Re: Can we kill net-tools, please?
Hello,
On Mon, Dec 26, 2016 at 06:57:26PM +0500, Andrey Rahmatullin wrote:
> For the record:
[...]
There's quite alot of cruft around still. I went through the
depends list and my notes/patches are attached.
(Can also be browsed at https://fatal.se/tmp/rm-net-tools/ for now.)
Help with filing bugs welcome. Some usertag to track them would
be nice.
I did not go through build-depends as you did not split them
between linux-any and !linux-any. I guess most of them falls
into either of these:
- build-depends on kfreebsd-any only
- used by testsuite that's unloved.
- leftover no longer needed.
I think we should consider downgrading the priority of net-tools
in Buster.
Potentially a lintian warning for anything that depends on
net-tools (on linux-any atleast) could be a useful motivator
to highlight that maintainers should move away from it.
On the BSD side it would be nice if something like
https://github.com/luigirizzo/netlink-freebsd
could happen so we can get if of the need to carry
net-tools codepaths to support bsd.
Regards,
Andreas Henriksson
From: Andreas Henriksson <andreas@fatal.se>
Subject: drop obsolete net-tools dependency
The net-tools dependency was added because of usage in argus-server
config and postinst. That doesn't seem to be the case anymore, thus
the dependency is no longer needed.
diff -uriNp argus-3.0.8.2/debian/control argus-3.0.8.2.new/debian/control
--- argus-3.0.8.2/debian/control 2016-12-26 16:45:52.147637812 +0100
+++ argus-3.0.8.2.new/debian/control 2016-04-23 18:54:29.000000000 +0200
@@ -8,7 +8,7 @@ Build-Depends: libpcap-dev, libwrap0-dev
Package: argus-server
Architecture: any
Recommends: argus-client
-Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate
+Depends: ${shlibs:Depends}, ${misc:Depends}, logrotate, net-tools
Description: IP network transaction auditing tool
argus is a network transaction auditing tool that allows the user
to easily classify connections using tcpdump(1) compliant expressions.
From: Andreas Henriksson <andreas@fatal.se>
Subject: get rid of net-tools dependency
The dependency was added because ifconfig was used in init script.
The check_network function is likely mostly useless these days as
all systems will have the loopback interface set up atleast.
Only run the check if net-tools is installed....
diff -uri bind9-9.10.3.dfsg.P4/debian/bind9.init bind9-9.10.3.dfsg.P4.new/debian/bind9.init
--- bind9-9.10.3.dfsg.P4/debian/bind9.init 2016-05-04 01:40:36.000000000 +0200
+++ bind9-9.10.3.dfsg.P4.new/debian/bind9.init 2016-12-26 16:38:27.153860242 +0100
@@ -33,7 +33,7 @@
else
IFCONFIG_OPTS=""
fi
- if [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
+ if [ -x /sbin/ifconfig ] && [ -z "$(/sbin/ifconfig $IFCONFIG_OPTS)" ]; then
#log_action_msg "No networks configured."
return 1
fi
diff -uri bind9-9.10.3.dfsg.P4/debian/control bind9-9.10.3.dfsg.P4.new/debian/control
--- bind9-9.10.3.dfsg.P4/debian/control 2016-05-04 01:40:36.000000000 +0200
+++ bind9-9.10.3.dfsg.P4.new/debian/control 2016-12-26 16:42:00.028399482 +0100
@@ -36,8 +36,7 @@
lsb-base (>= 3.2-14),
bind9utils (=${binary:Version}),
liblwres141 (=${binary:Version}),
- libbind9-140 (=${binary:Version}),
- net-tools
+ libbind9-140 (=${binary:Version})
Conflicts: bind, apparmor-profiles (<< 2.1+1075-0ubuntu4)
Replaces: bind, dnsutils (<< 1:9.1.0-3),
apparmor-profiles (<< 2.1+1075-0ubuntu4),
bitlbee-common.config uses netstat.
Dependency is thus valid. Could be ported to 'ss' from iproute2.
chkrootkit (still) uses netstat from net-tools.
The net-tools dependency is valid.
(See also #224029 for background)
An alternative might be to port chkrootkit to use 'ss'
from iproute2 instead of or as an alternative for
netstat.
The net-tools dependency looks valid.
Uses netstat, ifconfig, etc. mostly in test-suite
(so should be a build-dependency instead?) but possibly
also elsewhere.
The dhcp-probe.postinst is (badly) screen-scraping ifconfig
(by for example grepping for interface rather than passing
it as argument to ifconfig).
Very possibly broken with the new format.
Some command suggestions for anyone interested in porting
it to iproute2:
interfaces="$(ip -o link show | cut -d: -f2)"
for i in $interfaces ; do
ether="$(ip link show dev $i | awk '/link.ether/{print $2}')"
primary_ip4="$(ip -4 addr show dev $i primary | awk '/inet /{print $2}')"
done
etc...
Regards,
Andreas Henriksson
No sign of any net-tools utilities used,
likely an outdated dependency.
No information on why it was added in the first place.
============= ifconfig
./src/dtc-panel_autodeploy.sh:IP_ADDR=`ifconfig ${DEFAULT_IF} | grep 'inet addr' | sed 's/.\+inet addr:\([0-9.]\+\).\+/\1/'`
============= route
./debian/dtc-xen.config: GUESSED_GW=`LC_ALL=C route -n | tail -n 1 | awk '{print $2}'`
./debian/dtc-xen.config: GUESSED_MASK=`LC_ALL=C route -n | tail -n 2 | head -n 1 | awk '{print $3}'`
./debian/changelog: * Using LC_ALL=C in various ipcalc and route calls, to make sure that we
./debian/po/nl.po:"Wat is het routeradres gebruikt moet worden voor de netwerkinstellingen van "
./src/dtc-xen_domUconf_standard:ff02::2 ip6-allrouters
./src/dtc-panel_autodeploy.sh:DEFAULT_IF=`/sbin/route | grep default |awk -- '{ print $8 }'`
dyndns.pl uses ifconfig .... valid dependency.
The documentation seems to also be heavily
invested in the ifconfig and route commands.
postinst uses netstat.
Ruby code uses netstat, ifconfig and route in many places.
No usage of net-tools detected, likely the dependency should be dropped.
Note also this debian/changelog entry:
* Remove iproute dependency. It is a isc-dhcp-client dependency and
we do not need a direct dependency.
gnome-nettool is a legacy tool that should likely just
be removed from the archive when possible.
Don't waste your time porting it.
The net-tools dependency seems to be old cruft and should likely be dropped.
(iproute2 dependency already in place.)
Note:
./docs/guestfs-release-notes.pod: - appliance now uses 'ip' instead of 'ifconfig
' and 'netstat'
Needs further investigation.
Multiple scripts using multiple net-tools commands.
Valid dependency.
ifupdown is completely ported to iproute2 already.
Note the dependency restrictions: [kfreebsd-amd64 kfreebsd-i386]
See also https://github.com/luigirizzo/netlink-freebsd
(with netlink support in bsd we should be able to build
iproute2 for them as well I hope)
Code seems to spawn net-tools commands.
There also seems to be (atleast partial) support for iproute2.
Needs investigation if net-tools dependency could be switched
to iproute2 | net-tools.
A perl wrapper for ifconfig, so any revers dependencies
should likely be ported away from it and the package
removed.
Needs investigations.
Perl code uses ifconfig. Valid dependency.
Usefulness of porting this vs switching reverse dependencies
away from it left as an excercise for the reader.
not in stretch.
debian/changelog has entry:
* Now guessed the name of the WAN interface using route (and depends on
net-tools as a consequence).
Doesn't look like it actually uses anything from net-tools.
Already depends on iproute2.
Likely net-tools dependency is old cruft and can be dropped.
Needs further investigations.
openvpn already uses iproute2 on linux-any.
Note: openvpn [kfreebsd-amd64 kfreebsd-i386]
See also https://github.com/luigirizzo/netlink-freebsd
(If bsd supported netlink we should hopefully be able to build
and use iproute2 there as well....)
No obvious usage of net-tools commands.
Note the following paragraph from debian/changelog:
* Bug fix: "pmacct is missing dependency for iproute package", thanks to
f.arthofer@lagis.at (Closes: #423032).
Possibly the net-tools dependency is old cruft left behind after
being ported over to iproute2. Needs further investigations.
Uses ifconfig thus a valid dependency.
Already recommends iproute2.
Usage of net-tools is unclear. Needs further investigations.
./sitesummary-nodes: `/sbin/ifconfig -a > $filename`;
get_unique_ether_id function parses ifconfig output.
Should be easy to port if anyone is interested.
(Already recommends iproute2)
Valid dependency.
./debian/my/FAQ.txt could benefit from being converted
to ip commands.
./debian/snort.config uses ifconfig.
./debian/snort.postinst uses ifconfig.
./debian/README.Debian could benefit from being converted
to ip commands.
Upstream documentation mentions some net-tools commands
in some places.
For anyone motivated this should could be ported without
too much hassle I think.
Valid dependency.
Is the package still relevant?
Needs further investigation.
Too many false positives when grepping the sources.
No obvious usage spotted.
Needs further investigation.
./lib/ff-netstat uses netstat
Could potentially be ported to something else.
Valid dependency.
./src/allmydata/util/iputil.py uses ifconfig.
Should be easy to port to ip.
Valid dependency.
Too many false positive matches while grepping sources.
Needs further investigations.
From: Andreas Henriksson <andreas@fatal.se>
Subject: Only do pre-start port80 check if net-tools is installed
Why not just let the daemon detect if the port is already in use itself?
diff -uri tntnet-2.2.1/debian/control tntnet-2.2.1.new/debian/control
--- tntnet-2.2.1/debian/control 2016-09-25 11:36:10.000000000 +0200
+++ tntnet-2.2.1.new/debian/control 2016-12-26 19:09:49.779411045 +0100
@@ -8,7 +8,7 @@
Package: tntnet
Architecture: any
-Depends: ${shlibs:Depends}, ${misc:Depends}, net-tools, tntnet-runtime (= ${binary:Version})
+Depends: ${shlibs:Depends}, ${misc:Depends}, tntnet-runtime (= ${binary:Version})
Provides: httpd, httpd-cgi
Suggests: tntnet-doc, libtntnet-dev
Description: modular, multithreaded web application server for C++
diff -uri tntnet-2.2.1/debian/tntnet.init tntnet-2.2.1.new/debian/tntnet.init
--- tntnet-2.2.1/debian/tntnet.init 2012-05-26 12:00:56.000000000 +0200
+++ tntnet-2.2.1.new/debian/tntnet.init 2016-12-26 19:09:39.711105685 +0100
@@ -27,7 +27,7 @@
set -e
do_start() {
- if [ "$NO_PORT_CHECK" != true ] && netstat -ln --tcp | grep -c ':80 ' > /dev/null ; then
+ if [ "$NO_PORT_CHECK" != true ] && [ -x /bin/netstat ] && netstat -ln --tcp | grep -c ':80 ' > /dev/null ; then
log_failure_msg "failed, socket in use."
else
start-stop-daemon --start --quiet --pidfile /var/run/$NAME.pid --exec $DAEMON -- $DAEMON_OPTS >/dev/null
Seems heavily invested in legacy cruft, both net-tools commands
like ifconfig, etc. but also vconfig etc.
Valid dependency.
Uses ifconfig and route.
Someone interested should be able to port it to ip(route2).
Valid dependency.
debian/changelog says:
* Added runtime depends on net-tools for watcher-api, as the config is using
/sbin/route.
Not sure if this is still valid.
Needs further investigations.
Reply to: