[M-F-T set to -devel and my email] Hi,
I claim DEP-9 for a proposal on inetd.conf updates by maintainer scripts. This proposal is the evolution of one I've made over a year ago, and takes into account the criticism and suggestions made at the time. FWIW I've contacted privately those that were against the old proposal, a while ago, to give them the opportunity to voice their opinion on this new version, and the only reply I've received was rather positive, so here it is for further discussion. Appended below the DEP itself -- please follow up to -devel. Cheers, Serafeim Title: inet-superserver configuration by maintainer scripts DEP: 9 State: DRAFT Date: 2011-02-28 Drivers: Serafeim Zanikolas <s...@debian.org> URL: http://dep.debian.net/deps/dep8 License: http://www.jclark.com/xml/copying.txt Abstract: Motivation, requirements and functional overview of a successor configuration tool for inetd superservers. [[!toc ]] # Introduction The inet-superserver facility (typically provided by the openbsd-inetd package) listens to certain sockets and invokes the right server upon the arrival of an incoming request. Servers that are meant to be invoked by inetd must add a service entry to /etc/inetd.conf upon package installation (and remove the entry upon package purge). Maintainer scripts that modify inetd.conf must currently do so using a utility called update-inetd, as per Policy 11.2. However, update-inetd has a problematic interface that leads to several kinds of bugs, including cross-package ones. Fixing update-inetd is largely a matter of fixing its interface, which would break backwards-compatibility. With that cost as a given (ie. the cost of revising all maintainer scripts of update-inetd's reverse-depends), one might as well create a successor tool with a cleaner interface. This DEP proposes such a successor inetd configuration tool, hereafter called reconf-inetd. reconf-inetd, in addition to providing the existing functionality, must meet the following requirements: * the standard configuration files of inetd and xinetd must remain the authoritative files; * the solution must not change the way system administrators configure inetd, and must have no impact on maintainers of "Provides: inet-superserver" packages; * reconf-inetd must be capable of co-existing with update-inetd, so as to allow a gradual transition. Note that the first requirement above implies that inetd.conf entries that have been (i) added by reconf-inetd and (ii) were subsequently modified by the user, shall not be removed even on package purge. # Motivation The main problem of update-inetd is that the service entry to be enabled, disabled or removed, is selected in terms of a service name, such as "ftp". This limitation typically leads to cross-package bugs because of the difficulty to distinguish between independent implementations (eg. ftpd-ssl versus proftpd), or an ipv4 versus an ipv6 implementation of the same kind of service. As an example, in #168847, ftpd-ssl's invocation of update-inetd enables the service entry of (the previously uninstalled) proftpd because both packages' entries have an "ftp" service name. As of now, one can try to avoid the above problem as follows. A maintainer script may (i) further specify the acted-upon service entry in terms of a regular expression (which is matched against the whole service entry, instead of just the service name); (ii) override the default comment-prefix ("#<off># "), to distinguish service entries of different packages that provide the same kind of service (eg. "#<off-ftpd-ssl-ipv4># " vs "#<off-proftpd-ipv4># "). These features work when used correctly, but at the cost of fragile logic in maintainer scripts. To summarise, the interface of update-inetd is inadequate in that it does not require that the following three elements are specified to select an entry: service name, protocol type, and path to server program. A secondary issue, but nevertheless one that would be nice to solve, is support for configuration updates of xinetd (#8927). xinetd has a relatively low popcon but one could argue that that may be the case because it is not well integrated in Debian. # Outline of reconf-inetd operation reconf-inetd will operate similarly to update-inetd, ie. add, remove, enable and disable service entries in /etc/inetd.conf. The main difference is that where update-inetd uses command-line arguments, reconf-inetd will use xinetd.conf(5) configuration fragments under /usr/share/reconf-inetd (hereafter called reconf-inetd fragments, for brevity). Moreover, reconf-inetd will be invoked via a dpkg trigger, as opposed to from maintainer scripts. With reconf-inetd, inet-superserver configuration will occur as follows: * reconf-inetd will provide the directory /usr/share/reconf-inetd, and declare a dpkg trigger for that directory * server packages that can use inetd, will depend on reconf-inetd and install a reconf-inetd fragment in /usr/share/reconf-inetd * reconf-inetd will be invoked via a dpkg trigger to update /etc/inetd.conf using the fragments in /usr/share/reconf-inetd An inetd.conf service entry will be considered to be "matching" a reconf-inetd fragment when the following fields are equal: service name, protocol, and server program. In reconf-inetd fragments with "flags = NAMEINARGS" (eg. a tcpd service entry), the actual server path will be extracted from the server_args field, as per xinetd.conf(5). Upon adding an entry to inetd.conf, reconf-inetd will make a shadow copy of the related reconf-inetd fragment under /var/lib/reconf-inetd. This would allow to determine the following after the uninstallation of the related package: * to identify inetd.conf entries that have been added by reconf-inetd (as opposed to update-inetd or a user) * to determine whether an inetd.conf entry, that has been previously added by reconf-inetd, is intact or has had local modifications All reconf-inetd fragments will be considered enabled, regardless of the value of the "disable" field, if such field exists. Servers that support inetd mode but default to standalone operation must therefore not install a reconf-inetd fragment (and should instead provide a sample inetd.conf entry that the user has to add manually to /etc/inetd.conf). /etc/inetd.conf (and /etc/xinetd.d) will remain the authoritative configuration file for inetd (and xinetd). reconf-inetd fragments are only meant for updating the standard configuration files. An invocation of reconf-inetd (because of a fragment being installed or removed from /usr/share/reconf-inetd) may result in a modification of /etc/inetd.conf as summarised in the table below. <pre> | server | status of | matching | shadow | reconf-inetd | program | inetd.conf | reconf-inetd | fragment | action | exists | entry | fragment | status | ---+---------+------------+--------------+------------+----------- 0| no | disabled | no | identical | remove 1| no | enabled | no | identical | remove ---+---------+------------+--------------+------------+----------- 2| yes | disabled | yes | different | enable 3| yes | disabled | yes | identical | enable ---+---------+------------+--------------+------------+----------- 4| yes | missing | yes | n/a | add ---+---------+------------+--------------+------------+----------- 5| commented-out inetd.conf entry | none ---+---------+------------+--------------+------------+----------- 6| any other combination | none </pre> An inetd.conf entry is considered disabled when it starts with "#<off># ", and disabled by a user when commented-out simply with '#'. A shadow fragment status (ie. the fragment under /var/lib/reconf-inetd) is considered identical to a matching inetd.conf entry, by comparing the server arguments, if any. Follows a detailed description of the aforementioned scenarios. * an non-commented-out inetd.conf entry will be removed, regardless of whether it is enabled or disabled, when it: - refers to a non-existing server file - has no matching reconf-inetd fragment - is identical to a matching shadow fragment * a disabled inetd.conf entry will be enabled when it - refers to an existing server file - it has a matching reconf-inetd fragment - and a matching shadow fragment (identical or not) * a new inetd.conf entry will be added when there exists a reconf-inetd fragment that: - refers to an existing server file - has no matching (enabled, disabled, commented-out or not) inetd.conf entry - has a matching reconf-inetd fragment # Transition of "Depends: update-inetd" packages A time-limited transition is not a strict requirement, since reconf-inetd and update-inetd can co-exist without problems. Server packages that depend on update-inetd can be converted as follows: * remove any references of update-inetd in post{inst,rm} scripts; * install a reconf-inetd fragment in /usr/share/reconf-inetd, as a regular file (ie. not as a conffile); * replace the dependency on update-inetd with one on reconf-inetd # xinetd support xinetd configuration with reconf-inetd will become trivial because server packages will have to ship reconf-inetd (ie. xinetd.conf(5) compatible) fragments anyway. Synchronisation between inetd.conf and reconf-inetd fragments is outside this DEP's scope. The fact that inetd.conf (and /etc/xinetd.d) remains the authoritative configuration file implies that any synchronisation requires a user-initiated action, and is thus best implemented as a separate tool. # Open issues According to rules 0 and 1 in the previously listed table, reconf-inetd does not distinguish between package removal and purge. In other words, /etc/inetd.conf entries that were added by reconf-inetd will be removed upon package removal, as long as they have not been locally modified. Making this distinction so that unmodified inetd.conf entries are removed only upon package purge is possible but would incur some extra runtime overhead (to find the package in which a reconf-inetd fragment belongs to, and the package's state (uninstalled or purged)). -- Every great idea is worthless without someone to do the work. --Neil Williams
signature.asc
Description: Digital signature