[yast-devel] RFC: splitting yast2-core package
Hi all, Currently yast2-core package requires also DBus and PolicyKit packages (because of the DBus service and the DBus agent). This makes updating or compiling the interpreter more complicated and the DBus service is always installed (even when not needed) which is bad from security point of view. So my proposal is to split the package into three parts: - yast2-core - the core interpreter + agents (no DBus or PolicyKit dependency) - yast2-dbus-client - the DBus agent (requires DBus), currently needed by yast2-storage only - yast2-dbus-server - YaST DBus services (require DBus + PolicyKit), needed by WebYast (so it should not be installed by default) I have already prepared the new packages in tmp/lslezak SVN branch, RPMs are in my OBS project (home:lslezak:Factory). Please review the proposal. If there are no objections I'll submit the packages to Factory soon... Thank you. -- Best Regards Ladislav Slezák Yast Developer ------------------------------------------------------------------------ SUSE LINUX, s.r.o. e-mail: lslezak@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Wednesday 29 July 2009 13:18:52 Ladislav Slezak wrote:
Hi all,
Currently yast2-core package requires also DBus and PolicyKit packages (because of the DBus service and the DBus agent).
This makes updating or compiling the interpreter more complicated and the DBus service is always installed (even when not needed) which is bad from security point of view.
Do we really have situations where a system is usable without DBus? At least for openSUSE I'm not aware of a working system without DBus - do you?
So my proposal is to split the package into three parts: - yast2-core - the core interpreter + agents (no DBus or PolicyKit dependency) - yast2-dbus-client - the DBus agent (requires DBus), currently needed by yast2-storage only - yast2-dbus-server - YaST DBus services (require DBus + PolicyKit), needed by WebYast (so it should not be installed by default)
I have already prepared the new packages in tmp/lslezak SVN branch, RPMs are in my OBS project (home:lslezak:Factory).
Please review the proposal. If there are no objections I'll submit the packages to Factory soon...
Andreas -- Andreas Jaeger, aj@{novell.com,opensuse.org} SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
Andreas Jaeger wrote: [...]
This makes updating or compiling the interpreter more complicated and the DBus service is always installed (even when not needed) which is bad from security point of view.
Um, I meant the YaST DBus service, not DBus itself.
Do we really have situations where a system is usable without DBus? At least for openSUSE I'm not aware of a working system without DBus - do you?
The YaST DBus service runs as root, so it should be installed only when really needed... -- Best Regards Ladislav Slezák Yast Developer ------------------------------------------------------------------------ SUSE LINUX, s.r.o. e-mail: lslezak@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Wednesday 29 July 2009 14:02:01 Ladislav Slezak wrote:
Andreas Jaeger wrote: [...]
This makes updating or compiling the interpreter more complicated and the DBus service is always installed (even when not needed) which is bad from security point of view.
Um, I meant the YaST DBus service, not DBus itself.
Ah, thanks now I understand.
Do we really have situations where a system is usable without DBus? At least for openSUSE I'm not aware of a working system without DBus - do you?
The YaST DBus service runs as root, so it should be installed only when really needed...
I agree this change makes sense, Andreas -- Andreas Jaeger, aj@{novell.com,opensuse.org} SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) Maxfeldstr. 5, 90409 Nürnberg, Germany GPG fingerprint = 93A3 365E CE47 B889 DF7F FED1 389A 563C C272 A126
* Andreas Jaeger <aj@novell.com> [Jul 29. 2009 13:49]:
On Wednesday 29 July 2009 13:18:52 Ladislav Slezak wrote:
Hi all,
Currently yast2-core package requires also DBus and PolicyKit packages (because of the DBus service and the DBus agent).
This makes updating or compiling the interpreter more complicated and the DBus service is always installed (even when not needed) which is bad from security point of view.
Do we really have situations where a system is usable without DBus? At least for openSUSE I'm not aware of a working system without DBus - do you?
Splitting off the YaST D-Bus service from the YaST core package makes a lot of sense as we're expecting more changes for the former than the latter. And issueing a yast2-core update every time WebYaST needs a D-Bus service adaption might scare enterprise customers... So I'm all for the split. Klaus --- SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On Wed, Jul 29, 2009 at 01:18:52PM +0200, Ladislav Slezak wrote:
Currently yast2-core package requires also DBus and PolicyKit packages (because of the DBus service and the DBus agent).
This makes updating or compiling the interpreter more complicated and the DBus service is always installed (even when not needed) which is bad from security point of view.
So my proposal is to split the package into three parts: - yast2-core - the core interpreter + agents (no DBus or PolicyKit dependency) - yast2-dbus-client - the DBus agent (requires DBus), currently needed by yast2-storage only - yast2-dbus-server - YaST DBus services (require DBus + PolicyKit), needed by WebYast (so it should not be installed by default)
I have already prepared the new packages in tmp/lslezak SVN branch, RPMs are in my OBS project (home:lslezak:Factory).
Please review the proposal. If there are no objections I'll submit the packages to Factory soon...
Fine with me. Please add yast2-dbus-client to the required packages of yast2-storage. ciao Arvin -- Arvin Schnell, <aschnell@suse.de> Senior Software Engineer, Research & Development SUSE LINUX Products GmbH, GF: Markus Rex, HRB 16746 (AG Nürnberg) -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
On 29.7.2009 13:18, Ladislav Slezak wrote:
Please review the proposal. If there are no objections I'll submit the packages to Factory soon...
JFYI: The packages have been submitted to YaST:Head and Factory. (yast2-core-2.18.17, yast2-dbus-client-2.18.0 and yast2-dbus-server-2.18.0) -- Best Regards Ladislav Slezák Yast Developer ------------------------------------------------------------------------ SUSE LINUX, s.r.o. e-mail: lslezak@suse.cz Lihovarská 1060/12 tel: +420 284 028 960 190 00 Prague 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ -- To unsubscribe, e-mail: yast-devel+unsubscribe@opensuse.org For additional commands, e-mail: yast-devel+help@opensuse.org
participants (4)
-
Andreas Jaeger -
Arvin Schnell -
Klaus Kaempf -
Ladislav Slezak