The system-accounts XBPS trigger originally used getent(1) to check for
existing users or groups before attempting to create those entities
defined by package templates. When invoked on an alternate root (for
example, with `xbps-install -r /path/to/root`), this is incorrect
because getent always looks for entries in host databases.
There is no need to check for existing accounts before attempting to
invoke useradd(8) or groupadd(8) because these programs will fail with a
specific error code when the creation conflicts with an existing entity.
The modified hook just attempts to create users and groups from the
start, detecting the "already exists" return code and doing the right
thing in that case (nothing further for groups, but modifying existing
user entities).
When the trigger acts on the system root, the useradd/groupadd/usermod
invocations are aware of remote NIS or LDAP directories and should
behave in these environments. In particular, the tools will not attempt
to create entities defined in remote directories.
In an alternate root, it isn't really appropriate to consider remote
directories, because there is no guarantee that the alternate root will
be using those directories. When the trigger acts on an alternate root,
it uses the `--prefix|-P` argument to useradd/groupadd/usermod, which
disregards NIS and LDAP and acts only on local files in the given
prefix. Most importantly, this ensures that the hook will not attempt to
create users or groups on the host when acting on an alternate root.
Closes: #24812
