Mailinglist Archive: opensuse-packaging (144 mails)

< Previous Next >
[opensuse-packaging] systemd service presets: branding files or packages?
I would like to open a discussion about use of systemd presets while
packaging.

Systemd preset files are preferred way how packages set the default
state of services. Preset files are located
in /usr/lib/systemd/system-preset directory. %service_add_post is aware
of presets, and if the package adds systemd service together with
presets, %service_add_post performs one-time set to the preset default
state.

Current policy is simple: All presets belongs to:
systemd-presets-branding-{product}
/usr/lib/systemd/system-preset/90-default-openSUSE.preset
and the default to disable all other:
/usr/lib/systemd/system-preset/99-default-disable.preset

It makes a lot of sense for packages with optional services, that should
be always on, like apache, network servers etc.

But I think that makes less sense for packages that are optional to
install, but it they are installed and not active, they are broken.
Especially if they are socket activated, the standby state means no more
than one socket opened by systemd.

I have two examples from last weeks:
uuidd: Optional socket activated util-linux daemon providing support for
UUIDs.
pcsc-lite pcscd: Smart Card daemon that is socket activated whenever
application attempts to use Smart Card PC/SC API. If it is not enabled,
Smart Card access does not work.

Note that it has a security implication:
Each package that installs default-on preset, should be audited by
security team. Security team would need to watch the whole directory,
not only a branding file.

--
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbrabec@xxxxxxx
Lihovarsk√° 1060/12 tel: +49 911 7405384547
190 00 Praha 9 fax: +420 284 084 001
Czech Republic http://www.suse.cz/
PGP: 830B 40D5 9E05 35D8 5E27 6FA3 717C 209F A04F CD76

--
To unsubscribe, e-mail: opensuse-packaging+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse-packaging+owner@xxxxxxxxxxxx

< Previous Next >