openSUSE:Packaging UsrEtc

Jump to: navigation, search

This document describes how openSUSE wants to handle the configuration file split between /etc and /usr/etc

Rationale

The handling of RPM for configuration file updates is not really good. While it was acceptable for standard distributions (but did even lead there to many bug reports, as users have to manually merge their changes, never did that, and then were wondering, why their service doesn't work anymore), for transactional-updates this doesn't work anymore at all. The goal is, to separate the distribution provided configuration files from the changes the admin makes.

What do we want to do?

Longterm, /etc contains only the host specific and by the admin modified configuration files, all distribution provided configuration files are located below /usr/etc and are not modifiable by the admin (with a read-only root filesystem, this wouldn't even be possible). Instead, the applications needs to be enhanced, as far as possible and necessary, to read the configuration files from several locations. Additional, the distribution provided configuration files should be moved from /usr/lib and consolidated in /usr/etc as far as possible.

What does this mean for the system administrator?

Variant 1 (ideal case)

In the ideal case, an application reads the configuration files from three places:

  1. /usr/etc/example.conf
  2. /usr/etc/example.conf.d/*.conf
  3. /etc/example.conf
  4. /etc/example.conf.d/*.conf

/usr/etc/example.conf or /usr/etc/example.conf.d always exists and will be provided by the distributor. This file must never be touched by an administrator. If /etc/example.conf exits, /usr/etc/example.conf and /usr/etc/example.conf.d will be ignored and only /etc/example.conf will be used. Which means, this file needs to be a full copy. Additional, all files from /etc/example.conf.d/*.conf will be read in alphabetical order and applied to the entries of the full configuration file. So the change in the latest file wins.

If a system administrator wants to change a configuration variable, he has to drop a file with that change into /etc/example.conf.d/, e.g. /etc/example.conf.d/override.conf.

Variant 2

If there is no support for /etc/example.conf.d/*.conf, /usr/etc/example.conf will always be used and /etc/example.conf contains only the overrides. An example for this is transactional_update.

Variant 3

If the configuration file is something complex which does not allow overrides of single entries, /etc/example.conf must be a full copy of /usr/etc/example.conf and will be the only file read.

What does this mean for the developer/packager?

The developer/packager has to modify the package to fit into one of the three above variants. Files in /usr/etc must not be marked as configuration file (%config).

RPM Macros

There will be a new RPM macro for this directory:

%_distconfdir  /usr/etc

This allows distributions to change the directory for their need if necessary.

Moving of configuration files

If configuration files marked as %config(noreplace) are moved from /etc to /usr/etc, and the admin did modify them, RPM will save the modified configuration files as *.rpmsave files at the end of the update process. This files need to be renamed back to the original file name. To make sure, that not old, outdated *.rpmsave configuration files are suddently active again after an update, this files should be moved away at the beginning of the update process. For pam the following two sections, %pre and %posttrans, solved this:

 %pre
 for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
   test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i}.rpmsave.old ||:
 done
 
 %posttrans
 # Migration to /usr/etc.
 for i in securetty pam.d/other pam.d/common-account pam.d/common-auth pam.d/common-password pam.d/common-session ; do
   test -f /etc/${i}.rpmsave && mv -v /etc/${i}.rpmsave /etc/${i} ||:
 done

Be aware, that during the time of package got updated until all updates are applied, when the %posttrans section gets executed, the package could be broken and not be useable in pre/post install sections of other RPMs!

Additional helper tools

We are currently developing libeconf, a library which can read nearly all kinds of key/value configuration files and automatically combines all configuration files in the correct order to present them to the application. This could help in many cases to adjust the applications.

Packages

kbd

PAM configuration file for vlock was moved to /usr/etc/pam.d, see pam for configuration.

kubic-control

The default configuration file are stored in /usr/etc/kubicd/, the overrides are stored in /etc/kubicd/ (Variant 2).

less

/etc/lesskey and the corresponding /etc/lesskey.bin were moved to /usr/etc, aaa_base prefers the /etc version over the /usr/etc version (Variant 3).

netcfg

The files ethers, networks, protocols and services where moved to /usr/etc. /etc/nsswitch.conf was adjusted to read at first the files in /etc, and if there is no file or the file does not contain the searched entry, it will read the file in /usr/etc (Variant 2).

permissions

/etc/permissions and /etc/permissions.* except permissions.local are no configuration files nor templates and no admin should modify them. For this reasons they were moved to /usr/share/permissions. The distribution specific snippets in /etc/permissions.d will be moved to /usr/etc/permissions.d.

pam/pam-config

PAM reads the configuration files from two places:

  1. /usr/etc/pam.d
  2. /etc/pam.d

pam-config reads the configuration files from this two places, too. But it only writes into /etc/pam.d.

If a file in /etc/pam.d exists, a file with the same name in /usr/etc/pam.d will be ignored. A system administrator has, to make manual changes, copy the PAM config file from /usr/etc/pam.d/ to /etc/pam.d/ and modify that.

Some PAM modules are using variables from login.defs. Variant 1 is used for this, means /usr/etc/login.defs, /etc/login.defs and /etc/login.defs.d/*.defs will be looked at.

pam_securetty.so is reading the securetty file. It will look at first if /etc/securetty exists, if not, and only in this case, /usr/etc/securetty is used (Variant 3).

Accepted upstream: pull request.

rebootmgr

The distribution provided configuration file is /usr/etc/rebootmgr.conf. Changes are written into /etc/rebootmgr.conf and are merged during start of rebootmgrd (Variant 2).

shadow

/etc/login.defs was moved to /usr/etc/login.defs, /etc/login.defs and /etc/login.defs.d/*.defs will be additional looked at (Variant 1).

PAM configuration files were moved to /usr/etc/pam.d, see pam for configuration.

Accepted upstream pull request.

sudo

PAM configuration files were moved to /usr/etc/pam.d, see pam for configuration.

TODO

  • /etc/sudoers needs to be moved to /usr/etc
  • /etc/sudoers.d needs a /usr/etc/sudoers.d fallback directory for distribution config snippets
  • /etc/openldap/schema needs to be moved to /usr/etc/openldap/schema, needs openldap adjustments.

transactional-update

transactional-update reads at first /usr/etc/transactional-update.conf and merges it afterwards with /etc/transactional-update.conf (Variant 2).

util-linux

/etc/login.defs are read through libeconf from /etc and /usr/etc (Variant 1). If /etc/default/su does not exist /usr/etc/default/su is read (Variant 3).

PAM configuration files were moved to /usr/etc/pam.d, see pam for configuration.

Upstream pull request.

Notes