From: Bruce S. <bw...@ar...> - 2005-02-18 14:09:36
|
The talk about "su" vs. "ksu" and such gave me a hair brained idea about something new we could do in 1.3 (maybe). This idea makes one assumption: There are certain packages on DL that don't make sense to run without a hard drive. For example, these packages might fit into that category: Apache, vsftp, Samba, MySQL, Postgresql, Postfix, Cyrus (and other mail servers), heimdal?, and probably other software ... My idea is to expand menuconfig, and the install process for some software, to include a third option. Instead of just Y/N to select the package to be installed (or not), include a third option of "P" to build the software as a "package" that could be optionally installed to the hard drive. That would produce a tarball and an install script on the CD Then the software could be optionally installed on the hard drive (instead of installing in the CDROM tree). This would also give us the ability to update some individual packages without a whole new CD. And would give people an easier way to install their own software on DL. It would also enhance security, as these tarballs would only be readable by root, so uninstalled software would not be accessible to ordinary users. (heimdal could not be installed by default, and it's "su" not accessible to anyone) There are a lot of details we'd have to work out, like where to install on the hard drive, but let's see what everyone thinks about the basic idea before we get lost in too many details. - BS |
From: Heiko Z. <he...@zu...> - 2005-02-18 15:29:07
|
> The talk about "su" vs. "ksu" and such gave me a hair brained idea about > something new we could do in 1.3 (maybe). > > This idea makes one assumption: There are certain packages on DL that > don't make sense to run without a hard drive. For example, these > packages might fit into that category: Apache, vsftp, Samba, MySQL, > Postgresql, Postfix, Cyrus (and other mail servers), heimdal?, and > probably other software ... > > My idea is to expand menuconfig, and the install process for some > software, to include a third option. Instead of just Y/N to select the > package to be installed (or not), include a third option of "P" to build > the software as a "package" that could be optionally installed to the > hard drive. That would produce a tarball and an install script on the > CD Then the software could be optionally installed on the hard drive > (instead of installing in the CDROM tree). > > This would also give us the ability to update some individual packages > without a whole new CD. And would give people an easier way to install > their own software on DL. > > It would also enhance security, as these tarballs would only be readable > by root, so uninstalled software would not be accessible to ordinary > users. (heimdal could not be installed by default, and it's "su" not > accessible to anyone) > > There are a lot of details we'd have to work out, like where to install > on the hard drive, but let's see what everyone thinks about the basic > idea before we get lost in too many details. Hmmmmm...... We could certainly make something out of this idea. -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-02-18 16:19:10
|
> > My idea is to expand menuconfig, and the install process for some > > software, to include a third option. Instead of just Y/N to select the > > package to be installed (or not), include a third option of "P" to build > > the software as a "package" that could be optionally installed to the > > hard drive. That would produce a tarball and an install script on the > > CD Then the software could be optionally installed on the hard drive > > (instead of installing in the CDROM tree). > > ... > > There are a lot of details we'd have to work out, like where to install > > on the hard drive, but let's see what everyone thinks about the basic > > idea before we get lost in too many details. > > Hmmmmm...... > We could certainly make something out of this idea. OK, let's hash this out and see if it might work. First we need some partition on the hard drive to install software. I don't care what it's named, so let's install under /opt until someone has a better idea. Most software now gets installed under tmp/tmp/... and then copied to the CD tree. Instead of copying it to the CD tree, the "P" (package) menuconfig option tells the install script to tar up tmp/tmp/... and put the tar file(s) on the CD under the /packages directory (or whatever you want to call it). I'm thinking we should probably create two tar files, one for /etc files and one for hard drive files. That way people could upgrade to a new version of Apache (or whatever) by simply "rm -fr /opt/apache2/" and untaring the new package, without changing their config files. We have to worry about $PATH and libraries. I'm thinking we could probably add the library path to ld.so.conf when needed and add paths in /etc/profile.d/apache2. How's that for a start? :-) - BS |
From: Heiko Z. <he...@zu...> - 2005-02-20 02:51:17
|
Bruce Smith wrote: >>>My idea is to expand menuconfig, and the install process for some >>>software, to include a third option. Instead of just Y/N to select the >>>package to be installed (or not), include a third option of "P" to build >>>the software as a "package" that could be optionally installed to the >>>hard drive. That would produce a tarball and an install script on the >>>CD Then the software could be optionally installed on the hard drive >>>(instead of installing in the CDROM tree). >>>... >>>There are a lot of details we'd have to work out, like where to install >>>on the hard drive, but let's see what everyone thinks about the basic >>>idea before we get lost in too many details. >>> >>> >>Hmmmmm...... >>We could certainly make something out of this idea. >> >> > >OK, let's hash this out and see if it might work. > >First we need some partition on the hard drive to install software. >I don't care what it's named, so let's install under /opt until someone >has a better idea. > >Most software now gets installed under tmp/tmp/... and then copied to >the CD tree. Instead of copying it to the CD tree, the "P" (package) >menuconfig option tells the install script to tar up tmp/tmp/... and put >the tar file(s) on the CD under the /packages directory (or whatever you >want to call it). > >I'm thinking we should probably create two tar files, one for /etc files >and one for hard drive files. That way people could upgrade to a new >version of Apache (or whatever) by simply "rm -fr /opt/apache2/" and >untaring the new package, without changing their config files. > >We have to worry about $PATH and libraries. I'm thinking we could >probably add the library path to ld.so.conf when needed and add paths >in /etc/profile.d/apache2. > >How's that for a start? :-) > > (sorry for the late response) It actually sounds pretty straight forward. I'm a little afraid of how many DL version we would have to release. Some people would prefer having everything on their CD because it's more secure, others would like the package option.... -- Regards Heiko Zuerker http://www.devil-linux.org |
From: MickeyByte <mic...@gm...> - 2005-02-20 13:25:31
|
> It actually sounds pretty straight forward. > I'm a little afraid of how many DL version we would have to release. > > Some people would prefer having everything on their CD because it's more > secure, others would like the package option.... > Hi, I think that's indead a great idea. Concerning the different DL versions, another solution is possible. Here's what I have in mind: You make a basic DL version including all necessary utilities that a firewall nowadays has. Apart from that, you could put additional packages on the website, including the modified installation scripts for DL. Then, if anyone wants to use for exampel Apache on his firewall, he could download the package from the website, put it in a directory on the firewall (eg /var/opt/packages) en start the install script. Maybe you can then also change the UI for services that exists now, to check what packages are in that directory en built up the list dynamically and also install them from there. Or you could even retrieve a list of available packages from the web, and even download and install them automatically (oops, better get my feet back on the ground!) It's just an idea, I'm not a developper, so I have no idea if it's technical possible (well, sure it is, but...) Regards, Michiel Peene |
From: Heiko Z. <he...@zu...> - 2005-02-20 15:56:38
|
MickeyByte wrote: >>It actually sounds pretty straight forward. >>I'm a little afraid of how many DL version we would have to release. >> >>Some people would prefer having everything on their CD because it's more >>secure, others would like the package option.... >> >> >> > >Hi, > >I think that's indead a great idea. >Concerning the different DL versions, another solution is possible. >Here's what I have in mind: >You make a basic DL version including all necessary utilities that a >firewall nowadays has. > > That's always a problem to define those. But we could say, everything which doesn't need a harddisk. But I think we would stiil need to provide a everything-on-CD version. >Apart from that, you could put additional packages on the website, >including the modified installation scripts for DL. Then, if anyone >wants to use for exampel Apache on his firewall, he could download the >package from the website, put it in a directory on the firewall (eg >/var/opt/packages) en start the install script. >Maybe you can then also change the UI for services that exists now, to >check what packages are in that directory en built up the list >dynamically and also install them from there. Or you could even >retrieve a list of available packages from the web, and even download >and install them automatically (oops, better get my feet back on the >ground!) > >It's just an idea, I'm not a developper, so I have no idea if it's >technical possible (well, sure it is, but...) > > It's actually all do-able, but it could turn into a security and/or maintenance nightmare. Don't forgett that we currently only have 2 active Core-Developers. -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-02-21 03:26:48
|
> It actually sounds pretty straight forward. > I'm a little afraid of how many DL version we would have to release. > > Some people would prefer having everything on their CD because it's more > secure, others would like the package option.... Yeah, that would be too much work. If we decided to go this route, we could keep it simple by changing server packages to only run from the hard drive (CD is not even an option). But I'm not sure how many people would complain that's not secure enough. - BS |
From: Heiko Z. <he...@zu...> - 2005-02-21 03:34:57
|
Bruce Smith wrote: >>It actually sounds pretty straight forward. >>I'm a little afraid of how many DL version we would have to release. >> >>Some people would prefer having everything on their CD because it's more >>secure, others would like the package option.... >> >> > >Yeah, that would be too much work. If we decided to go this route, we >could keep it simple by changing server packages to only run from the >hard drive (CD is not even an option). But I'm not sure how many people >would complain that's not secure enough. > > I would complain. ;-) -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-02-21 13:39:08
|
> >Yeah, that would be too much work. If we decided to go this route, we > >could keep it simple by changing server packages to only run from the > >hard drive (CD is not even an option). But I'm not sure how many people > >would complain that's not secure enough. > > I would complain. ;-) There's always one in the crowd ... :-) - BS |
From: Heiko Z. <he...@zu...> - 2005-02-22 16:57:41
|
>>> Yeah, that would be too much work. If we decided to go this route, >>> we could keep it simple by changing server packages to only run from >>> the hard drive (CD is not even an option). But I'm not sure how many >>> people would complain that's not secure enough. >> >> I would complain. ;-) >> > > There's always one in the crowd ... :-) I'm just glad that I have a loud enough voice here. ;-) Let's not remove the option for including stuff on the CD. We should also take this opportunity to make sure our install script support both ways, without adding to much overhead. Something like installing into a temporary location and a generic script copies all the stuff into the right place, depending on the configuraton options. -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-02-22 18:15:33
|
> >>> Yeah, that would be too much work. If we decided to go this route, > >>> we could keep it simple by changing server packages to only run from > >>> the hard drive (CD is not even an option). But I'm not sure how many > >>> people would complain that's not secure enough. > >> > >> I would complain. ;-) > > > > There's always one in the crowd ... :-) > > I'm just glad that I have a loud enough voice here. ;-) > Let's not remove the option for including stuff on the CD. How long before we have to switch from a CD distro to a DVD distro? If we duplicate enough packages, it may be sooner than we want! :-) > We should also take this opportunity to make sure our install script > support both ways, without adding to much overhead. Something like > installing into a temporary location and a generic script copies all the > stuff into the right place, depending on the configuraton options. What's the current status of 1.3? What still doesn't compile? - BS |
From: Heiko Z. <he...@zu...> - 2005-02-22 19:01:14
|
>>>>> Yeah, that would be too much work. If we decided to go this >>>>> route, we could keep it simple by changing server packages to only >>>>> run from the hard drive (CD is not even an option). But I'm not >>>>> sure how many people would complain that's not secure enough. >>>> >>>> I would complain. ;-) >>>> >>> >>> There's always one in the crowd ... :-) >>> >> >> I'm just glad that I have a loud enough voice here. ;-) >> Let's not remove the option for including stuff on the CD. >> > > How long before we have to switch from a CD distro to a DVD distro? > If we duplicate enough packages, it may be sooner than we want! :-) I don't mean duplicate packages, but give the choice in menuconfig to either include it on the CD directly, or as a tarball. >> We should also take this opportunity to make sure our install script >> support both ways, without adding to much overhead. Something like >> installing into a temporary location and a generic script copies all >> the stuff into the right place, depending on the configuraton options. > > What's the current status of 1.3? What still doesn't compile? I actually can't tell, most of the stuff does compile by now. I don't have much time at the moment, so I didn't work a lot on 1.3 -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Bruce S. <bw...@ar...> - 2005-02-22 19:08:41
|
> >> Let's not remove the option for including stuff on the CD. > > > > How long before we have to switch from a CD distro to a DVD distro? > > If we duplicate enough packages, it may be sooner than we want! :-) > > I don't mean duplicate packages, but give the choice in menuconfig to > either include it on the CD directly, or as a tarball. What would be the default selections for the ISO's for download on sourceforge and the FTP site? - BS |
From: Heiko Z. <he...@zu...> - 2005-02-22 19:58:28
|
>>>> Let's not remove the option for including stuff on the CD. >>>> >>> >>> How long before we have to switch from a CD distro to a DVD distro? >>> If we duplicate enough packages, it may be sooner than we want! :-) >>> >> >> I don't mean duplicate packages, but give the choice in menuconfig to >> either include it on the CD directly, or as a tarball. > > What would be the default selections for the ISO's for download on > sourceforge and the FTP site? That's the big question which we would have to figure out. It's important that we choose what most users want. -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Jean-Luc P. <Jea...@ib...> - 2005-02-22 22:10:17
|
Heiko Zuerker wrote: >>>>>Let's not remove the option for including stuff on the CD. >>>>> >>>>> >>>>> >>>>How long before we have to switch from a CD distro to a DVD distro? >>>>If we duplicate enough packages, it may be sooner than we want! :-) >>>> >>>> >>>> >>>I don't mean duplicate packages, but give the choice in menuconfig to >>>either include it on the CD directly, or as a tarball. >>> >>> >>What would be the default selections for the ISO's for download on >>sourceforge and the FTP site? >> >> > >That's the big question which we would have to figure out. >It's important that we choose what most users want. > > > Hum, there is a lot of place on a cd... so there is no space problem today ;-) Only have data on the local disk and a fully static cd is a nice simplification... If we want to build easly some small Devil (for usb key ?) , we could just define some differents profiles and have a very simple build procedures... I think that actualy, there is just one "default" profile... we could imagine many profiles: firewall, ldap server, apache server, etc. So, on the ftp, we could propose all of the *predefined* Devil... (from mini Devil to Maxi Devil ;-) "...And, now, something totaly different ;-)" I try to add pam and ldap and I have a funny problem... - openldap need cyrus-sasl - cyrus-sasl need openldap So, the only way I found is to compile cyrus too times, one without ldap (before openldap) and a second time, during the build process... Is it the good appoach ? I'd prefer to be sure before sending my pam/ldap patches ;-) - pjluc -- Jean-Luc Parouty - Phone: +33 4 387 823 90 Institut de Biologie Structurale-CNRS (UMR 5075)/CEA/UJF - IBS 41 Av. Jules Horowitz - 38027 Grenoble Cedex 1 - France |
From: Heiko Z. <he...@zu...> - 2005-02-22 22:45:18
|
> Heiko Zuerker wrote: > > >>>>>> Let's not remove the option for including stuff on the CD. >>>>>> >>>>>> >>>>>> >>>>>> >>>>> How long before we have to switch from a CD distro to a DVD >>>>> distro? If we duplicate enough packages, it may be sooner than we >>>>> want! :-) >>>>> >>>>> >>>>> >>>> I don't mean duplicate packages, but give the choice in menuconfig >>>> to either include it on the CD directly, or as a tarball. >>>> >>>> >>> What would be the default selections for the ISO's for download on >>> sourceforge and the FTP site? >>> >>> >> >> That's the big question which we would have to figure out. >> It's important that we choose what most users want. >> >> >> >> > Hum, there is a lot of place on a cd... so there is no space problem > today ;-) Only have data on the local disk and a fully static cd is a nice > simplification... > > If we want to build easly some small Devil (for usb key ?) , we could > just define some differents profiles and have a very simple build > procedures... I think that actualy, there is just one "default" profile... > we could imagine many profiles: firewall, ldap server, apache server, etc. > So, on the ftp, we could propose all of the *predefined* Devil... (from > mini Devil to Maxi Devil ;-) > > "...And, now, something totaly different ;-)" You see, the discussions already start. ;-) I think we should do a BYOFDL. > I try to add pam and ldap and I have a funny problem... > - openldap need cyrus-sasl > - cyrus-sasl need openldap Currently it works without those dependencies, are you changing something in those scripts? > So, the only way I found is to compile cyrus too times, one without ldap > (before openldap) and a second time, during the build process... > Is it the good appoach ? > I'd prefer to be sure before sending my pam/ldap patches ;-) I'd prefer if we can avoid doing something like this. -- Regards Heiko Zuerker http://www.devil-linux.org |
From: Jean-Luc P. <Jea...@ib...> - 2005-02-22 23:35:21
|
Heiko Zuerker wrote: > (...) > >>I try to add pam and ldap and I have a funny problem... >>- openldap need cyrus-sasl >>- cyrus-sasl need openldap >> >> > >Currently it works without those dependencies, are you changing something >in those scripts? > > Of course :-) I patched the cyrus-sasl script to add the --with-pam and --with-ldap to the configure If we want to make a pop/imap server with an ldap authentification, we need the --with-ldap >>So, the only way I found is to compile cyrus too times, one without ldap >>(before openldap) and a second time, during the build process... >>Is it the good appoach ? >>I'd prefer to be sure before sending my pam/ldap patches ;-) >> >> > >I'd prefer if we can avoid doing something like this. > Sure, but I'm alfraid that this problem could appear somewere else... Sorry, but I have another question... I just receive two Dell optiplex 280, with... SATA The bios "combination" mode is supposed to give an ide compatibility, but it doesn't works fine... (I will re-test my cvs version tomorow) Is there something new for sata support in the 2.6.x kernel of 1.3 ? - pjluc -- Jean-Luc Parouty - Phone: +33 4 387 823 90 Institut de Biologie Structurale-CNRS (UMR 5075)/CEA/UJF - IBS 41 Av. Jules Horowitz - 38027 Grenoble Cedex 1 - France |