Index | Thread | Search

From:
Jason McIntyre <jmc@kerhand.co.uk>
Subject:
Re: text files in /etc/changelist stored as checksums only
To:
Ingo Schwarze <schwarze@usta.de>
Cc:
Daniel Jakots <danj@chown.me>, sthen@openbsd.org, tech@openbsd.org
Date:
Tue, 25 Mar 2025 12:41:02 +0000

Download raw body.

Thread 
On Tue, Mar 25, 2025 at 12:56:37PM +0100, Ingo Schwarze wrote:
> Hi Daniel, Stuart, and Jason,
> 
> Daniel Jakots wrote on Wed, Mar 19, 2025 at 06:21:37PM -0400:
> 
> > The manpage could maybe be amended to mention the password/secret
> > aspect as it was mentioned in the commit that introduced the feature:
> > https://github.com/openbsd/src/commit/1e94625a312dd2d8958cd9bab647e9427d701c46
> 
> Here is a shot at polishing a few aspects in this page:
> 
>  * Tighten a few wordings, reducing duplicate words and statements.
>  * Qualify "configuration files" with "several" because as it stands,
>    the text allows the misunderstanding that *all* configuration
>    files would be added to the list by default.
>  * Files do not "begin with" a plus sign, but are prefixed.
>  * Avoid a parenthetic remark, turning it into a complete sentence,
>    mentioning the aspect of secrets.
> 
> OK?
>   Ingo
> 

hi!

i'm fine with this, yes. i do have one comment inline though:

> 
> Index: changelist.5
> ===================================================================
> RCS file: /cvs/src/share/man/man5/changelist.5,v
> diff -u -r1.10 changelist.5
> --- changelist.5	28 May 2024 05:09:19 -0000	1.10
> +++ changelist.5	25 Mar 2025 11:45:13 -0000
> @@ -24,8 +24,9 @@
>  The
>  .Pa /etc/changelist
>  file is a simple text file containing the names of files to be backed up
> -and checked for modification by the system security script,
> -.Xr security 8 .
> +and checked for modification by the system
> +.Xr security 8
> +script.

we could shorten this all to:

	...checked daily(8) by the system security(8) script.

that's a matter of taste though - just offering it as a suggestion.

jmc

>  It is checked daily by the
>  .Pa /etc/daily
>  script.
> @@ -33,10 +34,8 @@
>  .Xr daily 8
>  for further details.
>  .Pp
> -Each line of the file contains the name of a file,
> -specified by its absolute pathname,
> -one per line.
> -By default, configuration files in
> +Each line of the file contains the absolute pathname of one file.
> +By default, several configuration files in
>  .Pa /etc ,
>  .Pa /root ,
>  and
> @@ -78,13 +77,13 @@
>  .Pp
>  Files in
>  .Pa /etc/changelist
> -beginning with a
> +prefixed by a
>  .Sq +
> -character
> -.Pq generally non-text files
> -are stored as
> +character are stored as
>  .Xr sha256 1
>  checksums.
> +During installation, that prefix is used for non-text files
> +and for files that may contain secrets.
>  Results are mailed in the following format:
>  .Bd -unfilled -offset indent
>  ======