FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Debian > Debian User

 
 
LinkBack Thread Tools
 
Old 07-12-2008, 12:26 AM
David Barrett
 
Default apt-get install without starting?

Is there any way to "apt-get install ssh" without having it
automatically start sshd? Same for "lighttpd".


Basically, I'm making great progress in my bootable QEMU image script:


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-12-2008, 03:44 AM
"Mumia W.."
 
Default apt-get install without starting?

On 07/11/2008 07:26 PM, David Barrett wrote:
Is there any way to "apt-get install ssh" without having it
automatically start sshd? Same for "lighttpd".


Basically, I'm making great progress in my bootable QEMU image script:




I don't know of a way, but you can firewall-off the ssh port before you
install, and you can configure ssh to not start by running update-rc.d.




--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-12-2008, 04:21 AM
David Barrett
 
Default apt-get install without starting?

Mumia W.. wrote:

On 07/11/2008 07:26 PM, David Barrett wrote:
Is there any way to "apt-get install ssh" without having it
automatically start sshd? Same for "lighttpd".


Basically, I'm making great progress in my bootable QEMU image script:



I don't know of a way, but you can firewall-off the ssh port before you
install, and you can configure ssh to not start by running update-rc.d.




Ug. That's unfortunate. My primary reason for not wanting it to start
is actually for a different reason than security: I don't know a general
way to determine which packages start up processes that need stopping,
nor how to stop them.


Essentially, I'm writing a script to generate ready-to-deploy bootable
qemu images, One of the inputs of the script is a list of packages to
install. This works fantastic, with the key exception that some of
those packages (ssh and lighttpd, specifically) start up running
processes. These processes need to be stopped before I can dismount the
raw image and zip it up for instant future deployment.


Now it's a nuisance to kill chroot'd processes within a mounted raw
image, but it's doable (you need to mount /proc inside, kill the
processes, and then dismount it before you unmount the raw image). And
the dirty logfiles they leave scattered around are annoying, but not
life threatening.


But I don't know how to determine, given a list of packages like
"lighttpd php5-cgi openssl", which processes need to be stopped (and how
to stop them). I guess I could just test to see if there happens to be
an /etc/init.d script with the same name, and if so, run stop...


Regardless, a much cleaner way in all respects would be to just never
start the process in the first place. I'm actually surprised this isn't
a really commonly used feature; I really expected it to be part of
apt-get. Alas!


Does anyone else have any ideas? Thanks!

-david


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-12-2008, 04:28 AM
Daniel Burrows
 
Default apt-get install without starting?

On Fri, Jul 11, 2008 at 09:21:46PM -0700, David Barrett <dbarrett@quinthar.com> was heard to say:
> Mumia W.. wrote:
>> On 07/11/2008 07:26 PM, David Barrett wrote:
>>> Is there any way to "apt-get install ssh" without having it
>>> automatically start sshd? Same for "lighttpd".
>>>
>>> Basically, I'm making great progress in my bootable QEMU image script:
>>>
>>
>> I don't know of a way, but you can firewall-off the ssh port before you
>> install, and you can configure ssh to not start by running update-rc.d.
>>
>
> Ug. That's unfortunate. My primary reason for not wanting it to start
> is actually for a different reason than security: I don't know a general
> way to determine which packages start up processes that need stopping,
> nor how to stop them.
>
> Essentially, I'm writing a script to generate ready-to-deploy bootable
> qemu images, One of the inputs of the script is a list of packages to
> install. This works fantastic, with the key exception that some of
> those packages (ssh and lighttpd, specifically) start up running
> processes. These processes need to be stopped before I can dismount the
> raw image and zip it up for instant future deployment.

I've never used it myself, but I believe that invoke-rc.d was supposed
to solve this sort of problem. (I don't know much more than that, but
it looks like the manpage might have pointers)

Daniel


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-12-2008, 04:31 AM
David Barrett
 
Default apt-get install without starting?

Daniel Burrows wrote:

On Fri, Jul 11, 2008 at 09:21:46PM -0700, David Barrett <dbarrett@quinthar.com> was heard to say:

Mumia W.. wrote:

On 07/11/2008 07:26 PM, David Barrett wrote:
Is there any way to "apt-get install ssh" without having it
automatically start sshd? Same for "lighttpd".


Basically, I'm making great progress in my bootable QEMU image script:

I don't know of a way, but you can firewall-off the ssh port before you
install, and you can configure ssh to not start by running update-rc.d.


Ug. That's unfortunate. My primary reason for not wanting it to start
is actually for a different reason than security: I don't know a general
way to determine which packages start up processes that need stopping,
nor how to stop them.


Essentially, I'm writing a script to generate ready-to-deploy bootable
qemu images, One of the inputs of the script is a list of packages to
install. This works fantastic, with the key exception that some of
those packages (ssh and lighttpd, specifically) start up running
processes. These processes need to be stopped before I can dismount the
raw image and zip it up for instant future deployment.


I've never used it myself, but I believe that invoke-rc.d was supposed
to solve this sort of problem. (I don't know much more than that, but
it looks like the manpage might have pointers)



Aha, that looks very promising. Thanks!

-david


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-12-2008, 04:50 AM
Osamu Aoki
 
Default apt-get install without starting?

On Fri, Jul 11, 2008 at 09:31:27PM -0700, David Barrett wrote:
> Daniel Burrows wrote:
>>
>> I've never used it myself, but I believe that invoke-rc.d was supposed
>> to solve this sort of problem. (I don't know much more than that, but
>> it looks like the manpage might have pointers)

Same thought here :-)

> Aha, that looks very promising. Thanks!

If you read pbuilder source in which they create chroot image using
these techniques, that should help you tidy up details.

Osamu


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-12-2008, 10:38 AM
Florian Kulzer
 
Default apt-get install without starting?

On Fri, Jul 11, 2008 at 21:28:39 -0700, Daniel Burrows wrote:
> On Fri, Jul 11, 2008 at 09:21:46PM -0700, David Barrett was heard to say:

[...]

> > Essentially, I'm writing a script to generate ready-to-deploy bootable
> > qemu images, One of the inputs of the script is a list of packages to
> > install. This works fantastic, with the key exception that some of
> > those packages (ssh and lighttpd, specifically) start up running
> > processes. These processes need to be stopped before I can dismount the
> > raw image and zip it up for instant future deployment.
>
> I've never used it myself, but I believe that invoke-rc.d was supposed
> to solve this sort of problem. (I don't know much more than that, but
> it looks like the manpage might have pointers)

Also, see /usr/share/doc/sysv-rc/README.policy-rc.d.gz.

Executive summary: If you want to prohibit all invoke-rc.d-mediated
start actions, create /usr/sbin/policy-rc.d as an executable shell
script that exits with a status of 101. If you find a package whose
initscripts do not honor this, file a bug.

(I learned this on this list, but I cannot find the relevant message now
and therefore I cannot give credit to whoever posted it originally.
Sorry...)

--
Regards, | http://users.icfo.es/Florian.Kulzer
Florian |


--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 
Old 07-14-2008, 05:20 AM
David Barrett
 
Default apt-get install without starting?

Florian Kulzer wrote:

On Fri, Jul 11, 2008 at 21:28:39 -0700, Daniel Burrows wrote:

On Fri, Jul 11, 2008 at 09:21:46PM -0700, David Barrett was heard to say:


[...]

Essentially, I'm writing a script to generate ready-to-deploy bootable
qemu images, One of the inputs of the script is a list of packages to
install. This works fantastic, with the key exception that some of
those packages (ssh and lighttpd, specifically) start up running
processes. These processes need to be stopped before I can dismount the
raw image and zip it up for instant future deployment.

I've never used it myself, but I believe that invoke-rc.d was supposed
to solve this sort of problem. (I don't know much more than that, but
it looks like the manpage might have pointers)


Also, see /usr/share/doc/sysv-rc/README.policy-rc.d.gz.

Executive summary: If you want to prohibit all invoke-rc.d-mediated
start actions, create /usr/sbin/policy-rc.d as an executable shell
script that exits with a status of 101. If you find a package whose
initscripts do not honor this, file a bug.

(I learned this on this list, but I cannot find the relevant message now
and therefore I cannot give credit to whoever posted it originally.
Sorry...)


This worked perfectly, thanks! Basically, before calling "apt-get
install" I created the following /usr/sbin/policy-rc.d script:


# !/bin/sh
exit 101

Then after I've got the qemu set up right, I just delete that file.
Future boots light up as expected. This is exactly what I needed.
Thanks again!


-david



--
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
 

Thread Tools




All times are GMT. The time now is 04:19 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org