Re: Changing nsswitch.conf on a running system (was Re: /etc/nssswitch.conf is supposed to be a symlink now?)
On 11/29/18 8:29 AM, Kevin Kofler wrote: Ray Strode wrote: (defer until next offline update?) That would be never on many systems. Most users using command-line DNF and all users using plasma-pk-updates or dnfdragora never do offline updates by design. I, being of the old school, still try to stick to online updates, but I came to believe that we just don't have the infinitely rolling update capability any more, so your online updates have to be punctuated by reboots anyway. This is true on several levels: - kernel updates---the livepatch / ksplice capabilites are not mainstream enough - basic session infrastructure does not support online updates, e.g. recent dbus discussion where people explicitly said that dbus cannot be restarted cleanly - application-level issues (IPC protocol or file formats, etc) Even though my updating method does not force it, I restart my system whenever I see that I am running a kernel that's more than one-two behind the latest update, or when I see instability in some userland processes I use. I have given up trying for uptimes measured in months--in practice, my uptimes range between weeks and months. I don't even think infinite uptime is a reasonable goal---I'd rather work on setting my system up so that all long-term tasks restart automatically and correctly pick up where they left off --- I monitor/collect several extended datasets, such as weather/soil/environmental conditions, home automation, etc. Having said that, I definitely want control over offline/online updating---the choice between 'interruptions all the time' and 'interruptions only when it is most annoying' is not acceptable :) I do think there should be a clear, established way to determine when the reboot is needed. There was "needs-restarting" from yum-utils, but it effectively disappeared because yum-utils conflict with dnf now, and it was a little flaky anyway. There's a lot of gray area between the dnfdragora suggestion of rebooting for every update, and rebooting only for Fedora N-2->N version upgrades at the N-2 EOL. I don't know if it's practical or desirable to automate this, but maybe there should be a package boolean marking each upgrade as 'requiring reboot' or not; kernel and dbus upgrades would have it always as 'YES', and other packages would reflect the judgment of packagers. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: Changing nsswitch.conf on a running system (was Re: /etc/nssswitch.conf is supposed to be a symlink now?)
Ray Strode wrote: > (defer until next offline update?) That would be never on many systems. Most users using command-line DNF and all users using plasma-pk-updates or dnfdragora never do offline updates by design. Kevin Kofler ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 11:22 PM, Jan Pokorný wrote: On 28/11/18 11:48 -0400, Robert Marcano wrote: There is another thing I found wrong. The backed up nsswitch.conf has these lines appended (ckey and incomplete aliases line) after the real end of the original file (aliases: files): aliases:files ckey: files aliases:fil I can repeat this bad backup indefinitely: 1) check current nsswitch has no such lines 2) run authselect select --force ... 3) backup at /usr/lib/authselect/backup//nsswitch has the appended lines Have observed a similar corruption (with explicitly named backup, but it's likely of no significance) yesterday with Rawhide, but at that time it was least of my problems (see dbus-broker [vs. systemd-nspawn] in a slightly older thread, nsswitch.conf/pam was actually a false start based on some messages in journal I thought might be related). Buffer handling bug? This is a bug. I opened upstream issue: https://github.com/pbrezina/authselect/issues/123 ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 3:59 PM, Henrique Martins wrote: My configuration is different, just take as FYI. ... it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. It is still a file and not a link on my f29, which has been dnf-upgraded for I can't remember how many revisions. I did edit nsswitch.conf and remove all mdns references, as I run a local DNS server. Yes, authselect does not overwrite any existing configuration so if you just upgrade it was never invoked. # authselect check It replies with Current configuration is valid. on my system. authselect-1.0.2-1.fc29.x86_64 glibc-2.28-20.fc29.x86_64 nss-mdns-0.14.1-2.fc29.x86_64 systemd-libs-239-6.git9f3aed1.fc29.x86_64 I have the same rpms. Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). I have avahi/bonjour disabled, thus can't check for this. I do have a network printer, on socket://. -- Henrique ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 6:35 PM, Richard W.M. Jones wrote: On Wed, Nov 28, 2018 at 05:02:17PM +0100, Reindl Harald wrote: Am 28.11.18 um 15:45 schrieb Florian Weimer: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, please file a bug against that package. If they want to take over /etc/nsswitch.conf, this is negotiable, but it needs coordination with the glibc package. and that's why i do "chattr +i /etc/nsswitch.conf" and "chattr +i /etc/resolv.conf" for year - guys stop mangle around in /etc - this is admin area and way too often the mdns crap was added unasked or "mysql" for nss-mysql touched in the past years finding you perfectly working config in a damned .bak file everything which touchs /etc at updates is broken by design Yes I've been doing chattr +i /etc/resolv.conf for a very long time. Updates to systemd or nss-mdns breaks generated authselect configuration, because they rewrite nsswitch.conf. This is something we know about and trying to find the best way for both parties to fix it. However in the case of /etc/nsswitch.conf, changing it (with the cooperation of glibc of course) to be a symlink seems reasonable. What I'm (still) missing is what's the actual plan? What should things look like? At this moment, if you install system without any kickstart, anaconda invokes authselect (sssd profile, before it did the same thing but with authconfig). If you use kickstart you can choose to not call authselect and stick with glibc/pam defaults. So basically, you can choose to use authselect and you can choose not to use it. At any time, you can just manually update any file you want to, "authselect check" will complain but the only implication is that you will be required to use "authselect select $profile --force" to go back to authselect configuration. As I said in the other mail, authselect would like to take ownership of nsswitch.conf and pam in the future, but we need to first solve its issues so no action was taken in this area yet. Rich. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/29/18 12:59 PM, Robert Marcano wrote: On 11/29/18 7:46 AM, Pavel Březina wrote: On 11/28/18 4:37 PM, Robert Marcano wrote: On 11/28/18 11:20 AM, Ralf Corsepius wrote: On 11/28/18 3:45 PM, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, It's authselect. # rpm -qV glibc L c /etc/nsswitch.conf # ls -l /etc/nsswitch.conf lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf My clean F29 installation had no such symbolic link, has to "authselect select --force ..." to force the creation of the link. The non symlinked /etc/nsswitch.conf even had the header: # Do not modify this file manually. # If you want to make changes to nsswitch.conf please modify # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'. So, was it generated at some point by authselect and not as symbolic link? Note: Today I got new update for authselect (1.0.2-1.fc29) Authselect did not take over default nsswitch.conf (that comes from glibc) and pam settings (from pam). Installation of authselect package it self does not make any changes, you need to invoke the authselect command somehow -- anaconda invokes it automatically during installation without kickstart. If you see this comment in nsswitch.conf and yet nsswitch.conf is a file, not a symlink to /etc/authselect I suppose you are using some sort of snapshot? The presence of the comments tell me that probably authselect was properly called by anaconda as you say, but some other package decided to modify nsswitch (The only external repository I have is VS Code). Will try to test on a new VM reinstalling my current package list in order to try to detect what or why. It was probably systemd or nss-mdns. This is a known issue and I am in touch with their maintainers to solve this. Also, see the other thread "nsswitch.conf: list of module packages that enables themselves". ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 3:52 PM, Tom Hughes wrote: On 28/11/2018 14:45, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. That's true but... If find out which packages replaces our configuration with a symbolic link, please file a bug against that package. If they want to take over /etc/nsswitch.conf, this is negotiable, but it needs coordination with the glibc package. ...as I understood it under the old authconfig regime the glibc installed version was overwritten by the authconfig generated version as part of the install? and I thought authselect was supposed to have taken over that role. True. At this point, authselect only replaces authconfig. The difference is that authconfig only created symlinks for pam configuration files owned by pam (e.g. /etc/pam.d/system-auth -> system-auth-ac), authselect also creates symlink for nsswitch.conf owned by glibc for clarity. It is not done by the package installation, it must be called. Anaconda calls it instead of authconfig automatically when there is no kickstart provided. We do have future plans to take over these files completely, but we did not start this discussion with neither glibc nor pam since there are still things that needs to be solved before this can happen. Pavel. Tom ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/29/18 7:46 AM, Pavel Březina wrote: On 11/28/18 4:37 PM, Robert Marcano wrote: On 11/28/18 11:20 AM, Ralf Corsepius wrote: On 11/28/18 3:45 PM, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, It's authselect. # rpm -qV glibc L c /etc/nsswitch.conf # ls -l /etc/nsswitch.conf lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf My clean F29 installation had no such symbolic link, has to "authselect select --force ..." to force the creation of the link. The non symlinked /etc/nsswitch.conf even had the header: # Do not modify this file manually. # If you want to make changes to nsswitch.conf please modify # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'. So, was it generated at some point by authselect and not as symbolic link? Note: Today I got new update for authselect (1.0.2-1.fc29) Authselect did not take over default nsswitch.conf (that comes from glibc) and pam settings (from pam). Installation of authselect package it self does not make any changes, you need to invoke the authselect command somehow -- anaconda invokes it automatically during installation without kickstart. If you see this comment in nsswitch.conf and yet nsswitch.conf is a file, not a symlink to /etc/authselect I suppose you are using some sort of snapshot? The presence of the comments tell me that probably authselect was properly called by anaconda as you say, but some other package decided to modify nsswitch (The only external repository I have is VS Code). Will try to test on a new VM reinstalling my current package list in order to try to detect what or why. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 4:37 PM, Robert Marcano wrote: On 11/28/18 11:20 AM, Ralf Corsepius wrote: On 11/28/18 3:45 PM, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, It's authselect. # rpm -qV glibc L c /etc/nsswitch.conf # ls -l /etc/nsswitch.conf lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf My clean F29 installation had no such symbolic link, has to "authselect select --force ..." to force the creation of the link. The non symlinked /etc/nsswitch.conf even had the header: # Do not modify this file manually. # If you want to make changes to nsswitch.conf please modify # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'. So, was it generated at some point by authselect and not as symbolic link? Note: Today I got new update for authselect (1.0.2-1.fc29) Authselect did not take over default nsswitch.conf (that comes from glibc) and pam settings (from pam). Installation of authselect package it self does not make any changes, you need to invoke the authselect command somehow -- anaconda invokes it automatically during installation without kickstart. If you see this comment in nsswitch.conf and yet nsswitch.conf is a file, not a symlink to /etc/authselect I suppose you are using some sort of snapshot? ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Changing nsswitch.conf on a running system (was Re: /etc/nssswitch.conf is supposed to be a symlink now?)
Hi, On Wed, Nov 28, 2018, 9:45 AM Florian Weimer /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we > ship it. > > If find out which packages replaces our configuration with a symbolic > link, please file a bug against that package. If they want to take over > /etc/nsswitch.conf, this is negotiable, but it needs coordination with > the glibc package. > This is a bit of a tangent, but we probably avoid changing /etc/nsswitch.conf on a running system at all (defer until next offline update?) until https://sourceware.org/bugzilla/show_bug.cgi?id=12459 gets fixed. as it stands, no long running daemon will see changes to the file, I think, leading to potentially weird bugs sometime after authselect is run right? (and maybe not in an obviously connected way) Ray ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 28/11/18 11:48 -0400, Robert Marcano wrote: > There is another thing I found wrong. The backed up nsswitch.conf has these > lines appended (ckey and incomplete aliases line) after the real end of the > original file (aliases: files): > > aliases:files > ckey: files > > aliases:fil > > I can repeat this bad backup indefinitely: > > 1) check current nsswitch has no such lines > 2) run authselect select --force ... > 3) backup at /usr/lib/authselect/backup//nsswitch has the > appended lines Have observed a similar corruption (with explicitly named backup, but it's likely of no significance) yesterday with Rawhide, but at that time it was least of my problems (see dbus-broker [vs. systemd-nspawn] in a slightly older thread, nsswitch.conf/pam was actually a false start based on some messages in journal I thought might be related). Buffer handling bug? -- Nazdar, Jan (Poki) pgpMMLna8l8VT.pgp Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On Wed, Nov 28, 2018 at 05:02:17PM +0100, Reindl Harald wrote: > > > Am 28.11.18 um 15:45 schrieb Florian Weimer: > > * Richard W. M. Jones: > > > >> Trying to track down a bug in IPP printing > >> (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). > >> > >> We're down a rabbit hole where it seems that in Fedora 29 > >> /etc/nssswitch.conf ought to be a symlink. This machine has been > >> upgraded from F28 and this is not the case. AFAIK I have never edited > >> the file. > > > > /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we > > ship it. > > > > If find out which packages replaces our configuration with a symbolic > > link, please file a bug against that package. If they want to take over > > /etc/nsswitch.conf, this is negotiable, but it needs coordination with > > the glibc package. > > and that's why i do "chattr +i /etc/nsswitch.conf" and "chattr +i > /etc/resolv.conf" for year - guys stop mangle around in /etc - this is > admin area and way too often the mdns crap was added unasked or "mysql" > for nss-mysql touched in the past years finding you perfectly working > config in a damned .bak file > > everything which touchs /etc at updates is broken by design Yes I've been doing chattr +i /etc/resolv.conf for a very long time. However in the case of /etc/nsswitch.conf, changing it (with the cooperation of glibc of course) to be a symlink seems reasonable. What I'm (still) missing is what's the actual plan? What should things look like? Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com virt-top is 'top' for virtual machines. Tiny program with many powerful monitoring features, net stats, disk stats, logging, etc. http://people.redhat.com/~rjones/virt-top ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 4:37 PM, Robert Marcano wrote: On 11/28/18 11:20 AM, Ralf Corsepius wrote: # ls -l /etc/nsswitch.conf lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf My clean F29 installation had no such symbolic link, has to "authselect select --force ..." to force the creation of the link. You are probably right. I missed to mention, I currently am using authselect's "nis"-profile, because upgrading from f28 to f29 has screwed up my handcrafted nsswitch.conf, leaving me with semi-dysfunctional systems, which had caused me to experiment with authselect's "nis"-profile. Ralf ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 11:37 AM, Robert Marcano wrote: On 11/28/18 11:20 AM, Ralf Corsepius wrote: On 11/28/18 3:45 PM, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, It's authselect. # rpm -qV glibc L c /etc/nsswitch.conf # ls -l /etc/nsswitch.conf lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf My clean F29 installation had no such symbolic link, has to "authselect select --force ..." to force the creation of the link. The non symlinked /etc/nsswitch.conf even had the header: # Do not modify this file manually. # If you want to make changes to nsswitch.conf please modify # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'. So, was it generated at some point by authselect and not as symbolic link? Note: Today I got new update for authselect (1.0.2-1.fc29) There is another thing I found wrong. The backed up nsswitch.conf has these lines appended (ckey and incomplete aliases line) after the real end of the original file (aliases: files): aliases:files ckey: files aliases:fil I can repeat this bad backup indefinitely: 1) check current nsswitch has no such lines 2) run authselect select --force ... 3) backup at /usr/lib/authselect/backup//nsswitch has the appended lines Ralf ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 11:20 AM, Ralf Corsepius wrote: On 11/28/18 3:45 PM, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, It's authselect. # rpm -qV glibc L c /etc/nsswitch.conf # ls -l /etc/nsswitch.conf lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf My clean F29 installation had no such symbolic link, has to "authselect select --force ..." to force the creation of the link. The non symlinked /etc/nsswitch.conf even had the header: # Do not modify this file manually. # If you want to make changes to nsswitch.conf please modify # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'. So, was it generated at some point by authselect and not as symbolic link? Note: Today I got new update for authselect (1.0.2-1.fc29) Ralf ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 11/28/18 3:45 PM, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, It's authselect. # rpm -qV glibc L c /etc/nsswitch.conf # ls -l /etc/nsswitch.conf lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf -> /etc/authselect/nsswitch.conf Ralf ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
My configuration is different, just take as FYI. > ... it seems that in Fedora 29 /etc/nssswitch.conf ought > to be a symlink. This machine has been upgraded from F28 > and this is not the case. AFAIK I have never edited the > file. It is still a file and not a link on my f29, which has been dnf-upgraded for I can't remember how many revisions. I did edit nsswitch.conf and remove all mdns references, as I run a local DNS server. > # authselect check It replies with Current configuration is valid. on my system. > authselect-1.0.2-1.fc29.x86_64 > glibc-2.28-20.fc29.x86_64 > nss-mdns-0.14.1-2.fc29.x86_64 > systemd-libs-239-6.git9f3aed1.fc29.x86_64 I have the same rpms. > Trying to track down a bug in IPP printing > (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). I have avahi/bonjour disabled, thus can't check for this. I do have a network printer, on socket://. -- Henrique ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 28/11/2018 14:45, Florian Weimer wrote: * Richard W. M. Jones: Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. That's true but... If find out which packages replaces our configuration with a symbolic link, please file a bug against that package. If they want to take over /etc/nsswitch.conf, this is negotiable, but it needs coordination with the glibc package. ...as I understood it under the old authconfig regime the glibc installed version was overwritten by the authconfig generated version as part of the install? and I thought authselect was supposed to have taken over that role. Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
* Richard W. M. Jones: > Trying to track down a bug in IPP printing > (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). > > We're down a rabbit hole where it seems that in Fedora 29 > /etc/nssswitch.conf ought to be a symlink. This machine has been > upgraded from F28 and this is not the case. AFAIK I have never edited > the file. /etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we ship it. If find out which packages replaces our configuration with a symbolic link, please file a bug against that package. If they want to take over /etc/nsswitch.conf, this is negotiable, but it needs coordination with the glibc package. Thanks, Florian ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
Re: /etc/nssswitch.conf is supposed to be a symlink now?
On 28/11/2018 13:40, Richard W.M. Jones wrote: We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. Well I though authselect was supposed to be the default now in which case yes it would be but I just checked a clean install of F29 that I did and authselect doesn't seem to be active there either. I was actually interested because I was trying to find out what the current Fedora defaults for the nss databases that authselect doesn't handle should be on a machine where I had enabled authselect and I was wondering how the installer handled that, but apparently it doesn't ;-) Tom -- Tom Hughes (t...@compton.nu) http://compton.nu/ ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
/etc/nssswitch.conf is supposed to be a symlink now?
Trying to track down a bug in IPP printing (https://bugzilla.redhat.com/show_bug.cgi?id=1653276). We're down a rabbit hole where it seems that in Fedora 29 /etc/nssswitch.conf ought to be a symlink. This machine has been upgraded from F28 and this is not the case. AFAIK I have never edited the file. Also: # authselect check [error] [/etc/authselect/system-auth] has unexpected content! [error] [/etc/authselect/password-auth] has unexpected content! [error] [/etc/authselect/fingerprint-auth] has unexpected content! [error] [/etc/authselect/nsswitch.conf] has unexpected content! [error] [/etc/authselect/dconf-db] has unexpected content! [error] [/etc/nsswitch.conf] is not a symbolic link! [error] [/etc/nsswitch.conf] was not created by authselect! Current configuration is not valid. It was probably modified outside authselect. which sounds bad, but the error message is not actionable: no indication how this happened nor how to fix it. authselect-1.0.2-1.fc29.x86_64 glibc-2.28-20.fc29.x86_64 nss-mdns-0.14.1-2.fc29.x86_64 systemd-libs-239-6.git9f3aed1.fc29.x86_64 Rich. -- Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones Read my programming and virtualization blog: http://rwmj.wordpress.com Fedora Windows cross-compiler. Compile Windows programs, test, and build Windows installers. Over 100 libraries supported. http://fedoraproject.org/wiki/MinGW ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org
