Details
-
Improvement
-
Resolution: Unresolved
-
Major
-
None
-
8.2
-
None
Description
Context: in xenserver-release, there are many %triggerin scriptlets that apply patches to configuration files. This is fragile, as it can fail if the users made changes to those files, or in some cases patches may not apply at all, as was the case with the ssh configuration (ciphers, etc., cf XS82E015).
I don't have a better way to suggest for now for handling the changing of configuration files that belong to CentOS packages such as openssh-server, however the issue mentioned above would have been detected when analysing installation logs if the patch wasn't applied silently.
Currently, the patches are applied totally silently:
( patch -tsN -r - -d / -p1 || : ) >/dev/null <<'EOF' ...patch content... EOF
It will never return nonzero (which is good in a RPM scriptlet AFAIK), however it will not display anything in case it fails either.
Having it display errors would allow for:
- errors caused by bad/obsolete patches to be displayed in installation logs
- errors caused by user modifications on their configuration files to have a chance to be detected, when they apply updates from command line (maybe XenCenter can also display the output, I don't know).
Here's how I did it for a patch we added to XCP-ng:
# XCP-ng: change depmod global configuration to give priority to 'override' modules dir %triggerin config -- kmod DEPMOD_PATCH=$(cat <<'EOF' --- /etc/depmod.d/dist.conf.orig 2019-04-23 11:31:19.107096410 +0200 +++ /etc/depmod.d/dist.conf 2019-04-23 11:31:30.533088996 +0200 @@ -3,4 +3,4 @@ # # override default search ordering for kmod packaging -search updates extra built-in weak-updates +search override updates extra built-in weak-updates EOF ) # Do not apply patch if it was already applied if ! echo "$DEPMOD_PATCH" | patch --dry-run -RsN -d / -p1 >/dev/null; then # Apply patch. Output NOT redirected to /dev/null so that error messages are displayed if ! echo "$DEPMOD_PATCH" | patch -tsN -r - -d / -p1; then echo "Error: failed to apply patch:" echo "$DEPMOD_PATCH" fi fi
This could very well be made into a macro that is then used to apply any patch to configuration files that are owned by other packages.
Hoping you will consider this suggestion.