> On 2023-02-06 08:30, Valentin Lefebvre wrote:
> > This patch add a new autoconf argument that allows installation
> > into the vendor configuration directory (/usr/etc/). Some linux
> > distribution now move system configuration files from /etc to /usr/etc.
> > See this ref: [0]
>
> > [0]https://0pointer.net/blog/projects/stateless.html
I think that the proposed patch
* is a wrong means to a right goal,
* worse, invites packages to (perhaps inadvertently) restrict user freedom.
In detail:
From [0] and [1] I understand that the goal is:
* to have configuration created by the OS vendor under /usr/etc,
inside the read-only and possibly cryptographically secured /usr
hierarchy,
* to have configuration created by the administrator (user) under /etc,
* to have, in the code, a mechanism by which the configuration in /etc
overrides the configuration in /usr/etc. (At which level — the entire
configuration, or by file, or by configuration element — is not clear,
but is not relevant here.)
So, a package's "make install" goal should only ever install in *one*
of these two directories, namely
- in /usr/etc when the build is done on behalf of a distro,
- in $(prefix)/etc when the build is done on behalf of a user,
never in /etc.
The proposed patch "gives the opportunity for a project to install in both
location /etc and /usr/etc in same time".[1]
This is not good because
- Installing in /usr/etc should be sufficient if the override mechanism
has been implemented.
- [PB2] Installing something in /etc would overwrite the administrator's
choices.
- [PB3] It invites the package's authors to look up certain files in /etc
(which is against one of the goals from [0] to be able to have a
system with an empty /etc) and other files in /usr/etc (which takes
away the freedom from the administrator to override the configuration,
if he can't write in /usr).
The better solution is that:
- Packages install their configuration in $(sysconfdir). This is easily
done through Automake [2].
- Distributors use --prefix=/usr and don't specify --sysconfdir, because
its default value $(prefix)/etc is already appropriate.
- Packages define a configure option for the /etc directory, e.g.
--enable-etcdir=/etc
through Autoconf [3].
- Packages implement the said override mechanism, looking first in
ETCDIR and then in SYSCONFDIR.
If we were to make it easy for packages to install in /etc, in addition to
$(prefix)/etc, the problems PB2 and PB3 mentioned above are likely to occur.
Bruno
[0] https://0pointer.net/blog/projects/stateless.html
[1] https://lists.gnu.org/archive/html/autoconf-patches/2023-02/msg7.html
[2]
https://www.gnu.org/software/automake/manual/html_node/Hard_002dCoded-Install-Paths.html
[3]
https://www.gnu.org/savannah-checkouts/gnu/autoconf/manual/autoconf-2.71/html_node/Package-Options.html
