Re: Packages hijacking configuration files
On Thu, Mar 18, 2021 at 9:11 AM Neal Gompa wrote: > > On Thu, Mar 18, 2021 at 9:04 AM Matthew Miller > wrote: > > > > On Wed, Mar 17, 2021 at 01:24:29PM -0700, Kevin Fenzi wrote: > > > If we want to have this now in the remix, I would say we could take > > > generic-release and modify it for our needs and ship that instead of > > > fedora-release. > > > > > > I'm not sure that it's up to date tho... :( > > > > > > At one point it was nicely setup to allow just swapping generic-release > > > in and modifying it. > > > > That *should* still be the case and is a bug if not. > > > > The presets need to be synced from fedora-release to generic-release > again, then it should be fine. We should probably consider splitting them out as a new package like we did with fedora-repos. ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Packages hijacking configuration files
On Thu, Mar 18, 2021 at 9:04 AM Matthew Miller wrote: > > On Wed, Mar 17, 2021 at 01:24:29PM -0700, Kevin Fenzi wrote: > > If we want to have this now in the remix, I would say we could take > > generic-release and modify it for our needs and ship that instead of > > fedora-release. > > > > I'm not sure that it's up to date tho... :( > > > > At one point it was nicely setup to allow just swapping generic-release > > in and modifying it. > > That *should* still be the case and is a bug if not. > The presets need to be synced from fedora-release to generic-release again, then it should be fine. -- 真実はいつも一つ!/ Always, there's only one truth! ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Packages hijacking configuration files
On Wed, Mar 17, 2021 at 01:24:29PM -0700, Kevin Fenzi wrote: > If we want to have this now in the remix, I would say we could take > generic-release and modify it for our needs and ship that instead of > fedora-release. > > I'm not sure that it's up to date tho... :( > > At one point it was nicely setup to allow just swapping generic-release > in and modifying it. That *should* still be the case and is a bug if not. -- Matthew Miller Fedora Project Leader ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Packages hijacking configuration files
On Wed, Mar 17, 2021 at 08:47:00AM -0700, Kevin Fenzi wrote: > I don't see anything explicit. There's: > https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_ownership > which talks about a package owning all it's files, but it doesn't > explicitly say no to this. Also this https://docs.fedoraproject.org/en-US/packaging-guidelines/DefaultServices/#_must_not_alter_other_services although that's in the section about daemons and unit files. > That said, IMHO this should be forbidden. I agree generally as well -- we generally don't do configuration-via-packageset (except for the fedora-release presets). -- Matthew Miller Fedora Project Leader ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Packages hijacking configuration files
On Wed, Mar 17, 2021 at 08:55:11PM +0100, Marius Schwarz wrote: > Am 17.03.21 um 16:47 schrieb Kevin Fenzi: > > On Wed, Mar 17, 2021 at 10:25:24AM +0100, Florian Weimer wrote: > > > Does Fedora has any policies regarding editing or replacing (say with > > > symbolic links) of configuration files owned by another package? That > > > is, automatically on system or package installation, and not as a tool > > > that system administrators run explicitly to make changes to those > > > files. > > I don't see anything explicit. There's: > > https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_ownership > > which talks about a package owning all it's files, but it doesn't > > explicitly say no to this. > > > > That said, IMHO this should be forbidden. > > > > Whats the use case? > It maybe not Florians use-case, but we may have a similar situation on > pinephone: > > fedora-release-common-32-4.noarch owns /etc/os-release > > our spin should identify itself as "XX" via variant_id added to > os-release. Once we have a spin, yep. Right now all we have is a remix. https://fedoraproject.org/wiki/Remix > 3 Ways: > > 1) contacting the package owner, and ask for his help on this case. Once we have a spin, this is the way. Well, ideally we would submit a PR to fedora-release and just need to get it reviewed/merged. > 2) a replacement package with a changed version of os-release is stored into > copr ( higher priority ) > 3) a helper package post-script adds the needed line to os-release if not > present (*USE-CASE here* ) > > Whats actually the best way to deal with it? If we want to have this now in the remix, I would say we could take generic-release and modify it for our needs and ship that instead of fedora-release. I'm not sure that it's up to date tho... :( At one point it was nicely setup to allow just swapping generic-release in and modifying it. Since the remix likely has a small audience I suppose those other methods could work, but they aren't ideal. ;( kevin signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Packages hijacking configuration files
Am 17.03.21 um 16:47 schrieb Kevin Fenzi: On Wed, Mar 17, 2021 at 10:25:24AM +0100, Florian Weimer wrote: Does Fedora has any policies regarding editing or replacing (say with symbolic links) of configuration files owned by another package? That is, automatically on system or package installation, and not as a tool that system administrators run explicitly to make changes to those files. I don't see anything explicit. There's: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_ownership which talks about a package owning all it's files, but it doesn't explicitly say no to this. That said, IMHO this should be forbidden. Whats the use case? It maybe not Florians use-case, but we may have a similar situation on pinephone: fedora-release-common-32-4.noarch owns /etc/os-release our spin should identify itself as "XX" via variant_id added to os-release. 3 Ways: 1) contacting the package owner, and ask for his help on this case. 2) a replacement package with a changed version of os-release is stored into copr ( higher priority ) 3) a helper package post-script adds the needed line to os-release if not present (*USE-CASE here* ) Whats actually the best way to deal with it? Best regards, Marius ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Re: Packages hijacking configuration files
On Wed, Mar 17, 2021 at 10:25:24AM +0100, Florian Weimer wrote: > Does Fedora has any policies regarding editing or replacing (say with > symbolic links) of configuration files owned by another package? That > is, automatically on system or package installation, and not as a tool > that system administrators run explicitly to make changes to those > files. I don't see anything explicit. There's: https://docs.fedoraproject.org/en-US/packaging-guidelines/#_file_and_directory_ownership which talks about a package owning all it's files, but it doesn't explicitly say no to this. That said, IMHO this should be forbidden. Whats the use case? kevin signature.asc Description: PGP signature ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure
Packages hijacking configuration files
Does Fedora has any policies regarding editing or replacing (say with symbolic links) of configuration files owned by another package? That is, automatically on system or package installation, and not as a tool that system administrators run explicitly to make changes to those files. Thanks, Florian ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org Do not reply to spam on the list, report it: https://pagure.io/fedora-infrastructure