Bug 2246236 - add_sysuser macro doesn't handle 'm' or 'r' lines (or properly ignore comments)
Summary: add_sysuser macro doesn't handle 'm' or 'r' lines (or properly ignore comments)
Keywords:
Status: CLOSED RAWHIDE
Alias: None
Product: Fedora
Classification: Fedora
Component: rpm
Version: rawhide
Hardware: All
OS: Linux
unspecified
medium
Target Milestone: ---
Assignee: Panu Matilainen
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2023-10-25 22:35 UTC by Adam Williamson
Modified: 2023-11-13 09:29 UTC (History)
4 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2023-11-13 09:29:17 UTC
Type: Bug
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Github rpm-software-management rpm pull 2745 0 None open Bunch of sysusers.d handling fixes 2023-11-03 11:01:04 UTC

Description Adam Williamson 2023-10-25 22:35:11 UTC 
The add_sysuser macro in /usr/lib/rpm/macros does not handle 'm' or 'r' type lines from sysuser config files. These are valid types, defined as such in the sysusers.d manpage:

m    Add a user to a group. If the user or group do not exist yet, they will be implicitly created.

r    Add a range of numeric UIDs/GIDs to the pool to allocate new UIDs and GIDs from. If no line of this type is specified, the range of UIDs/GIDs is set to some compiled-in default. Note that both UIDs and GIDs are allocated from the same pool, in order to ensure that users and groups of the same name are likely to carry the same numeric UID and GID.

I don't know if the macro can do anything with r, but it seems it should at least handle g. At the very least it should not claim it's "invalid".

The macro also doesn't ignore comments - lines starting with # - which it probably should. It calls these lines "invalid" as well.

Putting it all together, when building openQA, which includes a sysusers file with this content:

# Type Name            ID     GECOS           [HOME]    Shell
u   _openqa-worker   -     "openQA worker" /var/lib/empty  /bin/bash
m   _openqa-worker  nogroup
m   _openqa-worker  kvm

I see these errors in the build messages:

error: lua script failed: [string "add_sysuser"]:16: invalid sysuser type: #
  3<        (%lua)
  2<      (%add_sysuser)
error: lua script failed: [string "add_sysuser"]:16: invalid sysuser type: m
  3<        (%lua)
  2<      (%add_sysuser)

they don't appear to be fatal, but it seems at least that the user might not be getting the correct groups.
Comment 1 Panu Matilainen 2023-10-26 10:52:42 UTC 
As per https://rpm-software-management.github.io/rpm/manual/users_and_groups.html, only u and g are supported at this time. I agree comments should be allowed though, and yeah for 'm' an "unsupported type" would be a better error.

Such issues would be much better filed rpm upstream though.
Comment 2 Panu Matilainen 2023-10-26 10:53:57 UTC 
The manual claims rpm "ignores others", clearly that's not what happens.
Comment 3 Panu Matilainen 2023-11-03 11:01:05 UTC 
Upstream fix-in-progress https://github.com/rpm-software-management/rpm/pull/2745
Comment 4 Panu Matilainen 2023-11-13 09:29:17 UTC 
These should be fixed in rpm-4.19.0-2.fc40, thanks for reporting!

Note that 'm' still isn't supported by rpm - those implicitly created users and groups are too implicit for rpm, it needs to know explicitly which package will create a user/group. It's not ideal but for now I don't have any better ideas.
Note You need to log in before you can comment on or make changes to this bug.