[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]
Re: Option to write %pre, %post in /root/anaconda-ks.cfg
- From: James Laska <jlaska redhat com>
- To: Discussion of Development and Customization of the Red Hat Linux Installer <anaconda-devel-list redhat com>
- Subject: Re: Option to write %pre, %post in /root/anaconda-ks.cfg
- Date: Thu, 25 Oct 2007 09:36:38 -0400
Greetings,
Good topic. The more I investigate, the more I find
that /root/anaconda-ks.cfg has rarely reflected the *exact* installation
performed (in the automated case).
Stepping back a bit ... what is the intent of /root/anaconda-ks.cfg?
1. A "recommended" method to kickstart the recently performed manual
installation?
2. A complete "record" of how the system was installed?
Do folks out there rely on /root/anaconda-ks.cfg much? If so, for what?
Thanks,
James
On Mon, 2007-10-22 at 16:42 +0200, Alexander Todorov wrote:
> Hello list,
> I've just found that resulting anaconda-ks.cfg does not include the
> %pre, %post, %traceback scripts from the ks.cfg used for installation.
> I've talked to several people and here is the result.
>
> Why this is missing:
> 1) If the initial ks.cfg contains some sensitive information it should
> not get written to disc.
>
> - IMO if such info is used it's already present somewhere on disc.
> - An attacker may sniff the network traffic and discover that info if
> needed.
> - /root is accessible to root user
>
> Hence there is not much argument of a security point of view to skip the
> %post in anaconda-ks.cfg
>
> Why it should be there:
> 1) To be able to reproduce the same install over and over again. In some
> cases %post may be tweaking settings or custom configuration.
>
> 2) To keep the configuration used during installation in cases where
> ks.cfg is generated dynamically/not available after some period, etc.
>
> 3) To have things where one expects to be: anaconda-ks.cfg
>
> How it should appear in anaconda:
>
> - The most reasonable solution is to probably have another option
> --write-ks-scripts which will enable this functionality.
> Scripts can be written directly to resulting anaconda-ks.cfg or in
> separate files e.g. anaconda-ks.pre, anaconda-ks.post, etc.
>
> Any comments and concerns are welcome.
>
> Greetings,
> Alexander.
>
> _______________________________________________
> Anaconda-devel-list mailing list
> Anaconda-devel-list redhat com
> https://www.redhat.com/mailman/listinfo/anaconda-devel-list
--
==========================================
James Laska -- jlaska redhat com
Quality Engineering -- Red Hat, Inc.
==========================================
[Date Prev][Date Next] [Thread Prev][Thread Next]
[Thread Index]
[Date Index]
[Author Index]