On Wed, Nov 28, 2018 at 06:47:59PM +0000, Dmitry Bogatov wrote:
Hi,
sorry, didn't look at bug mail for a while.
> > However, whenever the getty-run package is installed in a vserver, I have to
> > manually remove the /service/getty-tty* symlinks.
> >
> > Can you please modify the postinst script so it only installs getty services
> > for /dev/tty* devices that are actually there?
>
> I do not like maintainer scripts. They are pain to get right. I can
> propose you to pre-provision your servers with
> `/etc/sv/getty{1-6}-run/down' file. See runsv(8).
That would still leave the runsv processes around and clutter the output of
"sv status /service/*".
The following postinst snippet should work:
export NAME='getty-tty1'
if [ -c /dev/tty1 ]; then
export ENABLE='yes'
else
export ENABLE='no'
fi
# Unlike postrm, I can be sure, that runit-helper is present on
# postinst.
/lib/runit-helper/runit-helper postinst "$@"
... and so on for the other ttys. (A lesser man would have used a for loop. :)
(Alternatively, the getty run scripts could start with something like this:
[ -c /dev/ttyX ] || rm /etc/service/getty-ttyX
and /etc/runit/1 could re-create these symlinks, just to be absolutely sure.
I don't like this approach; there is too much going on automatically.)
Or, you could add a debconf question with low priority, defaulting to "yes",
on whether to add the getty service symlinks. I could pre-seed debconf in
vservers with "no".
> > Or can we come up with a way to help people avoid shooting themselves in the
> > foot while not requiring me to install getty-run in vservers? For example,
> > runit-init could depend on "getty-run | some-way-to-log-in-interactively",
> > and "some-way-to-log-in-interactively" could be provided by an empty
> > "runit-no-getty" package as well as an "ssh-run" package that sets up a
> > runit service for ssh.
>
> If it would help you, I can add dependency on 'getty-run | access-run'.
> You are free to provide `access-run' in whatever way you like.
That would work for me if you also build a "runit-no-getty" or similar
(empty) package that provides "access-run". It should be in Debian; we
shouldn't force every container user to build their own fake empty
"access-run" package.
> I am fine with `bin:unsafe-no-tty-run' package too, but not now. I do not
> want to get stuck in NEW before freeze.
Sure, it can wait until the freeze starts. (I almost always use sid anyway.)
Thanks!
AndrĂ¡s
--
What is life but a sexually transmitted disease with a 100% mortality rate?
