On 1/20/22 12:52, Vít Ondruch wrote:
I have naive question why these files are not static and in /usr.
I mean, I am pretty sure I won't run `authselect select --force` or
anything similar any time soon. So why the configuration is not static,
generated at build time, not having anything in /etc unless somebody
really wants to change something.
The files are not static at all, they are change with different kinds of
authselect calls:
- user wants to use different profile then default: authselect select
- enable/disable single feature: authselect enable/disable-feature
- apply changes when package is updated: authselect apply-changes
- apply changes when you modify your custom profile: authselect
apply-changes
They remembers how the current configuration looks like so we can check
if user modified nsswitch and PAM configuration on their own or not.
Vít
Dne 18. 01. 22 v 18:32 Ben Cotton napsal(a):
>
https://fedoraproject.org/wiki/Changes/Authselect_Move_State_Files_To_Etc
>
>
> == Summary ==
>
> Authselect will move several files that are currently stored at
> /var/lib/authselect to /etc/authselect/.state. This does not affect
> configuration backup, that will be kept at
> /var/lib/authselect/backups.
>
> The files that will be moved are:
> * /var/lib/authselect/dconf-db -> /etc/authselect/.state/dconf-db
> * /var/lib/authselect/dconf-locks /etc/authselect/.state/dconf-locks
> * /var/lib/authselect/fingerprint-auth
> /etc/authselect/.state/fingerprint-auth
> * /var/lib/authselect/nsswitch.conf /etc/authselect/.state/nsswitch.conf
> * /var/lib/authselect/password-auth /etc/authselect/.state/password-auth
> * /var/lib/authselect/postlogin /etc/authselect/.state/postlogin
> * /var/lib/authselect/smartcard-auth
> /etc/authselect/.state/smartcard-auth
> * /var/lib/authselect/system-auth /etc/authselect/.state/system-auth
>
> == Owner ==
> * Name: [[User:pbrezina| Pavel Březina]]
> * Email: pbrezina(a)redhat.com
>
>
> == Detailed Description ==
>
> These files are used by authselect to detect changes to the system
> nsswitch and PAM configurations when the configuration is updated with
> an updated profile using 'authselect apply-changes'. There are two
> reasons for the move:
>
> 1. The current location conflicts with ostree model where /var is not
> writable during rpm transaction and this currently blocks compose of
> ostree systems. [
https://bugzilla.redhat.com/show_bug.cgi?id=2034360
> BZ#2034360]
>
> 2. Removing these files would reduce authselect functionality, user
> would need to run 'authselect select --force' to restore it. Since
> /var should contain only files that can be safely removed, /etc is a
> better place for them.
>
> == Feedback ==
>
> This change is accepted by ostree system maintainers, see
> [
https://bugzilla.redhat.com/show_bug.cgi?id=2034360 BZ#2034360].
>
>
> == Benefit to Fedora ==
> This makes authselect more compatible with ostree model.
>
> == Scope ==
> * Proposal owners: Build authselect with
> --statedir=/etc/authselect/.state and move files from
> /var/lib/authselect to the new location. Spec file changes only.
>
> * Other developers: N/A (not needed for this Change)
> * Release engineering: [
https://pagure.io/releng/issue/10544 #10544]
> * Policies and guidelines: N/A (not needed for this Change)
> * Trademark approval: N/A (not needed for this Change)
> * Alignment with Objectives: N/A
>
>
> == Upgrade/compatibility impact ==
>
> No impact. Files will be moved automatically during update and
> everything will keep working as prior.
>
> == How To Test ==
>
> 1. Authselect keeps working as expected after the upgrade
>
> == User Experience ==
>
> This change is only under the hood, it does not affect user experience.
>
> == Dependencies ==
>
> No dependencies.
>
> == Contingency Plan ==
> * Contingency mechanism: N/A (not a System Wide Change)
> * Contingency deadline: N/A (not a System Wide Change)
> * Blocks release? N/A (not a System Wide Change)
>
> == Documentation ==
> N/A (not a System Wide Change)
>
> == Release Notes ==
>
> Authselect state files moved from /var/lib/authselect to
> /etc/authselect/.state.
>
>
_______________________________________________
devel mailing list -- devel(a)lists.fedoraproject.org
To unsubscribe send an email to devel-leave(a)lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines:
https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam on the list, report it:
https://pagure.io/fedora-infrastructure