On Wed, Jan 19, 2022 at 10:19 AM Fabio Valentini <decathorpe(a)gmail.com> wrote:
On Tue, Jan 18, 2022 at 6:34 PM Ben Cotton <bcotton(a)redhat.com> wrote:
>
>
https://fedoraproject.org/wiki/Changes/Authselect_Move_State_Files_To_Etc
>
>
> == Summary ==
>
> Authselect will move several files that are currently stored at
> /var/lib/authselect to /etc/authselect/.state. This does not affect
> configuration backup, that will be kept at
> /var/lib/authselect/backups.
>
> The files that will be moved are:
> * /var/lib/authselect/dconf-db -> /etc/authselect/.state/dconf-db
> * /var/lib/authselect/dconf-locks /etc/authselect/.state/dconf-locks
> * /var/lib/authselect/fingerprint-auth /etc/authselect/.state/fingerprint-auth
> * /var/lib/authselect/nsswitch.conf /etc/authselect/.state/nsswitch.conf
> * /var/lib/authselect/password-auth /etc/authselect/.state/password-auth
> * /var/lib/authselect/postlogin /etc/authselect/.state/postlogin
> * /var/lib/authselect/smartcard-auth /etc/authselect/.state/smartcard-auth
> * /var/lib/authselect/system-auth /etc/authselect/.state/system-auth
>
> == Owner ==
> * Name: [[User:pbrezina| Pavel Březina]]
> * Email: pbrezina(a)redhat.com
>
>
> == Detailed Description ==
>
> These files are used by authselect to detect changes to the system
> nsswitch and PAM configurations when the configuration is updated with
> an updated profile using 'authselect apply-changes'. There are two
> reasons for the move:
>
> 1. The current location conflicts with ostree model where /var is not
> writable during rpm transaction and this currently blocks compose of
> ostree systems. [
https://bugzilla.redhat.com/show_bug.cgi?id=2034360
> BZ#2034360]
>
> 2. Removing these files would reduce authselect functionality, user
> would need to run 'authselect select --force' to restore it. Since
> /var should contain only files that can be safely removed, /etc is a
> better place for them.
I wonder why you seem to be reinventing the wheel here?
We are already moving rpmdb from /var/lib/rpm to /usr/lib/sysimage/rpm
for a very similar reason, so wouldn't it make sense to do a similar
thing here, and use /usr/lib/sysimage/authselect?
Putting those files inside /etc (especially inside a hidden directoy)
seems very wrong.
I agree, I think it should move to /usr/lib/sysimage/authselect instead.
--
真実はいつも一つ!/ Always, there's only one truth!