В Tue, 11 Nov 2014 16:37:32 +0100 Stanislav Brabec <sbrabec@suse.cz> пишет:
I would like to open a discussion about use of systemd presets while packaging.
Systemd preset files are preferred way how packages set the default state of services. Preset files are located in /usr/lib/systemd/system-preset directory. %service_add_post is aware of presets, and if the package adds systemd service together with presets, %service_add_post performs one-time set to the preset default state.
Current policy is simple: All presets belongs to: systemd-presets-branding-{product} /usr/lib/systemd/system-preset/90-default-openSUSE.preset and the default to disable all other: /usr/lib/systemd/system-preset/99-default-disable.preset
It makes a lot of sense for packages with optional services, that should be always on, like apache, network servers etc.
But I think that makes less sense for packages that are optional to install, but it they are installed and not active, they are broken. Especially if they are socket activated, the standby state means no more than one socket opened by systemd.
I think the while point of presets is that they are external policy provided by independent authority. If package is going to install preset that always enables some service, package can just as well simply enable it in postinstall script, no?
I have two examples from last weeks: uuidd: Optional socket activated util-linux daemon providing support for UUIDs. pcsc-lite pcscd: Smart Card daemon that is socket activated whenever application attempts to use Smart Card PC/SC API. If it is not enabled, Smart Card access does not work.
Note that it has a security implication: Each package that installs default-on preset, should be audited by security team. Security team would need to watch the whole directory, not only a branding file.
-- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org