Greetings, Good topic. The more I investigate, the more I find that /root/anaconda-ks.cfg has rarely reflected the *exact* installation performed (in the automated case). Stepping back a bit ... what is the intent of /root/anaconda-ks.cfg? 1. A "recommended" method to kickstart the recently performed manual installation? 2. A complete "record" of how the system was installed? Do folks out there rely on /root/anaconda-ks.cfg much? If so, for what? Thanks, James On Mon, 2007-10-22 at 16:42 +0200, Alexander Todorov wrote: > Hello list, > I've just found that resulting anaconda-ks.cfg does not include the > %pre, %post, %traceback scripts from the ks.cfg used for installation. > I've talked to several people and here is the result. > > Why this is missing: > 1) If the initial ks.cfg contains some sensitive information it should > not get written to disc. > > - IMO if such info is used it's already present somewhere on disc. > - An attacker may sniff the network traffic and discover that info if > needed. > - /root is accessible to root user > > Hence there is not much argument of a security point of view to skip the > %post in anaconda-ks.cfg > > Why it should be there: > 1) To be able to reproduce the same install over and over again. In some > cases %post may be tweaking settings or custom configuration. > > 2) To keep the configuration used during installation in cases where > ks.cfg is generated dynamically/not available after some period, etc. > > 3) To have things where one expects to be: anaconda-ks.cfg > > How it should appear in anaconda: > > - The most reasonable solution is to probably have another option > --write-ks-scripts which will enable this functionality. > Scripts can be written directly to resulting anaconda-ks.cfg or in > separate files e.g. anaconda-ks.pre, anaconda-ks.post, etc. > > Any comments and concerns are welcome. > > Greetings, > Alexander. > > _______________________________________________ > Anaconda-devel-list mailing list > Anaconda-devel-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/anaconda-devel-list -- ========================================== James Laska -- jlaska@xxxxxxxxxx Quality Engineering -- Red Hat, Inc. ========================================== _______________________________________________ Anaconda-devel-list mailing list Anaconda-devel-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/anaconda-devel-list
