On Wed, Apr 23, 2025 at 10:15:20AM -0400, Neal Gompa wrote: > On Wed, Apr 23, 2025 at 10:11 AM Zbigniew Jędrzejewski-Szmek > <zbys...@in.waw.pl> wrote: > > > > On Wed, Apr 23, 2025 at 09:37:24AM -0400, Neal Gompa wrote: > > > On Wed, Apr 23, 2025 at 9:28 AM Zbigniew Jędrzejewski-Szmek > > > <zbys...@in.waw.pl> wrote: > > > > > > > > On Tue, Apr 22, 2025 at 03:57:42PM +0200, Lennart Poettering wrote: > > > > > I don't follow? The UID assignments are stored in /etc/passwd, > > > > > i.e. your example config file and the UID assignment are stored at the > > > > > same place, so how can they get out of sync? > > > > > > > > rpm-ostree and bootc attempt to merge the local changes and the > > > > "upstream" changes (i.e. the image contents). The initial /etc/passwd > > > > from the image becomes the first version of the file in the > > > > deployment. Afterwards, if the the user modifies the file locally, > > > > then that local version is used. If the user does not modify the file > > > > locally, then on updates of the image, the file would be updated. > > > > > > > > See > > > > https://ostreedev.github.io/ostree/deployment/#contents-of-a-deployment. > > > > > > > > This particular version of this problem is a result of how rpm-ostree > > > > and bootc do this. But a similar problem would manifest in any > > > > scenario with local users/groups and "upstream" users/groups > > > > being allocated from the same range. > > > > > > > > > > Then we should do what the SUSE people did and move packaged versions > > > of those things to /usr instead. Or make the system work with drop-in > > > files, or a number of other things. > > > > Please specify what exactly you mean by "move packaged versions to /usr". > > a) just move, keeping the ownership intact > > b) move, but chown root:root > > > > If b, then yes, this is the "preferred solution" in my original mail. > > If a, then this doesn't help :( > > > > Yes, I meant (a) but I was referring to the users and groups data. If > the problem is dealing with debian-style three-way-merges that > rpm-ostree and bootc do, then we should obviate the need for them.
Just moving things doesn't help. The first immediate issue is that the appropriate tools (nss-files) do not support those separate locations. This can be solved, e.g. by nss-altfiles. (Systems built with rpm-ostree configure nss-altfiles, but not everything else does.) But the bigger problem is that even if nss supports both sources, it is still possible to have a conflict when the two lists are managed independently. See the scenario described in the original email: package foo has user 'foo' (999), and files in the image are owned by 999. The local admin creates user 'bar' (998). The image is rebuilt and we get user 'foo' (998). Now we'll have 'foo' (998) defined in /usr/somewhere/passwd, and 'bar' (998) defined in /etc/passwd. The move hasn't helped, no matter how we resolve the conflict, one or the other side is going to be unhappy. Zbyszek -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
