WIP: Avoid using integer identifiers in install script #4346
Conversation
A common issue in multi-user installation is that a group with id 30000 and a user with 30001+ already exists. We don’t have either of these reserved so any other package could also use these values, causing conflicts. - We don’t need to know up front what UID or GID to use for Linux’s adduser. Leaving this blank will result in adduser finding an open id in SYS_UID_MIN, SYS_UID_MAX for uid and SYS_GID_MIN, SYS_GID_MAX for gid. In addition, --gid accepts the group name, no need for an integer. - For macOS’s dscl, we do need unique uids and gids up front. We can figure these out by finding the greatest [ug]id allocated & adding 1. Nothing else requires us to know what the id is. Nix doesn’t appear to have any requirements that identifiers be consecutive. Each nixbldN can be any value in UID_MIN, UID_MAX.
|
Some unknown subset of Big Sur versions might have complicated this. You can see more in #4531 and #4532, (and in #nix-darwin logs this past week) but TL;DR: it looks like we may need to stay between UID 200-400 on macOS, so it isn't sufficient to just start at the max current. I wrote a migration script for existing users which has at least at first swing at this (though it's probably a bit time-wasteful to use as-is |
|
I marked this as stale due to inactivity. → More info |
|
@matthewbauer What exactly was WIP about this? Were you waiting on review of the concept to finish? |
|
I think the main thing left was review and some kind of testing. I think CI has a pretty good test of the install script now? |
|
I am not too familiar with it, but yeah there is some sort of VM tests. |
|
There are at least 2 types:
|
|
With the testing situation pretty good, you interested in finishing this @matthewbauer? |
A common issue in multi-user installation is that a group with id
30000 or a user with 30001+ already exists. We don’t have either of
these reserved so any other package could also use these values,
causing conflicts.
We don’t need to know up front what UID or GID to use for Linux’s
adduser. Leaving this blank will result in adduser finding an open id
in SYS_UID_MIN, SYS_UID_MAX for uid and SYS_GID_MIN, SYS_GID_MAX for
gid. In addition, --gid accepts the group name, no need for an
integer.
For macOS’s dscl, we do need unique uids and gids up front. We can
figure these out by finding the greatest [ug]id allocated & adding 1.
Nothing else requires us to know what the id is.
Nix doesn’t appear to have any requirements that identifiers be
consecutive. Each nixbldN can be any value in UID_MIN, UID_MAX.