RFC: kickstart: only call authselect if explicitly requested #1410
Conversation
|
(Untested for now.) |
|
Tested as fixing FAW 28 Beta. |
|
The whole situation where The code here was added for a reason though - you're basically reverting it. And then people clicking through interactive workstation installs then won't get fprintd enabled. What would seem a lot more sane to me is that if |
|
This doesn't feel right from the PoV of actually doing what this code was originally intended for, which was: enabling fingerprint authentication by default. Heck, that's still written in a comment line in your code: but it doesn't actually do that any more, does it? It'd only do it if it happened to be using a kickstart with an In an ideal world I think I'd want to just drop this chunk entirely (i.e. just the first part of the PR) and figure out a better way to enable fingerprint auth by default, if we think we still want that. It seems weird in the first place that this was ever done by having anaconda run authconfig in the installed system root. |
The system image might have a curated version of `nsswitch.conf` that we don't want to overwrite. Rather than indeterministically calling it based on whether `fprintd` is in the tree, let's just only call it if it was explicitly asked for in the kickstart.
jlebon
force-pushed
the
pr/authselect-requested
branch
from
a939596
to
ede2610
Compare
|
Right, this was meant as a partial revert of #1327. I.e. we still do run |
|
Dropping this since we have a nicer workaround in https://pagure.io/workstation-ostree-config/pull-request/81. We can follow-up with the details of better fprintd integration with authselect somewhere else. |
The system image might have a curated version of
nsswitch.confthat wedon't want to overwrite. Rather than indeterministically calling it
based on whether
fprintdis in the tree, let's just only call it if itwas explicitly asked for in the kickstart.
See also: https://github.com/pbrezina/authselect/issues/48.