On 11/04/18 09:43, Antonio Quartulli wrote: > >> This kicks into the discussion we had about supporting newer systemd features >> selectively... Shipping different static files for distributions and/or >> systemd versions duplicates the number of files. > > I am not into systemd, therefore I am not able to comment on the > strategy we need to adopt. > > However, what I imagine is that each distribution, when deciding what > library to use (sitnl vs iproute2), will also decide which of the > provided unit files to ship (if we have multiple precompiled files). > Or our Makefile should generate the right ones based on the > --enable-iproute2 switch (maybe this is what you meant with templates?).
Systemd is developing quite fast, and is consistently improving on the security side - with more and more interesting lock-down features, most which can be automated if enabled correctly in the unit files. But newer features may not work so well on older systemd releases. So this is actually a two-fold challenge - How to figure out which features systemd supports? We can here presume the host building the package runs the systemd version OpenVPN needs to integrate against. - How to output/generate unit files which are consistent with the available features? We will most likely need some kind of template solution to achieve this. The template approach used with Makefile.am/Makefile.in is too limited for our need - that's essentially just a wrapped in sed, which replaces defined variables with something else. There's plenty of other alternatives as well. But that can easily mean increasing the build time dependencies. I'm not convinced that is the right approach for this need. I've been pondering on what would be the best approach ... using plain bash with friends (awk, sed, etc), using Python (lots of template engine alternatives, some are built-in) or even possibilities with XML+XSLT. All of these required tools for either approach are mostly available by default on most Liux distributions. Since systemd is Linux only, that's the base restriction. All of these alternatives have some pros, but more cons. But in the end, I believe that currently it is probably better to have a simple shell script doing the generation. A unit file typically consists of three sections (Unit, Service and Install). Now, the Service section is the one which will be mostly modified. In the Unit section, only the description is slightly modified between server and client variants. Such a generator script typically need to have some kind of "feature matrix" which enlists which features we're interested in using in the currently available systemd version on the system. Then pass this "detected features" to a function which creates the [Service] section on-the-fly and dumps everything to stdout. The [Unit] section to use would be determined by the role (client or server), which could be an argument to the script. This role would need to also be used when creating the [Service] section too. Thoughts? -- kind regards, David Sommerseth OpenVPN Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, Slashdot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
