Re: Bug#994750: RFS: mazeofgalious/0.63-1 [ITA] -- The Maze of Galious
On 21/09/21 1:24 am, Parodper wrote: * URL : http://www.braingames.getput.com/mog/ No such site? Cheers, Richard
Re: Question about writing systemd unit for old package
On 20/05/21 1:59 pm, Alec Leamas wrote: Hi, On 20/05/2021 03:35, Paul Wise wrote: On Wed, May 19, 2021 at 8:51 AM Richard Hector wrote: Does that not depend on whether it does anything before dropping privileges? For example, a webserver can bind to low ports before dropping privilege. I imagine if the systemd service unit specified running as (eg) www-data, that wouldn't work. I don't know the details, but I think systemd can open the ports and transparently pass them to the unprivileged process when it is spawned without any data loss, in a similar way to the inetd stuff used to work. http://0pointer.de/blog/projects/socket-activation.html I confess I haven't read all that, and don't know the details of socket activation. But I think the service in question needs to be aware of it, doesn't it? It doesn't apply to wrapping a systemd service unit around an existing server. The nginx unit, for example, doesn't set a user, but a user is set in the nginx config file so it can drop privs. I'm happy to be corrected :-) Richard
Re: Question about writing systemd unit for old package
On 18/05/21 11:58 am, Paul Wise wrote: On Mon, May 17, 2021 at 12:51 PM Khoa Tran Minh wrote: A related question: The binary itself can drop privilege and run as non-root, then should I use that native feature or use systemd User= when writing a default config/unit ? I would suggest to use systemd features for this. Does that not depend on whether it does anything before dropping privileges? For example, a webserver can bind to low ports before dropping privilege. I imagine if the systemd service unit specified running as (eg) www-data, that wouldn't work. Cheers, Richard
Re: Bug#979661: RFS: fonts-agave/37-1 -- monospaces programming font
On 10/01/21 9:03 am, Gürkan Myczko wrote: Package: sponsorship-requests Severity: normal Dear mentors, I am looking for a sponsor for my package "fonts-agave": fonts-agave - monospaces programming font That should probably be 'monospaced'. Richard
Re: Bug#922197: RFS: worklog/2.0-1 -- Keep Track of Time worked on Projects
On 13/02/19 6:57 PM, Adam Bilbrough wrote: > I am looking for a sponsor for my package "worklog" > > Package name: worklog > Version: 2.0-1 > Upstream Author: Adam Bilbrough > URL: https://github.com/atsb/worklog That site says the author is Truxton Fulton? Richard
Re: debconf with locally derived options
On Sat, 2010-11-20 at 17:30 +, Jonathan Wiltshire wrote: > On Sat, Nov 20, 2010 at 08:36:35PM +1300, Richard Hector wrote: > > One example would be configuring a daemon, and asking which of the > > configured IP addresses of the machine it should listen on. Obviously > > the packager has no idea what IP addresses are going to be on the target > > machine, so can't list them in templates. I would therefore want to > > generate the list on the fly, and present them as options to the user. > > I recall that some packages do do this, and the first example that comes to > mind is postfix. Take a look at the config, templates and postinst files in > that package. Thanks - there's a lot to go through there, but it's definitely pointing me in the right direction :-) Richard -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1290311031.17306.2.ca...@topaz.wgtn.cat-it.co.nz
debconf with locally derived options
Hi all, Is it possible for debconf, in the config file, to ask questions to which the answer is one of several that make sense on the local system, but couldn't be put in the templates file? One example would be configuring a daemon, and asking which of the configured IP addresses of the machine it should listen on. Obviously the packager has no idea what IP addresses are going to be on the target machine, so can't list them in templates. I would therefore want to generate the list on the fly, and present them as options to the user. Thanks, Richard -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1290238595.27475.8.ca...@topaz.wgtn.cat-it.co.nz
Re: deploying package with NFS
On Tue, 2010-10-19 at 15:50 +1100, Ben Finney wrote: > Richard Hector writes: > > > We've run into an issue here, when we deploy a package (created > > in-house) on a system that uses NFS for some filesystems. Due to > > root-squashing, the postinst can't create or chmod/chown the files it > > needs to. > > You'll likely get better information if you say which paths are > problematic, and which filesystems are NFS mounted. True - we mount /var/lib/sitedata, and there is a subdirectory of that for each website. > > In the meantime, I would guess that either or both of the following are > true: > > * You're using Debian packaging to install files to paths that really > shouldn't be touched by the Debian packaging system. > > * You're root-squashing filesystems that need root access. > > > I was wondering though whether this issue is normally considered when > > making a package? Or is root just assumed to be able to write > > anywhere? > > If the files are installed on a host from an OS package, it would be > best for that host to have the filesystems mounted locally. That must be > true for at least one host on your network, no? The host that has it mounted locally does not have the package installed. We have several webservers in an LVS cluster that need to access shared data, on a dedicated fileserver. > > The packages in question are web sites; we find that's the easiest way > > to deploy them. > > You might simply be using Debian's packaging system for a purpose > contrary to its design. True as well. We may well just have to use a local workaround. I thought it was policy though that several paths are supposed to be usable when remote mounted (like the whole of /usr, even?) - but perhaps they can't be root-squashed. Or perhaps all updates are supposed to be done on the NFS server. Thanks, Richard -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1287464274.8507.24.ca...@topaz.wgtn.cat-it.co.nz
deploying package with NFS
Hi all, We've run into an issue here, when we deploy a package (created in-house) on a system that uses NFS for some filesystems. Due to root-squashing, the postinst can't create or chmod/chown the files it needs to. We can probably avoid it by having the postinst su to the user that will own the files, and creating them like that, and not using the usuall installation modules. I was wondering though whether this issue is normally considered when making a package? Or is root just assumed to be able to write anywhere? The packages in question are web sites; we find that's the easiest way to deploy them. Regular debian packages don't go on NFS in our systems, so they aren't an issue for us. Thanks, Richard -- To UNSUBSCRIBE, email to debian-mentors-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1287459964.8507.5.ca...@topaz.wgtn.cat-it.co.nz
