Re: [PATCH 0/3] pseudo+image.bbclass: changes to avoid host contamination

[Peter Seebach <peter.seebach@windriver.com>]

On Sun, 12 Oct 2014 18:49:52 -0500
"Peter A. Bigot" <pab@pabigot.com> wrote:

> I believe OE should add --without-passwd-fallback to the pseudo 1.6.2
> configuration flags early in the 1.8 development cycle, to ensure there
> are no host contamination issues.  I can think of no reason why the
> build host passwd and group files should ever be considered suitable for
> use in determining target user/group characteristics.

I endorse this evaluation.

I've been thinking about this more, and I'd like to wave a thought at people:

I propose for consideration the idea that pseudo have a compile-time
hard-coded default answer to "what is uid 0" and "what is gid 0", and use
that instead of the "fallback path".

The rationale is basically: Yes, it's a special case. But it's *the* special
case. It's the special case that is the uid pseudo emulates by default, and
it's the only one that most packages ever need. If we do this, then the only
packages which need to depend on base-passwd are those which need to actually
use a *non-root* uid/gid. And every such package had better already have
a dependency either directly on the passwd stuff, or on some other package
which does.

I am pretty sure that this makes more sense than the default fallback to
host passwd/group. I might want to preserve the option of that fallback, but
make it a non-default.

Anyone have strong feelings on this? Thoughts I may not have thought through
yet? I don't know that I actually had a coherent reason in mind for the
original fallback behavior, and this analysis convinces me that falling back
to host uid/gid is probably wrong for many-to-most use cases.

I guess it might make sense for something more like a debian package build
where you really are targeting the host, but even then, I am not sure that the
default host fallback is a good idea.

-s
-- 
Listen, get this.  Nobody with a good compiler needs to be justified.