What is /etc/.rpm-ostree-shadow-mode-fixed2.stamp on Fedora IoT

My Fedora IoT box has gotten a file in the last few months, /etc/.rpm-ostree-shadow-mode-fixed2.stamp

What is it for?

Can I safely delete it?

1 Like

This is a fix related to

The solution involves keeping the stamp in /etc to handle rollback.

We keep the stamp in /etc to account for the case where a deployment
with this unit is rolled back. If we used /var, the stamp would have
stayed but the fix would not be re-applied on the next update.

[Unit]
# rpm-ostree v2023.6 introduced a permission issue on `/etc/[g]shadow[-]`.
# This makes sure to fix permissions on systems that were deployed with the wrong permissions.
Description=Update permissions for /etc/shadow
Documentation=https://github.com/coreos/rpm-ostree-ghsa-2m76-cwhg-7wv6
# This new stamp file is written by the Rust code, and obsoletes
# the old /etc/.rpm-ostree-shadow-mode-fixed.stamp
ConditionPathExists=!/etc/.rpm-ostree-shadow-mode-fixed2.stamp
1 Like

Thank you! I looked for this kind of detail and didn’t find it.

It sounds like, as long as I don’t roll back, I am ok to delete this then.

If you remove it, the unit will run again on the next boot and re-create the file.

2 Likes

Added atomic-desktops, security

Added coreos, iot, rpm-ostree

So clearly I must never reboot :smiley: j/k - I’ll keep ignoring it

Thank you