Jeremy Katz wrote:
On Thu, 2008-08-28 at 09:25 -0400, Bryan Kearney wrote:
Jeremy Katz wrote:
On Thu, 2008-08-28 at 08:44 -0400, Bryan Kearney wrote:
The F9 version of livecd-tools usese /usr/sbin/lokkit to enable and
disable the firewall. There is a FIXME near it to suport the rest of the
options which lokkit takes. The current implementation executes this in
the chroot environment, so forces several packages to be deployed into
the image when it is built. Since I would be curious in reducing the
package set for the images which are built, I am curious if there are
plans around any of the following:
1) Remove the use of lokkit and instead directly manipulate the files
(or perhaps use augeas).
Not really. We use lokkit so that when things change, there's only one
implementation that needs changing. And this is a *good* thing. And
augeas would be seen as a far more "one-off" dep than lokkit at this
point to most of the world.
I can understand that... and I expected that was the reason. And I
assume since the whole hting is done in the chroot, it would be
difficult to move this part out of the chroot?
Absolutely impossible. It would require that something outside the
chroot know the details (past, present, and future) of how to configure
something inside the chroot.
2) Look to break up system-config-firewall-tui so that lokkit is a
separate package with less dependencies.
The big dep that looks trimmable is rhpl as it's just used for
translation stuff (... and I want to get things off of using
rhpl.translate and just using the gettext module directly anyway).
There's not really anything else which is even feasible to remove
I scanend it, and if all you need is lokkit then the following seem
"unnecessary"
[snip]
I agree they are needed if you want the tui, but if there ware other
config paths.. then these are not necessary.
lokkit *IS* the tui. Removing that would be like saying "well, let's
take out bash's interactive mode because that's not strictly necessary"
as you also use it just to run scripts
It looks like the tui is /usr/bin/system-config-firewall-tui which
loads /usr/share/system-config-firewall/fw_tui.py that then makes calls
to lokkit.
So.. it seems possible to seperate out the acutal presentaiton from the
command line (tui, gui, etc) from the execution (lokkit)
-- bk
--
Fedora-livecd-list mailing list
[email protected]
https://www.redhat.com/mailman/listinfo/fedora-livecd-list
