On Tue, Oct 12, 2021 at 11:33 AM Ben Cotton <bcot...@redhat.com> wrote: > > === 1. It is difficult to deliver updates to configurations === > FIles /etc/nsswitch.conf and /etc/pam.d/* are distributed as > %config(noreplace) which means that they are configuration files and > are only installed if they are not yet present. If they are present > then they are never overwritten with package updates, instead an > *.rpmnew file is created and the update responsibility is left > completely to the user. > > It is done this way to prevent overwriting user changes > configurations. But at the same time it means that even configurations > that are not modified by the users can not be changed so we can not > deliver fixes and changes efficiently. > > It is only possible through difficult scriptlets. As an example, we > can show this bugzilla where a change in Gnome required an update to > PAM otherwise the user could not authenticate. Delivering the change > was easy with authselect, but difficult for non-authselect systems. > > Authselect already knows how the resulting configuration should look > and does not risk overriding user configuration. Making it mandatory > will help distribute important updates to nsswitch and PAM > configuration. >
PAM gained support for systemd-style overlay configuration some time ago. Actually a number of core system components did, if the libeconf dependency is turned on. Instead of forcing authselect, we should probably make sure base functional configuration is shipped in something like /usr/share/pam/pam.d or something like that. Not that I think authselect is bad, but I think it's a bad hammer to solve this problem. -- 真実はいつも一つ!/ Always, there's only one truth! _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
