On Wed, Oct 9, 2024 at 6:56 AM Pavel Březina <pbrez...@redhat.com> wrote:
> Hi Fedora, > nss-altfiles is not currently part of the default installation and can > be optionally added to nsswitch.conf via authselect's with-altfiles. > > This however breaks ostree composes since it uses and requires alltfiles > to provide system users. This is handled in authselect spec file that > tinkers with the shipped profiles and hardcodes altfiles to the > configuration. [1] It works as expected. > > Downside is that the authselect content we ship is different for ostree > systems and standard composes. > > There is also an issue with bootc. Authselect have to be part of the > source bootc image, if it is installed later by dnf, it does not work > because there is no /run/ostree-booted during container image build > time. This, however, does not really affect Fedora 38+ since authselect > is required by pam and part of default installation. It may affect other > distributions though. > > Unless there is some push back, I would like to change authselect to > require nss-altfiles and hardcode altfiles in nsswitch.conf for everyone > and finally get rid of this duality. > I'm not going to object to that (others might) but this discussion does overlap with https://github.com/uapi-group/specifications/issues/76#issuecomment-2378640320 a bit in that...I think a closer-to-ideal solution is that glibc supports drop-ins or discovery, something like `/usr/lib/glibc/nss.d/passwd/90-altfiles -> /usr/lib64/libnss_altfiles.so.2` or so... Then we get nss-altfiles in the list if and only if it's installed, and regardless of the authselect profile in use, which I think is what we've wanted from the start here...
-- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
