A private file is overwritten by propellor at each run. It is not optimal when the host runs an integrity checker (like samhain). It would be great to have a file modified only if necessary.
A private file is overwritten by propellor at each run. It is not optimal when the host runs an integrity checker (like samhain). It would be great to have a file modified only if necessary.
Doesn't rebuilding propellor overwrite lots of files too? Is the privdata.local file somehow a particular problem, perhaps becuase of its permissions?
You should find it easy enough to make propellor read any existing file and only update the file when there are changes. But it seems to me your integrity checker would still go off whenever a new version of the file is legitimately reveiced. Perhaps it would be better to write a property to configure your integrity checker to not fire on this file?
(I've thought from time to time about having rsync update the privdata.local file. Since it's unchanged in most spins, that would probably save network bandwidth.)
The integrity checker should shout everytime it finds a new version of a file (and if a new version of the file is legitimately received, I can then run "samhain -t update -m none --interactive"). As the private files are very often sensitive information, the integrity should shout on them too. To me, it sounds like it should be the default (it may also be useful for backup systems that check when a file was last modified?), but I dont see exactly what should be changed to enable that. What do you think?
Having privdata uploaded only if it is updated would certainly be cool for slow internet connections.
The place the privdata file gets saved is Spin.hs, when
update
calls "writeFileProtected privfile"