On Wed, Dec 21, 2016 at 10:04:36AM +0100, Philip Hands wrote:
> Philipp Kern <pk...@debian.org> writes:
> > On 12/20/2016 09:26 PM, Geert Stappers wrote:
> >> On Mon, Dec 19, 2016 at 10:00:57PM +0100, Geert Stappers wrote:
> >> Goal is having a "header" which make it possible
> >> to check that actual a preseed file is being downloaded.
> >>
> >> What are the opinions about a two step approach like
> >>
> >> Step 1:
> >> Document all "stretch" preseed files begining with '#!preseedV1'
> >>
> >> Step 2:
> >> In "stretch+1", a.k.a. "buster", implement code that checks '#!preseedV1'
> >> and informs user when not found.
> >
> > How would this change the outcome of the bug you encountered? If I
> > understand you correctly it told you that the file was corrupt. Your
> > proposal would just re-enforce that notion, at the expense of everyone
> > needing to change their files? :)
>
> This seems only to be an issue when using PXE booting, and is likely to
> be particularly problematic when one does not have full control of the
> DHCP server, or where it cannot be persuaded to offer different files to
> different DHCP clients.
IIRC is the check (http:|ftp:|https:) in the bootfilename.
Default protocol is TFTP. Doesn't need a URL syntax.
I expect there will be more URLs in DHCP bootfilename parameter.
More bootloaders then iPXE will get support for HTTP netboot.
> The problem is then that a non-preseed file may be offered in a way that
> tricks d-i into trying to load it, at which point it will throw an
> error.
>
> So, how about this:
>
> We have a debconf value to select the severity of the error when
> failing to recognise the format of a preseed file.
>
> Normally, that should default to "error", as is now the case.
>
> For DHCP preseeding, the default should be changed to something less
> severe ("warn" or "ignore").
>
> We could then have something as a header, as you suggest, which could
> be used to decide to set the severity back to "error" if it is seen in
> a DHCP preseed file.
>
> That way, all non-DHCP preseeding could continue just as it is now.
AFAIK can't see preseed, the programma reads the preseed file
sets debconf setting, how it is invoked.
Hence my request for magic. Magic this time being an identification header.
> If one wants corrupt preseed files to throw an error, even when DHCP-ed,
> then adding the header will achieve that (except when the header is
> corrupted).
>
> If one gets given the wrong sort of file via DHCP then it'll get
> ignored or throw a warning.
>
> We could at some point add another value for the severity setting, of
> "magicrequired" that would implement the behaviour that Geert seems to
> be advocating:
> throwing an error if file is seen that lacks magic.
>
> (that could perhaps become the default for DHCP preseeding, but
> otherwise I doubt it's useful enough to render all existing preseed
> files broken.)
I support Philipp Kern point "avoid breaking existing preseed files".
With magic can a preseedfile be identified. Result of the ID check
can (and should) be used in further program flow. Used wisely.
>
> Cheers, Phil.
>
> P.S. I don't think that using #! as part of the magic string is a great
> idea -- it will make people incorrectly assume that there is an
> interpreter being invoked somewhere.
New proposed magic string: '#_preseed_V1'
> P.P.S. If we're considering putting magic comments into preseed files,
> I would suggest that we also have a comment at the end, so that we can
> check for the case of a truncated preseed file. I suspect that such
> errors never really happen though, so are probably not worth checking
> for, in which case the only change needed is to make this not be an
> error when the preseed URL arrived via DHCP.
'# l l' as short for Last Line (and tribute to Lawrence Lessig)
Groeten
Geert Stappers
--
Leven en laten leven
