Is this package actually also available for CentOS and RHEL? - fabian
On Tue, Apr 19, 2016 at 7:12 PM, Ratnadeep Debnath <rtn...@gmail.com> wrote: > On Thu, Apr 7, 2016 at 9:24 PM, Ratnadeep Debnath <rtn...@gmail.com> > wrote: > > Hi, > > > > On Thu, Apr 7, 2016 at 12:13 AM, Colin Walters <walt...@verbum.org> > wrote: > >> That said I have some detailed and high level concerns. > >> > >> The detailed concerns are a security issue and a buglet: > >> > https://github.com/rtnpro/fedora-motd/issues?utf8=%E2%9C%93&q=is%3Aissue+author%3Acgwalters+ > > Thanks for reporting the above issues. I will fix them ASAP and > > release an updated for fedora-motd. > > > >> The high level concern is having this functionality live > >> outside of the update system and the login system > >> is rather awkward. I really don't like calling into rpm-ostreed from > >> inside every PAM login. > >> > >> Among other reasons, the first ssh login might e.g. be ansible > >> trying to configure the host, and having rpm-ostreed be spun > >> up for that when the administrator might actually want to do > >> something else is problematic - the check-updates will > >> block whatever action they want to take (e.g. rpm-ostree rebase). > >> > >> The way it hooks into dnf is a bit better from this perspective. But > >> since rpm-ostree is already a daemon, it might be simplest to > >> have it just write out the required data in > /run/rpm-ostree/bash-check-updates > >> only after the administrator requests an update once or so? > > > > Neither rpm-ostree nor dnf is called on every login. I was aware of > > the blocking nature and high > > CPU usage (for dnf updateinfo). > > > > /usr/bin/motdgen is called on each PAM login via sshd. It does nothing > > more than going > > through the files in /etc/motdgen.d and running them. The file > > /etc/motdgen.d/02-updateinfo.sh > > does nothing but cat the content of /var/run/updateinfo.txt if > > available. Neither dnf nor rpmostree > > is accessed. The content of /var/run/updateinfo.txt is updated by running > > /usr/bin/motdgen-cache-updateinfo in the background at periodic > > intervals (currently once a day) > > or on dnf transaction triggers (no trigger for rpm-ostree yet) in a > > decoupled way. > > > > So, the current implementation does not slow down or block the login > > process in any way. > > > > Is this implementation OK? Let us know if we can improve it. > > I pushed a new release 0.1.2 for fedora-motd and submitted the update > to bodhi at [1]. The rpm is available at [2]. This update contains: > > - Fix detecting rpm-ostree based system > - Don't use predicatable name in /tmp > - Cache updateinfo in background on first login post fedora-motd > installation > - Don't wait for background jobs to complete in motdgen scripts > > > [1]: https://bodhi.fedoraproject.org/updates/FEDORA-2016-fa9e77c232 > [2]: > https://kojipkgs.fedoraproject.org//packages/fedora-motd/0.1.2/1.fc23/noarch/fedora-motd-0.1.2-1.fc23.noarch.rpm > > Please give it a try and let us know your feedback. > > Thanks, > rtnpro > -- > Ratnadeep Debnath, > https://www.waartaa.com > GPG Fingerprint: 033C 8041 A0E9 CDBA 2E02 B785 2119 5486 F245 DFD6 > > -- Fabian Deutsch <fdeut...@redhat.com> RHEV Hypervisor Red Hat
