Hello all,
I am rolling my own RPM to provide the correct sudoers config for the company where I'm working.
I want it to archive the existing /etc/sudoers, and put down the company's one.
However, when I install it, I get:file /etc/sudoers from install of sudo-config-20110520-1.noarch conflicts with file from package sudo-1.7.2p1
There are two ways around it that I know:
1. Put the file down as /etc/sudoers.companyname, and mv it in the %post 2. Unpackage sudo, modify, and re-package.
I prefer not to do 2, as that will require keeping a close eye on the security errata of the package, and repackaging every time a new version is released. I'd rather keep the upstream package untouched, and just apply my config over the top.
1 works fine - however, it breaks the rpm -V functionality, which in my eyes is a big plus point for using RPMs.
Installing with --replacefiles will work - however - however, I want to deploy the package with Puppet, and it doesn't seem to allow specifying that.
Is there a way to create the RPM in such a way that --replacefiles is "built-in" to the RPM? Is there any other way of doing this - so that rpm -V works?
Calum
Hello - just noticed the scope of this list: "This mailing list provides a discussion forum for RPM packaging standards and practices for Fedora."
Apologies for the post - I think I Googled for rpm mailinglist, and ended up here.
Still, does anyone know the answer....? :)
Living in hope, Calum
On 20 May 2011 09:37, Calum caluml@gmail.com wrote:
Hello all,
I am rolling my own RPM to provide the correct sudoers config for the company where I'm working.
I want it to archive the existing /etc/sudoers, and put down the company's one.
However, when I install it, I get:file /etc/sudoers from install of sudo-config-20110520-1.noarch conflicts with file from package sudo-1.7.2p1
There are two ways around it that I know:
- Put the file down as /etc/sudoers.companyname, and mv it in the %post
- Unpackage sudo, modify, and re-package.
I prefer not to do 2, as that will require keeping a close eye on the security errata of the package, and repackaging every time a new version is released. I'd rather keep the upstream package untouched, and just apply my config over the top.
1 works fine - however, it breaks the rpm -V functionality, which in my eyes is a big plus point for using RPMs.
Installing with --replacefiles will work - however - however, I want to deploy the package with Puppet, and it doesn't seem to allow specifying that.
Is there a way to create the RPM in such a way that --replacefiles is "built-in" to the RPM? Is there any other way of doing this - so that rpm -V works?
Calum
AFAIK, the list for general RPM question is:
http://lists.rpm.org/mailman/listinfo/rpm-list
Also you might find the following presentation useful:
http://www.redhat.com/promo/summit/2010/presentations/summit/opensource-for-...
On 05/20/2011 09:47 AM, Calum wrote:
Hello - just noticed the scope of this list: "This mailing list provides a discussion forum for RPM packaging standards and practices for Fedora."
Apologies for the post - I think I Googled for rpm mailinglist, and ended up here.
Still, does anyone know the answer....? :)
Living in hope, Calum
On 20 May 2011 09:37, Calumcaluml@gmail.com wrote:
Hello all,
I am rolling my own RPM to provide the correct sudoers config for the company where I'm working.
I want it to archive the existing /etc/sudoers, and put down the company's one.
However, when I install it, I get:file /etc/sudoers from install of sudo-config-20110520-1.noarch conflicts with file from package sudo-1.7.2p1
There are two ways around it that I know:
- Put the file down as /etc/sudoers.companyname, and mv it in the %post
- Unpackage sudo, modify, and re-package.
I prefer not to do 2, as that will require keeping a close eye on the security errata of the package, and repackaging every time a new version is released. I'd rather keep the upstream package untouched, and just apply my config over the top.
1 works fine - however, it breaks the rpm -V functionality, which in my eyes is a big plus point for using RPMs.
Installing with --replacefiles will work - however - however, I want to deploy the package with Puppet, and it doesn't seem to allow specifying that.
Is there a way to create the RPM in such a way that --replacefiles is "built-in" to the RPM? Is there any other way of doing this - so that rpm -V works?
Calum
-- packaging mailing list packaging@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/packaging
On 20 May 2011 09:54, Athmane Madjoudj athmanem@gmail.com wrote:
AFAIK, the list for general RPM question is:
Yes, I've just found that - I was led astray because on their own site, they reference the no-longer-working redhat.com mailing list.
Also you might find the following presentation useful:
http://www.redhat.com/promo/summit/2010/presentations/summit/opensource-for-...
I shall take a look at that - many thanks.
Calum
On 20 May 2011 09:54, Athmane Madjoudj athmanem@gmail.com wrote:
Also you might find the following presentation useful:
http://www.redhat.com/promo/summit/2010/presentations/summit/opensource-for-...
That's a very nice solution - it will probably work for lots of the configs needed. Unfortunately, sudo doesn't like symlinks
[root@uktest-lnx02 etc]# ls -l /etc/sudoers* lrwxrwxrwx 1 root root 12 May 20 09:05 /etc/sudoers -> sudoers.company -r--r----- 1 root root 337 May 20 08:30 /etc/sudoers.company [root@uktest-lnx02 etc]# sudo -l sudo: /etc/sudoers is not a regular file sudo: no valid sudoers sources found, quitting [root@uktest-lnx02 etc]#
To my mind the ideal solution would be:
%files %config(forcereplace) %attr(440, root, root) /etc/sudoers
But as the presentation points out, both sudo and sudo-config would then "own" /etc/sudoers. What is the problem with that, exactly btw? When a new version of sudo was installed, it would overwrite the modified one, presumably.
%config(stealfilefromotherpackage) maybe...? :)
Calum
On 05/20/2011 09:37 AM, Calum wrote:
Hello all,
I am rolling my own RPM to provide the correct sudoers config for the company where I'm working.
I want it to archive the existing /etc/sudoers, and put down the company's one.
Can you not just put the needed config under /etc/sudoers.d/ ? I guess that's why that directory exists :)
Cheers, Niels
However, when I install it, I get:file /etc/sudoers from install of sudo-config-20110520-1.noarch conflicts with file from package sudo-1.7.2p1
There are two ways around it that I know:
- Put the file down as /etc/sudoers.companyname, and mv it in the %post
- Unpackage sudo, modify, and re-package.
I prefer not to do 2, as that will require keeping a close eye on the security errata of the package, and repackaging every time a new version is released. I'd rather keep the upstream package untouched, and just apply my config over the top.
1 works fine - however, it breaks the rpm -V functionality, which in my eyes is a big plus point for using RPMs.
Installing with --replacefiles will work - however - however, I want to deploy the package with Puppet, and it doesn't seem to allow specifying that.
Is there a way to create the RPM in such a way that --replacefiles is "built-in" to the RPM? Is there any other way of doing this - so that rpm -V works?
Calum
packaging mailing list packaging@lists.fedoraproject.org https://admin.fedoraproject.org/mailman/listinfo/packaging
On 20 May 2011 09:50, Niels de Vos devos@fedoraproject.org wrote:
Can you not just put the needed config under /etc/sudoers.d/ ? I guess that's why that directory exists :)
Indeed - but first I a:, need to Require sudo >=1.7.1 (for the #includedir directive), and b:, I need to put down a base /etc/sudoers, as the systems have varied /etc/sudoers currently.
This question applies for many other packages though - Samba, SNMP, etc - they all require custom configs, and they don't all have the ability to use .d files.
On Fri, May 20, 2011 at 09:37:03AM +0100, Calum wrote:
Installing with --replacefiles will work - however - however, I want to deploy the package with Puppet, and it doesn't seem to allow specifying that.
Why use RPM to package system configuration when you have Puppet which can just push out the files directly?
Calum wrote:
Hello all,
I am rolling my own RPM to provide the correct sudoers config for the company where I'm working.
I want it to archive the existing /etc/sudoers, and put down the company's one.
However, when I install it, I get:file /etc/sudoers from install of sudo-config-20110520-1.noarch conflicts with file from package sudo-1.7.2p1
...
Is there a way to create the RPM in such a way that --replacefiles is "built-in" to the RPM? Is there any other way of doing this - so that rpm -V works?
Deploying config files via rpm is... problematic and usually means "you are doing it wrong(tm)". As suggested by others, there are other better alternatives like puppet or other config-management tools.
-- Rex
packaging@lists.fedoraproject.org