delorie.com/archives/browse.cgi   search  
Mail Archives: cygwin/2019/04/08/15:04:48

X-Recipient: archive-cygwin AT delorie DOT com
DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:reply-to:subject:to:references:from:message-id
:date:mime-version:in-reply-to:content-type
:content-transfer-encoding; q=dns; s=default; b=W6m0QEmhCXgDwWZP
tRAuJfSuHK25tgvqOcCoxi2aL2i8Tz/58+nddlA0dyhsBOaH3dKomvQw9EtqJver
i8fDdMqp5m4CF4+G6609jrtspuovnR3g495+WNjcU0lm4+/wB6wASVgWDA1KaE7k
iScdYp2Qxx1V2OczFeIeL6a0+mI=
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
:list-unsubscribe:list-subscribe:list-archive:list-post
:list-help:sender:reply-to:subject:to:references:from:message-id
:date:mime-version:in-reply-to:content-type
:content-transfer-encoding; s=default; bh=j+Us8IpiM1slFJMDf2KxdW
QFeIo=; b=BMSnlP2BTLp40pcajhSjoG+aPzlsHPKza0OZT57Q5QiwPoiuOBa2Ll
T9q430PsE2c/pteAsnzIMfRD7/hhiGWAh3P15rf2yVf/+uxsGCHDGnhgp7IHpd1Z
rZ8ftJ/PP/S8z2BgZalzrhOoJY9xXwlRKcjEJ6P2hsF1MDmo0J91c=
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id: <cygwin.cygwin.com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Authentication-Results: sourceware.org; auth=none
X-Spam-SWARE-Status: No, score=-3.4 required=5.0 tests=AWL,BAYES_00,RCVD_IN_DNSWL_LOW autolearn=ham version=3.3.1 spammy=HX-Languages-Length:4284, customizations
X-HELO: smtp-out-no.shaw.ca
Reply-To: Brian DOT Inglis AT SystematicSw DOT ab DOT ca
Subject: Re: base-files revisited
To: cygwin AT cygwin DOT com
References: <CAAgpg9aoVkqmxHxsEjjbYFFftrtvfVJk9HLbUKh0h1r3LgweAQ AT mail DOT gmail DOT com> <87r2aczb9a DOT fsf AT Rainer DOT invalid> <CAAgpg9Y+sxHWsFbff4YfHRqFBV38kvxSrwTDrjTSg8zPvsHsjg AT mail DOT gmail DOT com> <87ef6cz74l DOT fsf AT Rainer DOT invalid>
From: Brian Inglis <Brian DOT Inglis AT SystematicSw DOT ab DOT ca>
Openpgp: preference=signencrypt
Message-ID: <00663867-5c73-17ab-34e3-b3535e88e5c1@SystematicSw.ab.ca>
Date: Mon, 8 Apr 2019 13:04:34 -0600
User-Agent: Mozilla/5.0 (Windows NT 10.0; WOW64; rv:60.0) Gecko/20100101 Thunderbird/60.6.1
MIME-Version: 1.0
In-Reply-To: <87ef6cz74l.fsf@Rainer.invalid>
X-IsSubscribed: yes

On 2019-04-08 12:25, Achim Gratz wrote:
> John Morrison writes:
>> The company won't allow anything to be installed directly from the internet.
>> We were going to create a local mirror repo of the things which are allowed
>> to be installed along with a 'package script' which will call setup with
>> the appropriate commands.
> 
> That sounds more or less exactly like my own place of work.
> 
>> The company specifics we were planning to have as another, separate, local
>> 'mirror' and get setup to merge them. It works, not very pretty though. If
>> you know of a better strategy I'm all ears!
> 
> What I'm doing is that I have a Perl script that is controlled by a
> setup.conf file and can use any number of local repos and merge them
> into a local install directory (it now also mirrors from the upstream
> repos just those files I really need instead of all of them).  The
> reason for doing it that way was mainly to be able to inject arbitrary
> extra categories that I can then install (I have different types of
> installs for different users).  I can also lock package versions for
> those days when I need to delay a package update (or want to pull in a
> test package).  I still plan to clean that up enough so I can release
> it, but I'm continually out of round tuits on that.  I also compile my
> own setup.exe and have replaced the PGP key in there plus made the
> signature check mandatory so nobody can use a setup.ini I haven't
> signed, which in turn means no packages I haven't put in the local repo.
> The setup is also run in a way that it leaves the installation with
> exactly those packages I specified for each install type, so if an
> installation is downgraded it'll remove any extra or reinstall uprev
> packages.
> 
> Another less intrusive option is to just place a few packages in your
> mirror that "depend" on all the leaf packages you want to install and
> then just let setup install that single package and pull in the actual
> installation via dependencies.  That will not allow you to easily remove
> packages when they are no longer needed, but if your installations
> aren't expected to change that way then this works.
> 
>> They don't get a choice, although we might open the default mirror up
>> sufficiently for folks to request specific additional packages added to the
>> installation. Best we're allowed to offer.
> 
> That's why I'm having different install types.  The normal users don't
> want or need the development tools and even among the developers only I
> myself install with all the debuginfo packages and only on the package
> build machine.
> 
>> I didn't think about installed last... I could get the postinstall to
>> append to the actual files (/etc/defaults/skel or /etc/skel) directly...
> 
> Leave /etc/defaults alone or you defeat the detection of altered
> defaults.  More generally, don't edit or overwrite files installed from
> any package, as removing or re-installing the package will nix all your
> changes.
> 
>> The base-files-<company> package was already adding some additional
>> /etc/skel/.rc files, what I really wanted was a way of adding the to
>> /etc/skel/.bashrc and /etc/skel/.inputrc so that might work.  I think some
>> defaults for mintty were mentioned as well (we have fairly high spec
>> monitors and everyone ends up boosting the font size).
> 
> Once you change files in /etc/skel, you are continually responsible for
> them yourself.  Packages never install there directly and if they are
> changed from the default they won't get touched again.

Adding files into defaults and skel directories are okay, just don't change the
distributed files, as you *WILL* need a way to reset or bypass your local
customizations, to diagnose problems against the base install on your systems.

Safest way is normally to append required changes to the end of the default
installed config files from a local postinstall script that checks whether the
installed config file matches the default and needs the changes appended, has
already had the changes appended, or has been further customized by the user.

-- 
Take care. Thanks, Brian Inglis, Calgary, Alberta, Canada

This email may be disturbing to some readers as it contains
too much technical detail. Reader discretion is advised.

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -


  webmaster     delorie software   privacy  
  Copyright © 2019   by DJ Delorie     Updated Jul 2019