[sudo-users] Can I distribute the sudoers file as an rpm????

Wed Jul 20 05:35:25 EDT 2005

Thanks Russell & Bob your advice is appreciated.

My full rpm spec is:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Summary: Sudoers file for linux
%define version 0.1
Copyright: GPL
Group: Applications
Name: sudoers
Provides: sudoers
Release: 1
Source: sudoers-%{version}.tar.gz
Version: %{version}
#Buildroot: /tmp/sudoers-%{version}

%description
The sudoers file gives limited root access to pcs

%prep
echo

%setup 
echo

%build
echo

%install

%clean
rm -rf $RPM_BUILD_ROOT          

%files
%config /etc/sudoers  

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

The reason I would like to package the sudoers file as an rpm is because
I have a red hat satellite server and so it would make things very easy
if I could upload an rpm with the latest sudoers file in it and then all
machines would update automatically.

Thanks,

Wes.

On Tue, 2005-07-19 at 23:07 -0600, Bob Proulx wrote:
> Wes Armour wrote:
> > I would like to distribute our sudoers file using an rpm package.
> 
> > When I try to install the rpm I get:
> > 
> > file /etc/sudoers from install of diamond-sudoers-0.1-1 conflicts with
> > file from package sudo-1.6.7p5-30.1.1
> 
> I believe Russell Van Tassell's response identified your problem.
> 
> > My spec file looks like:
> 
> But I had to comment upon your spec file.
> 
> > Summary: ...(lots of stuff...)
> 
> Did you have a BuildRoot specified?
> 
> > %description
> > The sudoers file gives limited root access to pcs
> > 
> > %prep
> > echo
> > 
> > %setup 
> > echo
> > 
> > %build
> > echo
> > 
> > %install
> 
> If those scripts are not used then don't include them in the spec file
> at all.  Just remove them instead of creating noop scripts out of
> them.
> 
> > %clean
> > rm -rf $RPM_BUILD_ROOT          
> 
> I think you have a critical error possible here.  You omitted the
> header so we can't tell if you specified a BuildRoot.  But from your
> %files section I gather not.  In which case the rm -rf here could be a
> bad thing if $RPM_BUILD_ROOT were to default to /.  Best to always
> specify a BuildRoot.
> 
> > %files
> > %config /etc/sudoers            
> 
> This looks like you are packaging your live file.  But you will be
> installing your package on your system and overwriting your live file
> too.  So your source file is going to be overwritten in a moment with
> the new package file.  I think that is a bad relationship.  I would
> alway keep the source separate from the live copy.  If you used a
> BuildRoot you could point into your source area.  But then don't
> clean or it would remove your source.
> 
> Personally I use rsync to keep the sudoers files in sync on the
> different machines.  I have a cron task that pulls the sudoers files
> from a golden image server on a regular basis.  Changes are made to
> the gold server.  The new file is propagated to the clients by the
> crontask that runs rsync to get the new file.  Therefore I recommend
> not packaging the configuration files but using a VCS to manage them.
> 
> RPM packages are good for program files but not so good for
> managing configuration files.  For configuration files I find an
> version control system to be much more practical.
> 
> In addition to rsync other utilities such as radmin and cfengine are
> also well known alternatives for doing these types of tasks.
> 
> Bob