On 1/20/22 12:52, Vít Ondruch wrote:
I have naive question why these files are not static and in /usr.
I mean, I am pretty sure I won't run `authselect select --force` or
anything similar any time soon. So why the configuration is not static,
generated at build time, not having anything in /etc unless somebody
really wants to change something.
The files are not static at all, they are change with different kinds of
authselect calls:
- user wants to use different profile then default: authselect select
- enable/disable single feature: authselect enable/disable-feature
- apply changes when package is updated: authselect apply-changes
- apply changes when you modify your custom profile: authselect
apply-changes
They remembers how the current configuration looks like so we can check
if user modified nsswitch and PAM configuration on their own or not.
Vít
Dne 18. 01. 22 v 18:32 Ben Cotton napsal(a):
https://fedoraproject.org/wiki/Changes/Authselect_Move_State_Files_To_Etc
== Summary ==
Authselect will move several files that are currently stored at
/var/lib/authselect to /etc/authselect/.state. This does not affect
configuration backup, that will be kept at
/var/lib/authselect/backups.
The files that will be moved are:
* /var/lib/authselect/dconf-db -> /etc/authselect/.state/dconf-db
* /var/lib/authselect/dconf-locks /etc/authselect/.state/dconf-locks
* /var/lib/authselect/fingerprint-auth
/etc/authselect/.state/fingerprint-auth
* /var/lib/authselect/nsswitch.conf /etc/authselect/.state/nsswitch.conf
* /var/lib/authselect/password-auth /etc/authselect/.state/password-auth
* /var/lib/authselect/postlogin /etc/authselect/.state/postlogin
* /var/lib/authselect/smartcard-auth
/etc/authselect/.state/smartcard-auth
* /var/lib/authselect/system-auth /etc/authselect/.state/system-auth
== Owner ==
* Name: [[User:pbrezina| Pavel Březina]]
* Email: pbrezina@xxxxxxxxxx
== Detailed Description ==
These files are used by authselect to detect changes to the system
nsswitch and PAM configurations when the configuration is updated with
an updated profile using 'authselect apply-changes'. There are two
reasons for the move:
1. The current location conflicts with ostree model where /var is not
writable during rpm transaction and this currently blocks compose of
ostree systems. [https://bugzilla.redhat.com/show_bug.cgi?id=2034360
BZ#2034360]
2. Removing these files would reduce authselect functionality, user
would need to run 'authselect select --force' to restore it. Since
/var should contain only files that can be safely removed, /etc is a
better place for them.
== Feedback ==
This change is accepted by ostree system maintainers, see
[https://bugzilla.redhat.com/show_bug.cgi?id=2034360 BZ#2034360].
== Benefit to Fedora ==
This makes authselect more compatible with ostree model.
== Scope ==
* Proposal owners: Build authselect with
--statedir=/etc/authselect/.state and move files from
/var/lib/authselect to the new location. Spec file changes only.
* Other developers: N/A (not needed for this Change)
* Release engineering: [https://pagure.io/releng/issue/10544 #10544]
* Policies and guidelines: N/A (not needed for this Change)
* Trademark approval: N/A (not needed for this Change)
* Alignment with Objectives: N/A
== Upgrade/compatibility impact ==
No impact. Files will be moved automatically during update and
everything will keep working as prior.
== How To Test ==
1. Authselect keeps working as expected after the upgrade
== User Experience ==
This change is only under the hood, it does not affect user experience.
== Dependencies ==
No dependencies.
== Contingency Plan ==
* Contingency mechanism: N/A (not a System Wide Change)
* Contingency deadline: N/A (not a System Wide Change)
* Blocks release? N/A (not a System Wide Change)
== Documentation ==
N/A (not a System Wide Change)
== Release Notes ==
Authselect state files moved from /var/lib/authselect to
/etc/authselect/.state.
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
_______________________________________________
devel mailing list -- devel@xxxxxxxxxxxxxxxxxxxxxxx
To unsubscribe send an email to devel-leave@xxxxxxxxxxxxxxxxxxxxxxx
Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel@xxxxxxxxxxxxxxxxxxxxxxx
Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
