many: do not use nss when looking up for users/groups from snapd snap

build-aux/snap/snapcraft.yaml

@@ -95,9 +95,6 @@ parts:
       - squashfs-tools
       - xdelta3
       - zlib1g
-      # This is needed for using os/user on Ubuntu Core
-      # TODO: do not use os/user, but io.systemd.NameServiceSwitch through dbus
-      - libnss-extrausers
     stage:
       - -usr/lib/$CRAFT_ARCH_TRIPLET_BUILD_FOR/ld*.so*
       - -lib32
@@ -108,9 +105,9 @@ parts:
       - -usr/share/man
       - -usr/share/lintian
       - -usr/share/lintian/**
+      - -usr/lib/$CRAFT_ARCH_TRIPLET_BUILD_FOR/libnss_*.so.2
     override-build: |
       craftctl default
-      mv "${CRAFT_PART_INSTALL}/usr/lib/libnss_extrausers.so.2" "${CRAFT_PART_INSTALL}/usr/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}/"
       cp -rT "${CRAFT_PART_INSTALL}/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}" "${CRAFT_PART_INSTALL}/usr/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}"
       rm -rf "${CRAFT_PART_INSTALL}/lib/${CRAFT_ARCH_TRIPLET_BUILD_FOR}"
       find "${CRAFT_PART_INSTALL}/usr/share/doc" \( -not -type d -not -name "copyright" -delete \) -o \( -type d -empty -delete \)
@@ -274,6 +271,7 @@ parts:
             esac
             ;;
         esac
+        TAGS+=(snap osusergo)
 
         output="${CRAFT_PART_INSTALL}/usr/${cmd}"
         go build -mod=vendor -tags "${TAGS[*]}" "${GO_LD_FLAGS[@]}" ${EXTRA_GO_FLAGS-} -o "${output}" "github.com/snapcore/snapd/cmd/$(basename ${cmd})"

client/apps.go

@@ -27,11 +27,11 @@ import (
 	"errors"
 	"fmt"
 	"net/url"
-	"os/user"
 	"strconv"
 	"strings"
 	"time"
 
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/snap"
 )
 

client/apps_test.go

@@ -22,13 +22,13 @@ package client_test
 import (
 	"encoding/json"
 	"fmt"
-	"os/user"
 	"strconv"
 	"strings"
 
 	"gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/client"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 func mksvc(snap, app string) *client.AppInfo {

client/login.go

@@ -24,11 +24,11 @@ import (
 	"encoding/json"
 	"fmt"
 	"os"
-	"os/user"
 	"path/filepath"
 
 	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/osutil/sys"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 // User holds logged in user information.

cmd/snap/cmd_routine_file_access_test.go

@@ -23,14 +23,14 @@ import (
 	"fmt"
 	"net/http"
 	"net/url"
-	"os/user"
 	"path/filepath"
 	"strings"
 
 	. "gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/client"
 	snap "github.com/snapcore/snapd/cmd/snap"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 type SnapRoutineFileAccessSuite struct {

cmd/snap/cmd_run.go

@@ -29,7 +29,6 @@ import (
 	"net"
 	"os"
 	"os/exec"
-	"os/user"
 	"path/filepath"
 	"regexp"
 	"strconv"
@@ -49,6 +48,7 @@ import (
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/osutil/strace"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/sandbox/cgroup"
 	"github.com/snapcore/snapd/sandbox/selinux"
 	"github.com/snapcore/snapd/snap"

cmd/snap/cmd_run_test.go

@@ -26,7 +26,6 @@ import (
 	"fmt"
 	"net/http"
 	"os"
-	"os/user"
 	"path/filepath"
 	"strings"
 	"time"
@@ -43,6 +42,7 @@ import (
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
 	"github.com/snapcore/snapd/osutil/strace"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/progress"
 	"github.com/snapcore/snapd/progress/progresstest"
 	"github.com/snapcore/snapd/sandbox/cgroup"

cmd/snap/cmd_userd_test.go

@@ -25,7 +25,6 @@ import (
 	"net"
 	"net/http"
 	"os"
-	"os/user"
 	"path"
 	"path/filepath"
 	"strings"
@@ -38,6 +37,7 @@ import (
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/testutil"
 	"github.com/snapcore/snapd/usersession/autostart"
 )

cmd/snap/error.go

@@ -25,7 +25,6 @@ import (
 	"fmt"
 	"go/doc"
 	"os"
-	"os/user"
 	"strings"
 	"text/tabwriter"
 
@@ -35,6 +34,7 @@ import (
 	"github.com/snapcore/snapd/i18n"
 	"github.com/snapcore/snapd/logger"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/snap/channel"
 	"github.com/snapcore/snapd/strutil"
 )

cmd/snap/export_test.go

@@ -22,7 +22,6 @@ package main
 import (
 	"context"
 	"os"
-	"os/user"
 	"time"
 
 	"github.com/jessevdk/go-flags"
@@ -31,6 +30,7 @@ import (
 	"github.com/snapcore/snapd/cmd/snaplock/runinhibit"
 	"github.com/snapcore/snapd/image"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/sandbox/cgroup"
 	"github.com/snapcore/snapd/sandbox/selinux"
 	"github.com/snapcore/snapd/seed/seedwriter"

daemon/api_apps.go

@@ -24,12 +24,12 @@ import (
 	"fmt"
 	"io"
 	"net/http"
-	"os/user"
 	"sort"
 	"strconv"
 	"strings"
 
 	"github.com/snapcore/snapd/client/clientutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/auth"
 	"github.com/snapcore/snapd/overlord/servicestate"
 	"github.com/snapcore/snapd/overlord/state"

daemon/api_apps_test.go

@@ -29,7 +29,6 @@ import (
 	"math"
 	"net/http"
 	"net/http/httptest"
-	"os/user"
 	"sort"
 	"strconv"
 	"strings"
@@ -38,6 +37,7 @@ import (
 
 	"github.com/snapcore/snapd/client"
 	"github.com/snapcore/snapd/daemon"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/hookstate"
 	"github.com/snapcore/snapd/overlord/servicestate"
 	"github.com/snapcore/snapd/overlord/snapstate"

daemon/api_base_test.go

@@ -26,7 +26,6 @@ import (
 	"io/ioutil"
 	"net/http"
 	"os"
-	"os/user"
 	"path/filepath"
 	"time"
 
@@ -41,6 +40,7 @@ import (
 	"github.com/snapcore/snapd/daemon"
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord"
 	"github.com/snapcore/snapd/overlord/assertstate"
 	"github.com/snapcore/snapd/overlord/assertstate/assertstatetest"

daemon/api_users_test.go

@@ -23,7 +23,6 @@ import (
 	"bytes"
 	"fmt"
 	"net/http"
-	"os/user"
 	"time"
 
 	"gopkg.in/check.v1"
@@ -32,6 +31,7 @@ import (
 	"github.com/snapcore/snapd/asserts/assertstest"
 	"github.com/snapcore/snapd/client"
 	"github.com/snapcore/snapd/daemon"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/assertstate/assertstatetest"
 	"github.com/snapcore/snapd/overlord/auth"
 	"github.com/snapcore/snapd/overlord/configstate/config"

daemon/export_api_apps_test.go

@@ -20,8 +20,7 @@
 package daemon
 
 import (
-	"os/user"
-
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord/hookstate"
 	"github.com/snapcore/snapd/overlord/servicestate"
 	"github.com/snapcore/snapd/overlord/state"

daemon/export_test.go

@@ -22,13 +22,13 @@ package daemon
 import (
 	"context"
 	"net/http"
-	"os/user"
 	"time"
 
 	"github.com/gorilla/mux"
 
 	"github.com/snapcore/snapd/asserts/snapasserts"
 	"github.com/snapcore/snapd/boot"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/overlord"
 	"github.com/snapcore/snapd/overlord/assertstate"
 	"github.com/snapcore/snapd/overlord/restart"

desktop/portal/document.go

@@ -21,13 +21,13 @@ package portal
 
 import (
 	"fmt"
-	"os/user"
 	"path/filepath"
 	"strings"
 
 	"github.com/snapcore/snapd/dbusutil"
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/i18n"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 const (

desktop/portal/document_test.go

@@ -22,12 +22,12 @@ package portal_test
 import (
 	"errors"
 	"os"
-	"os/user"
 	"path/filepath"
 
 	"github.com/godbus/dbus"
 	. "gopkg.in/check.v1"
 
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/desktop/portal"
 	"github.com/snapcore/snapd/testutil"
 )

desktop/portal/export_test.go

@@ -20,10 +20,10 @@
 package portal
 
 import (
-	"os/user"
 	"time"
 
 	"github.com/snapcore/snapd/dirs"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 const (

osutil/export_test.go

@@ -25,11 +25,11 @@ import (
 	"io/ioutil"
 	"os"
 	"os/exec"
-	"os/user"
 	"syscall"
 	"time"
 
 	"github.com/snapcore/snapd/osutil/sys"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/strutil"
 	"github.com/snapcore/snapd/testutil"
 )

osutil/group.go

@@ -22,8 +22,9 @@ package osutil
 import (
 	"bytes"
 	"fmt"
-	"os/user"
 	"strconv"
+
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 // FindUid returns the identifier of the given UNIX user name. It will

osutil/group_test.go

@@ -21,11 +21,11 @@ package osutil_test
 
 import (
 	"fmt"
-	"os/user"
 
 	"gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/testutil"
 )
 

osutil/strace/strace.go

@@ -22,12 +22,12 @@ package strace
 import (
 	"fmt"
 	"os/exec"
-	"os/user"
 	"path/filepath"
 	"runtime"
 
 	"github.com/snapcore/snapd/dirs"
 	"github.com/snapcore/snapd/osutil"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 // These syscalls are excluded because they make strace hang on all or

osutil/strace/strace_test.go

@@ -21,13 +21,13 @@ package strace_test
 
 import (
 	"os"
-	"os/user"
 	"path/filepath"
 	"testing"
 
 	. "gopkg.in/check.v1"
 
 	"github.com/snapcore/snapd/dirs"
+	"github.com/snapcore/snapd/osutil/user"
 	"github.com/snapcore/snapd/osutil/strace"
 	"github.com/snapcore/snapd/testutil"
 )

osutil/user.go

@@ -23,14 +23,14 @@ import (
 	"fmt"
 	"os"
 	"os/exec"
-	"os/user"
 	"path/filepath"
 	"regexp"
 	"strconv"
 	"strings"
 	"syscall"
 
 	"github.com/snapcore/snapd/osutil/sys"
+	"github.com/snapcore/snapd/osutil/user"
 )
 
 var (