Re: [DNG] Ascii packages with dependency on libsystemd0 ?
-BEGIN PGP SIGNED MESSAGE- Hash: SHA512 Hi, Am Di den 2. Jan 2018 um 10:11 schrieb Mike Tubby: > Over the new year holiday I decided to debootstrap ascii on to our ARM-based > vehicle router and have it working, which is good, however when installing > openssh-server I notice that it pulled in libsystemd0: Yes, and it has some insecurity patches that was refused by upstream and even the debian maintainer himself is not sure anymore if it was a good idea. If you wish, you can use my debian-security repo to get a recompiled version without systemd and without that patch above. You can, of course also build them yourself, I have the full sources over there. deb ftp://tschil.ethgen.ch/pub/debian-security ceres unofficial-secured deb-src ftp://tschil.ethgen.ch/pub/debian-security ceres unofficial-secured Regards Klaus - -- Klaus Ethgen http://www.ethgen.ch/ pub 4096R/4E20AF1C 2011-05-16Klaus EthgenFingerprint: 85D4 CA42 952C 949B 1753 62B3 79D0 B06F 4E20 AF1C -BEGIN PGP SIGNATURE- Comment: Charset: ISO-8859-1 iQGzBAEBCgAdFiEEMWF28vh4/UMJJLQEpnwKsYAZ9qwFAlpLYJYACgkQpnwKsYAZ 9qy7RQv+Lcks7COx29fmQFGrxfMcTwN5hvWrlT4qOyaQFtGoliqbimHndaCLdXcl rP/3FCDmPOBZWgPsWE6FRS3bA1/Jmf+0KF4ufp5tr2UNgfso30Hfho0nAgP18AJA ByGNN0qEpr3OUEt5LhujQznb7+GIEQ+HqD9s65r5usxu3HJVhLNrjSmHefbWmf6J MEzHIDn1r5lrQ4/Y4XpuK5/ayaOmYWym6dHCSEv07i+Q7ktpidS6rKAjVFnHOaaA NUDK5wex05PERQWsjPJB6IlgeqAFrfQl6osTEbVASB1RA6bmn/YAj6W99G3hBa0r BFFymRuRHMUXXSZUC14ZB0cJEiFt3Mj72MqCMpPf8X+rY6sgNdcJJb3imMhxfRu+ +hN6pn7/5atGW+cPKvje6RUQADX60ZEpzTQ5P7U50hKTcD9GcOAcfuO8Be/h0LXA ugLUBr+7qOhIfxaGFmT1/cltCezeAm5jKZq8RvsslUa0Yf4VyzB7HyNLx2LJay06 GHc1DABS =9BPi -END PGP SIGNATURE- ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Ascii packages with dependency on libsystemd0 ?
On Tue, Jan 02, 2018 at 09:11:45AM +, Mike Tubby wrote: [cut] > libxext6 libxmuu1 ncurses-term openssh-client openssh-server > openssh-sftp-server ucf xauth > 0 upgraded, 20 newly installed, 0 to remove and 2 not upgraded. > Need to get 3847 kB of archives. > After this operation, 14.5 MB of additional disk space will be used. > Do you want to continue? [Y/n] > > I'm not sure whether this is expected behavior for a system without systemd > or not? > There is no reason to fork (and maintain) a package just to remove a dependency on a library that cannot be called or used. The plan for Devuan Beowulf (ASCII+1) is to include a shim that Provides: libsystemd. HND KatolaZ -- [ ~.,_ Enzo Nicosia aka KatolaZ - Devuan -- Freaknet Medialab ] [ "+. katolaz [at] freaknet.org --- katolaz [at] yahoo.it ] [ @) http://kalos.mine.nu --- Devuan GNU + Linux User ] [ @@) http://maths.qmul.ac.uk/~vnicosia -- GPG: 0B5F062F ] [ (@@@) Twitter: @KatolaZ - skype: katolaz -- github: KatolaZ ] signature.asc Description: Digital signature ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Ascii packages with dependency on libsystemd0 ?
On 1/2/2018 9:27 AM, Irrwahn wrote: Mike Tubby wrote on 02.01.2018 10:11: All, Over the new year holiday I decided to debootstrap ascii on to our ARM-based vehicle router and have it working, which is good, however when installing openssh-server I notice that it pulled in libsystemd0: [...] libkrb5support0 *libsystemd0* libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 [...] I'm not sure whether this is expected behavior for a system without systemd or not? This is AIUI perfectly fine, as libsystemd0 is (for the time being) a kind of stub library that is used in cases where systemd is not installed. IIRC, the consensus on this list, after some debate, was that it does no harm in and of itself, and allowing it in actually takes the burden of the Devuan developers/maintainers to fork every single Debian package that has even the ever so slightest dependency on systemd. That's what I thought might be the case. Nonetheless, IMVHO, it should be closely monitored for the foreseeable future for any indications of non-trivial code sneaking in there. Perhaps package libsystemd0 should be a wrapper for another package called libsystemd-compat or libsystemd-shim with any real functionality in the second package built from the ground up so that entanglement into non-trival systemd related code is spotted/avoided ... TL;DR: On a full-blown Devuan desktop system you probably cannot easily avoid it, but its (mostly ;o) harmless. H ... 'mostly' harmless ;-) Best regards, Urban ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
Re: [DNG] Ascii packages with dependency on libsystemd0 ?
Mike Tubby wrote on 02.01.2018 10:11: > All, > > Over the new year holiday I decided to debootstrap ascii on to our ARM-based > vehicle router and have it working, which is good, however when installing > openssh-server I notice that it pulled in libsystemd0: [...] > libkrb5support0 *libsystemd0* libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 [...] > I'm not sure whether this is expected behavior for a system without systemd > or not? This is AIUI perfectly fine, as libsystemd0 is (for the time being) a kind of stub library that is used in cases where systemd is not installed. IIRC, the consensus on this list, after some debate, was that it does no harm in and of itself, and allowing it in actually takes the burden of the Devuan developers/maintainers to fork every single Debian package that has even the ever so slightest dependency on systemd. Nonetheless, IMVHO, it should be closely monitored for the foreseeable future for any indications of non-trivial code sneaking in there. TL;DR: On a full-blown Devuan desktop system you probably cannot easily avoid it, but its (mostly ;o) harmless. Best regards, Urban -- Sapere aude! ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
[DNG] Ascii packages with dependency on libsystemd0 ?
All, Over the new year holiday I decided to debootstrap ascii on to our ARM-based vehicle router and have it working, which is good, however when installing openssh-server I notice that it pulled in libsystemd0: root@orac:/# apt-get install openssh-server Reading package lists... Done Building dependency tree Reading state information... Done The following additional packages will be installed: krb5-locales libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 libsystemd0 libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term openssh-client openssh-sftp-server ucf xauth Suggested packages: krb5-doc krb5-user keychain libpam-ssh monkeysphere ssh-askpass molly-guard rssh ufw Recommended packages: libpam-systemd The following NEW packages will be installed: krb5-locales libgssapi-krb5-2 libk5crypto3 libkeyutils1 libkrb5-3 libkrb5support0 *libsystemd0* libx11-6 libx11-data libxau6 libxcb1 libxdmcp6 libxext6 libxmuu1 ncurses-term openssh-client openssh-server openssh-sftp-server ucf xauth 0 upgraded, 20 newly installed, 0 to remove and 2 not upgraded. Need to get 3847 kB of archives. After this operation, 14.5 MB of additional disk space will be used. Do you want to continue? [Y/n] I'm not sure whether this is expected behavior for a system without systemd or not? Mike ___ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng