View previous topic :: View next topic |
Author |
Message |
egberts Guru
Joined: 04 Nov 2003 Posts: 357 Location: Dimmed Cathode Ray Tube
|
Posted: Fri Oct 14, 2022 8:59 pm Post subject: openrc-0.45 pulling in sys-apps/systemd-utils |
|
|
I have been running Gentoo for some time and have managed to avoid things like systemd by having in /etc/portage/package.mask
Code:
Code: | ### prevent any systemd install
acct-group/systemd-journal
media-sound/pulseaudio
net-dns/avahi
sys-apps/systemd
sys-apps/systemd-utils
sys-apps/systemd-tmpfiles
>sys-apps/usbutils-008
sys-auth/polkit
sys-auth/consolekit
sys-fs/udev
sys-fs/eudev
virtual/udev |
Also Code: | USE="-tmpfiles lvm parted openrc -systemd -udev" | .
But trying to rebuild the latest stable openrc, I'm having terrible luck trying to recapture my old USE settings from a half decade ago.
Code: | # emerge --newuse --deep --verbose sys-apps/openrc
These are the packages that would be merged, in order:
Calculating dependencies... done!
!!! All ebuilds that could satisfy "sys-apps/systemd-utils[tmpfiles]" have been masked.
!!! One of the following masked packages is required to complete your request:
- sys-apps/systemd-utils-251.4-r2::gentoo (masked by: package.mask)
(dependency required by "virtual/tmpfiles-0-r3::gentoo" [ebuild])
(dependency required by "sys-apps/openrc-0.45.2::gentoo" [installed])
(dependency required by "sys-apps/openrc" [argument])
For more information, see the MASKED PACKAGES section in the emerge
man page or refer to the Gentoo Handbook. |
Been reading the forum for quite some time and haven't gotten a good resolution to this. _________________ Clusters of Fry's Special, AMD 2200, 2 GB DDR, 220 GB (2008.1/desktop, stage 1, -O3) x8
HP Compaq Fry's SPecial, AMD 2100, 2 GB DDR, 260 GB (2008.0/server, stage 1, -O3)
Ultra Sparc 5, 256MB, 3GB (2006.1/server, stage 1, -O3) |
|
Back to top |
|
|
eccerr0r Watchman
Joined: 01 Jul 2004 Posts: 9601 Location: almost Mile High in the USA
|
Posted: Fri Oct 14, 2022 9:36 pm Post subject: |
|
|
the systemd package, depending on USE flags, now supplies tmpfiles and udev. The corresponding non-systemd versions of these programs were not being maintained fast enough to keep up with systemd.
tmpfiles of systemd had more bugs worked out and actually is more secure than the tmpfiles it replaced, so yes you'll now have to download systemd to get that small piece of code. _________________ Intel Core i7 2700K/Radeon R7 250/24GB DDR3/256GB SSD
What am I supposed watching? |
|
Back to top |
|
|
CaptainBlood Advocate
Joined: 24 Jan 2010 Posts: 3518
|
Posted: Sat Oct 15, 2022 2:24 am Post subject: |
|
|
Code: | [I] sys-apps/systemd-utils
Available versions: 251.4-r2^t ~251.5^t ~251.6^t {+acl boot +kmod selinux split-usr sysusers test +tmpfiles +udev ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"}
Installed versions: 251.4-r2^t(23:26:58 18/09/2022)(split-usr tmpfiles -acl -boot -kmod -selinux -sysusers -test -udev ABI_MIPS="-n32 -n64 -o32" ABI_S390="-32 -64" ABI_X86="64 -32 -x32") | for openrc here with minimal USE flags.
Thks 4 ur attention, interest & support. _________________ USE="-*" in /etc/portage/make.conf here. |
|
Back to top |
|
|
pa4wdh l33t
Joined: 16 Dec 2005 Posts: 806
|
Posted: Sat Oct 15, 2022 8:37 am Post subject: |
|
|
Quote: | Been reading the forum for quite some time and haven't gotten a good resolution to this. |
Because there is no supported resolution, using systemd's tmpfiles is the official supported situation.
If you're like me and don't want systemd stuff i have a small overlay to keep opentmpfiles:
https://code.pa4wdh.nl.eu.org/gentoo/opentmpfiles/tree/
Use at your own risk of course _________________ The gentoo way of bringing peace to the world:
USE="-war" emerge --newuse @world
My shared code repository: https://code.pa4wdh.nl.eu.org
Music, Free as in Freedom: https://www.jamendo.com |
|
Back to top |
|
|
sabayonino Veteran
Joined: 03 Jan 2012 Posts: 1008
|
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54028 Location: 56N 3W
|
Posted: Sat Oct 15, 2022 11:13 am Post subject: |
|
|
Code: | $ eix sys-apps/systemd-utils
* sys-apps/systemd-utils
Available versions: [m]251.4-r2^t [m](~)251.5^t {+acl boot +kmod selinux split-usr sysusers test +tmpfiles +udev ABI_MIPS="n32 n64 o32" ABI_S390="32 64" ABI_X86="32 64 x32"}
Homepage: https://systemd.io/
Description: Utilities split out from systemd for OpenRC users
|
Note the description. _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
egberts Guru
Joined: 04 Nov 2003 Posts: 357 Location: Dimmed Cathode Ray Tube
|
Posted: Sat Oct 15, 2022 1:50 pm Post subject: |
|
|
As one who found a bit of disconcerting practices of secured coding within systemd suite during my lengthy and repeated (but contractual private) code reviews,
pa4wdh wrote: | Quote: | Been reading the forum for quite some time and haven't gotten a good resolution to this. |
Because there is no supported resolution, using systemd's tmpfiles is the official supported situation.
If you're like me and don't want systemd stuff i have a small overlay to keep opentmpfiles:
https://code.pa4wdh.nl.eu.org/gentoo/opentmpfiles/tree/
Use at your own risk of course |
I’m embarking on a local overlay using this https://wiki.gentoo.org/wiki/User:Shunlir/An_Overlay_Tutorial article now and then will privately review the opentmpfile package. Not the resolution that I am looking for but the above appears to be the right direction in term of least unsecured route.
Starting details is in https://code.pa4wdh.nl.eu.org/gentoo/opentmpfiles/about/ _________________ Clusters of Fry's Special, AMD 2200, 2 GB DDR, 220 GB (2008.1/desktop, stage 1, -O3) x8
HP Compaq Fry's SPecial, AMD 2100, 2 GB DDR, 260 GB (2008.0/server, stage 1, -O3)
Ultra Sparc 5, 256MB, 3GB (2006.1/server, stage 1, -O3)
Last edited by egberts on Sat Oct 15, 2022 8:33 pm; edited 1 time in total |
|
Back to top |
|
|
Hu Moderator
Joined: 06 Mar 2007 Posts: 21431
|
Posted: Sat Oct 15, 2022 5:04 pm Post subject: |
|
|
I cannot say that the systemd code is perfectly secured, but opentmpfiles was abandoned because it was affected by problems that were difficult to fix in shell, and already handled properly in the systemd utilities. If there are still security problems in the systemd code, please report them. If they are numerous or difficult to fix, that could be an argument against continuing to use the systemd utilities on non-systemd systems. If they are solvable, then fixing them benefits everyone. |
|
Back to top |
|
|
egberts Guru
Joined: 04 Nov 2003 Posts: 357 Location: Dimmed Cathode Ray Tube
|
Posted: Sat Oct 15, 2022 8:24 pm Post subject: |
|
|
Hu wrote: | If there are still security problems in the systemd code, please report them. If they are numerous or difficult to fix, that could be an argument against continuing to use the systemd utilities on non-systemd systems. If they are solvable, then fixing them benefits everyone. |
I've worked with open source before in a setting that allowed for conducting responsible security disclosure toward open source (libpcap, TCP-SACK, pppd, ATM driver).
But this time period's employment contract of mine specifically prohibits any contribution made or any information learned from within the company into being used or released outside of the company;. Not much I could do there then. Except for myself (which I won't do because it's a hot mess then).
Now I am on my own.
And with any ... NEW ... info, I can definitely work (again) within the framework of responsible security disclosure in today's open source world.
I won't be able to be in a position to argue for/against except for my expression that I prefer to do without systemd. et. al. |
|
Back to top |
|
|
guru meditation Tux's lil' helper
Joined: 18 Mar 2018 Posts: 139 Location: Planet Earth
|
Posted: Fri Nov 25, 2022 11:20 pm Post subject: |
|
|
Eventually eudev is being further maintained. right?
Either per contractual arrangement or political opinion, some people need or want to keep their systems completely free systemd components and Mr. LP''s “work“. |
|
Back to top |
|
|
NeddySeagoon Administrator
Joined: 05 Jul 2003 Posts: 54028 Location: 56N 3W
|
Posted: Sat Nov 26, 2022 4:36 pm Post subject: |
|
|
guru meditation,
A static /dev with no autoblackmagic still works for me. :) _________________ Regards,
NeddySeagoon
Computer users fall into two groups:-
those that do backups
those that have never had a hard drive fail. |
|
Back to top |
|
|
GDH-gentoo Veteran
Joined: 20 Jul 2019 Posts: 1490 Location: South America
|
Posted: Sat Nov 26, 2022 6:35 pm Post subject: |
|
|
guru meditation wrote: | Eventually eudev is being further maintained. right? |
Upstream repository still exists. It gets sporadic commits, seemingly to fix some things. Gentoo's ebuilds still exist. Does that count as "yes"? _________________
NeddySeagoon wrote: | I'm not a witch, I'm a retired electronics engineer |
Ionen wrote: | As a packager I just don't want things to get messier with weird build systems and multiple toolchains requirements though |
|
|
Back to top |
|
|
|