Gentoo Forums
Gentoo Forums
Gentoo Forums
Quick Search: in
The Politics of systemd Part 2
View unanswered posts
View posts from last 24 hours

Goto page Previous  1, 2, 3 ... 20, 21, 22 ... 27, 28, 29  Next  
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Gentoo Chat
View previous topic :: View next topic  
Author Message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3456

PostPosted: Thu Dec 22, 2016 2:03 am    Post subject: Reply with quote

khayyam wrote:
bug_report wrote:
LWN published a new article about systemd: Using systemd for more secure services in Fedora

NOTE: ... "subscription required".


Look tomorrow. The "subscription week" rotates on Thursdays. On my list to Santa I've requested an LWN subscription, so I won't have to read one week behind, and I can quit feeling guilt about not supporting them.

khayyam wrote:
bug_report wrote:
What do you think about the security argument?

It has a "security argument"? hehe. Anyhow, there is many a blog, post, etc, out there (and here on the forums) discussing this, here's a good one (if only for the back'n'forth with David Strauss, lol).

best ... khay


We haven't really started hitting security issues with systemd yet. So far all of the problems are trivial, the kind that should never make it out the door at all. But to not single out systemd, somehow a few of these trivial issues seem to make it out on most projects, anyway. I don't know when the real security issues of systemd will start - it's had absolutely nothing like the scrutiny that other (cough sendmail, cough OpenSSL, cough BIND, etc, etc, etc) packages have had. The systemd faults so far have been gross mistakes, no need to do genuine security probing yet. It also wouldn't surprise me to know that the exploit folks aren't even bothering to look yet, because so far the stuff is so trivial and likely to get quickly fixed. Wait a bit until the codebase matures, then start looking for the juicy stuff.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Ant P.
Watchman
Watchman


Joined: 18 Apr 2009
Posts: 6921

PostPosted: Thu Dec 22, 2016 3:25 am    Post subject: Reply with quote

bug_report wrote:
What do you think about the security argument?

I don't think 1990s antivirus functionality belongs in PID 1. It seems to conflict with PID 1's existing goal of malware assistance where it keeps efivarfs mounted for speedy hardware bricking.
Back to top
View user's profile Send private message
augustin
Guru
Guru


Joined: 23 Feb 2015
Posts: 318

PostPosted: Fri Dec 30, 2016 3:44 am    Post subject: Reply with quote

Anon-E-moose wrote:
Tony0945 wrote:


Why is the systemd guy in charge of Openrc?


good question, too bad there's no good answer to go with it


I start by admitting that I am incompetent as far as judging the technical merits (or lack thereof) of the latest OpenRC changes discussed in this thread.

However, it seems that there is a clear mistrust by the community in the current OpenRC maintainer and the motivation behind the latest updates.
Instead of ranting and complaining, I'd like to take a positive, pro-active approach.

IF:
- the lack of trust is warranted.
- the latest OpenRC development trend is detrimental to the users of OpenRC
THEN:
- What alternatives are there?
- Can we collectively chip in and take responsibility for the maintenance and development of OpenRC?
- Would a fork be necessary? Beneficial?
- Who is willing to help, commit some time (not too much!) to help resolve the problem?

From the perspective of the current OpenRC users, following this thread:
- what would you wish OpenRC to be?
- What parts of the recent development would you like to be reverted?
- What major bugs would you like to be resolved?
- What major features would you like to be implemented?


You and me have something in common: we are too busy to commit ourselves to new responsibilities. However, in the best spirit of Open Source software development, if we all chip in some time (a couple of hours a month) to help resolve bugs and test new features, then the community has the power to take over the maintenance of this critical tool.

Would you also be kind enough to point me to other existing threads dedicated to discussing some of the above?
Back to top
View user's profile Send private message
augustin
Guru
Guru


Joined: 23 Feb 2015
Posts: 318

PostPosted: Fri Dec 30, 2016 3:51 am    Post subject: Reply with quote

augustin wrote:

Would you also be kind enough to point me to other existing threads dedicated to discussing some of the above?


To answer my own question:
Which version of openrc and why
https://forums.gentoo.org/viewtopic-t-1034734-start-0-postdays-0-postorder-asc-highlight-.html
Shall we free-rc?
https://forums.gentoo.org/viewtopic-t-1035064-start-0-postdays-0-postorder-asc-highlight-.html
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Dec 30, 2016 6:22 am    Post subject: Reply with quote

augustin wrote:
IF:
- the lack of trust is warranted.
- the latest OpenRC development trend is detrimental to the users of OpenRC

augustin ... yes, and yes ... but framing it in such a way isn't likely to be "positive [and] pro-active", there has been no end of discussion of the subject, and rehashing isn't likely to shift that discussion beyond what has already been said. The problem here is not of the "if .. then" variety, the problem is inherent to the project as a whole: the lack of a governance structure in place that might mitigate the problem before you get this far down the line. Without such a structure you're always dealing with the effects, and not their root causes ... and always reactively, and behind the curve. As I've said elsewhere, its not a technical problem, but a political/social problem. I'm sure there are parties who consider the way openrc (and gentoo) is "maintained" to be fine-and-dandy, obviously so, because it continues to be given the stamp of approval by the currently existing mode of governance. I dissent from that view, but other than voice my opinion I have no recourse within the currently existing governance structure [snip long digression on "forking"].

augustin wrote:
THEN:
- What alternatives are there?

I've already made that choice, stick with 0.12.4. I did that partly as a reaction to what I saw as a willy-nilly approach to a critical system component (ie, a willingness to break working systems, causing disruption, etc). They obviously don't share my concerns, and I'm not going to follow along. The outcome of not following is that I can't help people when they have issues (a game theoretic approach that reciprocates by not scratching their backs ... hows that for an "alternative"?). I'll admit that's definitely a zero-sum game, and I'm likely to run out of rope at some point (at which point I'll pick up and move elsewhere).

augustin wrote:
- Can we collectively chip in and take responsibility for the maintenance and development of OpenRC?

Such a rhetorical question could be answered in whatever flavour of negativity/positivity you so desire.

augustin wrote:
- Would a fork be necessary? Beneficial?

Oiii ... that entirely depends on your particular view of the problem, if you're trying to resolve the question "how can we both gain", then no, forking is not beneficial (there are practically no benefits in division, it is the loss incurred that is the check on forking).

augustin wrote:
- Who is willing to help, commit some time (not too much!) to help resolve the problem?

... that is if, and only if, the problem is as you are framing it ... and I doubt it can be resolved this way.

augustin wrote:
From the perspective of the current OpenRC users, following this thread:
- what would you wish OpenRC to be?

A fluffy unicorn ;)

augustin wrote:
- What parts of the recent development would you like to be reverted?

Everything that reflects on actual maintenance, and development.

augustin wrote:
- What major bugs would you like to be resolved?

There is a voice in my head screaming to get out ... or for you to stop ... one or other :)

augustin wrote:
- What major features would you like to be implemented?

There's that voice again.

best ... khay
Back to top
View user's profile Send private message
Mr. T.
Guru
Guru


Joined: 26 Dec 2016
Posts: 477

PostPosted: Fri Dec 30, 2016 8:43 am    Post subject: Reply with quote

One solution will be study the source code of OpenRC, propose enhancements if needed and make them. Normally interested people will do the same.

The most important thing, in my opinion, is free knowledge. Indeed, without knowledge, we (or you, or me) can't do anything.

The wiki is open too: we can talk about new articles in the #gentoo-wiki, #gentoo (more traffic than #gentoo-wiki) channels on IRC. If you want an answer you often have to wait (stay in the channel).


Finally, create a new thread in the forum (or choose another way) to talk about the progression and share with interested people (a hope).

Obviously the effort to be made can be important (see the note below). If we have an issue related to Gentoo, we can propose a GLEP (Gentoo Linux Enhancement Proposal) or we can send bug reports too.

Handbook wrote:
It is very important that everybody understands that choices are what makes Gentoo run. We try not to force users into anything they don't like. If anyone believes otherwise, please bug report it.


A fork may be adequate if people want to do things in another way. Ideally, each one follows his way (regardless of the reason) in peace. In practice, things can be linked more or less.

(Note: Nothing "stops" trying.)

I'm too busy so I will continue to use OpenRC without do modifications. In facts, I agree with you, augustin.
Back to top
View user's profile Send private message
roki942
Apprentice
Apprentice


Joined: 18 Apr 2005
Posts: 285
Location: Seattle

PostPosted: Fri Dec 30, 2016 9:10 am    Post subject: Reply with quote

As I'm not an IT or Computer Science guy, I use Gentoo for the same reason I don't use coloring books ..... I like to also draw the lines, I have a question for you all and I hope asking it is not considered bad form.

Now that TrueOS is using their port of OpenRC
Quote:

Tue Nov 15 08:35:51 PST 2016

Welcome OpenRC to the build! This replaces rc.d as our run-control and will allow using things like parallel startup, new service files, and much more.
https://www.trueos.org/changelog/

and the Devuan project has voiced "really liking OpenRC"
Devuan GNU+Linux presented at FSCONS 2016 OpenRC at 36:57

Do you see any of this having an effect on OpenRC in Gentoo?
Back to top
View user's profile Send private message
Mr. T.
Guru
Guru


Joined: 26 Dec 2016
Posts: 477

PostPosted: Fri Dec 30, 2016 12:58 pm    Post subject: Reply with quote

roki942 wrote:
Do you see any of this having an effect on OpenRC in Gentoo?

OpenRC is an open source software so anyone can participate. Gentoo seems to be the upstream source for OpenRC.

See also:

https://github.com/OpenRC/openrc (see Reporting Bugs) -- I found this reference on https://aur.archlinux.org/packages/openrc/
https://wiki.gentoo.org/wiki/Project:OpenRC (see Getting involved)
https://wiki.gentoo.org/wiki/OpenRC -- some other GNU/Linux distributions give an hyperlink to the Gentoo wiki page of OpenRC.

Roki942 wrote:
I have a question for you all and I hope asking it is not considered bad form.


The Gentoo community seems to be tolerant (this can vary from person to person). However, we are a bit off-topic ("The Politics of systemd Part 2"),
other threads are more appropriate.
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Dec 30, 2016 9:50 pm    Post subject: Reply with quote

roki942 wrote:
Now that TrueOS is using their port of OpenRC [...] and the Devuan project has voiced "really liking OpenRC". Do you see any of this having an effect on OpenRC in Gentoo?

roki942 ... I watched a recent FreeBSD con presentation where a TrueOS developer discusses this, he seemed to be under the impression that Roy Marples ("a NetBSD developer") was still maintaining openrc, and that it was "well supported/maintained" (or something to the same effect). Given that, I'd suspect that they are not paying that close attention, and/or don't particularly care about those features specifically systemd/linux related (tempfiles.d, etc). They can also control the version they package and how they integrate it with their releases, and "TrueOS upgrades use boot environments and never touch your live system", so reverting if/when openrc doesn't boot is trivial.

As for Devuan, well, remember Debian had been using sysvrc scripts ... which would make anything look good by comparison.

best ... khay
Back to top
View user's profile Send private message
augustin
Guru
Guru


Joined: 23 Feb 2015
Posts: 318

PostPosted: Sat Dec 31, 2016 8:35 am    Post subject: Reply with quote

Hello khayyam,

See my reply here:
https://forums.gentoo.org/viewtopic-p-8010052.html#8010052

Hi helecho,

Thanks. We agree. As we both noted, OpenRC is Free Open Source software. At the end of the day, only code and community contributions (e.g. wiki) matter. See provided link.
Back to top
View user's profile Send private message
Naib
Watchman
Watchman


Joined: 21 May 2004
Posts: 5897
Location: Removed by Neddy

PostPosted: Sat Dec 31, 2016 10:26 pm    Post subject: Reply with quote

https://forums.gentoo.org/viewtopic-t-1056904.html
_________________
https://www.otw20.com/ Where you can talk
Quote:
Removed by Chiitoo
Back to top
View user's profile Send private message
goldfinch
n00b
n00b


Joined: 16 Oct 2015
Posts: 11

PostPosted: Sun Jan 01, 2017 4:56 am    Post subject: Reply with quote

Naib wrote:
https://forums.gentoo.org/viewtopic-t-1056904.html

It looks as though on some days all of the stages except the ones for systemd are built and on other days only the stages for systemd are built. As long as one enters the directory named current-stage3-* for whichever system or architecture they wanted, they should land in the correct place.
Back to top
View user's profile Send private message
Zucca
Moderator
Moderator


Joined: 14 Jun 2007
Posts: 2131
Location: KUUSANKOSKI, Finland

PostPosted: Wed Jan 04, 2017 12:38 pm    Post subject: Reply with quote

I find it amusing that systemd can be built with minimal components, but afaik you cannot build systemd against any other libc than glibc. And of course journald is a hard dependency for the minimal build too.

If you could build systemd against musl, I think Alpine Linux would then use the minimal systemd in (at least some of) their images.
_________________
..: Zucca :..

Code:
ERROR: '--failure' is not an option. Aborting...
Back to top
View user's profile Send private message
Fitzcarraldo
Veteran
Veteran


Joined: 30 Aug 2008
Posts: 1918
Location: United Kingdom

PostPosted: Wed Jan 18, 2017 9:54 am    Post subject: Reply with quote

This is an example of why monolithic solutions leave me nervous:

https://major.io/2017/01/15/systemd-networkd-on-ubuntu-16-04-lts-xenial/

Mayor Hayden wrote:
The 'Could not append VLANs: Operation not permitted' error is puzzling. After some searching on Google, I found a thread from Lennart:

Lennart Poettering wrote:
> After an upgrade, systemd-networkd is broken, exactly the way descibed
> in this issue #3876[0]

Please upgrade to 231, where this should be fixed.

Lennart

But Ubuntu 16.04 has systemd 229:
Code:
# dpkg -l | grep systemd
ii  libpam-systemd:amd64                229-4ubuntu13                      amd64        system and service manager - PAM module
ii  libsystemd0:amd64                   229-4ubuntu13                      amd64        systemd utility library
ii  python3-systemd                     231-2build1                        amd64        Python 3 bindings for systemd
ii  systemd                             229-4ubuntu13                      amd64        system and service manager
ii  systemd-sysv                        229-4ubuntu13                      amd64        system and service manager - SysV links

I haven’t found a solution for this quite yet. Keep an eye on this post and I’ll update it once I know more!

_________________
Clevo W230SS: amd64 nvidia-drivers & xf86-video-intel.
Compal NBLB2: ~amd64 xf86-video-ati. Dual boot Win 7 Pro 64-bit.
OpenRC eudev elogind & KDE on both.

Fitzcarraldo's blog
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16923

PostPosted: Thu Jan 19, 2017 2:36 am    Post subject: Reply with quote

That looks to me like a problem caused not by the use of a monolithic design, but simply by packaging buggy software. I see that Ubuntu 16.04 ships an affected version of systemd, but I do not see why the Ubuntu maintainers cannot ship a fixed version of the affected component.
Back to top
View user's profile Send private message
Logicien
Veteran
Veteran


Joined: 16 Sep 2005
Posts: 1423
Location: Montréal

PostPosted: Thu Jan 19, 2017 4:16 am    Post subject: Reply with quote

Systemd is a kind of Esperanto of boot and shutdown process in the sense that it try to integrate to all Linux distributions and unify them with plus or less success. Plus for me can any Linux distribution like Arch and Gentoo but at least not Debian where Systemd have to compose with System V. It can be ok if you know how to deal with Systemd ans Sysvinit together.

Systemd is a state in the state of GNU/Linux. When possible, I do not give to Systemd the control like with the power management. I prefer to use Acpid. It's easy to determine with Acpid what to do when an even occur.

What Systemd offer as network management with systemd-networkd.service is interesting and enough simple but incomplete, as I have to use dhcpcd.service for the wireless configuration who is not supported by Systemd.

The good point of using Systemd is that you are in a more familiar environment with any distribution you have never use if it use Systemd because you have learn Systemd with a lot of other distributions before.
_________________
Paul
Back to top
View user's profile Send private message
Tony0945
Advocate
Advocate


Joined: 25 Jul 2006
Posts: 4739
Location: Illinois, USA

PostPosted: Thu Jan 19, 2017 3:13 pm    Post subject: Reply with quote

Logicien wrote:
The good point of using Systemd is that you are in a more familiar environment with any distribution you have never use if it use Systemd because you have learn Systemd with a lot of other distributions before.

The same was true of systemvinit and openrc. It is an argument for having one init system for all Linux, not an argument for systemd being that one init system. Also, if your argument is important, then systemd as the latest init system should NOT be the choice.

I think your argument could be used to say that Linux and FreeBSD should go away and everyone should use Windows 10.
Back to top
View user's profile Send private message
augustin
Guru
Guru


Joined: 23 Feb 2015
Posts: 318

PostPosted: Thu Jan 19, 2017 3:42 pm    Post subject: Reply with quote

Logicien wrote:
Systemd is a kind of Esperanto of boot and shutdown process ...


Mi ne sxatas ke mia komputero enhavas la systemdon. Multe Dankon!
Back to top
View user's profile Send private message
depontius
Advocate
Advocate


Joined: 05 May 2004
Posts: 3456

PostPosted: Thu Jan 19, 2017 4:32 pm    Post subject: Reply with quote

Hu wrote:
That looks to me like a problem caused not by the use of a monolithic design, but simply by packaging buggy software. I see that Ubuntu 16.04 ships an affected version of systemd, but I do not see why the Ubuntu maintainers cannot ship a fixed version of the affected component.


The packaging IS the problem. What if component A of version 123 has problem 1, and you can fix that bug by going to version 149, but component B over version 149 has problem 2? Because of the monolithic packaging, you can't separate component A and component B, and have the fixed version of each. You only have systemd with both parts in lock-step, and you have to choose which one you want to have broken. That is, of course, until version 158 comes out, but just watch out for problem 3 in component C.
_________________
.sigs waste space and bandwidth
Back to top
View user's profile Send private message
Hu
Moderator
Moderator


Joined: 06 Mar 2007
Posts: 16923

PostPosted: Fri Jan 20, 2017 2:44 am    Post subject: Reply with quote

Yes, that could happen, and may have happened. It can happen with non-monolithic packages too. Look at the recurring mess with neon caused by its upstream refusing to provide a stable API. As a result, packages were actively encouraged to bundle a private copy of neon.

I see nothing posted here that leads me to believe that the Ubuntu maintainers cannot fix the problem by updating Ubuntu 16.04 to a newer systemd or by backporting a specific patch for the problem. I recognize that it might not be that simple. I recognize that monolithic designs make it easier to create a mess that makes the problem complicated to solve. I recognize that the systemd maintainers have given people ample reason to be distrustful. However, I see nothing so far that confirms that the specific cited problem is not simple to solve.
Back to top
View user's profile Send private message
Amity88
Apprentice
Apprentice


Joined: 03 Jul 2010
Posts: 246
Location: Third planet from the Sun

PostPosted: Fri Jan 20, 2017 11:37 am    Post subject: Reply with quote

I've been thinking... considering that RedHat is used on a lot of servers, wouldn't it be in their best interests to develop a secure OS?

I believe that SystemD is less secure because it got a huge attack surface, the obscure coding and cause of how new it is.

Would they really push so hard for SystemD when it conflicts with pt 1? or are we being too paranoid? :?
_________________
Ant P. wrote:
The enterprise distros sell their binaries. Canonical sells their users.


Also... Be ignorant... Be happy! :)
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 47959
Location: 56N 3W

PostPosted: Fri Jan 20, 2017 12:28 pm    Post subject: Reply with quote

Amity88,

Yes they would. systemd is a tool for vendor lock in and GPL avoidance.
They are both good things for the short term bottom line. Ask Apollo Computer Inc. and the other extinct workstation vendors of the era.

Its a bit of a gamble, it assumes that there will be a good migration of servers to systemd based Red Hat.
Of course, that will be encouraged by dropping support for older versions, so users will be pushed towards systemd, unless the find an alternative distro.

I don't know of any systemd free binary distros, so the choice is old (maybe unsupported) Red Hat, or systemd based Red Hat.
That's rock and hard place.
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
CasperVector
Apprentice
Apprentice


Joined: 03 Apr 2012
Posts: 156

PostPosted: Fri Jan 20, 2017 1:15 pm    Post subject: Reply with quote

NeddySeagoon wrote:
I don't know of any systemd free binary distros

Manjaro perhaps? For the XFCE version, after a standard install you just need to chroot into the installed system and run
Code:
# pacman-mirrors --geoip -m rank && pacman -Sy
# pacman -S libeudev-systemd eudev-systemd openrc-base openrc-desktop syslog-ng-openrc pm-utils
# sed -i '/^HOOKS=/ s/ plymouth//' /etc/mkinitcpio.conf
# sed -i '/^DISPLAYMANAGER=/ s/.*/DISPLAYMANAGER=lightdm/' /etc/conf.d/xdm
# rc-update add syslog-ng boot
# for name in acpid cronie alsasound dbus consolekit NetworkManager xdm; do rc-update add $name default; done
# mkinitcpio -p $(ls /etc/mkinitcpio.d | tail -n 1 | sed 's/\.preset$//')

_________________
My current OpenPGP key:
RSA4096/0x227E8CAAB7AA186C (expires: 2020.10.19)
7077 7781 B859 5166 AE07 0286 227E 8CAA B7AA 186C
Back to top
View user's profile Send private message
khayyam
Watchman
Watchman


Joined: 07 Jun 2012
Posts: 6227
Location: Room 101

PostPosted: Fri Jan 20, 2017 2:45 pm    Post subject: Reply with quote

NeddySeagoon wrote:
I don't know of any systemd free binary distros, so the choice is old (maybe unsupported) Red Hat, or systemd based Red Hat.

Neddy ... not offering your typical redhat service contract, but they do exist: slackware, alpine linux, void linux, devuan, and others.

best ... khay
Back to top
View user's profile Send private message
NeddySeagoon
Administrator
Administrator


Joined: 05 Jul 2003
Posts: 47959
Location: 56N 3W

PostPosted: Fri Jan 20, 2017 3:19 pm    Post subject: Reply with quote

khayyam,

Thank you. I was aware of devuan and slackware. The others are new to me. The service contract is a big attraction to Red Hat for corporate users.
Are corporate users really going to drop service contracts to avoid systemd?
_________________
Regards,

NeddySeagoon

Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail.
Back to top
View user's profile Send private message
Display posts from previous:   
This topic is locked: you cannot edit posts or make replies.    Gentoo Forums Forum Index Gentoo Chat All times are GMT
Goto page Previous  1, 2, 3 ... 20, 21, 22 ... 27, 28, 29  Next
Page 21 of 29

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum