Re: [opensuse-factory] Tumbleweed 20200201 move of services file from /etc/services to /usr/etc/services

6 Feb 2020

      -----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Links, please?

|
| You have the distribution default in /usr/etc You have your own
| "change" in /etc.
|
| If we take login.defs as example: /usr/etc/login.defs uses for NIS
| DES. You create a file like /etc/login.defs.d/crypt.defs and
| changes the default to SHA512. You have in /etc/ only the variable
| with SHA512, nothing else. You can lookup everytime in
| /usr/etc/login.defs what the current default is. But you don't need
| to care.
|
| If you we look at it for Leap: You have /etc/login.defs You change
| the hash for NIS from DES to SHA512. We update that file. You get a
| *.rpmnew file, and until you notice this and fixes it, all changed
| password will use the insecure DES hash! This can not happen today
| on Tumbleweed anymore!
|
| And if we take the /usr/etc/services example:
|
| Your /etc/services file contains only your change, nothing more. If
| there is an update, you don't need to manual merge them, it's done
| automatically for you by glibc.
|
| Of course, you can copy /usr/etc/services to /etc/services and
| modify that. In this case, you can diff /etc/services against
| /usr/etc/services and you will get the same result as today by
| diffing /etc/services against /etc/services.rpmnew. No change, only
| other path.

Well, no. Because by running "rpmconfigcheck" I know instantly which
are the packages that need attention.

|
| But this doesn't make much sense as you would get a lot of
| duplicate entries.
|
|> If I understood correctly, an rpm package should drop the config
|> files to /usr/etc, while an admin or a distribution can save
|> altered or own config files to /etc.
|
| He should save the modified/new entries there, not a copy of the
| whole file!
|
|> Applications/services will follow nsswitch.conf and check
|> /etc/whatever for existance. If the file is found, it will be
|> used. If not, /usr/etc/whatever will be used.
|
| No, completly wrong. If you use nsswitch.conf, it will be merged.
|
|> If this is correct, lets assume we have /usr/etc/whatever from
|> whatever.rpm. Me as an admin copies that file to /etc and
|> modifies everything which seems to be necessary for my system.
|> The next update for whatever.rpm contains a change for
|> /usr/etc/whatever - maybe security relevant or even crucial for
|> the system to come up. On the next boot, whatever will still read
|> and use /etc/whatever and will either fail or use unsecure
|> settings.
|
| If that would be the case (and most likely will for some
| applications and their configuration files in the future), you are
| right and the result is exaclty the same as today.
|
|> Will anything tell me, that I will run into this problem?
|> zypper?
|
| The problem is the same as today for you, absolut no difference.
| If there will be a change, we have ideas for a tool to display the
| changes. Which would mean, it's even in that case better than
| today! But up to now, it's not needed.
|
|>> Because now I simply do:
|>
|>> meld /etc/configfile /etc/configfile.rpmnew
|>
|>> and instantly I see what is new and I can decide to use it or
|>> not, entry by entry.
|>
|> Right!
|
| meld /etc/configfile /usr/etc/configfile?
|
| Where's the problem?

That I do this only when rpmconfigcheck tells me I should do it, and
only on a few files.

- -- 
Cheers / Saludos,

		Carlos E. R.
		(from 15.1 x86_64 at Telcontar)
-----BEGIN PGP SIGNATURE-----

iF0EARECAB0WIQQZEb51mJKK1KpcU/W1MxgcbY1H1QUCXjyQrAAKCRC1MxgcbY1H
1TCaAJ9teenu6/z1xf5L3ysOaS2Pjrb/QACeNMtFXU9PdMgal8AwxywvfTwLZik=
=vVS8
-----END PGP SIGNATURE-----
-- 
To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org
To contact the owner, e-mail: opensuse-factory+owner@opensuse.org