Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
[Solved] Use flags to eradicate systemd
View unanswered posts
View posts from last 24 hours

Goto page 1, 2  Next  
Reply to topic    Gentoo Forums Forum Index Portage & Programming
View previous topic :: View next topic  
Author Message
Astronome
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jan 2016
Posts: 148

PostPosted: Fri Feb 05, 2016 5:04 am    Post subject: [Solved] Use flags to eradicate systemd Reply with quote

The following use flags keep my system relatively systemd free:

Code:

USE="alsa bindist mmx sse sse2 X -consolekit -gnome -kde -policykit -pulseaudio -systemd -udisks -upower"


I've noticed a lot of users recommending -introspection though. I can't figure out what this does from the description. I think a GObject is a Gnome thing. Since I don't want Gnome, it's safe to assume I don't want introspection, yeah?

Other use flags I've noticed other people using include -dbus, -gtk3, -libnotify, -pam and -zeroconf. Do these have anything to do with systemd or what is the reasoning there?


Last edited by Astronome on Sat Feb 06, 2016 11:17 pm; edited 1 time in total
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Feb 05, 2016 8:34 am    Post subject: Re: Use flags to eradicate systemd (what is introspection?) Reply with quote

Astronome wrote:
I've noticed a lot of users recommending -introspection though. I can't figure out what this does from the description. I think a GObject is a Gnome thing. Since I don't want Gnome, it's safe to assume I don't want introspection, yeah?

Astronome ... I always go by the principle that if I can't figure out what the thing involves by its description, or by a quick perusal of its documentation, then I probably don't need it ... gobject-introspection checking both boxes in that regard, and so I've had USE="-introspection" for some time. A fairly recent build of dev-libs/glib made it so that dev-libs/gobject-introspection-common is required but otherwise it's not in use, with no function loss (though, similarly to you, I'm not using gnome or any DE with similar dependencies).

Astronome wrote:
Other use flags I've noticed other people using include -dbus, -gtk3, -libnotify, -pam and -zeroconf. Do these have anything to do with systemd or what is the reasoning there?

I have -dbus, -gtk3, -zeroconf, -udev ... only the latter is strictly 'systemd' (udev having been consumed by systemd), though systemd uses dbus as a message bus (with there being a kernel based implementation, now rejected and/or on the back-burner, kdbus). zeroconf (zero configuration networking) is related to systemd only in that its author is a systemd developer, and mouthpiece.

For my use case I've no need of any of it, and prefer the simplicity of mdev (for device management), as before the inception of sys-fs/eudev (the gentoo fork of udev) having udev was likely to cause some or other failure due to how upstream would change its operation willy-nilly (and with gentoo following upstream ITR it was not something I would care to depend on for such a critical task).

best ... khay
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 3428

PostPosted: Fri Feb 05, 2016 9:21 am    Post subject: Re: Use flags to eradicate systemd (what is introspection?) Reply with quote

Astronome wrote:
The following use flags keep my system relatively systemd free:

Code:

USE="alsa bindist mmx sse sse2 X -consolekit -gnome -kde -policykit -pulseaudio -systemd -udisks -upower"

Astronome,
For mmx sse sse2 see this news item. Regarding alsa, bindist and X you might try without them listed there (depends on the profile you've selected).
Each of the others need to be minused only if otherwise any of your packages starts pulling in unwanted stuff.
E. g. -gnome -kde should not need to be mentioned unless you've selected a gnome or kde profile.

Closer to your main question, there is further reading about GObject in https://en.wikipedia.org/wiki/GObject.
Back to top
View user's profile Send private message
Astronome
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jan 2016
Posts: 148

PostPosted: Fri Feb 05, 2016 4:01 pm    Post subject: Re: Use flags to eradicate systemd (what is introspection?) Reply with quote

khayyam wrote:

I have -dbus, -gtk3, -zeroconf, -udev ... For my use case I've no need of any of it, and prefer the simplicity of mdev


If I'm using eudev, then I shouldn't put -udev in my use flags, right? I will investigate mdev.

charles17 wrote:

For mmx sse sse2 see this news item.


Thanks for that! I'm not sure where those use flags came from - I think they were there to begin with.

Quote:

Regarding alsa, bindist and X you might try without them listed there (depends on the profile you've selected).


I was under the impression that I needed alsa in use flags to enable sound in certain programs (like Opera), and that I needed X for similar reason. Is that not correct?
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 6194

PostPosted: Fri Feb 05, 2016 5:04 pm    Post subject: Reply with quote

Astronome, about half of the flags in the line from your original post has nothing to do with systemd, most of the others - only marginally so.

You've also misunderstood what's introspection is about.
gobject-introspection was designed to make it easier to write bindings for libs based on glib, (using GObject).
That includes bindings for python and vala, among others.
So, if an app needs those, it needs them on the whole chain of its dependencies.
Back to top
View user's profile Send private message
Astronome
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jan 2016
Posts: 148

PostPosted: Fri Feb 05, 2016 5:42 pm    Post subject: Reply with quote

VoidMage wrote:
Astronome, about half of the flags in the line from your original post has nothing to do with systemd, most of the others - only marginally so.


Right, I think only -consolekit, -policykit, -systemd and -udisks (and maybe -upower) are directly related to systemd. I have -pulseaudio because I use alsa, and I have -gnome -kde because I don't want or need them.

Quote:

You've also misunderstood what's introspection is about.
gobject-introspection was designed to make it easier to write bindings for libs based on glib, (using GObject).
That includes bindings for python and vala, among others.
So, if an app needs those, it needs them on the whole chain of its dependencies.


I didn't claim to understand it, hence the thread :)
Back to top
View user's profile Send private message
charles17
Advocate
Advocate


Joined: 02 Mar 2008
Posts: 3428

PostPosted: Fri Feb 05, 2016 5:43 pm    Post subject: Re: Use flags to eradicate systemd (what is introspection?) Reply with quote

Astronome wrote:
charles17 wrote:

For mmx sse sse2 see this news item.


Thanks for that! I'm not sure where those use flags came from - I think they were there to begin with.

They're left over from stage3 of your installation. See bug 551046.

Astronome wrote:
Quote:

Regarding alsa, bindist and X you might try without them listed there (depends on the profile you've selected).


I was under the impression that I needed alsa in use flags to enable sound in certain programs (like Opera), and that I needed X for similar reason. Is that not correct?

Like many other USE flags these might be set by the profile you've selected. You can check by commenting out the whole USE="..." line and then doing
Code:
$ emerge --info | grep USE=\"[^\"]*\"


All those USE flags listed there are activated and need not be mentioned further.
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 947

PostPosted: Fri Feb 05, 2016 6:00 pm    Post subject: Reply with quote

there are also
Code:
acl xattr

that unneeded on desktop
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6356

PostPosted: Fri Feb 05, 2016 6:39 pm    Post subject: Reply with quote

Perfect Gentleman wrote:
there are also
Code:
acl xattr

that unneeded on desktop

With acl, I agree that it is usually unneeded on a desktop.
However, you shouldn't disable xattr. It is needed for many things, especially concerning security:
  • Some programs (e.g. ping) need not be SUID root if you have xattr.
  • With hardened-sources, you are more or less lost without xattr (hardened-sources can be used on a desktop without much problems if you have a sane setup).
  • overlayfs requires xattr as well.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 45805
Location: 56N 3W

PostPosted: Fri Feb 05, 2016 6:43 pm    Post subject: Reply with quote

Astronome,

Your question confuses masked packages with optional support to provided to particular packages.

/etc/portage/package.mask/package.mask_file:

# an over my dead body hard mask
# dump GNOME and anything else that has this as a hard dependency at any version
sys-apps/systemd

Well, the comment says it all.

Any packages having a hard dependency on systemd (no use flag) will fail because they are prevented from installing systemd.
Any packages with USE=systemd will fail to install because they need optional support for systemd and its denied by package.mask.
Packages with USE=-systemd will install as the optional support for systemd is not being requested.

udev/eudev is a bit of an oddball. Both provide the same files. Packages that can use either only have the udev USE flag.
The virtual/udev ebuild takes care of mapping the udev USE flag onto either systemd-udev or eudev, depending on which one you have installed.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6626

PostPosted: Fri Feb 05, 2016 9:25 pm    Post subject: Reply with quote

mv wrote:
Some programs (e.g. ping) need not be SUID root if you have xattr.

Programs that use filecaps have IUSE=filecaps.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6356

PostPosted: Fri Feb 05, 2016 11:05 pm    Post subject: Reply with quote

Ant P. wrote:
mv wrote:
Some programs (e.g. ping) need not be SUID root if you have xattr.

Programs that use filecaps have IUSE=filecaps.

Yes, but these will not work if you have xattr disabled in portage or in coreutils - otherwise the caps information will be lost during installation.
Moreover, when you use binary packages for installation you need also that it is enabled in tar; when you copy/backup the binary, it also has to be enabled in rsync (or whatever you use for the backup), etc.
(And finally, of course, it has to be enabled in the kernel, but this is not related to USE-Flags).
Back to top
View user's profile Send private message
Astronome
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jan 2016
Posts: 148

PostPosted: Fri Feb 05, 2016 11:09 pm    Post subject: Re: Use flags to eradicate systemd (what is introspection?) Reply with quote

charles17 wrote:

They're left over from stage3 of your installation. See bug 551046.


That explains it!

Quote:

Like many other USE flags these might be set by the profile you've selected. You can check by commenting out the whole USE="..." line and then doing
Code:

$ emerge --info | grep USE=\"[^\"]*\"

All those USE flags listed there are activated and need not be mentioned further.


I will definitely try that.

NeddySeagoon wrote:

Any packages having a hard dependency on systemd (no use flag) will fail because they are prevented from installing systemd.
Any packages with USE=systemd will fail to install because they need optional support for systemd and its denied by package.mask.
Packages with USE=-systemd will install as the optional support for systemd is not being requested.


Ah, so if I mask systemd, I don't need -gnome in use flags. I assume I don't need -systemd either then. How do you keep track of all this? It seems kinda messy.
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 45805
Location: 56N 3W

PostPosted: Fri Feb 05, 2016 11:33 pm    Post subject: Reply with quote

Astronome,

You need to mask systemd.
Provided you are not using a systemd profile, USE=-systemd will be set for you by your profile.
You may get USE=-gnome free too. (Depending on your profile again)

More accurately, these flags will default to not set, as with any other USE flag.
You may want to set USE=gnome on a per package basis if you use a desktop that can make use of Gnome features.

I keep track of it with with comments in the settings files.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 947

PostPosted: Sat Feb 06, 2016 5:30 am    Post subject: Reply with quote

@mv, I also have
Code:
-caps -filecaps
, 'cause there is in portage by default
Code:
cat /etc/portage/package.use/iputils
net-misc/iputils -caps -filecaps

As khayyam wrote above: if i don't know it, i don't use it.
I agree that xattr should be enabled as filesystems use it to store metadata.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6356

PostPosted: Sat Feb 06, 2016 7:26 am    Post subject: Reply with quote

Perfect Gentleman wrote:
As khayyam wrote above: if i don't know it, i don't use it.

Bad idea in this case. You will get SUID binaries (with all=root permissions) instead of binaries which have oinly capabilities required for what they have to do.
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 947

PostPosted: Sat Feb 06, 2016 7:57 am    Post subject: Reply with quote

@mv, which binaries for example?
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6356

PostPosted: Sat Feb 06, 2016 8:06 am    Post subject: Reply with quote

Perfect Gentleman wrote:
@mv, which binaries for example?

ping, clockdiff, cdrecord
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 947

PostPosted: Sat Feb 06, 2016 8:16 am    Post subject: Reply with quote

iputils is built without caps/filecaps by default. clockdiff, cdrecord is not used by me.
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6356

PostPosted: Sat Feb 06, 2016 9:11 am    Post subject: Reply with quote

Perfect Gentleman wrote:
iputils is built without caps/filecaps by default.

So you have at least unnecessarily insecure ping, arping, clockdiff.
Quote:
clockdiff, cdrecord is not used by me.

It plays no role: If it is installed, and there should be any bug, any user might potentially use it to raise his privileges.
I am not saying that these binaries do have bugs. But you are simply not mitigating the risk in case that they should have. The only price you have to pay for it is xattr support.
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 947

PostPosted: Sat Feb 06, 2016 9:22 am    Post subject: Reply with quote

only ping I have
Code:
~ $ which clockdiff
which: no clockdiff in (/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/5.3.0)
~ $ sudo clockdiff
sudo: clockdiff: command not found
~ $ which arping
which: no arping in (/usr/local/bin:/usr/bin:/bin:/opt/bin:/usr/x86_64-pc-linux-gnu/gcc-bin/5.3.0)
~ $ sudo arping
sudo: arping: command not found

mv wrote:
I am not saying that these binaries do have bugs. But you are simply not mitigating the risk in case that they should have. The only price you have to pay for it is xattr support.

So, you are suggesting to enable 'xattr', right ?
Back to top
View user's profile Send private message
mv
Watchman
Watchman


Joined: 20 Apr 2005
Posts: 6356

PostPosted: Sat Feb 06, 2016 10:43 am    Post subject: Reply with quote

Perfect Gentleman wrote:
only ping I have

Apparently you are using unstable iputils. With current stable, the others are installed non-optionally.
Of course, what I said applies to ping as well, and probably to several other binaries of projects which show up with "eix --use filecaps"
Quote:
So, you are suggesting to enable 'xattr', right ?

Together with USE="caps filecaps". Advantages are clear, and what are the disadvantages?
Back to top
View user's profile Send private message
Perfect Gentleman
l33t
l33t


Joined: 18 May 2014
Posts: 947

PostPosted: Sat Feb 06, 2016 11:16 am    Post subject: Reply with quote

mv wrote:

Apparently you are using unstable iputils. With current stable, the others are installed non-optionally.

just use-flags are not enabled
Quote:
Together with USE="caps filecaps". Advantages are clear, and what are the disadvantages?

i can't tell what the disadvantages are, maybe it slows down the machine. Maybe if my PC was directly connected to Internet or over Wi-Fi, I would use those use-flags, but it's behind router and its firewall.

also I don't use those capabilities, attributes and so on.

But you're right those use-flags should be enabled by default.
Back to top
View user's profile Send private message
VoidMage
Watchman
Watchman


Joined: 14 Oct 2006
Posts: 6194

PostPosted: Sat Feb 06, 2016 2:32 pm    Post subject: Reply with quote

Astronome wrote:
VoidMage wrote:
Astronome, about half of the flags in the line from your original post has nothing to do with systemd, most of the others - only marginally so.


Right, I think only -consolekit, -policykit, -systemd and -udisks (and maybe -upower) are directly related to systemd. I have -pulseaudio because I use alsa, and I have -gnome -kde because I don't want or need them.


'udisks' and 'upower' are at most udev related.
'policykit' isn't at all related to systemd and 'consolekit' was one of modules systemd was meant to superceed/Borg-assimilate.

Astronome wrote:
I have -pulseaudio because I use alsa

This statement is nonsense.
Back to top
View user's profile Send private message
Astronome
Tux's lil' helper
Tux's lil' helper


Joined: 02 Jan 2016
Posts: 148

PostPosted: Sat Feb 06, 2016 5:07 pm    Post subject: Reply with quote

VoidMage wrote:

Astronome wrote:

Right, I think only -consolekit, -policykit, -systemd and -udisks (and maybe -upower) are directly related to systemd. I have -pulseaudio because I use alsa, and I have -gnome -kde because I don't want or need them.

'udisks' and 'upower' are at most udev related.
'policykit' isn't at all related to systemd and 'consolekit' was one of modules systemd was meant to superceed/Borg-assimilate.


Ah, actually I have -udisks because it caused wine to pull in consolekit and policykit, and I wanted to avoid *kit because it was recommended several times. Are those packages untainted by systemd?

VoidMage wrote:

Astronome wrote:

I have -pulseaudio because I use alsa

This statement is nonsense.


And this statement is non-helpful! Please elaborate. I thought pulseaudio was meant to replace alsa.
Back to top
View user's profile Send private message
Display posts from previous:   
Reply to topic    Gentoo Forums Forum Index Portage & Programming All times are GMT
Goto page 1, 2  Next
Page 1 of 2

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum