[arch-general] Location of the pacman database
Tobias Hunger
tobias.hunger at gmail.com
Mon Sep 15 01:32:51 EDT 2014
Am 15.09.2014 00:54 schrieb "Nowaker" <enwukaer at gmail.com>:
> Good point. I just did `pacman -Ql |grep -F ' /var'` to see how many
> files there are. 99.7% of them are directories only, though. Are
> tmpfiles.d supposed to create directories in /var too? Docs mention
> using tmpfiles.d to init /tmp or /run, not /var though. But I guess
> stateless systemd would always provide tmpfiles for that.
As I understand this, systemd expects daemons to deal with no settings in
/etc and /var.
Tempfiles.d is the proposed clutch till that is actually the case.
> >> - move /var/lib/pacman/local/ to /usr - move the default
> >> pacman.conf and mirrorlist to /usr/share - provide tmpfiles.d to
> >> copy those files to /etc
>
> > What about pacman keyring? Also note that your custom keys should
> > be packaged as well and resigned on-boot.
I just copy my keyring into /usr/lib/factory/etc and restore them from
there as needed. The private keys should stay on the server creating the
image, but currently I just put those into the package as well... I need to
change that ASAP. In my defense: There are no users on any of the machines
running those images that I do not trust.
> I wasn't aware of that. I only refer to what the OP requested and that
> didn't sound complicated at all. Now it does.
I do not consider this a problem. When you use somebodies images you need
to trust that person. I do not consider trusting the keys that person
provides to be a problem.
> >> If I'm not mistaken, /usr/share and tmpfiles.d are really trivial
> >> and wouldn't affect users in any way. That'd be a few additional
> >> files somewhere in the filesystem without any effect on existing
> >> machines. Or I'm wrong?
>
> > This is madness. I remember sometime ago there was a witchhunt
> > against daemons that write to /etc (cups is the worst offender). So
> > why is it OK for systemd to do so? I personally don't want systemd
> > to come anywhere near my /etc. Please package the
> > tmpfiles.d/sysusers stuff with virtkick or whatever, but not with
> > pacman.
Any privileged process can mess with /etc at any time. With factory reset
at least you get a pristine copy to compare the files in /etc against.
Arch did embrace systemd, it should make it easy to use all its features. I
am not proposing to enable them by default.
Best Regards,
Tobias
More information about the arch-general
mailing list