[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bug#824884: netbase: should not recommend ifupdown

On Tue, May 24, 2016, at 13:03, Ansgar Burchardt wrote:
> On Tue, 2016-05-24 at 11:43 -0300, Henrique de Moraes Holschuh wrote:
> > On Tue, May 24, 2016, at 10:01, Simon McVittie wrote:
> > > On Tue, 24 May 2016 at 09:08:11 -0300, Henrique de Moraes Holschuh
> > > wrote:
> > > > Whatever we do, we absolutely must bring up a fully configured
> > > > loopback
> > > > interface by default.
> > > Happily, our default init system already does that.
> > We need to ensure any non-default ones also do that before we drop
> > ifupdown from "recommends", because ifupdown + default
> > /etc/network/interfaces is the fallback that ensures the loopback
> > will be up.
> 
> We are not talking about removing "ifupdown" from the default
> installation which includes all "Priority: important" packages (which
> happens to include both netbase and ifupdown).
> 
> The only installations affected are debootstrap's "minbase" and
> "buildd" variants: these only install "Priority: required" packages and
> select extra packages (apt and, for buildd, build-essential).  These
> would no longer pull in "ifupdown" if "netbase" is installed.

As far as I am concerned, ensuring the "master namespace" loopback is
configured and up is actually required behavior and it should be
enforced by something stronger than "priority important" packages being
installed.  Systemd got this right.

So, yes, I do think it would be best were it done by something in the
initscripts package, since systemd is already doing it by itself as
well.

Also, it is "probably not ok" (as in I fully expect we will end up with
people filling severity critical bugs should we do otherwise) to allow
ifupdown (and likely netbase) to get uninstalled anywhere it was
automatically installed, unless we ensure something else will take up
their job.   This is not even related to configuring the loopback, but
rather to /etc/network/interfaces processing, as well as /etc/services.

People sometimes trigger firewall setup and other supplementary
network-related setup  using the loopback entry in
/etc/network/interfaces, because it is guaranteed to happen at the
exactly the right time during boot and fully serialized with other
interface bring-up.  And people do configure network services using
names from /etc/services instead of hard-coding port numbers (sometimes
by not specifying a port number in the first place, and the
service/daemon/application using the IANA-assigned service *name* in
that case to look up the port number). 

That said, I don't expect this to be a real problem right now, but it is
something to keep in mind.  Obviously, it is not going to be an issue
for new installs, but it could be for the next stable upgrade.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique de Moraes Holschuh <hmh@debian.org>
Reply to: