In the Fedora.next world, we have a set of curated Fedora Products as well as the availability of classic Fedora. Historically, we have maintained a single set of configuration defaults for all Fedora installs, but different target use-cases have different needs. The goal of this document is to set out the guidelines for creating per-Product configuration defaults.
We want to ensure that all packages have sensible defaults for whichever Product on which they are installed, while also avoiding situations where users would have some packages installed with one Product's defaults and some packages with another.
Fedora.next: Umbrella term for planning Fedora's future. Currently covering the creation of the Fedora Products, Fedora Base Design and Fedora Environments and Stacks.\ \$PRODUCT: One of the Fedora.next Product deliverables, currently "Cloud", "Server" and "Workstation".\
foo.conf
, then the Server version must be named foo-server.conf
.In order to apply the configuration, the packager must implement a mechanism in the %posttrans
section of the specfile that behaves as follows:
%posttrans
if [ ! -e %{_sysconfdir}/foo/foo.conf ]; then
...
fi
VARIANT_ID
to symlink one of the divergent config files (or the default) to the final config file location. It will get this value by importing the contents of /etc/os-release as shell values. Known values of this field at the time of this writing are "server", "workstation" and "cloud". For more detail, see [http://www.freedesktop.org/software/systemd/man/os-release.html#VARIANT_ID= the os-release(5) man page]. . /etc/os-release || :
case "$VARIANT_ID" in
server)
ln -sf foo-server.conf %{_sysconfdir}/foo/foo.conf || :
;;
*)
ln -sf foo-default.conf %{_sysconfdir}/foo/foo.conf || :
;;
esac
%ghost %config(noreplace) %{_sysconfdir}/foo/foo.conf
Provides: variant_config(Cloud)
Provides: variant_config(Server)
Provides: variant_config(Workstation)
We will assume for the sake of demonstration that firewalld will need a custom configuration for Fedora Server and Fedora Workstation, but that Fedora Cloud will not require any changes from the global default.
...
Provides: variant_config(Server)
Provides: variant_config(Workstation)
...
%posttrans
# If we don't yet have a symlink or existing file for firewalld.conf,
# create it. Note: this will intentionally reset the policykit policy
# at the same time, so they are in sync.
if [ ! -e %{_sysconfdir}/firewalld/firewalld.conf ]; then
# Import /etc/os-release to get the variant definition
. /etc/os-release || :
case "$VARIANT_ID" in
server)
ln -sf firewalld-server.conf %{_sysconfdir}/firewalld/firewalld.conf || :
ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
;;
workstation)
ln -sf firewalld-workstation.conf %{_sysconfdir}/firewalld/firewalld.conf || :
ln -sf org.fedoraproject.FirewallD1.desktop.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
;;
*)
ln -sf firewalld-default.conf %{_sysconfdir}/firewalld/firewalld.conf || :
# The default firewall policy will be the same as Server
ln -sf org.fedoraproject.FirewallD1.server.policy %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy || :
;;
esac
fi
...
%files -f %{name}.lang
...
%attr(0750,root,root) %dir %{_sysconfdir}/firewalld
%ghost %config(noreplace) %{_sysconfdir}/firewalld/firewalld.conf
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-default.conf
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-server.conf
%config(noreplace) %{_sysconfdir}/firewalld/firewalld-workstation.conf
...
%ghost %{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.policy
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.desktop.policy
%{_datadir}/polkit-1/actions/org.fedoraproject.FirewallD1.server.policy