Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
On Di, 29.09.20 13:56, Simo Sorce (s...@redhat.com) wrote: > On Tue, 2020-09-29 at 12:59 +0200, Lennart Poettering wrote: > > On Di, 29.09.20 03:49, John M. Harris Jr (joh...@splentity.com) wrote: > > > > > Search domains have absolutely nothing to do with

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
by default or DoT to some known-good server bypassing the local wifi router isn't really an option — unless you accept that you cannot talk to your local devices anymore. Which sucks hard... Lennart -- Lennart Poettering, Berlin ___ devel mailing list

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
SEC. > With explanation how resolved fixes them if possible? Our fix: we do not do DNSSEC by default. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fed

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
ere. > Sure, you repeat yourself. But turn the deaf ear to arguments of others. > Please use smart defaults, only when they don't endanger user's privacy > nor security. I don't think what you are saying is congruent. On one hand you want that VPNs do not get all DNS traffic apparently,

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
On Di, 29.09.20 13:47, Björn Persson (Bjorn@rombobjörn.se) wrote: > Lennart Poettering wrote: > > On Mo, 28.09.20 22:54, Björn Persson (Bjorn@rombobjörn.se) wrote: > > > > > It can work in company-scope if the company has competent network > > > admins. My local

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
work". Anyway, I think I am repeating myself here. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedora

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
we have. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
n't even try to look them up in DNS. So does systemd-resolved > comply with this standard or not? https://github.com/systemd/systemd/pull/17194 Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscri

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
fault as it stands now, simply because it breaks more stuff than it helps. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Cod

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
nk it will hurt. This is not the reality I live in though. New-style high level programming languages tend to avoid being just a wrapper around C APIs. And thus they implement minimal DNS clients themselves, ignoring the LLMNR, mDNS and so on. Lennart -- Lennart Poettering, Berlin ___

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
neer* of any of this, but just an implementation of what is used in real life and has shown it works. You come from a very different perspective, I totally understand that. You intend to *design* DNS, and hence have the luxury to not care as much about edge route

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
ain separation is a lot more blurry there. So I think we do quite well in resolved on the DNSSEC front actually, but people still are annoyed that one some local DNS servers DNSSEC doesn't work and or we take too long to detect that it doesn't. Lennart -- Lennart Poettering, Berli

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-29 Thread Lennart Poettering
's make the best of the little information we traditionally have", and any further, more complex routing requires additional configuration in NM, networkd or directly with resolvectl commands. Lennart -- Lennart Poettering, Berlin ___ devel mailing lis

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Lennart Poettering
manually. Summary: we support routing if queries, you can configure that explicitly now, and if you don't you at least have the biggest chance that things "just work". Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@list

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Lennart Poettering
ot;." as "routing domain" on a specific iface and the lookups wil go there preferably. If you put that on your VPN iface this means DNS traffic goes there preferably. If you put that ont he main iface this means DNS traffic goes there preferably. Ideally you'd use

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Lennart Poettering
where a step back while they are actually a step forward, since we have the routing infra now. I have the suspicion the main issue you are having is that we default to "all in parallel" if in doubt about lookups, while you want "vpn always wins" if in doubt about lookups.

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Lennart Poettering
is stuff. It uses DNS as local IPC. Which is pretty universal, and just works for almost everyone. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.o

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Lennart Poettering
mostly limited to local networks. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproj

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Lennart Poettering
work, but DNSSEC on a laptop that moves around and connects to a WLAN here, and another WLAN there and a third WLAN over there is just a nightmare. If the other big OSes would enable DNSSEC client-side by default things might change, but neither Windows nor MacOS or Android do. Lennart -- Len

Re: This is bad, was Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-09-28 Thread Lennart Poettering
line compatible binary for that btw). I have the strong suspicion that the same people who are able to deploy working DNSSEC client side and are educated enough in DNSSEC to know what that even means are also capable of replacing that one symlink in /etc. Lennart -- Lennart Poet

Re: Btrfs by default status updates, 2020-07-26

2020-07-28 Thread Lennart Poettering
cause as I've pointed there are two units for that fs. Only binfmt_misc is typically a kernel module of its own. For stuff that is built-in it's pointless trying to avoid module loading. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- dev

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-07-28 Thread Lennart Poettering
nd systemd-resolved will brutally overwrite them whenever it feels the need to. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Cod

Re: systemd autofs support (Was: Re: Btrfs by default status updates, 2020-07-26)

2020-07-28 Thread Lennart Poettering
unit yext file which will execute > mount/umount commands with some exact params. I don't think it's worth pulling in yet another package just for calling a few ioctls, sorry. Lennart -- Lennart Poettering, Berlin ___ devel mailing lis

Re: Btrfs by default status updates, 2020-07-26

2020-07-28 Thread Lennart Poettering
tyle). It's not usable for NIS stye autofs mounts, as it doesn't support maps. Use autofs4 package if you want that. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email

Re: Btrfs by default status updates, 2020-07-26

2020-07-28 Thread Lennart Poettering
isted in fstab tough, unfortunately fedora does that). Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https:/

Re: Btrfs in Silverblue

2020-07-14 Thread Lennart Poettering
happens if a user changes the name? Is it a bad idea to stuff a copy > of this information in an XATTR so it can be restored? The schema > needs to account for snapshotting and rollbacks. I'm not sure how much > information really should be encoded in a subvolume name. We manage to name RPM

Re: Btrfs in Silverblue

2020-07-14 Thread Lennart Poettering
ain immediate compat with "systemd-nspawn --image=" right-away as the > > basic minimum, which already is great. > > I would love to do that now, but right now I want to make sure > everything *works* before we jumble up the scheme we

Re: Btrfs in Silverblue

2020-07-14 Thread Lennart Poettering
then just update where the symlink points. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraprojec

Re: Btrfs in Silverblue

2020-07-14 Thread Lennart Poettering
On Mo, 13.07.20 19:07, Chris Murphy (li...@colorremedies.com) wrote: > On Mon, Jul 13, 2020 at 12:14 PM Lennart Poettering > wrote: > > > Quite frankly, I don't see why the boot loader should care about the > > btrfs subvolume the initrd later picks at all. > > As

Re: Btrfs in Silverblue

2020-07-13 Thread Lennart Poettering
d pick the last one of it, and automatically synthesize a .mount unit that mounts it to /home. And similar for other relevant dirs. That way, if you want to opt into this simple logic, just name your subvols /_home.xyz and there you go. The suffix you can then use for versioning or so, if you lik

Re: Btrfs in Silverblue

2020-07-13 Thread Lennart Poettering
ermined from itself, without needing an external config source such as the kernel cmdline or fstab. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org

Re: Btrfs in Silverblue

2020-07-10 Thread Lennart Poettering
here's really no need to complicate things by pushing btrfsisms into user-visible concepts needlessly. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject

Re: Btrfs in Silverblue

2020-07-10 Thread Lennart Poettering
short kernel cmdlines that are as similar as possible everywhere, instead of blowing it up with different switches for every single case. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscrib

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

2020-07-07 Thread Lennart Poettering
he existing Fedora installation? Or fix it to have > > 2 separate entries after the fact? > > > It's possible but has challenges. Separate ESP's you'll need to > either Thou shallt not have multiple ESPs per disk. See: https://news.ycombinator.com/item?id=16261695 The EFI spec i

Re: The future of legacy BIOS support in Fedora.

2020-07-07 Thread Lennart Poettering
driver files, and things will just work. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.

Re: The future of legacy BIOS support in Fedora.

2020-07-07 Thread Lennart Poettering
for. Android uses dm-verity, if I remember correctly. EFI SecureBoot uses PE signed executables. > Less complexity in the boot chain, mainly. But the EFI drivers would > need to be signed by MS, I think? That would massively complicate > things. Could use SHIM like everything else.

Re: The future of legacy BIOS support in Fedora.

2020-07-05 Thread Lennart Poettering
ot a rollback, has modules available on the > rolledback /usr. That does not need to be done with Btrfs, even > though You are just reimplementing OSTree/Atomic/FedoraCoreOS with that... Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- de

Re: The future of legacy BIOS support in Fedora.

2020-07-05 Thread Lennart Poettering
re apparently just a troll and this is the point where I will now ignore you. Just stop being so awful and dismissive, this is not constructive. Thank you, Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
that helps. i.e. PRs against this file: https://github.com/systemd/systemd/blob/master/docs/BOOT_LOADER_SPECIFICATION.md Thank you, Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
trds from too, to make things simple, i.e. reuse the existing storage stack you cannot avoid anyway. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedorapr

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
we wouldn't have to have sd-boot around at all. Such a scheme would be fantastic actually, as it would remove so many variables from the stack. sd-boot exists only to add the minimum on top of EFI to make the above work, i.e. something that in an ideal world would just be subsumed b

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
On Sa, 04.07.20 11:39, Mauricio Tavares (raubvo...@gmail.com) wrote: > On Sat, Jul 4, 2020 at 11:30 AM Lennart Poettering > wrote: > > > > On Mi, 01.07.20 22:10, Neal Gompa (ngomp...@gmail.com) wrote: > > > > > This could still work. But you really shouldn't ac

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
loader. TLDR: boot loader should be simpler and not needlessly reimplement LVM and xfs. If there's "bloat" here anywhere, it's probably these reimplementations of LVM and xfs, but not in sd-boot that avoids all that. Lennart -- Lennart Poettering, Berlin _

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
ot of automatism, little configuration, and a lot of integration, so that you drive it from the OS, and as little possible have to interface with its own UI as you can. If you want to reboot into Windows then you tell sd-boot so when shutting down, i.e. in the OS UI. Lennart -- Lennart Po

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
cure boot but good point I'll add a test case > > for that and check if it's not working. > > Is that with self enrolled keys or is it now signed with the MS keys > through the official process? It's up to the distro to sign it, it supports the shim though. Lennart -- Lennart

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
temd-boot was proposed by some GNOME designers back in the day. We just implemented what they wanted. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedorapr

Re: The future of legacy BIOS support in Fedora.

2020-07-04 Thread Lennart Poettering
You are just spreading FUD, and throwing the word "bloat" around on anything you don't personally love. On most of the recent threads on this ML you have been everything, but never constructive. Stop being just a spreader of negative energy, it's not a good look.

Re: The future of legacy BIOS support in Fedora.

2020-07-01 Thread Lennart Poettering
armhfp in Fedora (/usr/lib/systemd/boot/efi > doesn't exist ...). Hmm, I know that people build it on ARM, I guess we could enable that in Fedora too. I am not an ARM pro myself, not sure what happens there right now. Upstream sd-boot has support for UEFI ia32, x64, arm and aa64. Lennart -- Len

Re: The future of legacy BIOS support in Fedora.

2020-07-01 Thread Lennart Poettering
it. Note that the spec has extension points (i.e. it's permissible to add new fields without this breaking the spec), but turning it into a programming lnaguage is wy outside of it... Lennart -- Lennart Poettering, Berlin ___ devel mailing list

Re: The future of legacy BIOS support in Fedora.

2020-07-01 Thread Lennart Poettering
ve > been sticking with grub2 so far. We need to maintain it anyway, at which > point we want to use it in as much cases as possible so that we can have > unified code and documentation for dealing with the bootloader. I don't see "very little gain". I see a

Re: The future of legacy BIOS support in Fedora.

2020-07-01 Thread Lennart Poettering
On Mi, 01.07.20 00:38, Kevin Kofler (kevin.kof...@chello.at) wrote: > In addition, as far as I know, systemd-boot is not compatible with the > "Secure Boot" shim. You are wrong. It is. Lennart -- Lennart Poettering, Berlin ___ de

Re: The future of legacy BIOS support in Fedora.

2020-07-01 Thread Lennart Poettering
ot Loader Spec" name and turned it into something that is not related at all to the real thing. Supporting the boot loader spec has various benefits, including that systemd's "systemctl kexec" will just work and understand these tiems. Lennart -- Lennart Poettering,

Re: Disable dmraid.service on first run if no dmraid sets are found - Fedora 33 System-Wide Change proposal

2020-06-30 Thread Lennart Poettering
The dmraid people had ample time to fix their code. It's really time this has to go. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedorapro

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

2020-06-28 Thread Lennart Poettering
, since required interactivity — i.e. entering the pw — can take any time in the world) then you will enter emergency mode if RAID is not complete, and you can figure out yourself if you want to continue in degraded mode, systemd won't help you and this is not going to change. If there's demand

Re: /dev/uinput

2020-06-28 Thread Lennart Poettering
we have on the input devices otherwise. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.o

Re: Fedora 33 System-Wide Change proposal: Make btrfs the default file system for desktop variants

2020-06-26 Thread Lennart Poettering
ess anyway to have something as module that is now gonna used by most people anyway, it just slows things down for little benefit) Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an em

Re: Fedora 33 System-Wide Change proposal: swap on zram

2020-06-09 Thread Lennart Poettering
maybe read up on it, before making such a fuss about it. You are fud'ing, and you know it. Hint: they are NOPs if there's no configuration for them. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsu

Re: Fedora 33 System-Wide Change proposal: swap on zram

2020-06-08 Thread Lennart Poettering
I disagree. We should strive for a system that works with empty /etc/ and if booted that way uses default settings. So that /etc is admin territory where the admin makes changes from the defaults. Thus, if zram is something to use by default then it should not be stored in /etc. Lennart

Re: Transitioning scripts relying on libcgroup-tools to the cgroup’s unified hierarchy (v2)

2020-05-12 Thread Lennart Poettering
systemd for delegation first (or be invoked inside a service where something else asked for it). If it doesn't then it's simply broken. In general, I am not sure why one would even want the cgroup tools on a systemd system though. We should provide most of it natively anyway, th

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-17 Thread Lennart Poettering
On Do, 16.04.20 19:53, Chris Adams (li...@cmadams.net) wrote: > Once upon a time, Lennart Poettering said: > > Again, we do not support DNSSEC from client to the stub. If you set CD > > we'll return NOTIMP as rcode, indicating that. We do not implement a > > full DNS se

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
On Do, 16.04.20 14:07, Matthew Miller (mat...@fedoraproject.org) wrote: > On Thu, Apr 16, 2020 at 07:27:29PM +0200, Lennart Poettering wrote: > > > If there are no servers configured... Shouldn't it use no servers? > > Well, our assumption is that working DNS is better than DN

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
DNSSEC if that's enabled to the upstream DNS server. We also set it for hosts we read from /etc/hosts (i.e. a source owned by root). If you saw incompatible server this looks like you left DNSSEC on between resolved and upstream DNS server? Again, this is not what we intend to do in Fe

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
On Do, 16.04.20 07:45, John M. Harris Jr (joh...@splentity.com) wrote: > If there are no servers configured... Shouldn't it use no servers? Well, our assumption is that working DNS is better than DNS that doesn't work. Lennart -- Lennart Poettering, Ber

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
upstream server > on nss_resolve's behave (possibly with some caching), and eventually > return the data to the application? correct. > Or does nss_resolve fail with UNAVAIL and expects nss_dns to fetch the > data? no. Lennart -- Lennart Poettering, Berlin __

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
nymore. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
On Do, 16.04.20 12:46, Florian Weimer (fwei...@redhat.com) wrote: > * Lennart Poettering: > > > Long story short: if you experienced issues with DNSSEC on with > > resolved today, then be assured that with DNSSEC off things are much > > much better, and that's ho

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
erver is OK, but maybe for servers we don't want to make such a claim, dunno, and just enable this for newly deployed stuff but not on upgraded stuff. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
00::3a10:d5ff:fe78:6bbe search fritz.box ``` (with some additional explanatory comments at the top, which I stripped here) Key is to access it under its proper path instead of via the symlink, for the aforementioned reasons. Lennart -- Lennart Poettering, Berlin ___

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-16 Thread Lennart Poettering
ussion on this specific issue on the bug report, instead of the ML. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct:

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
bit set it will be exposed to some upstream server's view of the world and its quirks and behaviours, which are likely very very different... Hence so far my take on it was: if you want real, fully featured DNS with all weird, strange options then talk to upstream directly, don't bother with reso

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
ibed in some other context? We never suffix search domains to multi-label names. We do traditional suffixing however for single-label names. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe s

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
is should be an OK thing to do. > I'm not sure what happens if there are multiple interfaces with > no specific routing but I think it may try them all? Exactly. If our routing info doesn't help us our logic is to route queries to all scopes in parallel. Lennart -- Lennart Poettering, Berlin

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
quot;systemctl disable" systemd-resolved however, and nss-dns will take front seat again. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproj

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
t; > because too many scriptlets and programs patch it. > > Moving it to authselect might be sensible. Why not setup.rpm? /etc/hosts is owned by setup.rpm. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedorap

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
r still support DNSSEC without validation, > passing through the records if they are requested by the client over the > DNS interface? The section above is not clear. depends on the record type. A number of DNSSEC RR types are magic, and we'll refuse sending those to DNS servers that we don

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
On Mi, 15.04.20 16:30, Lennart Poettering (mzerq...@0pointer.de) wrote: > On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote: > > > * Lennart Poettering: > > > > > 1. If /etc/resolv.conf is a regular file, resolved will *consume* it > > >for

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
emory), but I guess we can decide it's not just compat feature now, but also and performance improvement feature. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
On Mi, 15.04.20 15:50, Florian Weimer (fwei...@redhat.com) wrote: > * Lennart Poettering: > > > 1. If /etc/resolv.conf is a regular file, resolved will *consume* it > >for DNS configuration, and never change it or modify it or replace > >it. If this mode is

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
esolv.conf", O_RDONLY|O_CLOEXEC); else fd = open("/run/systemd/resolve/resolv.conf", O_RDONLY|O_CLOEXEC); break; } You get the idea: use O_LOOP to check if it's a symlink and then use readlink() to see if the file points to something managed by resolved. L

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
uot;files" the way it is, taking precendence. That said, resolved has a bus API for resolving hosts too, which gives a bit richer an API to do things, instead of using gethostbyname(). resolved parses and caches /etc/hosts for that natively, so that we can server the same set of names when

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
ould just override the file to whatever it wants, and things will just work, regarldess if resolved runs in the container or not, and resolved -- if used -- will honour whatever the container mgr/builder put there. Lennart -- Lennart Poettering, Berlin _

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
resolved on in Fedora by default, as long as we also keep DNSSEC off. Long story short: if you experienced issues with DNSSEC on with resolved today, then be assured that with DNSSEC off things are much much better, and that's how we'd ship it in Fedora if it becomes the default. Lenna

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
story short: we want to default to mode #2. But if you can chose mode #1 or #3 if you like, depending on whether you want to kick resolved out of managing resolv.conf or out of doing any DNS lookups for you at all. Lennart -- Lennart Poettering, Berlin ___ de

Re: Fedora 33 System-Wide Change proposal: systemd-resolved

2020-04-15 Thread Lennart Poettering
l try to use a default set of DNS servers however, which can be specified when building systemd. it's a fallback to make things more robust, i.e. making sure DNS works if possible. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists

Re: The Chromium Dilemma

2020-04-15 Thread Lennart Poettering
the hard limit should have no issues with numbers of fds anymore, it may allocate a whipping 512K of them just like that. (But should still take care to reset the soft limit to 1024 again when forking off foreign code.) Lennart -- Lennart Poettering, Berlin ___

Re: The Chromium Dilemma

2020-04-13 Thread Lennart Poettering
o set RLIMIT_NOFILE's soft value to the hard value. And then they will just work without any manual limit bumping for regular people on modern distros. Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsub

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-10 Thread Lennart Poettering
On Mi, 08.01.20 12:24, Chris Murphy (li...@colorremedies.com) wrote: > On Mon, Jan 6, 2020 at 11:09 AM Lennart Poettering > wrote: > > > > - facebook is working on making oomd something that just works for > > everyone, they are in the final rounds of canonicalizing th

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-07 Thread Lennart Poettering
On Di, 07.01.20 09:27, Michael Catanzaro (mcatanz...@gnome.org) wrote: > On Mon, Jan 6, 2020 at 7:09 pm, Lennart Poettering > wrote: > > - oomd currently polls some parameters in time intervals too, > > still. They are working on getting rid of that too, so that > > e

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-07 Thread Lennart Poettering
On Mo, 06.01.20 14:53, Michael Catanzaro (mcatanz...@gnome.org) wrote: > On Mon, Jan 6, 2020 at 7:09 pm, Lennart Poettering > wrote: > > - facebook is working on making oomd something that just works for > > everyone, they are in the final rounds of canonicalizing the >

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-06 Thread Lennart Poettering
alk/DQX3DH/ (but before this will enter systemd it's gonna be dumbed down, i.e, less configuration, more "just works") Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-06 Thread Lennart Poettering
". That way the > > reporting via cgroups isn't fucked, and systemd can still do its > > thing, and the kernel can kill per cgroup rather than per process... > > Problem is that letting the kernel do the work can cause data loss. earlyoom > needs to handle process

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-06 Thread Lennart Poettering
On Mo, 06.01.20 17:47, Lennart Poettering (mzerq...@0pointer.de) wrote: > On Mo, 06.01.20 08:51, Chris Murphy (li...@colorremedies.com) wrote: > > > On Mon, Jan 6, 2020 at 3:08 AM Lennart Poettering > > wrote: > > >> > > > Looking at the sources very s

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-06 Thread Lennart Poettering
On Mo, 06.01.20 08:51, Chris Murphy (li...@colorremedies.com) wrote: > On Mon, Jan 6, 2020 at 3:08 AM Lennart Poettering > wrote: > >> > > Looking at the sources very superficially I see a couple of problems: > > > > 1. Waking up all the time in 100ms intervals?

Re: Fedora 32 System-Wide Change proposal (late): Enable EarlyOOM

2020-01-06 Thread Lennart Poettering
el land, and if that doesn't work out for some reason because kernel devs can't agree, then do it as fallback in userspace, but with sound input from the kernel folks, and the blessing of at least some of the kernel folks. Lennart -- Lennart Poettering, Berlin __

Re: Fedora 32 System-Wide Change proposal: Enable fstrim.timer by default

2019-12-20 Thread Lennart Poettering
On Fr, 20.12.19 18:11, Louis Lagendijk (lo...@fazant.net) wrote: > On Fri, 2019-12-20 at 17:46 +0100, Lennart Poettering wrote: > > > > Or let me ask this differently: the "discard" mount option of various > > kernel file systems, what does it differently than w

Re: Fedora 32 System-Wide Change proposal: Enable fstrim.timer by default

2019-12-20 Thread Lennart Poettering
On Fr, 20.12.19 14:10, Karel Zak (k...@redhat.com) wrote: > On Fri, Dec 20, 2019 at 10:23:50AM +0100, Lennart Poettering wrote: > > On Do, 19.12.19 16:42, Ben Cotton (bcot...@redhat.com) wrote: > > > > > Over time, some users experience slow downs in certain fla

Re: Fedora 32 System-Wide Change proposal: Enable fstrim.timer by default

2019-12-20 Thread Lennart Poettering
On Fr, 20.12.19 13:39, Fedora Development ML (devel@lists.fedoraproject.org) wrote: > On 20.12.2019 10:23, Lennart Poettering wrote: > > So, if this is desirable, why doesn't the kernel do this on its own? > > Kernel's TRIM has issues with data corruption on some SSD controllers.

Re: Fedora 32 System-Wide Change proposal: Enable fstrim.timer by default

2019-12-20 Thread Lennart Poettering
ality anyway? Lennart -- Lennart Poettering, Berlin ___ devel mailing list -- devel@lists.fedoraproject.org To unsubscribe send an email to devel-le...@lists.fedoraproject.org Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-c

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

2019-12-06 Thread Lennart Poettering
e. akin to dm-verity, not akin to dm-integrity. Also fs-verity applies to individual files only, it thus only has very specific usecases. You cannot sensibly do fs-verity across the whole OS tree, you'd spent agres to set it up at boot... Lennart -- Lennart Poettering, Berlin _

Re: Fedora 32 System-Wide Change proposal: Disallow Empty Password By Default

2019-12-06 Thread Lennart Poettering
On Fr, 06.12.19 16:42, Marius Schwarz (fedora...@cloud-foo.de) wrote: > Am 06.12.19 um 08:57 schrieb Lennart Poettering: > > If you know where stuff is located you can change individual blocks in > > files. You are not going to know what you are changing them to, but >

  1   2   3   4   5   6   7   8   9   10   >