I've re-directed replies to tech-pkg in hopes this issue can be
discussed (again) there.  It probably doesn't make sense to discuss it
to the depth required in netbsd-bugs, and especially not through the
GNATS database alone.

[ On Sunday, May 26, 2002 at 12:02:28 (-0600), jbernard@mines.edu wrote: ]
> Subject: pkg/17049: pkg system modifies password database on its own
>
> 	I must object most strenuously to this practice.  The installation
> 	of a package should never alter the operational configuration of
> 	the system.  That should be left up to the system administrator.

I can't say I disagree with you!  ;-)  Quite the contrary!  ;-)

> 	The installation didn't even notify me that it had made the addition.
> 	(Examination of the "fine print" in the build log reveals some output
> 	from useradd, but it's buried amid the forest of other messages.)

Hmmm.... yes, I was wondering about that, but hadn't got around to
testing it.  So far I've made sure I out-smart those things by ensuring
all the prerequisite users and groups exist before I build a package.

> 	Nor did it give me the opportunity to choose the userid of the user
> 	it wanted to add.

This is the part that _REALLY_ bothers me the most.  I've made some
hacks to a couple of packages to allow these ID#s to be set explicitly
by the person building the package, but in some cases they need to be
selected at install time, not build time.  My current hacks are very
poor approximations of what should be done.

The only really good thing about mk/bsd.pkg.install.mk is that it
collects a bunch of very similar stuff from a group of packages and
encodes it in a common way that all those packages can share, thus
reducing the maintenance overhead of changing these mechanisms (again).

Once upon a time I made a number of attempts to suggest that the
REQ[UIRE](*) scripts should be used to in part implement package user-id
management.  Indeed in my own copy of pkgsrc I've even gone to the
length of correcting the default name of these scripts so that it's at
least a complete word (like INSTALL), and similarly I've fixed a couple
other related hooks in the system.  I would have gone further if doing
so would not have required major maintenance overhead on my part.....

Unfortunately it seems, at least to me, that the current pkgsrc
maintainers view REQUIRE scripts as more of an eyesore than the valuable
asset they could be.

Even worse there's apparently a general lack of understanding about the
difference between pkgsrc actions and pkg_add actions, even amongst
pkgsrc maintainers.  I continually see new packages checked into the
repository which fail to properly separate these actions in a way
conducive to the correct and complete operation of binary packages.
Even the FreeBSD "ports" maintainers, who presumably have slightly more
experience with such things, make many similar mistakes.  Part of this
is probably due to the fact that the INSTALL (and REQ[UIRE]) scripts are
not run automatically as part of "make install".  However even doing so
wouldn't stop naive developers from writing actions into their Makefile
"pre-install" and "install" targets which really need to be done on
every install on every machine (i.e in the INSTALL script for binary
packages).


Except for the few exceptions where a user or group ID must be created
prior to the start of the package build (and most of those cases, at
least the ones I know of, are bogus and should be patched to do run-time
queries), ID# assignment can be left until install time if the package
machinery is designed correctly.

So, For all those packages which desire to use their own user and/or
group IDs, I think what you've said about the responsibilities and
duties of the package management system vs. the systems manager is spot
on.

So, what should we do?  I would argue, once again, that pkgsrc should
make use of REQUIRE scripts to test the target system for the presence
of necessary prequisites that fall outside the basic feature tests
provided for in pkg_add itself (i.e. dependency checking, etc.).  Such
scripts could then issue a message recommending a given set of commands
to be run to correct the system state such that it will suffice for
installation to continue (eg. "useradd" commands to add users, etc.).

Anyway time to go watch Detective Frost.....  Let me know what you think
so far!  :-)


(*) Regarding REQUIRE scripts, paraphrased from the FreeBSD docs:

   If your package needs to determine if it should install or not, you
   should write a REQ[UIRE] ``requirements'' script.  It will be invoked
   automatically at installation/deinstallation time by "pkg_add" to
   determine whether or not installation/deinstallation should proceed.
                                                                                
   The script will be run at installation time by "pkg_add" as follows:

	REQ[UIRE] ${PKGNAME} INSTALL

   At deinstallation time it will be run by "pkg_delete" as follows:

	REQ[UIRE] ${PKGNAME} DEINSTALL.

   The REQUIRE script should not change anything on the system.  It
   should simply gather the information it needs and then make its
   decision based on what it sees.

-- 
								Greg A. Woods

+1 416 218-0098;  <gwoods@acm.org>;  <g.a.woods@ieee.org>;  <woods@robohack.ca>
Planix, Inc. <woods@planix.com>; VE3TCP; Secrets of the Weird <woods@weird.com>