From: Herbert P÷tzl (herbert_at_13thfloor.at)
Date: Fri 11 Jul 2003 - 21:37:09 BST
On Fri, Jul 11, 2003 at 01:01:12PM +0200, Thomas Gebhardt wrote:
> > > what about server unification, how was this solved?
> > It is not. Unfortunatly.
> Wouldn't it suffice to scan all files in /usr and its
> subdirectories (on the vservers) looking for file
> attributes and md5sum, "unifying" all the files that
> are identical?
hmm, let me explain how rpm based distros
- the rpm 'spec' file has a list of files
which are to be included in the resulting
rpm, roughly categorizing their funtion,
(binary, man page, config file, etc)
- this makes it easy to separate for example
log files from config files from shared
libraries and binary executables ...
why not unify all 'equal' files (md5 hash e.g.)?
consider two newly created vservers, with lots
of config/log/temp files in it. they would have
the same md5 sum, but will after the first start
of each vserver start to divergate, which would
not be possible if they where unified in the first
> > > what about security updates in regard of unification?
> > > any comments/infos are welcome ...
> > That is really not a easy thing to fix. All help is appriciated of course.
> What's the problem here? After a security update on one/several/all
> vservers the different vservers will diverge. If one has a mechanism
> for "unifying" different vservers, one could rescan and reunify
> the vervsers. Of course, it would be more elegant just to rescan
> the files of the packages that are involved in the update.
> Cheers, Thomas