Re: policy for shipping sysctl.d snippets in packages?

To: Henrique de Moraes Holschuh <hmh@debian.org>
Cc: debian-devel@lists.debian.org
Subject: Re: policy for shipping sysctl.d snippets in packages?
From: Evgeni Golov <evgeni@debian.org>
Date: Sun, 23 Apr 2017 18:21:36 +0200
Message-id: <[🔎] 20170423162136.hcvmdwdgiino26xw@nana.phantasia.die-welt.net>
In-reply-to: <[🔎] 20170423120845.GA12266@khazad-dum.debian.net>
References: <[🔎] 20170423101658.diqp4ubgzyhq7wbx@nana.phantasia.die-welt.net> <[🔎] 20170423120845.GA12266@khazad-dum.debian.net>

On Sun, Apr 23, 2017 at 09:08:45AM -0300, Henrique de Moraes Holschuh wrote:
> On Sun, 23 Apr 2017, Evgeni Golov wrote:
> > Both, procps and systemd support (/usr)?/lib/sysctl.d/*.conf, however only
> > one package (systemd-coredump) uses it, all others drop files in
> > /etc/sysctl.d.
> 
> Please drop it in /etc, debhelper/dh should mark it as conffile and
> everything will work.

It would, yeah.

> Alternatively, use ufc (refer to ucf(1) and its documentation if you are
> not used to ucf.  Help is also available at debian-mentors@l.d.o), and
> handle it as a configuration file in /etc managed through ucf and
> package maintainer scripts.
> 
> > Some packages also trigger "sysctl -q -p <file>" in their postinst, but
> > most do not.
> 
> What to do here is decided on a case-by-case basis, I suppose.

Sure, but I was looking for some general purpose advise we could include in
our documentation. And IMHO the default should be apply-on-install?

> > My gut feeling is that droping the file to /usr/lib and allowing the admin
> > to override it later via /etc. And then load it in postinst.
> 
> Drop it in /etc where it belongs, and let the maintainer to modify or
> override (by deleting, even).

s/maintainer/admin/ I guess?

> Leave the /usr/lib overriden by /etc thing alone.

Why do we support it then? And document in sysctl.d(5)? Granted, the file is
from src:systemd, but procps also supports it since 5 years [1].

> > But this does not account for the fact that this specific tunable may be
> > already overriden in another sysctl.d file and the package would reset
> > it to a lower value?
> 
> Yes.  If you use ucf instead of the builtin dpkg conffile management,
> you can do something much better:
> 
> 
> 1. read current levels (using sysctl, not directly).
> 
> 2. if they are above the default, don't change the state of the system:
>    if your config file is there, let ucf handle its update normally.  if
>    your config file is *NOT* there, assume deleted and help ucf a little
>    (ucf can do this by itself most of the time: we have always handled
>    deletion of config files in /etc as an action to be preserved, but
>    *not* at first install)
> 
> 3. if they are at a dangerous level, install your config file to /etc
>    normally, using ucf.  And document that the user needs to reboot
>    somewhere.
> 
> The above is a rough idea.  You are likely to also have to have
> different paths for initial install and upgrade/downgrade.  And if you
> actually activate the new sysctl, you might not be able to do (1) that
> way should it would break indepondence (and complexity would go up a
> great deal).

That sounds like a nice debhelper addon.
Do you know of any packages already doing this?

Cheers
Evgeni

[1] https://gitlab.com/procps-ng/procps/commit/100959274c9d9fa66a570099d4d4a3d6c257fb1f

Reply to:

References:
- policy for shipping sysctl.d snippets in packages?
  - From: Evgeni Golov <evgeni@debian.org>
- Re: policy for shipping sysctl.d snippets in packages?
  - From: Henrique de Moraes Holschuh <hmh@debian.org>

Prev by Date: Re: policy for shipping sysctl.d snippets in packages?
Next by Date: Re: policy for shipping sysctl.d snippets in packages?
Previous by thread: Re: policy for shipping sysctl.d snippets in packages?
Next by thread: Re: policy for shipping sysctl.d snippets in packages?
Index(es):
- Date
- Thread