Skip to content

Commit

Permalink
quickpkg: enable include-unmodified-config by default
Browse files Browse the repository at this point in the history
If the user has not modified an installed config file, there should be
no risk of exposing secret information by including the file.

This makes quickpkg behave more reasonably with
FEATURES="config-protect-if-modified", which has been enabled by default
since 304dfb0.

Bug: https://bugs.gentoo.org/939896
Signed-off-by: Mike Gilbert <floppym@gentoo.org>
  • Loading branch information
floppym committed Sep 23, 2024
1 parent 38ff9e6 commit f0d68bb
Show file tree
Hide file tree
Showing 2 changed files with 3 additions and 3 deletions.
4 changes: 2 additions & 2 deletions bin/quickpkg
Original file line number Diff line number Diff line change
Expand Up @@ -420,9 +420,9 @@ if __name__ == "__main__":
parser.add_argument(
"--include-unmodified-config",
choices=["y", "n"],
default="n",
default="y",
metavar="<y|n>",
help="include files protected by CONFIG_PROTECT that have not been modified since installation (as a security precaution, default is 'n')",
help="include files protected by CONFIG_PROTECT that have not been modified since installation",
)
options, args = parser.parse_known_args(sys.argv[1:])
if not options.ignore_default_opts:
Expand Down
2 changes: 1 addition & 1 deletion man/quickpkg.1
Original file line number Diff line number Diff line change
Expand Up @@ -38,7 +38,7 @@ default is 'n').
.TP
.BR "\-\-include\-unmodified\-config < y | n >"
Include files protected by CONFIG_PROTECT that have not been modified
since installation (as a security precaution, default is 'n').
since installation.
.TP
.BR \-\-umask=UMASK
The umask used during package creation (default is 0077).
Expand Down

0 comments on commit f0d68bb

Please sign in to comment.