski-Szmek from comment #6)
> So, are there any concrete concerns preventing leaving systemd-sysusers in
It creates a halfway state where sysusers is only kind of used. If systemd is later rebased and you forget to add the users to the spec file, then it'll come into play.
We can leave it on in rawhide, right?
So, sysusers is enabled in F21, but not used. Systemd package is now stabilizing, errors with sysusers seems to have been ironed out. We shouldn't be adding new functionality, which means we should not be adding new users too... It is fine to leave it on imho.