tech-pkg: monotone-server package or what?

Subject: monotone-server package or what?
To: None <tech-pkg@NetBSD.org>
From: Julio M. Merino Vidal <jmmv@menta.net>
List: tech-pkg
Date: 01/12/2005 10:15:37
Hi all,

Setting up a dedicated Monotone server (see devel/monotone) is not
a complicated task, but requires a lot of steps and careful
thinking.  In order to make it "secure", one will want to run it as
an unprivileged user, with the right permissions on each file and
with an easy-to-use rc.d script.  (This last part is the most
important.)

So, yesterday evening, I started working on a package called
monotone-server that simplifies all this process.  All it does is
the following: create a user/group pair, install the rc.d script
and install a little shell script, monotone-server-init, that takes
care to initialize the local database properly by asking the user
some information.

Now, I see some problems with this approach:  first of all, because
the package does not match any real program, the "monotone-server"
name has a good chance to cause confusion to anyone looking at the
package.

Second because it seems to be stupidly limited.  On the one hand,
monotone-server-init is creating the user's home directory as a path
that was decided at build time (through a MONOTONE_HOME variable),
as we usually do for this kind of stuff (BUILD_DEFS).  Given that it
already has to create the user's home, it could be trivial to change
it to also use groupadd/useradd and ask the user for the necessary
data at _run time_, so that it'd not be limited to a hardcoded path
(plus maybe not a hardcoded user/group pair).

I think it might be a good idea to modify this package to not use
PKG_USERS nor PKG_GROUPS (creating the necessary stuff from the
-init script).  Plus, if I do this, the need for an extra package
does not exist (I created it to avoid the "client" monotone package
create a user/group pair when it's usually not needed), so I'd
simply put everything inside devel/monotone.  However, I don't think
there is prior art in pkgsrc to similar behavior so this'd look like
a quite "non-standard" procedure to get things working.

What do you think?

Thanks,

-- 
Julio M. Merino Vidal <jmmv@menta.net>
http://www.livejournal.com/users/jmmv/
The NetBSD Project - http://www.NetBSD.org/