Integrate a system to reset `/etc` to upstream securely
This is an atomic versions issue in general, not Desktop specific.
On OSTree systems, /etc
is a link to /ostree/deploy/fedora/deploy/NUMBER/etc
. The upstream /etc
is stored in /usr/etc
and contains the default configurations for all RPM software packages (the "state").
When performing an rpm-ostree reset
, the linked /etc
directory is not reset to upstream.
This allows for unmanaged "entropy buildup" outside of the control of Fedora, meaning random breakages can happen.
Some files in /etc
need to be preserved to prevent major breakages, like
# partitions
fstab
crypttab
# time, location
locale.conf
localtime
adjtime
# users, groups
sudoers.d/
group
gshadow
passwd
shadow
subgid
subuid
gshadow-
subgid-
subuid- #dont know what these are, only in /etc
# SELinux
selinux/targeted/
Things you may want to keep
# repos
yum.repos.d/
pki/rpm-gpg/
vconsole.conf
# custom polkit rules
polkit-1/rules.d/
# saved wifi networks
NetworkManager/system-connections
# firewall rules
firewalld/zones
# TEMPORARY
# sddm workaround for mutable themes
sddm.conf.d
This is a possible command:
# sync, delete other files
pkexec rsync -rlHX --delete --exclude /etc/fstab --exclude /etc/crypttab --exclude /etc/passwd --exclude /etc/shadow --exclude /etc/locale.conf --exclude localtime --exclude /etc/adjtime --exclude /etc/sudoers.d --exclude /etc/group --exclude /etc/gshadow --exclude /etc/subgid --exclude /etc/subuid --exclude /etc/selinux/targeted --exclude /etc/sddm.conf.d --exclude /etc/NetworkManager/system-connections --exclude /etc/vconsole.conf --exclude /etc/yum.repos.d --exclude /etc/pki /usr/etc /etc
# sync, just update
pkexec rsync -rlHXu /usr/etc/yum.repos.d /etc/yum.repos.d
pkexec rsync -rlHXu /usr/etc/pki /etc/pki
Existing issues
keep an eye on:
Edited by boredsquirrel