[gentoo-dev] RFC: Enable FEATURES=config-protect-if-modified by default?

[gentoo-dev] RFC: Enable FEATURES=config-protect-if-modified by default?

[Zac Medico]

Hi,

In case you aren't familiar with it, here's the description from the
make.conf(5) man page:

  This causes the CONFIG_PROTECT behavior to be skipped for files that
  have not been modified since they were installed.

I think it would be a good idea to enable this by default, but I thought
I'd ask here first, in case anyone has objections.
-- 
Thanks,
Zac

[gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Duncan]

Zac Medico posted on Tue, 15 May 2012 15:24:53 -0700 as excerpted:

> Hi,
> 
> In case you aren't familiar with it, here's the description from the
> make.conf(5) man page:
> 
>   This causes the CONFIG_PROTECT behavior to be skipped for files that
>   have not been modified since they were installed.
> 
> I think it would be a good idea to enable this by default, but I thought
> I'd ask here first, in case anyone has objections.

I've been using this for awhile now (tho IIRC it wasn't /that/ long ago 
that I saw it popup as new in the portage changelog =:^), and have been 
rather happy with it indeed! =:^)

Among other things, I used to get prompted at I think every update for a 
whole slew of mc theme and hotkey file updates, when I never touched 
those files.  Now I don't have to worry about 'em! =:^)  Same thing 
(different files of course) with openrc, where I use the -9999 live-git 
version and normally update once or twice a week to better track changes 
that sometimes negatively affect me.

The best thing about it is not having to worry about missing an important 
change in a file I DO change, due to all the noise from files I don't 
touch.

So yes, definitely ++ to making it the default, from here! =:^)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Fabio Erculiani]

I implemented this feature in Entropy long time ago (2009 iirc) and
enabled it by default as well.
We never had a single issue. Users seem quite happy about it.

So yeah, go for it!
-- 
Fabio Erculiani

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Rich Freeman]

On Wed, May 16, 2012 at 5:02 AM, Fabio Erculiani <lxnay@gentoo.org> wrote:
> I implemented this feature in Entropy long time ago (2009 iirc) and
> enabled it by default as well.
> We never had a single issue. Users seem quite happy about it.
>

This is also the default behavior with the cfg-update alternative to
dispatch-conf - unmodified files are just replaced.  Never had a
problem with it.  90% of the time these are files I've never even
looked at.

Will the new option remove files automatically as well?  I've been
getting warnings on boot that I suspect are the result of ancient udev
rules files that never got removed due to protection.  I've been
meaning to investigate, but I need to figure out which if any I did
actually modify.

Rich

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Andreas K. Huettel]

[-- Attachment #1: Type: text/plain, Size: 423 bytes --]

> > make.conf(5) man page:
> >   This causes the CONFIG_PROTECT behavior to be skipped for files that
> >   have not been modified since they were installed.

+1 very good idea

> The best thing about it is not having to worry about missing an important
> change in a file I DO change, due to all the noise from files I don't
> touch.

exactly!!!

-- 
Andreas K. Huettel
Gentoo Linux developer
kde, sci, arm, tex, printing

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Eray Aslan]

[-- Attachment #1: Type: text/plain, Size: 758 bytes --]

On 2012-05-16 12:13 PM, Andreas K. Huettel wrote:
>>> make.conf(5) man page:
>>>   This causes the CONFIG_PROTECT behavior to be skipped for files that
>>>   have not been modified since they were installed.
> 
> +1 very good idea

Hmm, does that mean that when a default changes in (or some new setting
is added to) an app config file, I'll get no prompt and no warning
assuming I go with the default settings in the app?  That presumes that
the new default or the new setting does not break my setup.  That is a
big assumption.

Even if we go with enabling it by default, please have a news item so
that one can turn it off if necessary.  Even then, new installs will
have to remember to turn it off.

-- 
Eray Aslan <eras@gentoo.org>


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 898 bytes --]

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Fabian Groffen]

[-- Attachment #1: Type: text/plain, Size: 877 bytes --]

On 16-05-2012 12:36:03 +0300, Eray Aslan wrote:
> On 2012-05-16 12:13 PM, Andreas K. Huettel wrote:
> >>> make.conf(5) man page:
> >>>   This causes the CONFIG_PROTECT behavior to be skipped for files that
> >>>   have not been modified since they were installed.
> > 
> > +1 very good idea
> 
> Hmm, does that mean that when a default changes in (or some new setting
> is added to) an app config file, I'll get no prompt and no warning
> assuming I go with the default settings in the app?  That presumes that
> the new default or the new setting does not break my setup.  That is a
> big assumption.

I'd think so, yes

> Even if we go with enabling it by default, please have a news item so
> that one can turn it off if necessary.  Even then, new installs will
> have to remember to turn it off.

+1

-- 
Fabian Groffen
Gentoo on a different level

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Pacho Ramos]

[-- Attachment #1: Type: text/plain, Size: 1371 bytes --]

El mié, 16-05-2012 a las 11:42 +0200, Fabian Groffen escribió:
> On 16-05-2012 12:36:03 +0300, Eray Aslan wrote:
> > On 2012-05-16 12:13 PM, Andreas K. Huettel wrote:
> > >>> make.conf(5) man page:
> > >>>   This causes the CONFIG_PROTECT behavior to be skipped for files that
> > >>>   have not been modified since they were installed.
> > > 
> > > +1 very good idea
> > 
> > Hmm, does that mean that when a default changes in (or some new setting
> > is added to) an app config file, I'll get no prompt and no warning
> > assuming I go with the default settings in the app?  That presumes that
> > the new default or the new setting does not break my setup.  That is a
> > big assumption.
> 
> I'd think so, yes

But similar assumption applies to current behavior: if a user forgets to
run dispatch-conf after updating and machine is rebooted (by error, due
some power failure, due other users rebooting it...), they will probably
get failures when booting and, for example, some init.d scripts file to
start due obsolete conf.d files being preserved by default.

> 
> > Even if we go with enabling it by default, please have a news item so
> > that one can turn it off if necessary.  Even then, new installs will
> > have to remember to turn it off.
> 
> +1
> 

But I also agree with releasing a news item for the change of course :)

[-- Attachment #2: This is a digitally signed message part --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Fabian Groffen]

[-- Attachment #1: Type: text/plain, Size: 1784 bytes --]

On 16-05-2012 11:48:20 +0200, Pacho Ramos wrote:
> El mié, 16-05-2012 a las 11:42 +0200, Fabian Groffen escribió:
> > On 16-05-2012 12:36:03 +0300, Eray Aslan wrote:
> > > On 2012-05-16 12:13 PM, Andreas K. Huettel wrote:
> > > >>> make.conf(5) man page:
> > > >>>   This causes the CONFIG_PROTECT behavior to be skipped for files that
> > > >>>   have not been modified since they were installed.
> > > > 
> > > > +1 very good idea
> > > 
> > > Hmm, does that mean that when a default changes in (or some new setting
> > > is added to) an app config file, I'll get no prompt and no warning
> > > assuming I go with the default settings in the app?  That presumes that
> > > the new default or the new setting does not break my setup.  That is a
> > > big assumption.
> > 
> > I'd think so, yes
> 
> But similar assumption applies to current behavior: if a user forgets to
> run dispatch-conf after updating and machine is rebooted (by error, due
> some power failure, due other users rebooting it...), they will probably
> get failures when booting and, for example, some init.d scripts file to
> start due obsolete conf.d files being preserved by default.

True, but we currently have a message for this, telling you to update
your config files, while I guess there is no (persistent) message that
some of your config files were overwritten, with which unknown
differences (if any) triggering different behaviour.
IOW it is impossible to review changes with this setting.

Maybe we can just keep backups of the older conf-files if they are
different (besides comments), renamed like myapp.conf-myapp-1.0-r4 and
have a tool (or reuse a tool) to review and/or cleanup this every once
in a while?

-- 
Fabian Groffen
Gentoo on a different level

[-- Attachment #2: Digital signature --]
[-- Type: application/pgp-signature, Size: 195 bytes --]

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Fabio Erculiani]

On Wed, May 16, 2012 at 11:36 AM, Eray Aslan <eras@gentoo.org> wrote:
> On 2012-05-16 12:13 PM, Andreas K. Huettel wrote:
>>>> make.conf(5) man page:
>>>>   This causes the CONFIG_PROTECT behavior to be skipped for files that
>>>>   have not been modified since they were installed.
>>
>> +1 very good idea
>
> Hmm, does that mean that when a default changes in (or some new setting
> is added to) an app config file, I'll get no prompt and no warning
> assuming I go with the default settings in the app?  That presumes that
> the new default or the new setting does not break my setup.  That is a
> big assumption.

Generally, several PMS (I think apt does it as well) make this assumption:
if config file C owned by package P has never been modified, meaning
that md5 or whatever is the same, the old C of P was fine, so is the
new C.
On the other hand, if the old C has been modified, then the above
assumption is not valid.

This also helps a lot in the scenario where critical configuration
files are not updated before reboot, which might result in an
unbootable system (ouch!).

>
> Even if we go with enabling it by default, please have a news item so
> that one can turn it off if necessary.  Even then, new installs will
> have to remember to turn it off.
>
> --
> Eray Aslan <eras@gentoo.org>
>



-- 
Fabio Erculiani

Re: [gentoo-dev] Re: RFC: Enable FEATURES=config-protect-if-modified by default?

[Eray Aslan]

[-- Attachment #1: Type: text/plain, Size: 1055 bytes --]

On 2012-05-16 12:56 PM, Fabio Erculiani wrote:
> Generally, several PMS (I think apt does it as well) make this assumption:
> if config file C owned by package P has never been modified, meaning
> that md5 or whatever is the same, the old C of P was fine, so is the
> new C.

Yep, and I always thought that Gentoo way of dealing with config files
was much better -both compared to .deb and .rpm land- in this regard.
Presenting the diff is a quick and efficient way to highlight the
changes and ask the sysadmin to make the necessary changes if any.

I am not bothered with the (frequency of?) diffs but I guess people are.

> This also helps a lot in the scenario where critical configuration
> files are not updated before reboot, which might result in an
> unbootable system (ouch!).

Well, that is true.  If you forget to dispatch-conf, it might bite you.

Anyway, no big deal either way though I prefer the status quo.  If we
make the change, make it with enough fanfare that users notice.

-- 
Eray Aslan <eras@gentoo.org>


[-- Attachment #2: OpenPGP digital signature --]
[-- Type: application/pgp-signature, Size: 898 bytes --]

Re: [gentoo-dev] RFC: Enable FEATURES=config-protect-if-modified by default?

[Dirkjan Ochtman]

On Wed, May 16, 2012 at 12:24 AM, Zac Medico <zmedico@gentoo.org> wrote:
>  This causes the CONFIG_PROTECT behavior to be skipped for files that
>  have not been modified since they were installed.

Yes, please!

Cheers,

Dirkjan