Re: [systemd-devel] Is systemd-cryptsetup binary internal?
On Mon, Sep 18, 2023 at 04:17:49PM +0200, Lennart Poettering wrote: > On Mo, 18.09.23 15:22, mpan (systemdml-bfok4...@mpan.pl) wrote: > > > Hello, > > > > I got redirected to here from #systemd on Libera. While responding to a > > query from another person (not on #systemd), I came across an ambiguity. Any > > answer I give, its validity would be uncertain. I wish to receive an > > authoritative clarification. > > > > There is systemd-cryptsetup binary in “/usr/lib/systemd/”. Its location > > suggests it’s internal to systemd and not intended for user invocation. > > However, it is also listed in manual as if it was something the user might > > be concerned with. The manual even has a specific, separate, explicit > > reference to systemd-cryptsetup page — though it’s shared with the > > corresponding service and the binary itself isn’t described. > > /usr/lib/systemd/ is indeed the place for internal binaries with > unstable interfaces. But it's also the place where we put binaries > that we don't typically expect users to call, because they are > generally called via some well define .service unit or so only. > > systemd-cryptsetup is one of the latter, we'd expect people to use > this via crypttab mostly. However, the interface is nonetheless > stable, it is a long-time part of systemd and so far we never broke > interface and I see no reason we ever would. In fact it might be a > candidate to move over to /usr/bin to make official, if there's > sufficient request for that. (such a request should be made via github > issue tracker) > > > Thanks in advance for indicating, if systemd-cryptsetup (the binary) is a > > tool users may rely on. > > Yes, absolutely. > > The only reason when we might break things for you is when we one day > move it from /usr/lib to /usr/bin, ;-) Actually, this wouldn't be a breaking change. If we were to move it, we'd most likely provide a compat symlink… > Hence: the call interface is certainly stable, the location in that > sense maybe not yet. Yeah. If there's interest, we could certainly move it to /usr/bin. Zbyszek
Re: [systemd-devel] Is systemd-cryptsetup binary internal?
/usr/lib/systemd/ is indeed the place for internal binaries with unstable interfaces. But it's also the place where we put binaries that we don't typically expect users to call, because they are generally called via some well define .service unit or so only. […] Thanks, that made the situation clear.
Re: [systemd-devel] Is systemd-cryptsetup binary internal?
On Mon, 18 Sept 2023, 17:43 Nils Kattenbeck, wrote: > > Why was the decision taken to put these into /usr/lib/systemd instead of >> > /usr/libexec/systemd/? >> >> That's a Fedoraism. Why would one put something there? >> >> /usr/lib/ is where private arch-dependent package stuff goes. What's >> the rationale for /usr/libexec/ though? >> > > I am not aware of it being a Fedoraism. It is at least also used/populated > on an Ubuntu server I use and documented as part of the filesystem > hierarchy (hier(7)): > https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html#ftn.idm236091914528 > On Ubuntu we mostly use multiarch locations for shared libraries i.e. /usr/lib/(arch triplet) and /usr/libexec/(native only binaries). To allow us to have additional places for native only and cross only tools. But it is not set in stone. Many gnome, KDE, dbus things ship their binaries or daemons or plugins under /usr/libexec. It sort of makes sense as /usr/lib is confusing when it mixes public libraries, with private libraries and binaries. We can move things around in systemd as well, but on grand scheme of things it is fairly minor tidy up, as neither locations are in default executable paths. /usr/lib is in library search path, which was recently abused to attack remote hosts to load unintended libraries at runtime and clear nx (the recent ssh attack is hallarious and did use systemd to show really fun stuff). So keeping only public libraries in /usr/lib going forward might be a good idea. >
Re: [systemd-devel] Is systemd-cryptsetup binary internal?
> > > Why was the decision taken to put these into /usr/lib/systemd instead of > > /usr/libexec/systemd/? > > That's a Fedoraism. Why would one put something there? > > /usr/lib/ is where private arch-dependent package stuff goes. What's > the rationale for /usr/libexec/ though? > I am not aware of it being a Fedoraism. It is at least also used/populated on an Ubuntu server I use and documented as part of the filesystem hierarchy (hier(7)): https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch04s07.html#ftn.idm236091914528 >
Re: [systemd-devel] Is systemd-cryptsetup binary internal?
On Mo, 18.09.23 17:47, Nils Kattenbeck (nilskem...@gmail.com) wrote: > Hi, > > /usr/lib/systemd/ is indeed the place for internal binaries with > > unstable interfaces. But it's also the place where we put binaries > > that we don't typically expect users to call, because they are > > generally called via some well define .service unit or so only. > > > > systemd-cryptsetup is one of the latter, we'd expect people to use > > this via crypttab mostly. However, the interface is nonetheless > > stable, it is a long-time part of systemd and so far we never broke > > interface and I see no reason we ever would. In fact it might be a > > candidate to move over to /usr/bin to make official, if there's > > sufficient request for that. (such a request should be made via github > > issue tracker) > > > > Why was the decision taken to put these into /usr/lib/systemd instead of > /usr/libexec/systemd/? That's a Fedoraism. Why would one put something there? /usr/lib/ is where private arch-dependent package stuff goes. What's the rationale for /usr/libexec/ though? Lennart -- Lennart Poettering, Berlin
Re: [systemd-devel] Is systemd-cryptsetup binary internal?
Hi, /usr/lib/systemd/ is indeed the place for internal binaries with > unstable interfaces. But it's also the place where we put binaries > that we don't typically expect users to call, because they are > generally called via some well define .service unit or so only. > > systemd-cryptsetup is one of the latter, we'd expect people to use > this via crypttab mostly. However, the interface is nonetheless > stable, it is a long-time part of systemd and so far we never broke > interface and I see no reason we ever would. In fact it might be a > candidate to move over to /usr/bin to make official, if there's > sufficient request for that. (such a request should be made via github > issue tracker) > Why was the decision taken to put these into /usr/lib/systemd instead of /usr/libexec/systemd/? > Thanks in advance for indicating, if systemd-cryptsetup (the binary) is > a > > tool users may rely on. > > Yes, absolutely. > > The only reason when we might break things for you is when we one day > move it from /usr/lib to /usr/bin, ;-) > > Hence: the call interface is certainly stable, the location in that > sense maybe not yet. > > Lennart > > -- > Lennart Poettering, Berlin > Greetings, Nils >
Re: [systemd-devel] Is systemd-cryptsetup binary internal?
On Mo, 18.09.23 15:22, mpan (systemdml-bfok4...@mpan.pl) wrote: > Hello, > > I got redirected to here from #systemd on Libera. While responding to a > query from another person (not on #systemd), I came across an ambiguity. Any > answer I give, its validity would be uncertain. I wish to receive an > authoritative clarification. > > There is systemd-cryptsetup binary in “/usr/lib/systemd/”. Its location > suggests it’s internal to systemd and not intended for user invocation. > However, it is also listed in manual as if it was something the user might > be concerned with. The manual even has a specific, separate, explicit > reference to systemd-cryptsetup page — though it’s shared with the > corresponding service and the binary itself isn’t described. /usr/lib/systemd/ is indeed the place for internal binaries with unstable interfaces. But it's also the place where we put binaries that we don't typically expect users to call, because they are generally called via some well define .service unit or so only. systemd-cryptsetup is one of the latter, we'd expect people to use this via crypttab mostly. However, the interface is nonetheless stable, it is a long-time part of systemd and so far we never broke interface and I see no reason we ever would. In fact it might be a candidate to move over to /usr/bin to make official, if there's sufficient request for that. (such a request should be made via github issue tracker) > Thanks in advance for indicating, if systemd-cryptsetup (the binary) is a > tool users may rely on. Yes, absolutely. The only reason when we might break things for you is when we one day move it from /usr/lib to /usr/bin, ;-) Hence: the call interface is certainly stable, the location in that sense maybe not yet. Lennart -- Lennart Poettering, Berlin
[systemd-devel] Is systemd-cryptsetup binary internal?
Hello, I got redirected to here from #systemd on Libera. While responding to a query from another person (not on #systemd), I came across an ambiguity. Any answer I give, its validity would be uncertain. I wish to receive an authoritative clarification. There is systemd-cryptsetup binary in “/usr/lib/systemd/”. Its location suggests it’s internal to systemd and not intended for user invocation. However, it is also listed in manual as if it was something the user might be concerned with. The manual even has a specific, separate, explicit reference to systemd-cryptsetup page — though it’s shared with the corresponding service and the binary itself isn’t described. Thanks in advance for indicating, if systemd-cryptsetup (the binary) is a tool users may rely on. Cheers! PS Please note that I don’t want to argue with anybody, what is their opinion on this matter. I reach out to systemd-devel to obtain an authoritative answer. Stable interfaces page is not actually answering the above question, “all binaries have entries in manual” is not true, placement in “/usr/lib” is already mentioned by me, and I am aware that systemd-cryptsetup@.service and systemd-cryptsetup the binary are related.