How to use RPM for config file mainenance

devzero2000 pinto.elia at gmail.com
Mon May 28 13:24:04 UTC 2012


On Mon, May 28, 2012 at 9:44 AM, Fred van Zwieten <fvzwieten at gmail.com>wrote:

> Hi,
>
> I would like to use RPM to manage my configuration files. The problem is,
> of course, that these configuration files already belong to other packages.
> For a lot of packages, the problem is solved using the conf.d approach, but
> not all software takes that route. Take, for example, ntp.conf. It belongs
> to the ntp package, but I want to change it using the RPM deployment
> mechanism.
>
> I know there are great solutions like cfengine, chef and puppet for this,
> but I prefer not to use them. There are a number of reasons for this:
>
> 1. I want rpm -V to work on these config files so I can use rpm as a IDS
> 2. I want to be able to sign the packages so I know the config files are
> genuine.
> 2. Our prod systems are locked down in a way that is not very puppet
> friendly: The whole system is mounted read-only, with the obvious exception
> of /var, /tmp, etc, these are mounted noexec, among others. When we do
> maintenance, we shutdown network connectivity, with the exception of the
> RPM system, remount the system writeable and do the rpm update. Then, we
> lock the system down again and do a new rpm -V.
>
> I have seen various "solutions" to this
> config-file-is-owned-by-two-packages problem, but I don't like them, so
> far. The most popular seem to be to install your own config files in a
> separate location and copy them to the correct location in the %post. This
> is no good.
>
> So, is there an elegant and RPM native solution to this problem where I
> can be sure my config files come from verified and signed packages?
>
Is not native (dunno if elegant), but
https://github.com/yersinia/rpm-gen-rpm-configuration (I'm the author)
follows the spirit of rpm for generate a spec file that include in a sane
way configuration data. (no conflict, dependency resolution, post
verification..)

I used it for a few years, I still use it to generate some simple
configuration rpm. Maybe it does not handle well the character % if present in
the configuration file but it is simple fix.

Hope useful

Hth





>
> Fred
> _______________________________________________
> Rpm-list mailing list
> Rpm-list at lists.rpm.org
> http://lists.rpm.org/mailman/listinfo/rpm-list
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.rpm.org/pipermail/rpm-list/attachments/20120528/c0db2fe8/attachment.html>


More information about the Rpm-list mailing list