Do not install /etc/nsswitch.conf

Related to: https://fedoraproject.org/wiki/Changes/Make_Authselect_Mandatory Users are now expected to use authselect to configure the system and packages should no longer support non-authselect configurations. /etc/nsswitch.conf is now owned by authselect. Resolves: rhbz#2023741
2021-11-16 12:38:57 +01:00 · 2021-11-16 12:38:57 +01:00 · cadee80b13
parent 2a12adcea2
commit cadee80b13
2 changed files with 4 additions and 51 deletions
--- a/glibc-fedora-nsswitch.patch
+++ b/glibc-fedora-nsswitch.patch
@ -1,46 +0,0 @@
-The Fedora /etc/nsswitch.conf is based largely on the upstream
-version with minor downstream distribution modifications for
-use with SSSD and systemd.
-
-diff --git a/nss/nsswitch.conf b/nss/nsswitch.conf
-index 4a6bcb1f7bc0b1f4..980a68e32e6a04b8 100644
--- a/nss/nsswitch.conf
-+++ b/nss/nsswitch.conf
-@@ -1,7 +1,7 @@
- #
- # /etc/nsswitch.conf
- #
-# An example Name Service Switch config file. This file should be
-+# Name Service Switch config file. This file should be
- # sorted with the most-used services at the beginning.
- #
- # Valid databases are: aliases, ethers, group, gshadow, hosts,
-@@ -52,19 +52,21 @@
- # shadow:    db files
- # group:     db files
- 
-# In alphabetical order. Re-order as required to optimize peformance.
-+# In order of likelihood of use to accelerate lookup.
-+passwd:     sss files
-+shadow:     files
-+group:      sss files
-+hosts:      files dns myhostname
-+services:   files sss
-+netgroup:   sss
-+automount:  files sss
-+
- aliases:    files
- ethers:     files
-group:      files
- gshadow:    files
-hosts:      files dns
- # Allow initgroups to default to the setting for group.
- # initgroups: files
-netgroup:   files
- networks:   files dns
-passwd:     files
- protocols:  files
- publickey:  files
- rpc:        files
-shadow:     files
-services:   files
--- a/glibc.spec
+++ b/glibc.spec
@ -151,7 +151,7 @@ end \
 Summary: The GNU libc libraries
 Name: glibc
 Version: %{glibcversion}
-Release: 27%{?dist}
+Release: 28%{?dist}

 # In general, GPLv2+ is used by programs, LGPLv2+ is used for
 # libraries.
@ -226,7 +226,6 @@ Patch15: glibc-rh1070416.patch
 Patch16: glibc-nscd-sysconfig.patch
 Patch17: glibc-cs-path.patch
 Patch23: glibc-python3.patch
-Patch29: glibc-fedora-nsswitch.patch
 Patch30: glibc-deprecated-selinux-makedb.patch
 Patch31: glibc-deprecated-selinux-nscd.patch

@ -1405,8 +1404,6 @@ mv  %{glibc_sysroot}%{_prefix}/lib/locale/*.filelist .
 # Install configuration files for services
 ##############################################################################

-install -p -m 644 nss/nsswitch.conf %{glibc_sysroot}/etc/nsswitch.conf
-
 # This is for ncsd - in glibc 2.2
 install -m 644 nscd/nscd.conf %{glibc_sysroot}/etc
 mkdir -p %{glibc_sysroot}%{_tmpfilesdir}
@ -2176,7 +2173,6 @@ fi

 %files -f glibc.filelist
 %dir %{_prefix}/%{_lib}/audit
-%verify(not md5 size mtime) %config(noreplace) /etc/nsswitch.conf
 %verify(not md5 size mtime) %config(noreplace) /etc/ld.so.conf
 %verify(not md5 size mtime) %config(noreplace) /etc/rpc
 %dir /etc/ld.so.conf.d
@ -2262,6 +2258,9 @@ fi
 %files -f compat-libpthread-nonshared.filelist -n compat-libpthread-nonshared

 %changelog
+* Fri Dec 10 2021 Pavel Březina <pbrezina@redhat.com> - 2.34.9000-28
+- /etc/nsswitch.conf is now owned by authselect (rhbz#2023741)
+
 * Thu Dec 09 2021 Siddhesh Poyarekar <siddhesh@redhat.com> - 2.34.9000-27
 - Set BuildFlagsNonshared only if _annotated_build is set.