FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Gentoo > Gentoo Development

 
 
LinkBack Thread Tools
 
Old 10-29-2010, 11:03 AM
Markos Chandras
 
Default Changes in server profiles

Hi

I don't know how many of you are using these profiles. I would like to
propose a couple of changes

1) I want to drop the warning message located on profile.bashrc files
e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
It is more than obvious what this profile is for so I don't think this
message makes any sense.

2) Furthermore I would like to drop the following use flags from default
IUSE

-apache2
-ldap

A minimal server installation does requires neither apache2 nor ldap

--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
 
Old 10-29-2010, 11:18 AM
"Paweł Hajdan, Jr."
 
Default Changes in server profiles

On 10/29/10 1:03 PM, Markos Chandras wrote:
> 1) I want to drop the warning message located on profile.bashrc files
> e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> It is more than obvious what this profile is for so I don't think this
> message makes any sense.

> ewarn "This profile has not been tested thoroughly and is not considered to be"
> ewarn "a supported server profile at this time. For a supported server"

The above is definitely not obvious. Is this documented in any other place?

> ewarn "the software being used on the server. This profile should also be used"
> ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"

That too.

By the way, I think there was some way to mark a profile as
"development", "unsupported", or something like that.

> 2) Furthermore I would like to drop the following use flags from default
> IUSE
>
> -apache2
> -ldap
>
> A minimal server installation does requires neither apache2 nor ldap

Sounds good (I'm not using a server profile though).
 
Old 10-29-2010, 11:24 AM
Markos Chandras
 
Default Changes in server profiles

On Fri, Oct 29, 2010 at 01:18:14PM +0200, "Paweł Hajdan, Jr." wrote:
> On 10/29/10 1:03 PM, Markos Chandras wrote:
> > 1) I want to drop the warning message located on profile.bashrc files
> > e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> > It is more than obvious what this profile is for so I don't think this
> > message makes any sense.
>
> > ewarn "This profile has not been tested thoroughly and is not considered to be"
> > ewarn "a supported server profile at this time. For a supported server"
>
> The above is definitely not obvious. Is this documented in any other place?
This is there for years. You think that anyone is working on that in
order to verify whether it is a *stable* server profile or not? I use it
since the very beginning on my servers and I say that it works!
>
> > ewarn "the software being used on the server. This profile should also be used"
> > ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you don't know if this"
>
> That too.
>
I use the latest stable for GCC+Glibc and never had an issue. Maybe some
people are confusing the server profiles with the hardened one?

> By the way, I think there was some way to mark a profile as
> "development", "unsupported", or something like that.
It's been in this state for years so I do not expect someone to actually
working on that
>
> > 2) Furthermore I would like to drop the following use flags from default
> > IUSE
> >
> > -apache2
> > -ldap
> >
> > A minimal server installation does requires neither apache2 nor ldap
>
> Sounds good (I'm not using a server profile though).
>



--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
 
Old 10-29-2010, 11:35 AM
"Paweł Hajdan, Jr."
 
Default Changes in server profiles

On 10/29/10 1:24 PM, Markos Chandras wrote:
> On Fri, Oct 29, 2010 at 01:18:14PM +0200, "Paweł Hajdan, Jr." wrote:
>>> ewarn "This profile has not been tested thoroughly and is not considered to be"
>>> ewarn "a supported server profile at this time. For a supported server"

If the above is no longer true you can safely ignore my earlier
comments. :-D

Actually, removing the no-longer-true message sounds good.
 
Old 10-29-2010, 12:02 PM
"Jorge Manuel B. S. Vicetto"
 
Default Changes in server profiles

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hi.

On 29-10-2010 11:03, Markos Chandras wrote:
> Hi
>
> I don't know how many of you are using these profiles. I would like to
> propose a couple of changes
>
> 1) I want to drop the warning message located on profile.bashrc files
> e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> It is more than obvious what this profile is for so I don't think this
> message makes any sense.

I've always taken the message about the server profiles not being
properly tested as a warning that anyone wanting to run a "secure"
server profile should use one of the hardened profiles.
If so, I'd leave that warning alone until we get enough people working
on the server profiles so we can make any promises about it.

> 2) Furthermore I would like to drop the following use flags from default
> IUSE
>
> -apache2
> -ldap
>
> A minimal server installation does requires neither apache2 nor ldap

Although one can install a server without apache or ldap, I'd say the
server profile seems the natural choice to have them enabled.
If we had the statistics for it, we could check how many people have
apache installed with that profile vs not having it. As there's nothing
preventing one from having USE="-apache2 -ldap" when required and I
don't use the server profiles, I don't really have a strong opinion
about this.

- --
Regards,

Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iQIcBAEBAgAGBQJMyrfMAAoJEC8ZTXQF1qEP1AMQANVKK4f1T0 41WrHMJ7gXM4sI
hEhoH25GkoxjEEztxdaQ7TI+fxPRqbAHv6AWYNsTd7C6c0RwgT Qa8TwNATvmWdCT
tyTge9SWO1lubiwdNUu5AoamZkzyvWibK5hwP6cd/4OWP02aFZ/BYICeL5G3IQ1I
YBXwjzf6f6Nyae8/SKCQalU0Zlse1Cx6A58siS2Uqz63DqPglQqhiN10PB4S496y
fvA84h8B0FUtexFn8Ho0nFVHh5Lea6qo4YZfhDemjMSio9daPM fcAK63za5M/vq+
AEjLOmFuj5yg3hppE+5tqc4R+Qt3mDklRHT/p3tdhMTgw0aXHSA/23NSqdKs7NTK
4w/HJ+k5S5BXUUrb3VjNByO5vOKm7A4ROLBAuDZFgu/dah3A3OwtoolEEooWMHDG
Bgo4aRX0cvNGTdVFnUQp7aDO/idi61ONV/G9cqPsl5nmD0K/1JhujLmR9oU26ctk
sEv/ZxAbUWBYiPx08y6u7lm2g2uUnC0VmJS6rLeHKpp501I8ulTuNR lc1U8EvmPn
aQHLG+6IvBpifFml3nDIG64LwsXqkEmwc67vcHvYRJqyzcxyHk ORl2qTH19zsV1B
PAa9bN9jRYssdLvDLdsrBc1S3LSGftWihu5ITwkdf3DK6uo7UU ViSeesiESsP0sa
+maI98w1ehWNX2I8RZ7l
=fHNt
-----END PGP SIGNATURE-----
 
Old 10-29-2010, 12:13 PM
Petteri Rty
 
Default Changes in server profiles

On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:

>
>> 2) Furthermore I would like to drop the following use flags from default
>> IUSE
>
>> -apache2
>> -ldap
>
>> A minimal server installation does requires neither apache2 nor ldap
>
> Although one can install a server without apache or ldap, I'd say the
> server profile seems the natural choice to have them enabled.
> If we had the statistics for it, we could check how many people have
> apache installed with that profile vs not having it. As there's nothing
> preventing one from having USE="-apache2 -ldap" when required and I
> don't use the server profiles, I don't really have a strong opinion
> about this.
>

And enabling a use flag should be question of is it wanted when a
package actually support those flags. On a server when you are
installing a package with a apache use flag it's certainly possible to
you would like to have it enabled more often than not.

Regards,
Petteri
 
Old 10-29-2010, 12:21 PM
Markos Chandras
 
Default Changes in server profiles

On Fri, Oct 29, 2010 at 12:02:20PM +0000, Jorge Manuel B. S. Vicetto wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hi.
>
> On 29-10-2010 11:03, Markos Chandras wrote:
> > Hi
> >
> > I don't know how many of you are using these profiles. I would like to
> > propose a couple of changes
> >
> > 1) I want to drop the warning message located on profile.bashrc files
> > e.g $PORTDIR/default/linux/amd64/10.0/server/profile.bashrc
> > It is more than obvious what this profile is for so I don't think this
> > message makes any sense.
>
> I've always taken the message about the server profiles not being
> properly tested as a warning that anyone wanting to run a "secure"
> server profile should use one of the hardened profiles.
But isn't that obvious? How is server profiles related to hardened
anyway? Anyway, this can stay. The rest about GCC and Glibc I think is
useless
> If so, I'd leave that warning alone until we get enough people working
> on the server profiles so we can make any promises about it.
How many? Work on what actually? It is just a profile with minimal use
flags. There is nothing to work on :-/ I don't understand that. Tell me
which areas of server profile need more attention so I can understand
what are you talking about
>
> > 2) Furthermore I would like to drop the following use flags from default
> > IUSE
> >
> > -apache2
> > -ldap
> >
> > A minimal server installation does requires neither apache2 nor ldap
>
> Although one can install a server without apache or ldap, I'd say the
> server profile seems the natural choice to have them enabled.
So you assume that the most common server configuration is for active
directory or web hosting
> If we had the statistics for it, we could check how many people have
> apache installed with that profile vs not having it. As there's nothing
> preventing one from having USE="-apache2 -ldap" when required and I
> don't use the server profiles, I don't really have a strong opinion
> about this.
Same for USE="apache2 ldap" on make.conf. That is not a valid argument

>
> - --
> Regards,
>
> Jorge Vicetto (jmbsvicetto) - jmbsvicetto at gentoo dot org
> Gentoo- forums / Userrel / Devrel / KDE / Elections / RelEng
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v2.0.16 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQIcBAEBAgAGBQJMyrfMAAoJEC8ZTXQF1qEP1AMQANVKK4f1T0 41WrHMJ7gXM4sI
> hEhoH25GkoxjEEztxdaQ7TI+fxPRqbAHv6AWYNsTd7C6c0RwgT Qa8TwNATvmWdCT
> tyTge9SWO1lubiwdNUu5AoamZkzyvWibK5hwP6cd/4OWP02aFZ/BYICeL5G3IQ1I
> YBXwjzf6f6Nyae8/SKCQalU0Zlse1Cx6A58siS2Uqz63DqPglQqhiN10PB4S496y
> fvA84h8B0FUtexFn8Ho0nFVHh5Lea6qo4YZfhDemjMSio9daPM fcAK63za5M/vq+
> AEjLOmFuj5yg3hppE+5tqc4R+Qt3mDklRHT/p3tdhMTgw0aXHSA/23NSqdKs7NTK
> 4w/HJ+k5S5BXUUrb3VjNByO5vOKm7A4ROLBAuDZFgu/dah3A3OwtoolEEooWMHDG
> Bgo4aRX0cvNGTdVFnUQp7aDO/idi61ONV/G9cqPsl5nmD0K/1JhujLmR9oU26ctk
> sEv/ZxAbUWBYiPx08y6u7lm2g2uUnC0VmJS6rLeHKpp501I8ulTuNR lc1U8EvmPn
> aQHLG+6IvBpifFml3nDIG64LwsXqkEmwc67vcHvYRJqyzcxyHk ORl2qTH19zsV1B
> PAa9bN9jRYssdLvDLdsrBc1S3LSGftWihu5ITwkdf3DK6uo7UU ViSeesiESsP0sa
> +maI98w1ehWNX2I8RZ7l
> =fHNt
> -----END PGP SIGNATURE-----
>

--
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
 
Old 10-29-2010, 01:46 PM
Thomas Sachau
 
Default Changes in server profiles

Am 29.10.2010 14:13, schrieb Petteri Rty:
> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>
>>
>>> 2) Furthermore I would like to drop the following use flags from default
>>> IUSE
>>
>>> -apache2
>>> -ldap
>>
>>> A minimal server installation does requires neither apache2 nor ldap
>>
>> Although one can install a server without apache or ldap, I'd say the
>> server profile seems the natural choice to have them enabled.
>> If we had the statistics for it, we could check how many people have
>> apache installed with that profile vs not having it. As there's nothing
>> preventing one from having USE="-apache2 -ldap" when required and I
>> don't use the server profiles, I don't really have a strong opinion
>> about this.
>>
>
> And enabling a use flag should be question of is it wanted when a
> package actually support those flags. On a server when you are
> installing a package with a apache use flag it's certainly possible to
> you would like to have it enabled more often than not.
>
> Regards,
> Petteri
>
>

Which raises the question, if those people, who want to install a minimal server will mostly use
apache or something different. And especially for minimal setups, i dont think that apache will be
the first choice, so i agree with the removal of those USE flags from default IUSE.
The profile is intended to have a minimal set of flags, i would call apache an additional optional
flag, not a default option for minimal server setups.

--
Thomas Sachau

Gentoo Linux Developer
 
Old 10-29-2010, 02:23 PM
Rafael Goncalves Martins
 
Default Changes in server profiles

On Fri, Oct 29, 2010 at 11:46 AM, Thomas Sachau <tommy@gentoo.org> wrote:
> Am 29.10.2010 14:13, schrieb Petteri Rty:
>> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>>
>>>
>>>> 2) Furthermore I would like to drop the following use flags from default
>>>> IUSE
>>>
>>>> -apache2
>>>> -ldap
>>>
>>>> A minimal server installation does requires neither apache2 nor ldap
>>>
>>> Although one can install a server without apache or ldap, I'd say the
>>> server profile seems the natural choice to have them enabled.
>>> If we had the statistics for it, we could check how many people have
>>> apache installed with that profile vs not having it. As there's nothing
>>> preventing one from having USE="-apache2 -ldap" when required and I
>>> don't use the server profiles, I don't really have a strong opinion
>>> about this.
>>>
>>
>> And enabling a use flag should be question of is it wanted when a
>> package actually support those flags. On a server when you are
>> installing a package with a apache use flag it's certainly possible to
>> you would like to have it enabled more often than not.
>>
>> Regards,
>> Petteri
>>
>>
>
> Which raises the question, if those people, who want to install a minimal server will mostly use
> apache or something different. And especially for minimal setups, i dont think that apache will be
> the first choice, so i agree with the removal of those USE flags from default IUSE.
> The profile is intended to have a minimal set of flags, i would call apache an additional optional
> flag, not a default option for minimal server setups.
>

Totally agreed!

Best regards.

--
Rafael Goncalves Martins
Gentoo Linux developer
http://rafaelmartins.eng.br/
 
Old 10-29-2010, 03:58 PM
Kfir Lavi
 
Default Changes in server profiles

On Fri, Oct 29, 2010 at 4:23 PM, Rafael Goncalves Martins
<rafaelmartins@gentoo.org> wrote:
> On Fri, Oct 29, 2010 at 11:46 AM, Thomas Sachau <tommy@gentoo.org> wrote:
>> Am 29.10.2010 14:13, schrieb Petteri Rty:
>>> On 29.10.2010 15.02, Jorge Manuel B. S. Vicetto wrote:
>>>
>>>>
>>>>> 2) Furthermore I would like to drop the following use flags from default
>>>>> IUSE
>>>>
>>>>> -apache2
>>>>> -ldap
>>>>
>>>>> A minimal server installation does requires neither apache2 nor ldap
>>>>
>>>> Although one can install a server without apache or ldap, I'd say the
>>>> server profile seems the natural choice to have them enabled.
>>>> If we had the statistics for it, we could check how many people have
>>>> apache installed with that profile vs not having it. As there's nothing
>>>> preventing one from having USE="-apache2 -ldap" when required and I
>>>> don't use the server profiles, I don't really have a strong opinion
>>>> about this.
>>>>
>>>
>>> And enabling a use flag should be question of is it wanted when a
>>> package actually support those flags. On a server when you are
>>> installing a package with a apache use flag it's certainly possible to
>>> you would like to have it enabled more often than not.
>>>
>>> Regards,
>>> Petteri
>>>
>>>
>>
>> Which raises the question, if those people, who want to install a minimal server will mostly use
>> apache or something different. And especially for minimal setups, i dont think that apache will be
>> the first choice, so i agree with the removal of those USE flags from default IUSE.
>> The profile is intended to have a minimal set of flags, i would call apache an additional optional
>> flag, not a default option for minimal server setups.
>>
>
> Totally agreed!
>
> Best regards.
>
> --
> Rafael Goncalves Martins
> Gentoo Linux developer
> http://rafaelmartins.eng.br/
>
>

I use the server profile and I would also like a minimal set of use flags.
I don't think you need to force sysadmins, that know what they want,
to have those flags.

Regards,
Kfir
 

Thread Tools




All times are GMT. The time now is 08:53 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org