On Mi, 23.04.25 20:17, Zbigniew Jędrzejewski-Szmek (zbys...@in.waw.pl) wrote:
> > > To be clear though, I think this is a generic issue affecting
> > > *every* image based update system that wants to maintain some
> > > persistent state.
> >
> > No, not at all? I have been dealing with immutable systems for a bit,
> > and as long as /etc/passwd is retained together with the rest if /etc/
> > and /var/ you can update /usr/ pretty freely?
>
> As I wrote in the other mail, we're discussing the case where
> /etc/passwd is *not* retained together with /usr.
I am not sure I grok this case? What does that even mean? /etc/passwed
is emptied out on every boot?
> > There are very few files in /usr/ that are owned by non-root,
> > thankfully, so that it is easy to use static UID assignments for those
> > users (though I think they should just be fixed to not do this, at
> > all; it's usually about suid/sgid, and that's a terrible idea anyway).
>
> In Fedora, we have ~393 packages with "owned files". You are correct
> that most of those files are not under /usr, and of those that are,
> suid/sgid is the common reason. But with that many packages, all kinds
> of things happen.
>
> (For example:
> %attr(0644, root, pegasus) %{_unitdir}/tog-pegasus.service
> WAT?)
Seems like a clear bug.
> But I don't understand why you think that only files under /usr are
> important. If the files are in some other directory, and are part of
> the package or image payload, they are subject to the same problems.
systemd-tmpfiles would take care of that, no?
systemd-tmpfiles is great for making the adjustments necessary in
/var/, and also in /etc/. It would be bad for making adjustments in
/usr/ though, because we consider that read-only in most contexts and
package manager territory. Hence /usr/ is *different* in this regard.
> > What's the usecase for something like this (doc doesn't mention any?)?
>
> You're essentially asking "how does rpm-ostree work?".
> I won't try to repeat the rpm-ostree/bootc docs inline here.
> The design of those systems is fairly well documented online.
> Please read those docs.
Nah, this seems to be an option, not the default, I don't think this
is effect of the grand design of ostree at all, but seems to be a
niche feature, and I think those really should come with a usecase,
no?
Lennart
--
Lennart Poettering, Berlin
--
_______________________________________________
devel mailing list -- devel@lists.fedoraproject.org
To unsubscribe send an email to devel-le...@lists.fedoraproject.org
Fedora Code of Conduct:
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives:
https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Do not reply to spam, report it:
https://pagure.io/fedora-infrastructure/new_issue
