Re: Serveur with encrypted partition : 2 steps boot.

[Erwan David <erwan@rail.eu.org>]

Le 22/04/2013 01:19, Bob Proulx a écrit :
> Erwan David wrote:
> > Ok, here is a policy-rc.d which does not work :
> Since I led you down this road I set up a test system.  I have been
> using policy-rc.d in chroots seemlingly forever and they definitely
> work there.  They definitely prevent package upgrades from starting
> daemons.
>
>    invoke-rc.d: policy-rc.d denied execution of restart.
>
> But that is through dpkg and postinst scripts.  When I set up a test
> VM system and booted it I was shocked to find that it didn't work.
> Just like you found the daemons were still started at boot time.
>
>    Starting Postfix Mail Transport Agent: postfix.
>
> Am I completely misunderstanding the documentation on this?  Maybe.
> If so then I am sorry for misleading you along with me.  I am
> researching the problem.  I think this is completely against the
> documented interface.
>
> Bob

I added some traces in my policy-rc.d (to a file in /root), and got the 
following resullt :
boot does not use it (should be startpar), /sbin/service does not use 
it, only invoke-rc.d, which seems to be only used in postinst for 
restarting a service.

My solution for the moment is to disable those services (thus losing the 
information about their starting order) through update-rc.d disable 
(which also means each upgrade will now get polluted by messages saying 
their start runlevel are different from default) and starting them from 
my encrypted partition mounting script.