Am 15.09.2014 00:54 schrieb "Nowaker" <enwukaer@xxxxxxxxx>: > Good point. I just did `pacman -Ql |grep -F ' /var'` to see how many > files there are. 99.7% of them are directories only, though. Are > tmpfiles.d supposed to create directories in /var too? Docs mention > using tmpfiles.d to init /tmp or /run, not /var though. But I guess > stateless systemd would always provide tmpfiles for that. As I understand this, systemd expects daemons to deal with no settings in /etc and /var. Tempfiles.d is the proposed clutch till that is actually the case. > >> - move /var/lib/pacman/local/ to /usr - move the default > >> pacman.conf and mirrorlist to /usr/share - provide tmpfiles.d to > >> copy those files to /etc > > > What about pacman keyring? Also note that your custom keys should > > be packaged as well and resigned on-boot. I just copy my keyring into /usr/lib/factory/etc and restore them from there as needed. The private keys should stay on the server creating the image, but currently I just put those into the package as well... I need to change that ASAP. In my defense: There are no users on any of the machines running those images that I do not trust. > I wasn't aware of that. I only refer to what the OP requested and that > didn't sound complicated at all. Now it does. I do not consider this a problem. When you use somebodies images you need to trust that person. I do not consider trusting the keys that person provides to be a problem. > >> If I'm not mistaken, /usr/share and tmpfiles.d are really trivial > >> and wouldn't affect users in any way. That'd be a few additional > >> files somewhere in the filesystem without any effect on existing > >> machines. Or I'm wrong? > > > This is madness. I remember sometime ago there was a witchhunt > > against daemons that write to /etc (cups is the worst offender). So > > why is it OK for systemd to do so? I personally don't want systemd > > to come anywhere near my /etc. Please package the > > tmpfiles.d/sysusers stuff with virtkick or whatever, but not with > > pacman. Any privileged process can mess with /etc at any time. With factory reset at least you get a pristine copy to compare the files in /etc against. Arch did embrace systemd, it should make it easy to use all its features. I am not proposing to enable them by default. Best Regards, Tobias
