Linux Archive

Linux Archive (http://www.linux-archive.org/)
-   Gentoo Development (http://www.linux-archive.org/gentoo-development/)
-   -   Changes in server profiles (http://www.linux-archive.org/gentoo-development/445583-changes-server-profiles.html)

Markos Chandras 10-29-2010 11:03 AM

Changes in server profiles
 
Hi

I don't know how many of you are using these profiles. I would like to
propose a couple of changes

1) I want to drop the warning message located on profile.bashrc files
e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
It is more than obvious what this profile is for so I don't think this
message makes any sense.

2) Furthermore I would like to drop the following use flags from default
IUSE

-apache2
-ldap

A minimal server installation does requires neither apache2 nor ldap

--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410

"Paweł Hajdan, Jr." 10-29-2010 11:18 AM

Changes in server profiles
 
On 10/29/10 1:03 PM, Markos Chandras wrote:
> 1) I want to drop the warning message located on profile.bashrc files
> e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> It is more than obvious what this profile is for so I don't think this
> message makes any sense.

> ewarn "This profile has not been tested thoroughly and is not considered to be"
> ewarn "a supported server profile at this time. For a supported server"

The above is definitely not obvious. Is this documented in any other place?

> ewarn "the software being used on the server. This profile should also be used"
> ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"

That too.

By the way, I think there was some way to mark a profile as
"development", "unsupported", or something like that.

> 2) Furthermore I would like to drop the following use flags from default
> IUSE
>
> -apache2
> -ldap
>
> A minimal server installation does requires neither apache2 nor ldap

Sounds good (I'm not using a server profile though).

Markos Chandras 10-29-2010 11:24 AM

Changes in server profiles
 
On Fri, Oct 29, 2010 at 01:18:14PM +0200, "Paweł Hajdan, Jr." wrote:
> On 10/29/10 1:03 PM, Markos Chandras wrote:
> > 1) I want to drop the warning message located on profile.bashrc files
> > e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> > It is more than obvious what this profile is for so I don't think this
> > message makes any sense.
>
> > ewarn "This profile has not been tested thoroughly and is not considered to be"
> > ewarn "a supported server profile at this time. For a supported server"
>
> The above is definitely not obvious. Is this documented in any other place?
This is there for years. You think that anyone is working on that in
order to verify whether it is a *stable* server profile or not? I use it
since the very beginning on my servers and I say that it works!
>
> > ewarn "the software being used on the server. This profile should also be used"
> > ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"
>
> That too.
>
I use the latest stable for GCC+Glibc and never had an issue. Maybe some
people are confusing the server profiles with the hardened one?

> By the way, I think there was some way to mark a profile as
> "development", "unsupported", or something like that.
It's been in this state for years so I do not expect someone to actually
working on that
>
> > 2) Furthermore I would like to drop the following use flags from default
> > IUSE
> >
> > -apache2
> > -ldap
> >
> > A minimal server installation does requires neither apache2 nor ldap
>
> Sounds good (I'm not using a server profile though).
>



--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410

"Paweł Hajdan, Jr." 10-29-2010 11:35 AM

Changes in server profiles
 
On 10/29/10 1:24 PM, Markos Chandras wrote:
> On Fri, Oct 29, 2010 at 01:18:14PM +0200, "Paweł Hajdan, Jr." wrote:
>>> ewarn "This profile has not been tested thoroughly and is not considered to be"
>>> ewarn "a supported server profile at this time. For a supported server"

If the above is no longer true you can safely ignore my earlier
comments. :-D

Actually, removing the no-longer-true message sounds good.

"Jorge Manuel B. S. Vicetto" 10-29-2010 12:02 PM

Changes in server profiles
 
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.

On 29-10-2010 11:03, Markos Chandras wrote:
> Hi
>
> I don't know how many of you are using these profiles. I would like to
> propose a couple of changes
>
> 1) I want to drop the warning message located on profile.bashrc files
> e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> It is more than obvious what this profile is for so I don't think this
> message makes any sense.

I've always taken the message about the server profiles not being
properly tested as a warning that anyone wanting to run a "secure"
server profile should use one of the hardened profiles.
If so, I'd leave that warning alone until we get enough people working
on the server profiles so we can make any promises about it.

> 2) Furthermore I would like to drop the following use flags from default
> IUSE
>
> -apache2
> -ldap
>
> A minimal server installation does requires neither apache2 nor ldap

Although one can install a server without apache or ldap, I'd say the
server profile seems the natural choice to have them enabled.
If we had the statistics for it, we could check how many people have
apache installed with that profile vs not having it. As there's nothing
preventing one from having USE="-apache2 -ldap" when required and I
don't use the server profiles, I don't really have a strong opinion
about this.

- --
Regards,

Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMyrfMAAoJEC8ZTXQF1qEP1AMQANVKK4f1T0 41WrHMJ7gXM4sI
hEhoH25GkoxjEEztxdaQ7TI+fxPRqbAHv6AWYNsTd7C6c0RwgT Qa8TwNATvmWdCT
tyTge9SWO1lubiwdNUu5AoamZkzyvWibK5hwP6cd/4OWP02aFZ/BYICeL5G3IQ1I
YBXwjzf6f6Nyae8/SKCQalU0Zlse1Cx6A58siS2Uqz63DqPglQqhiN10PB4S496y
fvA84h8B0FUtexFn8Ho0nFVHh5Lea6qo4YZfhDemjMSio9daPM fcAK63za5M/vq+
AEjLOmFuj5yg3hppE+5tqc4R+Qt3mDklRHT/p3tdhMTgw0aXHSA/23NSqdKs7NTK
4w/HJ+k5S5BXUUrb3VjNByO5vOKm7A4ROLBAuDZFgu/dah3A3OwtoolEEooWMHDG
Bgo4aRX0cvNGTdVFnUQp7aDO/idi61ONV/G9cqPsl5nmD0K/1JhujLmR9oU26ctk
sEv/ZxAbUWBYiPx08y6u7lm2g2uUnC0VmJS6rLeHKpp501I8ulTuNR lc1U8EvmPn
aQHLG+6IvBpifFml3nDIG64LwsXqkEmwc67vcHvYRJqyzcxyHk ORl2qTH19zsV1B
PAa9bN9jRYssdLvDLdsrBc1S3LSGftWihu5ITwkdf3DK6uo7UU ViSeesiESsP0sa
+maI98w1ehWNX2I8RZ7l
=fHNt
-----END PGP SIGNATURE-----

Petteri Rty 10-29-2010 12:13 PM

Changes in server profiles
 
On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:

>
>> 2) Furthermore I would like to drop the following use flags from default
>> IUSE
>
>> -apache2
>> -ldap
>
>> A minimal server installation does requires neither apache2 nor ldap
>
> Although one can install a server without apache or ldap, I'd say the
> server profile seems the natural choice to have them enabled.
> If we had the statistics for it, we could check how many people have
> apache installed with that profile vs not having it. As there's nothing
> preventing one from having USE="-apache2 -ldap" when required and I
> don't use the server profiles, I don't really have a strong opinion
> about this.
>

And enabling a use flag should be question of is it wanted when a
package actually support those flags. On a server when you are
installing a package with a apache use flag it's certainly possible to
you would like to have it enabled more often than not.

Regards,
Petteri

Markos Chandras 10-29-2010 12:21 PM

Changes in server profiles
 
On Fri, Oct 29, 2010 at 12:02:20PM +0000, Jorge Manuel B. S. Vicetto wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi.
>
> On 29-10-2010 11:03, Markos Chandras wrote:
> > Hi
> >
> > I don't know how many of you are using these profiles. I would like to
> > propose a couple of changes
> >
> > 1) I want to drop the warning message located on profile.bashrc files
> > e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> > It is more than obvious what this profile is for so I don't think this
> > message makes any sense.
>
> I've always taken the message about the server profiles not being
> properly tested as a warning that anyone wanting to run a "secure"
> server profile should use one of the hardened profiles.
But isn't that obvious? How is server profiles related to hardened
anyway? Anyway, this can stay. The rest about GCC and Glibc I think is
useless
> If so, I'd leave that warning alone until we get enough people working
> on the server profiles so we can make any promises about it.
How many? Work on what actually? It is just a profile with minimal use
flags. There is nothing to work on :-/ I don't understand that. Tell me
which areas of server profile need more attention so I can understand
what are you talking about
>
> > 2) Furthermore I would like to drop the following use flags from default
> > IUSE
> >
> > -apache2
> > -ldap
> >
> > A minimal server installation does requires neither apache2 nor ldap
>
> Although one can install a server without apache or ldap, I'd say the
> server profile seems the natural choice to have them enabled.
So you assume that the most common server configuration is for active
directory or web hosting
> If we had the statistics for it, we could check how many people have
> apache installed with that profile vs not having it. As there's nothing
> preventing one from having USE="-apache2 -ldap" when required and I
> don't use the server profiles, I don't really have a strong opinion
> about this.
Same for USE="apache2 ldap" on make.conf. That is not a valid argument
:)
>
> - --
> Regards,
>
> Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
> Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJMyrfMAAoJEC8ZTXQF1qEP1AMQANVKK4f1T0 41WrHMJ7gXM4sI
> hEhoH25GkoxjEEztxdaQ7TI+fxPRqbAHv6AWYNsTd7C6c0RwgT Qa8TwNATvmWdCT
> tyTge9SWO1lubiwdNUu5AoamZkzyvWibK5hwP6cd/4OWP02aFZ/BYICeL5G3IQ1I
> YBXwjzf6f6Nyae8/SKCQalU0Zlse1Cx6A58siS2Uqz63DqPglQqhiN10PB4S496y
> fvA84h8B0FUtexFn8Ho0nFVHh5Lea6qo4YZfhDemjMSio9daPM fcAK63za5M/vq+
> AEjLOmFuj5yg3hppE+5tqc4R+Qt3mDklRHT/p3tdhMTgw0aXHSA/23NSqdKs7NTK
> 4w/HJ+k5S5BXUUrb3VjNByO5vOKm7A4ROLBAuDZFgu/dah3A3OwtoolEEooWMHDG
> Bgo4aRX0cvNGTdVFnUQp7aDO/idi61ONV/G9cqPsl5nmD0K/1JhujLmR9oU26ctk
> sEv/ZxAbUWBYiPx08y6u7lm2g2uUnC0VmJS6rLeHKpp501I8ulTuNR lc1U8EvmPn
> aQHLG+6IvBpifFml3nDIG64LwsXqkEmwc67vcHvYRJqyzcxyHk ORl2qTH19zsV1B
> PAa9bN9jRYssdLvDLdsrBc1S3LSGftWihu5ITwkdf3DK6uo7UU ViSeesiESsP0sa
> +maI98w1ehWNX2I8RZ7l
> =fHNt
> -----END PGP SIGNATURE-----
>

--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410

Thomas Sachau 10-29-2010 01:46 PM

Changes in server profiles
 
Am 29.10.2010 14:13, schrieb Petteri Rty:
> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>
>>
>>> 2) Furthermore I would like to drop the following use flags from default
>>> IUSE
>>
>>> -apache2
>>> -ldap
>>
>>> A minimal server installation does requires neither apache2 nor ldap
>>
>> Although one can install a server without apache or ldap, I'd say the
>> server profile seems the natural choice to have them enabled.
>> If we had the statistics for it, we could check how many people have
>> apache installed with that profile vs not having it. As there's nothing
>> preventing one from having USE="-apache2 -ldap" when required and I
>> don't use the server profiles, I don't really have a strong opinion
>> about this.
>>
>
> And enabling a use flag should be question of is it wanted when a
> package actually support those flags. On a server when you are
> installing a package with a apache use flag it's certainly possible to
> you would like to have it enabled more often than not.
>
> Regards,
> Petteri
>
>

Which raises the question, if those people, who want to install a minimal server will mostly use
apache or something different. And especially for minimal setups, i dont think that apache will be
the first choice, so i agree with the removal of those USE flags from default IUSE.
The profile is intended to have a minimal set of flags, i would call apache an additional optional
flag, not a default option for minimal server setups.

--
Thomas Sachau

Gentoo Linux Developer

Rafael Goncalves Martins 10-29-2010 02:23 PM

Changes in server profiles
 
On Fri, Oct 29, 2010 at 11:46 AM, Thomas Sachau <tommy@gentoo.org> wrote:
> Am 29.10.2010 14:13, schrieb Petteri Rty:
>> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>>
>>>
>>>> 2) Furthermore I would like to drop the following use flags from default
>>>> IUSE
>>>
>>>> -apache2
>>>> -ldap
>>>
>>>> A minimal server installation does requires neither apache2 nor ldap
>>>
>>> Although one can install a server without apache or ldap, I'd say the
>>> server profile seems the natural choice to have them enabled.
>>> If we had the statistics for it, we could check how many people have
>>> apache installed with that profile vs not having it. As there's nothing
>>> preventing one from having USE="-apache2 -ldap" when required and I
>>> don't use the server profiles, I don't really have a strong opinion
>>> about this.
>>>
>>
>> And enabling a use flag should be question of is it wanted when a
>> package actually support those flags. On a server when you are
>> installing a package with a apache use flag it's certainly possible to
>> you would like to have it enabled more often than not.
>>
>> Regards,
>> Petteri
>>
>>
>
> Which raises the question, if those people, who want to install a minimal server will mostly use
> apache or something different. And especially for minimal setups, i dont think that apache will be
> the first choice, so i agree with the removal of those USE flags from default IUSE.
> The profile is intended to have a minimal set of flags, i would call apache an additional optional
> flag, not a default option for minimal server setups.
>

Totally agreed!

Best regards.

--
Rafael Goncalves Martins
Gentoo Linux developer
http://rafaelmartins.eng.br/

Kfir Lavi 10-29-2010 03:58 PM

Changes in server profiles
 
On Fri, Oct 29, 2010 at 4:23 PM, Rafael Goncalves Martins
<rafaelmartins@gentoo.org> wrote:
> On Fri, Oct 29, 2010 at 11:46 AM, Thomas Sachau <tommy@gentoo.org> wrote:
>> Am 29.10.2010 14:13, schrieb Petteri Rty:
>>> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>>>
>>>>
>>>>> 2) Furthermore I would like to drop the following use flags from default
>>>>> IUSE
>>>>
>>>>> -apache2
>>>>> -ldap
>>>>
>>>>> A minimal server installation does requires neither apache2 nor ldap
>>>>
>>>> Although one can install a server without apache or ldap, I'd say the
>>>> server profile seems the natural choice to have them enabled.
>>>> If we had the statistics for it, we could check how many people have
>>>> apache installed with that profile vs not having it. As there's nothing
>>>> preventing one from having USE="-apache2 -ldap" when required and I
>>>> don't use the server profiles, I don't really have a strong opinion
>>>> about this.
>>>>
>>>
>>> And enabling a use flag should be question of is it wanted when a
>>> package actually support those flags. On a server when you are
>>> installing a package with a apache use flag it's certainly possible to
>>> you would like to have it enabled more often than not.
>>>
>>> Regards,
>>> Petteri
>>>
>>>
>>
>> Which raises the question, if those people, who want to install a minimal server will mostly use
>> apache or something different. And especially for minimal setups, i dont think that apache will be
>> the first choice, so i agree with the removal of those USE flags from default IUSE.
>> The profile is intended to have a minimal set of flags, i would call apache an additional optional
>> flag, not a default option for minimal server setups.
>>
>
> Totally agreed!
>
> Best regards.
>
> --
> Rafael Goncalves Martins
> Gentoo Linux developer
> http://rafaelmartins.eng.br/
>
>

I use the server profile and I would also like a minimal set of use flags.
I don't think you need to force sysadmins, that know what they want,
to have those flags.

Regards,
Kfir


All times are GMT. The time now is 12:40 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.