On Mi, 23.04.25 13:27, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> On Tue, Apr 22, 2025 at 03:57:42PM +0200, Lennart Poettering wrote: > > I don't follow? The UID assignments are stored in /etc/passwd, > > i.e. your example config file and the UID assignment are stored at the > > same place, so how can they get out of sync? > > rpm-ostree and bootc attempt to merge the local changes and the > "upstream" changes (i.e. the image contents). The initial /etc/passwd > from the image becomes the first version of the file in the > deployment. Afterwards, if the the user modifies the file locally, > then that local version is used. If the user does not modify the file > locally, then on updates of the image, the file would be updated. But that seems to the problem here really: if the file is deployed, and its effect propagated elsewhere it is not something that should be updated without consideration for this propagation anymore. This is clearly a bug in ostree if you ask me: /etc/passwd should under no cicumstances be flushed out entirely: once deployed it must remain local configuration. > See https://ostreedev.github.io/ostree/deployment/#contents-of-a-deployment. > > This particular version of this problem is a result of how rpm-ostree > and bootc do this. But a similar problem would manifest in any > scenario with local users/groups and "upstream" users/groups > being allocated from the same range. In the systemd-sysusers model /etc/passwd is always managed locally, not centrally. It's really weird to me that ostree seems to manage /etc/passwd in two distinct, conflicting ways: once via systemd-sysusers, and once via their ostree stuff. They should figure out that conflict, and decide which path to go. Sorry, but I don't accept at all that this was a universal problem. It's clearly not: it's a problem ostree has created for itself, and should address for itself. Lennart -- Lennart Poettering, Berlin -- _______________________________________________ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
