On Tue, 2011-11-29 at 00:46 +0100, Kevin Kofler wrote: > Jason L Tibbitts III wrote: > > You can also edit grub.cfg directly, but it gets wiped out if anything > > ever runs grub2-mkconfig. Finally, grubby has options for modifying > > kernel arguments, but I do not believe that goes in and does anything > > with the /etc/default/grub line so again that gets wiped out of anything > > runs grub2-mkconfig. > > But does anything in Fedora actually run grub2-mkconfig automatically? > Kernel updates sure don't, they have grubby edit the grub.cfg file directly > instead. > > I wonder whether it might actually make sense to patch grub2-mkconfig to no > longer emit that warning and to make it a packaging guideline that RPM > scriptlets MUST NOT run grub2-mkconfig. The template system may be a nice > idea, but it doesn't cover everything, it makes things more complicated, and > it doesn't seem to be actually needed in Fedora, thanks to grubby. > > On the other hand, unfortunately, tools such as kcm-grub2, which we probably > want to package for Fedora at some point, run grub2-mkconfig, and we can't > even blame them for that given that it is what GRUB upstream recommends. :-( > (That said, kcm-grub2's KAuth helper's code also scares me for other > reasons: > * The config file to write to is soft-coded as a configuration option, which > means that giving out org.kde.kcontrol.kcmgrub2.save permissions to a user > essentially gives that user root. (It doesn't just allow to "Save the GRUB2 > Bootloader settings" as the action description claims, but to write to ANY > file on the system as root.) > * The executable names to run are hard-coded as grub-*, which is wrong for > Fedora. > IMHO, the proper solution would be to make both of those compile-time CMake > options.) > > So the situation is indeed a mess. Well, it's _something_ of a mess, but as far as end-user customization goes it is, AFAIK, pretty much always safe just to do things via /etc/default/grub and grub2-mkconfig, because any changes you produce in this way will then get inherited by grubby when updating the kernel, and now everything's in sync. -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
