Bug#330830: netbase: what to do with /etc/network/options
On Sun, Oct 02, 2005 at 09:29:35AM +0200, Marc Haber wrote: > Especially in the case of spoofprotect, since sysctl doesn't seem to > expand wildcards in /etc/sysctl.conf and thus the naive approach of > writing "net/ipv4/conf/*/rp_filter=1" in /etc/sysctl.conf doesn't work. Ah, thanks for that, I forgot to comment it :) *Usually* it's sufficient to set net/ipv4/conf/all/rp_filter and net/ipv4/conf/default/rp_filter because there are no interfaces configured when rcS.d/S30procps.sh is called (and thus no other subdirectories exist in conf/). There is one case where I don't know if it's sufficient: when you have / on nfs you need to configure at least one interface at kernel boot. regards Mario -- () Ascii Ribbon Campaign /\ Support plain text e-mail -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#330830: netbase: what to do with /etc/network/options
On Fri, Sep 30, 2005 at 12:52:07PM +0200, Mario 'BitKoenig' Holbe wrote: > Well, what about generating some hints about what to write to > sysctl.conf (probably based on network/options) then? Finally, it > doesn't matter if you put them in debconf and make them dynamic or > static in README.Debian. I agree with Mario here. There are not many options in /e/n/o anyway, so it would not be an unreasonable request to at least document which entries in /etc/sysctl.conf will replace which option in /e/n/o. Especially in the case of spoofprotect, since sysctl doesn't seem to expand wildcards in /etc/sysctl.conf and thus the naive approach of writing "net/ipv4/conf/*/rp_filter=1" in /etc/sysctl.conf doesn't work. Greetings Marc -- - Marc Haber | "I don't trust Computers. They | Mailadresse im Header Mannheim, Germany | lose things."Winona Ryder | Fon: *49 621 72739834 Nordisch by Nature | How to make an American Quilt | Fax: *49 621 72739835 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#330830: netbase: what to do with /etc/network/options
On Fri, Sep 30, 2005 at 12:37:30PM +0200, Marco d'Itri wrote: > On Sep 30, Mario 'BitKoenig' Holbe <[EMAIL PROTECTED]> wrote: > > transition to procps:/etc/sysctl.conf. > Can't be done, /etc/sysctl.conf is a conffile. Hm, I did expect something like this, yes :/ > > probably surround the transition by some medium priorized debconf > This would still be a policy violation, and I do not think that I will > litter the package with more debconf questions anyway. Well, what about generating some hints about what to write to sysctl.conf (probably based on network/options) then? Finally, it doesn't matter if you put them in debconf and make them dynamic or static in README.Debian. regards Mario -- who | grep -i blonde | talk; cd; wine; talk; touch; unzip; touch; strip; gasp; finger; gasp; mount; fsck; more; true; gasp; umount; make clean; sleep -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
Bug#330830: netbase: what to do with /etc/network/options
On Sep 30, Mario 'BitKoenig' Holbe <[EMAIL PROTECTED]> wrote: > since you (not you Jukka, but the package maintainers :)) are deprecating > /etc/network/options, it would be nice to provide some automatic > transition to procps:/etc/sysctl.conf. Can't be done, /etc/sysctl.conf is a conffile. > Since /etc/sysctl.conf is a conffile of another package, you should > probably surround the transition by some medium priorized debconf > question. This would still be a policy violation, and I do not think that I will litter the package with more debconf questions anyway. -- ciao, Marco signature.asc Description: Digital signature
Bug#330830: netbase: what to do with /etc/network/options
On Fri, Sep 30, 2005 at 01:49:52AM +0300, Jukka Suomela wrote: > So, by following the documentation, I should now write something to > /etc/sysctl.conf. Fine, I could do that, but this sounds like a bit > strange upgrade path for a regular user. After all, I don't think I since you (not you Jukka, but the package maintainers :)) are deprecating /etc/network/options, it would be nice to provide some automatic transition to procps:/etc/sysctl.conf. I wrote and attached a small shell script snippet based on your /etc/init.d/networking, which tries to achieve the current semantics as much as possible, i.e. it only sets options but never unsets them. The only reverted semantic is that currently netbase overrides procps (which is caused by the rcS.d sequence code), while in the script procps overrides netbase. You could probably add the snippet to postinst or somewhere similar and remove /etc/network/options in prerm. Since /etc/sysctl.conf is a conffile of another package, you should probably surround the transition by some medium priorized debconf question. procps is Priority: required, I don't know if you need to Depend: on it or Recommend: it then. Thanks for your work & regards Mario -- It is practically impossible to teach good programming style to students that have had prior exposure to BASIC: as potential programmers they are mentally mutilated beyond hope of regeneration. -- Dijkstra options2sysctl.sh Description: Bourne shell script
Bug#330830: netbase: what to do with /etc/network/options
Package: netbase Version: 4.22 Severity: minor Hi, I noticed that /etc/network/options is now deprecated. As the init scripts warn on this issue, I tried to RTFM and see what I should do to fix this issue. The only piece of documentation I could find was this: /usr/share/doc/netbase/README.Debian: " * /etc/network/options This file is deprecated, and if present should be replaced by values in /etc/sysctl.conf or equivalent custom scripts. " Then I checked the contents of /etc/network/options and found this: ip_forward=no spoofprotect=yes syncookies=no So, by following the documentation, I should now write something to /etc/sysctl.conf. Fine, I could do that, but this sounds like a bit strange upgrade path for a regular user. After all, I don't think I have ever touched my /etc/network/options file. According to some Google hits, it seems that I can safely remove this file if I have only "spoofprotect" enabled and if I am running a modern kernel. If this is right, could you: 1) Explain this more carefully in README.Debian, NEWS.Debian or such? 2) If possible, automatically detect if /etc/network/options can be safely removed, and do it without bothering the user? Best regards, Jukka Suomela -- System Information: Debian Release: testing/unstable APT prefers unstable APT policy: (500, 'unstable') Architecture: i386 (i686) Shell: /bin/sh linked to /bin/dash Kernel: Linux 2.6.12-1-686 Locale: LANG=fi_FI, LC_CTYPE=fi_FI (charmap=ISO-8859-1) Versions of packages netbase depends on: ii debconf [debconf-2.0] 1.4.58 Debian configuration management sy ii ifupdown0.6.7high level tools to configure netw ii iputils-ping [ping] 3:20020927-2 Tools to test the reachability of ii lsb-base3.0-9Linux Standard Base 3.0 init scrip ii netkit-inetd0.10-10.2The Internet Superserver ii tcpd7.6.dbs-8Wietse Venema's TCP wrapper utilit netbase recommends no packages. -- debconf information excluded -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]