What is /etc/.rpm-ostree-shadow-mode-fixed2.stamp on Fedora IoT

yuntaz · September 13, 2024, 6:40pm

This is a fix related to

The solution involves keeping the stamp in /etc to handle rollback.

We keep the stamp in /etc to account for the case where a deployment
with this unit is rolled back. If we used /var, the stamp would have
stayed but the fix would not be re-applied on the next update.

[Unit]
# rpm-ostree v2023.6 introduced a permission issue on `/etc/[g]shadow[-]`.
# This makes sure to fix permissions on systems that were deployed with the wrong permissions.
Description=Update permissions for /etc/shadow
Documentation=https://github.com/coreos/rpm-ostree-ghsa-2m76-cwhg-7wv6
# This new stamp file is written by the Rust code, and obsoletes
# the old /etc/.rpm-ostree-shadow-mode-fixed.stamp
ConditionPathExists=!/etc/.rpm-ostree-shadow-mode-fixed2.stamp

Topic		Replies	Views
How to re-hash your /etc/shadow / login passwords with a newer algorithm (like YesCrypt)? Ask Fedora f37 , security , f39 , coreos , silverblue	4	1114	April 26, 2024
Idea: a public log of rpm-ostree update changes Project Discussion silverblue-team , kinoite-team , atomic-desktops-team	8	217	July 23, 2024
"Atomic" rollback with Fedora Workstation Ask Fedora silverblue , workstation , atomic-desktops	4	203	August 31, 2024
Silverblue - Modifying a file in etc in another deployment Ask Fedora atomic-desktops	5	195	March 21, 2025
Package/capability 'pkgname' is already requested Ask Fedora rpm-ostree , silverblue	0	2000	February 22, 2021

What is /etc/.rpm-ostree-shadow-mode-fixed2.stamp on Fedora IoT

Related topics