Discussion:
/etc/nssswitch.conf is supposed to be a symlink now?
Richard W.M. Jones
2018-11-28 13:40:09 UTC
Permalink
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).

We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.

Also:

# authselect check
[error] [/etc/authselect/system-auth] has unexpected content!
[error] [/etc/authselect/password-auth] has unexpected content!
[error] [/etc/authselect/fingerprint-auth] has unexpected content!
[error] [/etc/authselect/nsswitch.conf] has unexpected content!
[error] [/etc/authselect/dconf-db] has unexpected content!
[error] [/etc/nsswitch.conf] is not a symbolic link!
[error] [/etc/nsswitch.conf] was not created by authselect!
Current configuration is not valid. It was probably modified outside authselect.

which sounds bad, but the error message is not actionable: no
indication how this happened nor how to fix it.

authselect-1.0.2-1.fc29.x86_64
glibc-2.28-20.fc29.x86_64
nss-mdns-0.14.1-2.fc29.x86_64
systemd-libs-239-6.git9f3aed1.fc29.x86_64

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
Fedora Windows cross-compiler. Compile Windows programs, test, and
build Windows installers. Over 100 libraries supported.
http://fedoraproject.org/wiki/MinGW
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedorap
Tom Hughes
2018-11-28 14:04:23 UTC
Permalink
Post by Richard W.M. Jones
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.
Well I though authselect was supposed to be the default
now in which case yes it would be but I just checked a
clean install of F29 that I did and authselect doesn't
seem to be active there either.

I was actually interested because I was trying to find
out what the current Fedora defaults for the nss databases
that authselect doesn't handle should be on a machine
where I had enabled authselect and I was wondering how
the installer handled that, but apparently it doesn't ;-)

Tom

--
Tom Hughes (***@compton.nu)
http://compton.nu/
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@li
Florian Weimer
2018-11-28 14:45:06 UTC
Permalink
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we
ship it.

If find out which packages replaces our configuration with a symbolic
link, please file a bug against that package. If they want to take over
/etc/nsswitch.conf, this is negotiable, but it needs coordination with
the glibc package.

Thanks,
Florian
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproje
Tom Hughes
2018-11-28 14:52:08 UTC
Permalink
Post by Florian Weimer
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we
ship it.
That's true but...
Post by Florian Weimer
If find out which packages replaces our configuration with a symbolic
link, please file a bug against that package. If they want to take over
/etc/nsswitch.conf, this is negotiable, but it needs coordination with
the glibc package.
...as I understood it under the old authconfig regime the glibc
installed version was overwritten by the authconfig generated version
as part of the install? and I thought authselect was supposed to
have taken over that role.

Tom

--
Tom Hughes (***@compton.nu)
http://compton.nu/
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list
Pavel Březina
2018-11-29 12:09:42 UTC
Permalink
Post by Tom Hughes
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink.  This machine has been
upgraded from F28 and this is not the case.  AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc.  It is not a symbolic link as we
ship it.
That's true but...
If find out which packages replaces our configuration with a symbolic
link, please file a bug against that package.  If they want to take over
/etc/nsswitch.conf, this is negotiable, but it needs coordination with
the glibc package.
...as I understood it under the old authconfig regime the glibc
installed version was overwritten by the authconfig generated version
as part of the install? and I thought authselect was supposed to
have taken over that role.
True. At this point, authselect only replaces authconfig. The difference
is that authconfig only created symlinks for pam configuration files
owned by pam (e.g. /etc/pam.d/system-auth -> system-auth-ac), authselect
also creates symlink for nsswitch.conf owned by glibc for clarity.

It is not done by the package installation, it must be called. Anaconda
calls it instead of authconfig automatically when there is no kickstart
provided.

We do have future plans to take over these files completely, but we did
not start this discussion with neither glibc nor pam since there are
still things that needs to be solved before this can happen.

Pavel.
Post by Tom Hughes
Tom
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject
Ralf Corsepius
2018-11-28 15:20:50 UTC
Permalink
Post by Florian Weimer
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link,
It's authselect.

# rpm -qV glibc
....L.... c /etc/nsswitch.conf


# ls -l /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf

Ralf
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org
Robert Marcano
2018-11-28 15:37:32 UTC
Permalink
Post by Ralf Corsepius
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink.  This machine has been
upgraded from F28 and this is not the case.  AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc.  It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link,
It's authselect.
# rpm -qV glibc
....L....  c /etc/nsswitch.conf
# ls -l /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
My clean F29 installation had no such symbolic link, has to "authselect
select --force ..." to force the creation of the link.

The non symlinked /etc/nsswitch.conf even had the header:

# Do not modify this file manually.

# If you want to make changes to nsswitch.conf please modify
# /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'.

So, was it generated at some point by authselect and not as symbolic link?

Note: Today I got new update for authselect (1.0.2-1.fc29)
Post by Ralf Corsepius
Ralf
_______________________________________________
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.
Robert Marcano
2018-11-28 15:48:50 UTC
Permalink
Post by Robert Marcano
Post by Ralf Corsepius
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink.  This machine has been
upgraded from F28 and this is not the case.  AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc.  It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link,
It's authselect.
# rpm -qV glibc
....L....  c /etc/nsswitch.conf
# ls -l /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
My clean F29 installation had no such symbolic link, has to "authselect
select --force ..." to force the creation of the link.
  # Do not modify this file manually.
  # If you want to make changes to nsswitch.conf please modify
  # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'.
So, was it generated at some point by authselect and not as symbolic link?
Note: Today I got new update for authselect (1.0.2-1.fc29)
There is another thing I found wrong. The backed up nsswitch.conf has
these lines appended (ckey and incomplete aliases line) after the real
end of the original file (aliases: files):

aliases: files
ckey: files

aliases: fil

I can repeat this bad backup indefinitely:

1) check current nsswitch has no such lines
2) run authselect select --force ...
3) backup at /usr/lib/authselect/backup/<timestamp>/nsswitch has the
appended lines
Post by Robert Marcano
Post by Ralf Corsepius
Ralf
_______________________________________________
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedo
Jan Pokorný
2018-11-28 22:22:46 UTC
Permalink
There is another thing I found wrong. The backed up nsswitch.conf has these
lines appended (ckey and incomplete aliases line) after the real end of the
aliases: files
ckey: files
aliases: fil
1) check current nsswitch has no such lines
2) run authselect select --force ...
3) backup at /usr/lib/authselect/backup/<timestamp>/nsswitch has the
appended lines
Have observed a similar corruption (with explicitly named backup, but
it's likely of no significance) yesterday with Rawhide, but at that time
it was least of my problems (see dbus-broker [vs. systemd-nspawn] in
a slightly older thread, nsswitch.conf/pam was actually a false start
based on some messages in journal I thought might be related).

Buffer handling bug?
--
Nazdar,
Jan (Poki)
Pavel Březina
2018-11-29 13:28:16 UTC
Permalink
Post by Jan Pokorný
There is another thing I found wrong. The backed up nsswitch.conf has these
lines appended (ckey and incomplete aliases line) after the real end of the
aliases: files
ckey: files
aliases: fil
1) check current nsswitch has no such lines
2) run authselect select --force ...
3) backup at /usr/lib/authselect/backup/<timestamp>/nsswitch has the
appended lines
Have observed a similar corruption (with explicitly named backup, but
it's likely of no significance) yesterday with Rawhide, but at that time
it was least of my problems (see dbus-broker [vs. systemd-nspawn] in
a slightly older thread, nsswitch.conf/pam was actually a false start
based on some messages in journal I thought might be related).
Buffer handling bug?
This is a bug. I opened upstream issue:
https://github.com/pbrezina/authselect/issues/123
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.or
Ralf Corsepius
2018-11-28 16:00:47 UTC
Permalink
Post by Robert Marcano
Post by Ralf Corsepius
# ls -l /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
My clean F29 installation had no such symbolic link, has to "authselect
select --force ..." to force the creation of the link.
You are probably right.

I missed to mention, I currently am using authselect's "nis"-profile,
because upgrading from f28 to f29 has screwed up my handcrafted
nsswitch.conf, leaving me with semi-dysfunctional systems, which had
caused me to experiment with authselect's "nis"-profile.

Ralf
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives
Pavel Březina
2018-11-29 11:46:52 UTC
Permalink
Post by Robert Marcano
Post by Ralf Corsepius
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink.  This machine has been
upgraded from F28 and this is not the case.  AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc.  It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link,
It's authselect.
# rpm -qV glibc
....L....  c /etc/nsswitch.conf
# ls -l /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
My clean F29 installation had no such symbolic link, has to "authselect
select --force ..." to force the creation of the link.
  # Do not modify this file manually.
  # If you want to make changes to nsswitch.conf please modify
  # /etc/authselect/user-nsswitch.conf and run 'authselect apply-changes'.
So, was it generated at some point by authselect and not as symbolic link?
Note: Today I got new update for authselect (1.0.2-1.fc29)
Authselect did not take over default nsswitch.conf (that comes from
glibc) and pam settings (from pam). Installation of authselect package
it self does not make any changes, you need to invoke the authselect
command somehow -- anaconda invokes it automatically during installation
without kickstart.

If you see this comment in nsswitch.conf and yet nsswitch.conf is a
file, not a symlink to /etc/authselect I suppose you are using some sort
of snapshot?



_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@list
Robert Marcano
2018-11-29 11:59:47 UTC
Permalink
Post by Pavel Březina
Post by Robert Marcano
Post by Ralf Corsepius
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink.  This machine has been
upgraded from F28 and this is not the case.  AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc.  It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link,
It's authselect.
# rpm -qV glibc
....L....  c /etc/nsswitch.conf
# ls -l /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
My clean F29 installation had no such symbolic link, has to
"authselect select --force ..." to force the creation of the link.
   # Do not modify this file manually.
   # If you want to make changes to nsswitch.conf please modify
   # /etc/authselect/user-nsswitch.conf and run 'authselect
apply-changes'.
So, was it generated at some point by authselect and not as symbolic link?
Note: Today I got new update for authselect (1.0.2-1.fc29)
Authselect did not take over default nsswitch.conf (that comes from
glibc) and pam settings (from pam). Installation of authselect package
it self does not make any changes, you need to invoke the authselect
command somehow -- anaconda invokes it automatically during installation
without kickstart.
If you see this comment in nsswitch.conf and yet nsswitch.conf is a
file, not a symlink to /etc/authselect I suppose you are using some sort
of snapshot?
The presence of the comments tell me that probably authselect was
properly called by anaconda as you say, but some other package decided
to modify nsswitch (The only external repository I have is VS Code).

Will try to test on a new VM reinstalling my current package list in
order to try to detect what or why.
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedorapro
Pavel Březina
2018-11-29 12:25:14 UTC
Permalink
Post by Robert Marcano
Post by Pavel Březina
Post by Robert Marcano
Post by Ralf Corsepius
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink.  This machine has been
upgraded from F28 and this is not the case.  AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc.  It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link,
It's authselect.
# rpm -qV glibc
....L....  c /etc/nsswitch.conf
# ls -l /etc/nsswitch.conf
lrwxrwxrwx. 1 root root 29 Nov 18 04:58 /etc/nsswitch.conf ->
/etc/authselect/nsswitch.conf
My clean F29 installation had no such symbolic link, has to
"authselect select --force ..." to force the creation of the link.
   # Do not modify this file manually.
   # If you want to make changes to nsswitch.conf please modify
   # /etc/authselect/user-nsswitch.conf and run 'authselect
apply-changes'.
So, was it generated at some point by authselect and not as symbolic link?
Note: Today I got new update for authselect (1.0.2-1.fc29)
Authselect did not take over default nsswitch.conf (that comes from
glibc) and pam settings (from pam). Installation of authselect package
it self does not make any changes, you need to invoke the authselect
command somehow -- anaconda invokes it automatically during
installation without kickstart.
If you see this comment in nsswitch.conf and yet nsswitch.conf is a
file, not a symlink to /etc/authselect I suppose you are using some
sort of snapshot?
The presence of the comments tell me that probably authselect was
properly called by anaconda as you say, but some other package decided
to modify nsswitch (The only external repository I have is VS Code).
Will try to test on a new VM reinstalling my current package list in
order to try to detect what or why.
It was probably systemd or nss-mdns. This is a known issue and I am in
touch with their maintainers to solve this. Also, see the other thread
"nsswitch.conf: list of module packages that enables themselves".
Post by Robert Marcano
_______________________________________________
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/devel
Richard W.M. Jones
2018-11-28 17:35:38 UTC
Permalink
Post by Florian Weimer
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link, please file a bug against that package. If they want to take over
/etc/nsswitch.conf, this is negotiable, but it needs coordination with
the glibc package.
and that's why i do "chattr +i /etc/nsswitch.conf" and "chattr +i
/etc/resolv.conf" for year - guys stop mangle around in /etc - this is
admin area and way too often the mdns crap was added unasked or "mysql"
for nss-mysql touched in the past years finding you perfectly working
config in a damned .bak file
everything which touchs /etc at updates is broken by design
Yes I've been doing chattr +i /etc/resolv.conf for a very long time.

However in the case of /etc/nsswitch.conf, changing it (with the
cooperation of glibc of course) to be a symlink seems reasonable.

What I'm (still) missing is what's the actual plan? What should
things look like?

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
Read my programming and virtualization blog: http://rwmj.wordpress.com
virt-top is 'top' for virtual machines. Tiny program with many
powerful monitoring features, net stats, disk stats, logging, etc.
http://people.redhat.com/~rjones/virt-top
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/list/***@lists.fedoraproject.or
Pavel Březina
2018-11-29 12:43:57 UTC
Permalink
Post by Richard W.M. Jones
Post by Florian Weimer
Post by Richard W.M. Jones
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
We're down a rabbit hole where it seems that in Fedora 29
/etc/nssswitch.conf ought to be a symlink. This machine has been
upgraded from F28 and this is not the case. AFAIK I have never edited
the file.
/etc/nsswitch.conf is owned by glibc. It is not a symbolic link as we
ship it.
If find out which packages replaces our configuration with a symbolic
link, please file a bug against that package. If they want to take over
/etc/nsswitch.conf, this is negotiable, but it needs coordination with
the glibc package.
and that's why i do "chattr +i /etc/nsswitch.conf" and "chattr +i
/etc/resolv.conf" for year - guys stop mangle around in /etc - this is
admin area and way too often the mdns crap was added unasked or "mysql"
for nss-mysql touched in the past years finding you perfectly working
config in a damned .bak file
everything which touchs /etc at updates is broken by design
Yes I've been doing chattr +i /etc/resolv.conf for a very long time.
Updates to systemd or nss-mdns breaks generated authselect
configuration, because they rewrite nsswitch.conf. This is something we
know about and trying to find the best way for both parties to fix it.
Post by Richard W.M. Jones
However in the case of /etc/nsswitch.conf, changing it (with the
cooperation of glibc of course) to be a symlink seems reasonable.
What I'm (still) missing is what's the actual plan? What should
things look like?
At this moment, if you install system without any kickstart, anaconda
invokes authselect (sssd profile, before it did the same thing but with
authconfig). If you use kickstart you can choose to not call authselect
and stick with glibc/pam defaults.

So basically, you can choose to use authselect and you can choose not to
use it. At any time, you can just manually update any file you want to,
"authselect check" will complain but the only implication is that you
will be required to use "authselect select $profile --force" to go back
to authselect configuration.

As I said in the other mail, authselect would like to take ownership of
nsswitch.conf and pam in the future, but we need to first solve its
issues so no action was taken in this area yet.
Post by Richard W.M. Jones
Rich.
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedorapr
Henrique Martins
2018-11-28 14:59:15 UTC
Permalink
My configuration is different, just take as FYI.
... it seems that in Fedora 29 /etc/nssswitch.conf ought
to be a symlink. This machine has been upgraded from F28
and this is not the case. AFAIK I have never edited the
file.
It is still a file and not a link on my f29, which has been
dnf-upgraded for I can't remember how many revisions. I did
edit nsswitch.conf and remove all mdns references, as I run
a local DNS server.
# authselect check
It replies with
Current configuration is valid.
on my system.
authselect-1.0.2-1.fc29.x86_64
glibc-2.28-20.fc29.x86_64
nss-mdns-0.14.1-2.fc29.x86_64
systemd-libs-239-6.git9f3aed1.fc29.x86_64
I have the same rpms.
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
I have avahi/bonjour disabled, thus can't check for this. I
do have a network printer, on socket://<dns entry>.

-- Henrique
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/archives/li
Pavel Březina
2018-11-29 13:15:04 UTC
Permalink
Post by Henrique Martins
My configuration is different, just take as FYI.
... it seems that in Fedora 29 /etc/nssswitch.conf ought
to be a symlink. This machine has been upgraded from F28
and this is not the case. AFAIK I have never edited the
file.
It is still a file and not a link on my f29, which has been
dnf-upgraded for I can't remember how many revisions. I did
edit nsswitch.conf and remove all mdns references, as I run
a local DNS server.
Yes, authselect does not overwrite any existing configuration so if you
just upgrade it was never invoked.
Post by Henrique Martins
# authselect check
It replies with
Current configuration is valid.
on my system.
authselect-1.0.2-1.fc29.x86_64
glibc-2.28-20.fc29.x86_64
nss-mdns-0.14.1-2.fc29.x86_64
systemd-libs-239-6.git9f3aed1.fc29.x86_64
I have the same rpms.
Trying to track down a bug in IPP printing
(https://bugzilla.redhat.com/show_bug.cgi?id=1653276).
I have avahi/bonjour disabled, thus can't check for this. I
do have a network printer, on socket://<dns entry>.
-- Henrique
_______________________________________________
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
_______________________________________________
devel mailing list -- ***@lists.fedoraproject.org
To unsubscribe send an email to devel-***@lists.fedoraproject.org
Fedora Code of Conduct: https://getfedora.org/code-of-conduct.html
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: https://lists.fedoraproject.org/arc
Loading...