Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-25 Thread Jonas Smedegaard 
Quoting Jonas Smedegaard (2016-05-25 10:37:08)
> Quoting Ansgar Burchardt (2016-05-25 10:14:02)
>> Also all "Priority: important" packages installed by the default 
>> installation should be marked as manually installed as far as I 
>> remember.
>
> Is it documented somewhere which di-installed packages should be 
> marked as manually installed and which should be marked as 
> auto-installed?

For some context to my question, see bug#742977.

(sorry, took me some time to locate the bugnumber).

 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-25 Thread Jonas Smedegaard 
Quoting Ansgar Burchardt (2016-05-25 10:14:02)
> Also all "Priority: important" packages installed by the default 
> installation should be marked as manually installed as far as I 
> remember.

Is it documented somewhere which di-installed packages should be marked 
as manually installed and which should be marked as auto-installed?


 - Jonas

-- 
 * Jonas Smedegaard - idealist & Internet-arkitekt
 * Tlf.: +45 40843136  Website: http://dr.jones.dk/

 [x] quote me freely  [ ] ask before reusing  [ ] keep private


signature.asc
Description: signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-25 Thread Ansgar Burchardt 
Henrique de Moraes Holschuh  writes:
> On Tue, May 24, 2016, at 13:03, Ansgar Burchardt wrote:
>> On Tue, 2016-05-24 at 11:43 -0300, Henrique de Moraes Holschuh wrote:
>> > On Tue, May 24, 2016, at 10:01, Simon McVittie wrote:
>> > > On Tue, 24 May 2016 at 09:08:11 -0300, Henrique de Moraes Holschuh
>> > > wrote:
>> > > > Whatever we do, we absolutely must bring up a fully configured
>> > > > loopback
>> > > > interface by default.
>> > > Happily, our default init system already does that.
>> > We need to ensure any non-default ones also do that before we drop
>> > ifupdown from "recommends", because ifupdown + default
>> > /etc/network/interfaces is the fallback that ensures the loopback
>> > will be up.
>>
>> We are not talking about removing "ifupdown" from the default
>> installation which includes all "Priority: important" packages (which
>> happens to include both netbase and ifupdown).
>>
>> The only installations affected are debootstrap's "minbase" and
>> "buildd" variants: these only install "Priority: required" packages and
>> select extra packages (apt and, for buildd, build-essential).  These
>> would no longer pull in "ifupdown" if "netbase" is installed.
>
> As far as I am concerned, ensuring the "master namespace" loopback is
> configured and up is actually required behavior and it should be
> enforced by something stronger than "priority important" packages being
> installed.  Systemd got this right.

I note that systemd is one of those "priority important" packages ;) I
have to admit though that "init" is still[1] at "Priority: required" and
depends on the lower-priority "systemd" package (a policy violation that
makes life much easier and sane).

  [1] 

> So, yes, I do think it would be best were it done by something in the
> initscripts package, since systemd is already doing it by itself as
> well.

That might be useful in either case to make sure "lo" gets setup
early. That would remove one subtle difference between systemd and
sysvinit.

> Also, it is "probably not ok" (as in I fully expect we will end up with
> people filling severity critical bugs should we do otherwise) to allow
> ifupdown (and likely netbase) to get uninstalled anywhere it was
> automatically installed, unless we ensure something else will take up
> their job.   This is not even related to configuring the loopback, but
> rather to /etc/network/interfaces processing, as well as /etc/services.

I'm not sure why "netbase" should be uninstalled anywhere if we remove
the "Recommends: ifupdown" from "netbase"?

Also all "Priority: important" packages installed by the default
installation should be marked as manually installed as far as I
remember.

I guess if you use the "minbase" or "buildd" variants, install "netbase"
and "ifupdown" only as a recommended package, then apt might suggest to
remove the no-longer recommended package.  I guess you mean this by
"automatically removed" even though it only happens by admin request as
far as I remember?  If you include other reasons for "automatically
removed", like for example running dist-upgrade and not checking what
will be removed, there are many other packages that could be removed and
break networking/firewall hooks.  (And "Recommends: ifupdown" will
likely not prevent that sort of removal for "ifupdown" anyway.)

Ansgar

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-24 Thread Henrique de Moraes Holschuh 
On Tue, May 24, 2016, at 13:03, Ansgar Burchardt wrote:
> On Tue, 2016-05-24 at 11:43 -0300, Henrique de Moraes Holschuh wrote:
> > On Tue, May 24, 2016, at 10:01, Simon McVittie wrote:
> > > On Tue, 24 May 2016 at 09:08:11 -0300, Henrique de Moraes Holschuh
> > > wrote:
> > > > Whatever we do, we absolutely must bring up a fully configured
> > > > loopback
> > > > interface by default.
> > > Happily, our default init system already does that.
> > We need to ensure any non-default ones also do that before we drop
> > ifupdown from "recommends", because ifupdown + default
> > /etc/network/interfaces is the fallback that ensures the loopback
> > will be up.
> 
> We are not talking about removing "ifupdown" from the default
> installation which includes all "Priority: important" packages (which
> happens to include both netbase and ifupdown).
> 
> The only installations affected are debootstrap's "minbase" and
> "buildd" variants: these only install "Priority: required" packages and
> select extra packages (apt and, for buildd, build-essential).  These
> would no longer pull in "ifupdown" if "netbase" is installed.

As far as I am concerned, ensuring the "master namespace" loopback is
configured and up is actually required behavior and it should be
enforced by something stronger than "priority important" packages being
installed.  Systemd got this right.

So, yes, I do think it would be best were it done by something in the
initscripts package, since systemd is already doing it by itself as
well.

Also, it is "probably not ok" (as in I fully expect we will end up with
people filling severity critical bugs should we do otherwise) to allow
ifupdown (and likely netbase) to get uninstalled anywhere it was
automatically installed, unless we ensure something else will take up
their job.   This is not even related to configuring the loopback, but
rather to /etc/network/interfaces processing, as well as /etc/services.

People sometimes trigger firewall setup and other supplementary
network-related setup  using the loopback entry in
/etc/network/interfaces, because it is guaranteed to happen at the
exactly the right time during boot and fully serialized with other
interface bring-up.  And people do configure network services using
names from /etc/services instead of hard-coding port numbers (sometimes
by not specifying a port number in the first place, and the
service/daemon/application using the IANA-assigned service *name* in
that case to look up the port number). 

That said, I don't expect this to be a real problem right now, but it is
something to keep in mind.  Obviously, it is not going to be an issue
for new installs, but it could be for the next stable upgrade.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique de Moraes Holschuh

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-24 Thread Ansgar Burchardt 
On Tue, 2016-05-24 at 11:43 -0300, Henrique de Moraes Holschuh wrote:
> On Tue, May 24, 2016, at 10:01, Simon McVittie wrote:
> > 
> > On Tue, 24 May 2016 at 09:08:11 -0300, Henrique de Moraes Holschuh
> > wrote:
> > > 
> > > Whatever we do, we absolutely must bring up a fully configured
> > > loopback
> > > interface by default.
> > Happily, our default init system already does that.
> We need to ensure any non-default ones also do that before we drop
> ifupdown from "recommends", because ifupdown + default
> /etc/network/interfaces is the fallback that ensures the loopback
> will be up.

We are not talking about removing "ifupdown" from the default
installation which includes all "Priority: important" packages (which
happens to include both netbase and ifupdown).

The only installations affected are debootstrap's "minbase" and
"buildd" variants: these only install "Priority: required" packages and
select extra packages (apt and, for buildd, build-essential).  These
would no longer pull in "ifupdown" if "netbase" is installed.

Ansgar

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-24 Thread Ian Jackson 
Simon McVittie writes ("Re: Bug#824884: netbase: should not recommend 
ifupdown"):
> On Tue, 24 May 2016 at 09:08:11 -0300, Henrique de Moraes Holschuh wrote:
> > Whatever we do, we absolutely must bring up a fully configured loopback
> > interface by default.
> 
> Happily, our default init system already does that.
> 
> systemd's authors see the lo device as being less like networking and
> more like part of the "API" of a Linux machine, so pid 1 sets it up
> during early boot, rather than leaving it as the responsibility of
> whichever of ifupdown, NetworkManager, systemd-networkd etc. you're
> using. That seems like a reasonable approach to me.

If we take this approach, the recommendation that is being removed
from netbase should perhaps be moved to sysvinit, or something ?

Ian.

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-24 Thread Henrique de Moraes Holschuh 
On Tue, May 24, 2016, at 10:01, Simon McVittie wrote:
> On Tue, 24 May 2016 at 09:08:11 -0300, Henrique de Moraes Holschuh wrote:
> > Whatever we do, we absolutely must bring up a fully configured loopback
> > interface by default.
> 
> Happily, our default init system already does that.

We need to ensure any non-default ones also do that before we drop
ifupdown from "recommends", because ifupdown + default
/etc/network/interfaces is the fallback that ensures the loopback will
be up.

Hopefully we already do that, but it doesn't look like it from a fast
look at a jessie workstation.

> systemd's authors see the lo device as being less like networking and
> more like part of the "API" of a Linux machine, so pid 1 sets it up

Which actually makes a lot of sense, as it is in fact a critical
networking component on any modern Unix userland.   Drop/bring down the
loopback, and the world breaks in surprising ways, be it in Linux, the
BSDs, or Solaris.

> using. That seems like a reasonable approach to me.

It is reasonable, yes.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique de Moraes Holschuh

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-24 Thread Simon McVittie 
On Tue, 24 May 2016 at 09:08:11 -0300, Henrique de Moraes Holschuh wrote:
> Whatever we do, we absolutely must bring up a fully configured loopback
> interface by default.

Happily, our default init system already does that.

systemd's authors see the lo device as being less like networking and
more like part of the "API" of a Linux machine, so pid 1 sets it up
during early boot, rather than leaving it as the responsibility of
whichever of ifupdown, NetworkManager, systemd-networkd etc. you're
using. That seems like a reasonable approach to me.

S

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-24 Thread Henrique de Moraes Holschuh 
On Mon, May 23, 2016, at 22:54, Simon Richter wrote:
> On 21.05.2016 21:06, Michael Biebl wrote:
> > Personally I don't see a compelling reason why netbase should pull in a
> > specific network configuration system.
> > So +1 for dropping the Recommends.
> 
> It should probably pull in at least one -- ideally listing a sensible
> default for Desktop installations as the first alternative.

Whatever we do, we absolutely must bring up a fully configured loopback
interface by default.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique de Moraes Holschuh

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-23 Thread Simon Richter 
Hi,

On 21.05.2016 21:06, Michael Biebl wrote:

> Personally I don't see a compelling reason why netbase should pull in a
> specific network configuration system.
> So +1 for dropping the Recommends.

It should probably pull in at least one -- ideally listing a sensible
default for Desktop installations as the first alternative.

   Simon




signature.asc
Description: OpenPGP digital signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-22 Thread Russ Allbery 
Guus Sliepen  writes:

> Hm, I did not expect that, but according to codesearch.debian.net you
> are right. I'm actually stunned by the amount of programs that do
> something like:

> struct protoent *pe = getprotobyname("TCP");
> int s = socket(AF_INET, SOCK_STREAM, pe->p_proto);

> ...when there is the perfectly fine IPPROTO_TCP. Every time
> getprotobyname() or getservbyname() is called, glibc opens
> /etc/protocols or /etc/services and parses the whole file. What a waste:
> it takes more effort to program it like this, it wastes CPU cycles and
> disk IO, and it has more potential to fail.

While I agree with you that getprotobyname is probably pointless, I don't
really agree for getservbyname (or getaddrinfo, which is the more modern
way to do this).  Those don't have well-defined constants, and while the
ability to change that file and thus change software behavior is of very
limited use, I do think it makes for more readable code to use symbolic
service names.  A minor point, and it doesn't make a huge difference in
the long run, but it's what I do in my software and I think it has some
clear merits.

I don't really buy the performance argument for nearly all software.
Reading a file from disk isn't very slow, and for *most* software this
isn't a hugely frequent operation.  (There are certainly cases where it
would be an issue, but in most of those cases it's already a better idea
to cache the results of getaddrinfo for some time.)

-- 
Russ Allbery (r...@debian.org)

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-22 Thread Marco d'Itri 
On May 22, "Iain R. Learmonth"  wrote:

> What is the upstream source for the /etc/services file? Do we just
I am...

> maintain that in Debian or are updates incorporated from IANA and
> unofficial port numbers?
I do not use the official IANA list because it is huge and full of 
entries of questionable utility.

TBH, I think that the main value of /etc/services is for number to name 
conversion.

-- 
ciao,
Marco


signature.asc
Description: PGP signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-22 Thread Iain R. Learmonth 
Hi,

On 22/05/16 10:00, Niko Tyni wrote:
> Well, getservbyname(3) is used by 945 packages according to
> codesearch.debian.net, and getprotobyname(3) by 551 packages.
> Those use /etc/services and /etc/protocols by default AFAIK.
> Doesn't seem that seldom to me?

I'm probably doing it wrong, but I grep /etc/services at least once a
month in figuring out which port numbers I'm looking for a particular
service. It's a really handy reference for doing firewall ACLs, etc.

What is the upstream source for the /etc/services file? Do we just
maintain that in Debian or are updates incorporated from IANA and
unofficial port numbers?

I think those files would lose a lot of value in the case that they are
not up to date.

Thanks,
Iain.

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-22 Thread Guus Sliepen 
On Sun, May 22, 2016 at 11:38:27AM +0200, Guus Sliepen wrote:

> Hm, I did not expect that, but according to codesearch.debian.net you
> are right. I'm actually stunned by the amount of programs that do
> something like:
> 
> struct protoent *pe = getprotobyname("TCP");
> int s = socket(AF_INET, SOCK_STREAM, pe->p_proto);

Or that do it completely wrong but accidentily get away with it, like
here:

https://sources.debian.net/src/rfdump/1.6-4/src/tcpconnect.c/?hl=48#L48

Which only works because "IP" maps to 0, which has a special meaning for
socket(), namely to use whatever protocol best matches the domain and
type parameters. I wonder what other horrors lurk in our code.

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen 


signature.asc
Description: Digital signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-22 Thread Guus Sliepen 
On Sun, May 22, 2016 at 12:00:37PM +0300, Niko Tyni wrote:

> > About the description of the netbase package though: it currently only
> > contains for text files in /etc that are seldomly used. For fun I just
> > purged netbase, and it doesn't really break anything. I wouldn't call it
> > "necessary infrastucture for basic TCP/IP networking" anymore.
> 
> Well, getservbyname(3) is used by 945 packages according to
> codesearch.debian.net, and getprotobyname(3) by 551 packages.
> Those use /etc/services and /etc/protocols by default AFAIK.
> Doesn't seem that seldom to me?

Hm, I did not expect that, but according to codesearch.debian.net you
are right. I'm actually stunned by the amount of programs that do
something like:

struct protoent *pe = getprotobyname("TCP");
int s = socket(AF_INET, SOCK_STREAM, pe->p_proto);

...when there is the perfectly fine IPPROTO_TCP. Every time
getprotobyname() or getservbyname() is called, glibc opens
/etc/protocols or /etc/services and parses the whole file. What a waste:
it takes more effort to program it like this, it wastes CPU cycles and
disk IO, and it has more potential to fail.

I would only have expected tools like tcpdump and nmap to actually use
those files.

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen 


signature.asc
Description: Digital signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-22 Thread Niko Tyni 
On Sat, May 21, 2016 at 10:01:05PM +0200, Guus Sliepen wrote:

> About the description of the netbase package though: it currently only
> contains for text files in /etc that are seldomly used. For fun I just
> purged netbase, and it doesn't really break anything. I wouldn't call it
> "necessary infrastucture for basic TCP/IP networking" anymore.

Well, getservbyname(3) is used by 945 packages according to
codesearch.debian.net, and getprotobyname(3) by 551 packages.
Those use /etc/services and /etc/protocols by default AFAIK.
Doesn't seem that seldom to me?
-- 
Niko Tyni   nt...@debian.org

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-21 Thread Guus Sliepen 
On Fri, May 20, 2016 at 09:08:29PM +0200, Marco d'Itri wrote:

> Does anybody see a reason to NOT remove the recommends?

I don't see a reason either.

About the description of the netbase package though: it currently only
contains for text files in /etc that are seldomly used. For fun I just
purged netbase, and it doesn't really break anything. I wouldn't call it
"necessary infrastucture for basic TCP/IP networking" anymore.

The netbase package has a lot of reverse depends that are also not
necessary anymore, I think.

-- 
Met vriendelijke groet / with kind regards,
  Guus Sliepen 


signature.asc
Description: Digital signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-21 Thread Michael Biebl 
Am 20.05.2016 um 21:08 schrieb Marco d'Itri:
> Does anybody see a reason to NOT remove the recommends?

I seems to have been a Depends in the past and was demoted to Recommends
quite a while ago. Why it was added in the first place I can't seem to
find in the debian changelog.
Personally I don't see a compelling reason why netbase should pull in a
specific network configuration system.
So +1 for dropping the Recommends.


Regards,
Michael
-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?



signature.asc
Description: OpenPGP digital signature

Re: Bug#824884: netbase: should not recommend ifupdown

2016-05-20 Thread Marco d'Itri 
Does anybody see a reason to NOT remove the recommends?

On May 20, Ansgar Burchardt  wrote:

> netbase should not recommend ifupdown.  Currently any package
> depending on netbase will install ifupdown and a dhcp client if
> recommends are installed, see [1].
> 
> As ifupdown is currently Priority: important (same as netbase), it
> will be installed in everything but minimal installations anyway.

-- 
ciao,
Marco


signature.asc
Description: PGP signature