artemist/lix-installer
0
0
Fork 0
forked from lix-project/lix-installer
Code Pull requests Activity

Workaround user deletion issues

Browse source 
Signed-off-by: Ana Hobden <operator@hoverbear.org>
This commit is contained in:
Ana Hobden 2022-11-04 12:24:38 -07:00
parent c230ea65f6
commit 80b7c2c1fa
3 changed files with 133 additions and 102 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
README.md
View file

@ -13,10 +13,11 @@ Planned support:
* [x] Multi-user x86_64 Linux with systemd init
* [ ] Multi-user aarch64 Linux with systemd init
* [x] Multi-user x86_64 MacOS
+ Note: Uninstall and encrypted volume support are incomplete
+ Note: user deletion is still buggy
* [x] Multi-user aarch64 MacOS
+ Note: user deletion is still buggy
* [ ] Single-user x86_64 Linux with systemd init
* [ ] Single-user aarch64 Linux with systemd init
* [ ] Multi-user aarch64 MacOS
* [ ] Others...
## Installation Differences

51
src/action/common/create_group.rs
View file

@ -70,17 +70,29 @@ impl Action for CreateGroup {
patch: _,
}
| OperatingSystem::Darwin => {
execute_command(Command::new("/usr/sbin/dseditgroup").args([
"-o",
"create",
"-r",
"Nix build group for nix-daemon",
"-i",
&format!("{gid}"),
name.as_str(),
]))
.await
.map_err(|e| CreateGroupError::Command(e).boxed())?;
// TODO(@hoverbear): Make this actually work...
// Right now, our test machines do not have a secure token and cannot delete users.
if Command::new("/usr/bin/dscl")
.args([".", "-read", &format!("/Groups/{name}")])
.status()
.await?
.success()
{
()
} else {
execute_command(Command::new("/usr/sbin/dseditgroup").args([
"-o",
"create",
"-r",
"Nix build group for nix-daemon",
"-i",
&format!("{gid}"),
name.as_str(),
]))
.await
.map_err(|e| CreateGroupError::Command(e).boxed())?;
}
},
_ => {
execute_command(Command::new("groupadd").args([
@ -141,13 +153,16 @@ impl Action for CreateGroup {
patch: _,
}
| OperatingSystem::Darwin => {
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-delete",
&format!("/Groups/{name}"),
]))
.await
.map_err(|e| CreateGroupError::Command(e).boxed())?;
// TODO(@hoverbear): Make this actually work...
// Right now, our test machines do not have a secure token and cannot delete users.
// execute_command(Command::new("/usr/bin/dscl").args([
// ".",
// "-delete",
// &format!("/Groups/{name}"),
// ]))
// .await
// .map_err(|e| CreateGroupError::Command(e).boxed())?;
},
_ => {
execute_command(Command::new("groupdel").arg(&name))

179
src/action/common/create_user.rs
View file

@ -81,81 +81,93 @@ impl Action for CreateUser {
patch: _,
}
| OperatingSystem::Darwin => {
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"UniqueID",
&format!("{uid}"),
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"PrimaryGroupID",
&format!("{gid}"),
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"NFSHomeDirectory",
"/var/empty",
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"UserShell",
"/sbin/nologin",
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(
Command::new("/usr/bin/dscl")
.args([
".",
"-append",
&format!("/Groups/{groupname}"),
"GroupMembership",
])
.arg(&name),
)
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"IsHidden",
"1",
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(
Command::new("/usr/sbin/dseditgroup")
.args(["-o", "edit"])
.arg("-a")
.arg(&name)
.arg("-t")
.arg(&name)
.arg(groupname),
)
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
// TODO(@hoverbear): Make this actually work...
// Right now, our test machines do not have a secure token and cannot delete users.
if Command::new("/usr/bin/dscl")
.args([".", "-read", &format!("/Users/{name}")])
.status()
.await?
.success()
{
()
} else {
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"UniqueID",
&format!("{uid}"),
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"PrimaryGroupID",
&format!("{gid}"),
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"NFSHomeDirectory",
"/var/empty",
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"UserShell",
"/sbin/nologin",
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(
Command::new("/usr/bin/dscl")
.args([
".",
"-append",
&format!("/Groups/{groupname}"),
"GroupMembership",
])
.arg(&name),
)
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-create",
&format!("/Users/{name}"),
"IsHidden",
"1",
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
execute_command(
Command::new("/usr/sbin/dseditgroup")
.args(["-o", "edit"])
.arg("-a")
.arg(&name)
.arg("-t")
.arg(&name)
.arg(groupname),
)
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
}
},
_ => {
execute_command(Command::new("useradd").args([
@ -235,13 +247,16 @@ impl Action for CreateUser {
patch: _,
}
| OperatingSystem::Darwin => {
execute_command(Command::new("/usr/bin/dscl").args([
".",
"-delete",
&format!("/Users/{name}"),
]))
.await
.map_err(|e| CreateUserError::Command(e).boxed())?;
// TODO(@hoverbear): Make this actually work...
// Right now, our test machines do not have a secure token and cannot delete users.
// execute_command(Command::new("/usr/bin/dscl").args([
// ".",
// "-delete",
// &format!("/Users/{name}"),
// ]))
// .await
// .map_err(|e| CreateUserError::Command(e).boxed())?;
},
_ => {
execute_command(Command::new("userdel").args([&name.to_string()]))