[libvirt] [PATCH] libvirt.spec.in: soft-static allocation of qemu and kvm groups
Follow the same logic for adding qemu user also for kvm and qemu groups. As is described in https://fedoraproject.org/wiki/Packaging:UsersAndGroups document there should be preallocated UIDs and GIDs for libvirt. A check for required group id was added prior groupadd execution. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351792 --- libvirt.spec.in | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 2b98836..3dc3193 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1464,8 +1464,20 @@ fi # We want soft static allocation of well-known ids, as disk images # are commonly shared across NFS mounts by id rather than name; see # https://fedoraproject.org/wiki/Packaging:UsersAndGroups -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu +if ! getent group kvm >/dev/null; then + if ! getent group 36 >/dev/null; then + groupadd -f -g 36 -r kvm + else + groupadd -f -r kvm + fi +fi +if ! getent group qemu >/dev/null; then + if ! getent group 107 >/dev/null; then + groupadd -f -g 107 -r qemu + else + groupadd -f -r qemu + fi +fi if ! getent passwd qemu >/dev/null; then if ! getent passwd 107 >/dev/null; then useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu -- 1.8.3.1
On Thu, 2016-07-07 at 17:41 +0200, Jaroslav Suchanek wrote:
Follow the same logic for adding qemu user also for kvm and qemu groups. As is described in https://fedoraproject.org/wiki/Packaging:UsersAndGroups document there should be preallocated UIDs and GIDs for libvirt. A check for required group id was added prior groupadd execution. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351792 --- libvirt.spec.in | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 2b98836..3dc3193 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1464,8 +1464,20 @@ fi # We want soft static allocation of well-known ids, as disk images # are commonly shared across NFS mounts by id rather than name; see # https://fedoraproject.org/wiki/Packaging:UsersAndGroups -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu +if ! getent group kvm >/dev/null; then + if ! getent group 36 >/dev/null; then + groupadd -f -g 36 -r kvm + else + groupadd -f -r kvm + fi +fi +if ! getent group qemu >/dev/null; then + if ! getent group 107 >/dev/null; then + groupadd -f -g 107 -r qemu + else + groupadd -f -r qemu + fi +fi if ! getent passwd qemu >/dev/null; then if ! getent passwd 107 >/dev/null; then useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
There's no need to do that, as groupadd's -f flag already does what you want in this situation: When used with -g, and the specified GID already exists, another (unique) GID is chosen The commit that fixed the allocation issue is commit a2584d58f6f7d941b960f996c8e26df8294b79b9 Author: Eric Blake <eblake@redhat.com> Date: Wed May 1 14:28:43 2013 -0600 spec: proper soft static allocation of qemu uid https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a problem that occurs if uid 107 is already in use at the time libvirt is first installed. In response that problem, Fedora packaging guidelines were recently updated. This fixes the spec file to comply with the new guidelines: https://fedoraproject.org/wiki/Packaging:UsersAndGroups * libvirt.spec.in (daemon): Follow updated Fedora guidelines. Signed-off-by: Eric Blake <eblake@redhat.com> v1.0.5-35-ga2584d5 which has been backported to the v0.10.2-maint branch as well. So downstream just need to pick up that commit :) NACK -- Andrea Bolognani / Red Hat / Virtualization
On Fri, Jul 08, 2016 at 07:08:05PM +0200, Andrea Bolognani wrote:
On Thu, 2016-07-07 at 17:41 +0200, Jaroslav Suchanek wrote:
Follow the same logic for adding qemu user also for kvm and qemu groups. As is described in https://fedoraproject.org/wiki/Packaging:UsersAndGroups document there should be preallocated UIDs and GIDs for libvirt. A check for required group id was added prior groupadd execution. Resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1351792 --- libvirt.spec.in | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/libvirt.spec.in b/libvirt.spec.in index 2b98836..3dc3193 100644 --- a/libvirt.spec.in +++ b/libvirt.spec.in @@ -1464,8 +1464,20 @@ fi # We want soft static allocation of well-known ids, as disk images # are commonly shared across NFS mounts by id rather than name; see # https://fedoraproject.org/wiki/Packaging:UsersAndGroups -getent group kvm >/dev/null || groupadd -f -g 36 -r kvm -getent group qemu >/dev/null || groupadd -f -g 107 -r qemu +if ! getent group kvm >/dev/null; then + if ! getent group 36 >/dev/null; then + groupadd -f -g 36 -r kvm + else + groupadd -f -r kvm + fi +fi +if ! getent group qemu >/dev/null; then + if ! getent group 107 >/dev/null; then + groupadd -f -g 107 -r qemu + else + groupadd -f -r qemu + fi +fi if ! getent passwd qemu >/dev/null; then if ! getent passwd 107 >/dev/null; then useradd -r -u 107 -g qemu -G kvm -d / -s /sbin/nologin -c "qemu user" qemu
There's no need to do that, as groupadd's -f flag already does what you want in this situation:
When used with -g, and the specified GID already exists, another (unique) GID is chosen
The commit that fixed the allocation issue is
commit a2584d58f6f7d941b960f996c8e26df8294b79b9 Author: Eric Blake <eblake@redhat.com> Date: Wed May 1 14:28:43 2013 -0600
spec: proper soft static allocation of qemu uid
https://bugzilla.redhat.com/show_bug.cgi?id=924501 tracks a problem that occurs if uid 107 is already in use at the time libvirt is first installed. In response that problem, Fedora packaging guidelines were recently updated. This fixes the spec file to comply with the new guidelines: https://fedoraproject.org/wiki/Packaging:UsersAndGroups
* libvirt.spec.in (daemon): Follow updated Fedora guidelines.
Signed-off-by: Eric Blake <eblake@redhat.com>
v1.0.5-35-ga2584d5
which has been backported to the v0.10.2-maint branch as well. So downstream just need to pick up that commit :)
NACK
Argh, my bad. Thanks Andrea for your precise review... ;) J.
participants (2)
-
Andrea Bolognani -
Jaroslav Suchanek