Mailing List Archive

From:: Ingo Schwarze <schwarze@usta.de>
Subject:: Re: text files in /etc/changelist stored as checksums only
To:: Daniel Jakots <danj@chown.me>, sthen@openbsd.org, jmc@openbsd.org
Cc:: tech@openbsd.org
Date:: Tue, 25 Mar 2025 12:56:37 +0100

Download raw body.

Thread

2025-03-19 21:54 Martin Schröder:
text files in /etc/changelist stored as checksums only
- 2025-03-19 22:21 Daniel Jakots:
  text files in /etc/changelist stored as checksums only
- - 2025-03-25 11:56 Ingo Schwarze:
    text files in /etc/changelist stored as checksums only
  - - 2025-03-25 12:04 Stuart Henderson:
      text files in /etc/changelist stored as checksums only
    - 2025-03-25 12:41 Jason McIntyre:
      text files in /etc/changelist stored as checksums only

Hi Daniel, Stuart, and Jason,

Daniel Jakots wrote on Wed, Mar 19, 2025 at 06:21:37PM -0400:

> The manpage could maybe be amended to mention the password/secret
> aspect as it was mentioned in the commit that introduced the feature:
> https://github.com/openbsd/src/commit/1e94625a312dd2d8958cd9bab647e9427d701c46

Here is a shot at polishing a few aspects in this page:

 * Tighten a few wordings, reducing duplicate words and statements.
 * Qualify "configuration files" with "several" because as it stands,
   the text allows the misunderstanding that *all* configuration
   files would be added to the list by default.
 * Files do not "begin with" a plus sign, but are prefixed.
 * Avoid a parenthetic remark, turning it into a complete sentence,
   mentioning the aspect of secrets.

OK?
  Ingo


Index: changelist.5
===================================================================
RCS file: /cvs/src/share/man/man5/changelist.5,v
diff -u -r1.10 changelist.5
--- changelist.5	28 May 2024 05:09:19 -0000	1.10
+++ changelist.5	25 Mar 2025 11:45:13 -0000
@@ -24,8 +24,9 @@
 The
 .Pa /etc/changelist
 file is a simple text file containing the names of files to be backed up
-and checked for modification by the system security script,
-.Xr security 8 .
+and checked for modification by the system
+.Xr security 8
+script.
 It is checked daily by the
 .Pa /etc/daily
 script.
@@ -33,10 +34,8 @@
 .Xr daily 8
 for further details.
 .Pp
-Each line of the file contains the name of a file,
-specified by its absolute pathname,
-one per line.
-By default, configuration files in
+Each line of the file contains the absolute pathname of one file.
+By default, several configuration files in
 .Pa /etc ,
 .Pa /root ,
 and
@@ -78,13 +77,13 @@
 .Pp
 Files in
 .Pa /etc/changelist
-beginning with a
+prefixed by a
 .Sq +
-character
-.Pq generally non-text files
-are stored as
+character are stored as
 .Xr sha256 1
 checksums.
+During installation, that prefix is used for non-text files
+and for files that may contain secrets.
 Results are mailed in the following format:
 .Bd -unfilled -offset indent
 ======

2025-03-19 21:54 Martin Schröder:
text files in /etc/changelist stored as checksums only
- 2025-03-19 22:21 Daniel Jakots:
  text files in /etc/changelist stored as checksums only
- - 2025-03-25 11:56 Ingo Schwarze:
    text files in /etc/changelist stored as checksums only
  - - 2025-03-25 12:04 Stuart Henderson:
      text files in /etc/changelist stored as checksums only
    - 2025-03-25 12:41 Jason McIntyre:
      text files in /etc/changelist stored as checksums only