Skip to content

deb: use symlink to install systemd-sysusers #1196

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Draft
wants to merge 4 commits into
base: master
Choose a base branch
from
Draft

deb: use symlink to install systemd-sysusers #1196

wants to merge 4 commits into from

Conversation

thaJeztah
Copy link
Member

deb: use symlink to install systemd-sysusers

Using dh_installsysusers(1):

FILES

debian/package.sysusers
If the file exists, it will be installed as /usr/lib/sysusers.d/package.conf.

- How I did it

- How to verify it

- Description for the changelog

- A picture of a cute animal (not mandatory but encouraged)

@thaJeztah
Copy link
Member Author

With this PR, there's a (dangling) symlink added, similar to the existing ones;

ls -la deb/common/
total 80
drwx------  15 thajeztah  staff   480 May 20 13:51 ./
drwx------  21 thajeztah  staff   672 May 20 13:38 ../
-rw-r--r--   1 thajeztah  staff  4382 May 20 12:53 control
-rw-r--r--   1 thajeztah  staff    15 Jun 21  2023 docker-ce-cli.manpages
-rw-r--r--   1 thajeztah  staff    12 Dec 26 14:14 docker-ce.dirs
lrwxr-xr-x   1 thajeztah  staff    53 Dec 26 14:14 docker-ce.docker.default@ -> ../engine/contrib/init/sysvinit-debian/docker.default
lrwxr-xr-x   1 thajeztah  staff    45 Dec 26 14:14 docker-ce.docker.init@ -> ../engine/contrib/init/sysvinit-debian/docker
lrwxr-xr-x   1 thajeztah  staff    45 Dec 26 14:14 docker-ce.docker.service@ -> ../engine/contrib/init/systemd/docker.service
lrwxr-xr-x   1 thajeztah  staff    44 Dec 26 14:14 docker-ce.docker.socket@ -> ../engine/contrib/init/systemd/docker.socket
lrwxr-xr-x   1 thajeztah  staff    46 May 20 13:51 docker-ce.docker.sysusers@ -> ../engine/contrib/systemd-sysusers/docker.conf
-rw-r--r--   1 thajeztah  staff    46 Dec 26 14:14 docker-ce.maintscript
-rw-r--r--   1 thajeztah  staff    18 Apr  2 16:14 docker-ce.manpages
-rw-r--r--   1 thajeztah  staff    14 Jun 21  2023 docs
-rwxr-xr-x   1 thajeztah  staff  8864 May 20 13:51 rules*
drwxr-xr-x   3 thajeztah  staff    96 Dec 26 13:18 source/

Something isn't working with this, but perhaps I'm either using the wrong name for the symlink, or we need to invoke something else?

I tried to install the package in a container;

apt-get -y  update && apt-get -y install ca-certificates curl
install -m 0755 -d /etc/apt/keyrings
curl -fsSL https://download.docker.com/linux/debian/gpg -o /etc/apt/keyrings/docker.asc
chmod a+r /etc/apt/keyrings/docker.asc
echo   "deb [arch=$(dpkg --print-architecture) signed-by=/etc/apt/keyrings/docker.asc] https://download.docker.com/linux/debian $(. /etc/os-release && echo "$VERSION_CODENAME") stable" | tee /etc/apt/sources.list.d/docker.list > /dev/null
apt-get -y update
apt install ./docker-ce_0.0.0~20250520085713.af09051-1~debian.13~trixie_arm64.deb

After that, I don't see a file in /usr/lib/sysusers.d/

ls /usr/lib/sysusers.d/
basic.conf  dbus.conf  systemd-journal.conf  systemd-network.conf  systemd-timesync.conf

Also looked it it was perhaps installed in another location;

docker diff upbeat_euclid | grep sysusers
A /usr/share/man/man5/sysusers.d.5.gz
A /usr/share/man/man8/systemd-sysusers.8.gz
A /usr/share/man/man8/systemd-sysusers.service.8.gz
A /usr/bin/systemd-sysusers
A /usr/lib/sysusers.d
A /usr/lib/sysusers.d/basic.conf
A /usr/lib/sysusers.d/dbus.conf
A /usr/lib/sysusers.d/systemd-journal.conf
A /usr/lib/sysusers.d/systemd-network.conf
A /usr/lib/sysusers.d/systemd-timesync.conf
A /usr/lib/systemd/system/systemd-sysusers.service
A /usr/lib/systemd/system/sysinit.target.wants/systemd-sysusers.service

@thaJeztah
Copy link
Member Author

oh! We probably need something like these to set --name=docker!

docker-ce-packaging/deb/common/rules

Lines 136 to 142 in fc77027

override_dh_installinit:
# use "docker" as our service name, not "docker-ce"
dh_installinit --name=docker
override_dh_installsystemd:
# use "docker" as our service name, not "docker-ce"
dh_installsystemd --name=docker

thaJeztah
thaJeztah commented May 20, 2025
View reviewed changes
deb/common/rules
Comment on lines +144 to +147
override_dh_installsysusers:
# use "docker" as our service name, not "docker-ce"
dh_installsysusers --name=docker

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Tried adding this, but that also doesn't seem to do the trick 😞 😢

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I figured out what's missing -- it's not added to the sequence by default until debhelper 14 (which is still a dev version), but if you add dh-sequence-installsysusers to Build-Depends, it should inject it. I've implemented this successfully in my own packages in tianon/debian-moby#24 👍

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Thanks for digging!! We ultimately backed out the patch for now (I thought my patch worked, but turned out it didn't pick up the feature), but @p5 also started to try and fix it.

I think with this info, we have a path forward to bring it back in ❤️

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So in theory, this should be enough:

$ git --no-pager diff --staged --irreversible-delete
diff --git a/deb/common/control b/deb/common/control
index e2438b9..48b9561 100644
--- a/deb/common/control
+++ b/deb/common/control
@@ -6,8 +6,9 @@ Build-Depends: bash,
                bash-completion,
                ca-certificates,
                cmake,
+               debhelper-compat (= 13),
                dh-apparmor,
-               debhelper-compat (= 12),
+               dh-sequence-installsysusers,
                gcc,
                git,
                libc-dev,
diff --git a/deb/common/docker-ce.docker.sysusers b/deb/common/docker-ce.docker.sysusers
new file mode 120000
index 0000000..eddc903
--- /dev/null
+++ b/deb/common/docker-ce.docker.sysusers
@@ -0,0 +1 @@
+../engine/contrib/systemd-sysusers/docker.conf
\ No newline at end of file
diff --git a/deb/common/docker-ce.postinst b/deb/common/docker-ce.postinst
deleted file mode 100755
index eeef6ca..0000000
diff --git a/deb/common/rules b/deb/common/rules
index a25eae2..3fd39ae 100755
--- a/deb/common/rules
+++ b/deb/common/rules
@@ -141,6 +141,10 @@ override_dh_installsystemd:
 	# use "docker" as our service name, not "docker-ce"
 	dh_installsystemd --name=docker
 
+override_dh_installsysusers:
+	# use "docker" as our service name, not "docker-ce"
+	dh_installsysusers --name=docker
+
 override_dh_shlibdeps:
 	dh_shlibdeps --dpkg-shlibdeps-params=--ignore-missing-info

thaJeztah
thaJeztah commented May 20, 2025
View reviewed changes
deb/common/docker-ce.docker.sysusers Outdated
Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Also tried adding symlinks named docker.sysusers and docker-ce.sysusers, but that also didn't seem to have effect 😞

@thaJeztah
Copy link
Member Author

Ah! It's because we're still on 12??

docker-ce-packaging/deb/common/control

Line 10 in fc77027

debhelper-compat (= 12),

https://tracker.debian.org/media/packages/d/debhelper/changelog-13.3.4

debhelper (13.3) unstable; urgency=medium

...
  * dh_installsysusers: New tool to install and integrate sysusers
    into debian packaging.  Thanks to Michael Biebl and Moritz
    Muehlenhoff for feedback and initial testing.
    (Closes: #962384)

@thaJeztah
Copy link
Member Author

Doesn't look like adding debhelper-compat (= 13), helped either 😞

@thaJeztah thaJeztah force-pushed the carry_systemd_sysusers_symlink branch from ef8c5e1 to 9512eaa Compare May 21, 2025 08:46
@p5 @thaJeztah
feat: manage docker group with systemd-sysusers
8c5e99f 
Switches away from the groupadd postinstall commands to managing
the docker group with sysusers.

This is a declarative way to create and manage users, better suited
for the atomic distros such as Silverblue.

Signed-off-by: Robert Sturla <robertsturla@outlook.com>
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah mentioned this pull request May 21, 2025
Merged
thaJeztah added 3 commits May 21, 2025 10:49
@thaJeztah
deb: use symlink to install systemd-sysusers
e398015 
Using [dh_installsysusers(1)]:

> FILES
>
> debian/package.sysusers
> If the file exists, it will be installed as /usr/lib/sysusers.d/package.conf.

[dh_installsysusers(1)]: https://manpages.debian.org/bookworm/debhelper/dh_installsysusers.1.en.html

Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
try override_dh_installsysusers
c9145a6 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah
try debhelper-compat (= 13)
67e7922 
Signed-off-by: Sebastiaan van Stijn <github@gone.nl>
@thaJeztah thaJeztah force-pushed the carry_systemd_sysusers_symlink branch from 9512eaa to 67e7922 Compare May 21, 2025 08:50
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tianon tianon

At least 1 approving review is required to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@thaJeztah @tianon @p5