[SOLVED] After a day of playing with systemd on SVN...
Linux From ScratchThis Forum is for the discussion of LFS.
LFS is a project that provides you with the steps necessary to build your own custom Linux system.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
...I can definitely say this software is NOT ready for major deployment, and until the developers can actually get more service unit files included that can be more useful, I'd steer clear of systemd and go with an alternative for now.
1. I booted into systemd and then tried to get the General Purpose Mouse daemon going. However, there is no unit for GPM. None at all. I was a bit sadden by this as GPM has been extremely helpful in building LFS. I looked around ArchLinux's wiki on my iPad looking for help... Sadly I didn't find much on GPM. A bit disheartening...
2. This part threw up a red flag for me. I tried getting IPTables working. There was a lot of documentation on IPTables... for sysvinit. I checked many websites looking for an IPTables unit file, or even how to set it up... Nothing. Honestly, I figured this was included as part of the included unit files, but it wasn't. I tried everything, but nothing.
After about two hours of searching on an iPad for help, I gave up and reset the system to boot off sysvinit. Now GPM is old but it's helpful. How it wasn't included was possibly an oversight.
But... Seriously Lennart and Kay, IPTables should have been included. Having a firewall ready should be a baseline for security. Heck even Windows has a build in Firewall and built-in service start utility.
I can honestly say this build has shown me a small window into systemd, but having one of a key point of security not included and the only documentation I could find was for sysvinit, I can say that anyone security conscious should avoid systemd until more proper included units can be added.
Now mind you this wasn't a long use of this system, but come on and be serious. Security issues abound today anymore, and one no-brainer should have not been overlooked in this. No excuses...
Heck, even Runit as under-documented and under-used as it is was easier to use in getting service daemons up and running including IPTables.
I think next week I'm going to rebuild against eudev and rework my hint to include some extra additions, and try and install perp, s6, or Runit to manage daemons.
1. I booted into systemd and then tried to get the General Purpose Mouse daemon going. However, there is no unit for GPM. None at all. I was a bit sadden by this as GPM has been extremely helpful in building LFS. I looked around ArchLinux's wiki on my iPad looking for help... Sadly I didn't find much on GPM. A bit disheartening...
The Arch package for GPM has a service file.
Quote:
2. This part threw up a red flag for me. I tried getting IPTables working. There was a lot of documentation on IPTables... for sysvinit. I checked many websites looking for an IPTables unit file, or even how to set it up... Nothing. Honestly, I figured this was included as part of the included unit files, but it wasn't. I tried everything, but nothing.
After about two hours of searching on an iPad for help, I gave up and reset the system to boot off sysvinit. Now GPM is old but it's helpful. How it wasn't included was possibly an oversight.
But... Seriously Lennart and Kay, IPTables should have been included. Having a firewall ready should be a baseline for security. Heck even Windows has a build in Firewall and built-in service start utility.
I can honestly say this build has shown me a small window into systemd, but having one of a key point of security not included and the only documentation I could find was for sysvinit, I can say that anyone security conscious should avoid systemd until more proper included units can be added.
Now mind you this wasn't a long use of this system, but come on and be serious. Security issues abound today anymore, and one no-brainer should have not been overlooked in this. No excuses...
iptables is not part of systemd, so I don't quite get why the systemd developers should provide a service file for it. Anyways, why not write it yourself (should be quite easy to write a script that set your iptable rules and a service file that runs that script), or just use the one provided by Arch?
For one Tobi, I shouldn't have to write one up. If this conglomeration claims what it claims according to its author then one should at be provided by default. I shouldn't have to go CCP one from another distribution to fill in the blanks, plus Arch's might not be compatible with B/LFS. I have attempted this before, but honestly, I don't think I should be waisting my time debugging a unit file.
All I know is, with incidents like HeartBleed, having anti-intrusion, or the lack thereof, ground this effort and testing to a definite halt and actually made me rethink otherwise how deployment ready this thing is even at the personal/hobbyist level.
Sorry, but it's things like this I take especially good notice of. Even a basic setup for IPTables in regards to both a masquerade firewall and a personal firewall should have at least been available. Yes, firewalls usually are user provided, but at least a unit file to start from would have been nice or even considerate.
Before I scrub the build, I am going to take note of this and other things missing from systemd's included units and do some more research into this.
All I do know is, it did grind this whole effort to a halt and made me ask questions to myself regarding this.
So your stand is that the developers of the init system have to come up with service files/init scripts/whatever you want to call it for anything out there? Why should they do that? Why don't you call out the sysvinit developers for that? Where are the scripts in Slackware, a complete distribution rather than only an init system (or even CoreOS)?
You know what... Never mind. It's obvious what this is about so I'm not going to indulge you. Good day. If you care to talk more on this in private Tobi go right ahead by all means please.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.