[sudo-users] Can I distribute the sudoers file as an rpm????
Wes Armour
wes.armour at diamond.ac.uk
Wed Jul 20 05:35:25 EDT 2005
Thanks Russell & Bob your advice is appreciated.
My full rpm spec is:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Summary: Sudoers file for linux
%define version 0.1
Copyright: GPL
Group: Applications
Name: sudoers
Provides: sudoers
Release: 1
Source: sudoers-%{version}.tar.gz
Version: %{version}
#Buildroot: /tmp/sudoers-%{version}
%description
The sudoers file gives limited root access to pcs
%prep
echo
%setup
echo
%build
echo
%install
%clean
rm -rf $RPM_BUILD_ROOT
%files
%config /etc/sudoers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
The reason I would like to package the sudoers file as an rpm is because
I have a red hat satellite server and so it would make things very easy
if I could upload an rpm with the latest sudoers file in it and then all
machines would update automatically.
Thanks,
Wes.
On Tue, 2005-07-19 at 23:07 -0600, Bob Proulx wrote:
> Wes Armour wrote:
> > I would like to distribute our sudoers file using an rpm package.
>
> > When I try to install the rpm I get:
> >
> > file /etc/sudoers from install of diamond-sudoers-0.1-1 conflicts with
> > file from package sudo-1.6.7p5-30.1.1
>
> I believe Russell Van Tassell's response identified your problem.
>
> > My spec file looks like:
>
> But I had to comment upon your spec file.
>
> > Summary: ...(lots of stuff...)
>
> Did you have a BuildRoot specified?
>
> > %description
> > The sudoers file gives limited root access to pcs
> >
> > %prep
> > echo
> >
> > %setup
> > echo
> >
> > %build
> > echo
> >
> > %install
>
> If those scripts are not used then don't include them in the spec file
> at all. Just remove them instead of creating noop scripts out of
> them.
>
> > %clean
> > rm -rf $RPM_BUILD_ROOT
>
> I think you have a critical error possible here. You omitted the
> header so we can't tell if you specified a BuildRoot. But from your
> %files section I gather not. In which case the rm -rf here could be a
> bad thing if $RPM_BUILD_ROOT were to default to /. Best to always
> specify a BuildRoot.
>
> > %files
> > %config /etc/sudoers
>
> This looks like you are packaging your live file. But you will be
> installing your package on your system and overwriting your live file
> too. So your source file is going to be overwritten in a moment with
> the new package file. I think that is a bad relationship. I would
> alway keep the source separate from the live copy. If you used a
> BuildRoot you could point into your source area. But then don't
> clean or it would remove your source.
>
> Personally I use rsync to keep the sudoers files in sync on the
> different machines. I have a cron task that pulls the sudoers files
> from a golden image server on a regular basis. Changes are made to
> the gold server. The new file is propagated to the clients by the
> crontask that runs rsync to get the new file. Therefore I recommend
> not packaging the configuration files but using a VCS to manage them.
>
> RPM packages are good for program files but not so good for
> managing configuration files. For configuration files I find an
> version control system to be much more practical.
>
> In addition to rsync other utilities such as radmin and cfengine are
> also well known alternatives for doing these types of tasks.
>
> Bob
More information about the sudo-users
mailing list