Bug#787480: Ping?
Am 09.06.2016 um 07:57 schrieb Martin Pitt: > Michael Biebl [2016-06-09 2:29 +0200]: >> At some point, shuffling the libraries around becomes a nuisance. Maybe >> we should only do that for /lib/systemd/systemd and eventually >> /lib/systemd/systemd-udevd. > > We got two RC bugs before we had this check, but I don't remember > whether this was before the initramfs-tools change that mounts /usr. > But even with that I'm sure that we have a very small number of users > who believe that separate /usr without initramfs was ever supported, > and I'm sort of tired about arguing against that.. > > Anyway, we can certainly trim that check a bit, but only these two > aren't sufficient -- we at least need to cover the generators, fsck, > networkd, reply-passwd, etc. -- seems easier and safer to whitelist > programs like timesyncd or timedated which are safe. > > Not sure where this linking would end up, I suppose in networkd? /lib/systemd/systemd-networkd and /usr/bin/systemd-nspawn if I checked correctly. That > would then break with /usr being on the network and not using an > initrd. As I said, I have very little sympathy for that, but see > above.. Oh, the mythical /usr-on-NFS case. I don't see how that would work with networkd anyway, it having a After=dbus.service… -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#787480: Ping?
Am 09.06.2016 um 01:56 schrieb Michael Biebl: > Am 09.06.2016 um 01:44 schrieb Mario Lang: >> It would be nice if we could get this bug fixed before the release. >> Preferably by enabling iptable support in systemd. > > I guess this would need someone asking the iptables maintainer to split > out /lib/libip(4|6)tc.so into a separate library package, so we don't > need to pull in all of iptables into every installed system (as > mentioned before this increases the footprint by 4M). > > Someone willing to ask the iptables maintainers if this would be feasible? I've just checked out the iptables sources and apparently this is in the works: https://alioth.debian.org/plugins/scmgit/cgi-bin/gitweb.cgi?p=pkg-netfilter/pkg-netfilter.git;a=commitdiff;h=001e02b30dbe8fc2dba820abae4f710de2114133 Hasn't been uploaded yet, though. The maintainer has decided to move the libraries back to /usr/lib. This means our current check in debian/rules which tests if binaries have been linked against libs from /usr will fail. We could either ask the iptables maintainer to keep the libs in /lib or exclude systemd-networkd from the check in debian/rules. At some point, shuffling the libraries around becomes a nuisance. Maybe we should only do that for /lib/systemd/systemd and eventually /lib/systemd/systemd-udevd. Thoughts? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#787480: Ping?
Am 09.06.2016 um 01:44 schrieb Mario Lang: > It would be nice if we could get this bug fixed before the release. > Preferably by enabling iptable support in systemd. I guess this would need someone asking the iptables maintainer to split out /lib/libip(4|6)tc.so into a separate library package, so we don't need to pull in all of iptables into every installed system (as mentioned before this increases the footprint by 4M). Someone willing to ask the iptables maintainers if this would be feasible? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? signature.asc Description: OpenPGP digital signature
Bug#787480: Ping?
Hi. I just discovered IPMasquerade= in systemd.network(5) which is exactly what I need to set up a Bluetooth PAN Access Point. The config *would* be straight forward via systemd-networkd (bt-pan related setup not included): /etc/systemd/network/pan.netdev: [NetDev] Name=pan Kind=bridge ForwardDelaySec=0 /etc/systemd/network/pan.network: [Match] Name=pan [Network] Address=10.2.1.1/24 DHCPServer=yes IPMasquerade=yes However, during testing I realized that while IPMasquerade= is documented in systemd.network(5), it is a noop on Debian. It would be nice if we could get this bug fixed before the release. Preferably by enabling iptable support in systemd. If this is not possible (which would be quite sad, given how convenient this feature actually is), I suggest we at least remove IPMasquerade= From the manpage (or augment it with a note that this feature is not available) to avoid confusing users (like me). -- CYa, ⡍⠁⠗⠊⠕ signature.asc Description: PGP signature
