On Sun, 31 May 2015 at 21:30:25 -0500, Karl O. Pinc wrote: > On Mon, 1 Jun 2015 03:30:36 +0200 Guilhem Moulin <guil...@guilhem.org> wrote: >> I'll see if the linux-initramfs-tool would be willing to accept an >> ‘unconfigure_networking’ function using ip(1). > > I haven't looked at all the pieces in a long time. > The idea of a function is appealing, but no matter > what the sysadm is going to have to be involved > in bringing the interface down and de-configuring > it (per > https://bugs.debian.org/cgi-bin/bugreport.cgi?msg=5;att=1;bug=715487;filename=README.Debian.downnet.patch > , right? Possibly a little extra editing on the > part of a sysadm in this corner case is worth > not having a function.
I'd rather not having to manually edit these scripts, and follow your original patch to add a new configuration variable DROPBEAR_IFDOWN. (Perhaps unset by default for NFS mounts, and set to “all” otherwise.) > But all this raises a question in my mind. > If ip is available then why does ipconfig > exist at all and why is it used? Why would > it even be necessary to patch klibc/ipconfig? /sbin/ip is provided by busybox, which is not required. However it is for remote rootfs unlocking, since a shell is needed to type in the command or execute the SSH_COMMAND. > Patching ipconfig would only be useful in those > environments where ip is not available, and in > those environments the "ip flush" functionality > would need to be built into ipconfig. In this > case the right thing to do is not to add > a function to linux-intramfs-tool but to > dig around in the ip code and port the flush > part back into ipconfig. With luck this won't be that > hard now that we know where to look. > (I think the "down" part is already done.) It's true that the linux-initramfs-tool maintainers might be reluctant to use ip in ‘unconfigure_networking’ while ‘configure_networking’ uses ipconfig. And using only ip is probably not acceptable since it's not guaranteed to be present. However I doubt I have the skills to patch klibc :-/ I'd say using ip in dropbear's init-bottom script is fine in the meantime. -- Guilhem.
signature.asc
Description: Digital signature
