Differential D42719
Mk/Scripts/do-users-groups.sh: Make users and groups creation fail-fast Authored by michaelo on Nov 22 2023, 11:34 AM. Tags None Referenced Files
Details Fail fast when pw(8) fails to create a user or a group. Especially when it is Also trim/cleanup message endings. PR: 267384
Diff Detail
Event TimelineComment Actions I'd say yes. I will fail immediately (fail-fast) when a command exits with non-zero. That's the point. Better be fail than be sorry. My initial problem was a bad NIS setup which I cannot fix at the moment, but the currect create script did not fail, thus left me with a halfbroken installation. I prefer no installation instead of a broken one. I think this should also be on 14 and 13 since it will improve realibility and will affect only a few users. Comment Actions I meant, does this have any consequences on existing flow in case without fail? If not, then LGTM.
Comment Actions I lean towrads @rene's solution
Comment Actions Rebased and tested again with poudriere-built packages: root@132-release-amd64-default-head:/usr/ports/devel/git # grep 964 /etc/passwd /etc/group /etc/passwd:foo:*:964:964:foo daemon:/nonexistent:/usr/sbin/nologin /etc/group:foo:*:964: Before: root@132-release-amd64-default-head:/tmp/pkgs # pkg add git-2.44.0.pkg [132-release-amd64-default-head] Installing git-2.44.0... ===> Creating groups Creating group 'git_daemon' with gid '964' pw: gid `964' has already been allocated ===> Creating users Creating user 'git_daemon' with uid '964' pw: uid `964' has already been allocated pkg: PRE-INSTALL script failed After: root@132-release-amd64-default-head:/tmp/pkgs # pkg add git-2.44.0.pkg [132-release-amd64-default-head] Installing git-2.44.0... ===> Creating groups Creating group 'git_daemon' with gid '964' pw: gid `964' has already been allocated pkg: PRE-INSTALL script failed with: $ ypcat passwd | grep 964 krenek_k:XXX:964:121:krenek,,,:/net/home/krenek_k:/bin/sh.user Comment Actions Tried || exit $? locally, same result: [132-release-amd64-default-head] Installing git-2.44.0... ===> Creating groups Creating group 'git_daemon' with gid '964' pw: gid `964' has already been allocated pkg: PRE-INSTALL script failed Failed to install the following 1 package(s): git-2.44.0.pkg patch diff --git a/Mk/Scripts/do-users-groups.sh b/Mk/Scripts/do-users-groups.sh index eb5e43681e45..fdaad401de72 100644 --- a/Mk/Scripts/do-users-groups.sh +++ b/Mk/Scripts/do-users-groups.sh @@ -49,2 +48,0 @@ cp -f "${dp_UG_INSTALL}" "${dp_UG_DEINSTALL}" -echo "set -e" >> "${dp_UG_INSTALL}" - @@ -81 +79 @@ if [ -n "${GROUPS}" ]; then - \${PW} groupadd $group -g $gid + \${PW} groupadd $group -g $gid || exit \$? @@ -134 +132 @@ if [ -n "${USERS}" ]; then - \${PW} useradd $login -u $uid -g $gid $class -c "$gecos" -d $homedir -s $shell + \${PW} useradd $login -u $uid -g $gid $class -c "$gecos" -d $homedir -s $shell || exit \$? @@ -190 +188 @@ if [ -n "${GROUPS}" ]; then - \${PW} groupmod ${group} -m ${login} + \${PW} groupmod ${group} -m ${login} || exit \$? Which one do you prefer? Comment Actions @michaelo, thanks for sticking with this review. My preference is still to go with the || exit \$? with or without the set -e. Comment Actions @jrm I have not understood the motivation to avoid set -e. My standard is to "set -eu" to trap maintainer oversights, which happen quickly. And possibly even "set -o pipefail" if I know the shell supports it (if bash has been ensured some way). Comment Actions add one inline comment
Comment Actions @mandree, as I say in my earlier comments, I'm not against set -e. However, to solve the particular problem that Michael is trying to address, I feel an explicit check is warranted rather than simply relying on set -e. Also, when set -e has been set, there has been fallout, but as I said above, if @michaleo is prepared to deal with any potential fallout, then it's fine to *also* add set -e. Comment Actions To elaborate, I felt that specifically checking for the issue at hand is unlikely to introduce any new problems, but adding set -e, which, of course, affects the whole script is more likely. That said, since @michael is prepared to take on any new problems, I'm fine either way. Comment Actions As fallout only legit ones and not those ones I try to find/fix like ours here: assiging uids to humans < 1000. That is the reason why I have noticed and took upon this. Comment Actions Since I haven't had my hands on the script, nor am I volunteering to become its maintainer, I am not going to claim reponsibility for it. I think my stance is clear, "automatically fail everywhere" and handle those few expected errors, and let's remove @jilles's manpage addition (that scares users away from set -e in the sh(1) man page) because it's not substantiated. manpages aren't the place to scare people without giving reasons. We're early enough after a freshly forked quarterly release to clean up fallout over the next ten weeks, so... perhaps that fact makes your decision easier. Comment Actions So I merged now the explicit exits. We have two months until next quarterly for failures. As @mandree said, enough time. I will come up with a review for the manpage as well. | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||