Am 15.09.2014 00:54 schrieb "Nowaker" <enwukaer@gmail.com>:
Good point. I just did `pacman -Ql |grep -F ' /var'` to see how many files there are. 99.7% of them are directories only, though. Are tmpfiles.d supposed to create directories in /var too? Docs mention using tmpfiles.d to init /tmp or /run, not /var though. But I guess stateless systemd would always provide tmpfiles for that.
As I understand this, systemd expects daemons to deal with no settings in /etc and /var. Tempfiles.d is the proposed clutch till that is actually the case.
- move /var/lib/pacman/local/ to /usr - move the default pacman.conf and mirrorlist to /usr/share - provide tmpfiles.d to copy those files to /etc
What about pacman keyring? Also note that your custom keys should be packaged as well and resigned on-boot.
I just copy my keyring into /usr/lib/factory/etc and restore them from there as needed. The private keys should stay on the server creating the image, but currently I just put those into the package as well... I need to change that ASAP. In my defense: There are no users on any of the machines running those images that I do not trust.
I wasn't aware of that. I only refer to what the OP requested and that didn't sound complicated at all. Now it does.
I do not consider this a problem. When you use somebodies images you need to trust that person. I do not consider trusting the keys that person provides to be a problem.
If I'm not mistaken, /usr/share and tmpfiles.d are really trivial and wouldn't affect users in any way. That'd be a few additional files somewhere in the filesystem without any effect on existing machines. Or I'm wrong?
This is madness. I remember sometime ago there was a witchhunt against daemons that write to /etc (cups is the worst offender). So why is it OK for systemd to do so? I personally don't want systemd to come anywhere near my /etc. Please package the tmpfiles.d/sysusers stuff with virtkick or whatever, but not with pacman.
Any privileged process can mess with /etc at any time. With factory reset at least you get a pristine copy to compare the files in /etc against. Arch did embrace systemd, it should make it easy to use all its features. I am not proposing to enable them by default. Best Regards, Tobias