Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

How to avoid stealth installation of systemd?

Here you can discuss every aspect of Debian. Note: not for support requests!
Post Reply
Message
Author
timbgo
Posts: 265
Joined: 2013-04-14 12:17

How to avoid stealth installation of systemd?

#1 Post by timbgo »

[ the title is *not* of my invention, but is pasted over from:
Debian Devel Mailing List
links aplenty, further on, to messages from that list ]

Having this information:

When (and if) Gentoo will switch to systemd?
https://forums.gentoo.org/viewtopic-t-9 ... ml#7593370

pasting that important info over here:
steveL wrote:
miroR wrote:I studied this entire topic, and Gentoo is likely really the last defence against this defeat that happened to GNU/Linux.
Well one of them; I'm sure there are people working on at least one or two distros without systemd, at least as an option. Even on debian, you can use systemd-must-die (search that name on the debian dev mailing-list) from mirabilos, who's one of the leads on mirBSD and supports mksh which he maintains upstream, on debian.
...[snip]...
and searching on DuckDuckGo.com gave me:

How to avoid stealth installation of systemd?
renamed: Pinning vs. conflicting
renamed: sysvinit is still here, and here to stay for jessie (was Re: systemd is here to stay, get over it now)
[ and maybe one more rename there was that I lost by now ]
start of the entire thread:
From:
https://lists.debian.org/debian-devel/2 ... html#00010

I've read the whole thread, understood most of it...

But I was hoping, since reading that thread (even more so if digesting whatever information on top of what's in the text, is linked to from the messages of the thread, which I haven't yet, and may not, fully study), is at least a few hours worth of effort, which not many readers would like to have to go through...

And I was hoping, in that light, and given the likelihood that other Forum readers will be there who will feel like me, and that is who will not want to stay with a systemd-based Jessie Debian GNU/Linux, [was hoping that] those users would find it useful, if I try and summarize what, for our purposes is the necessary information to (I'll use now the term that Gentoo developers use in the README of the eudev package, which is a way in Gentoo to avoid "poetteringware", another term used a lot in Gentoo circles), to "isolate" systemd from the system init and boot process, and avoid its and its comrades' installation in our Debian GNU/Linux machines.

So, according to my understanding, the following is the information on the debian developers' list, that is needed, to:

Avoid stealth installation of systemd

###################################################
# Solution maybe not as good as the other below: #
###################################################


From:
https://lists.debian.org/debian-devel/2 ... 00012.html
vitalif at yourcmc dot ru wrote: I think you can just put

Code: Select all

Package: systemd
Pin: origin ""
Pin-Priority: -1
in your /etc/apt/preferences...

From:
https://lists.debian.org/debian-devel/2 ... 00119.html
https://lists.debian.org/debian-devel/2 ... 00123.html
Juliusz Chroboczek wrote:
You have not yet explained why apt pinning is not enough.
- conflicting packages are honoured by dpkg, unlike pinning;
- a package can conflict with multiple packages, while you need
multiple pinning entries;
You have to drop one file (you may even call it the same name that you'd use
for the conflicting package) into /etc/apt/preferences.d/. That file can
pin as many packages as you want.
Juliusz Chroboczek wrote: - there's a number of user-friendly frontends to apt, while pinning
requires using a text editor (the horror!).
Anyone who knows about (let alone is interested in) a package
conflicting with systemd is most certainly able to drop a file into a
directory.
[/quote]


From:
https://lists.debian.org/debian-devel/2 ... 00127.html
Thorsten Glaser wrote: Right. Furthermore, pinning can be used by the local admin,
without namespacing pin priorities or somesuch, so it's not
something packages should do.

There is another benefit: conflicting packages allow all
package managers' resolvers to find nice dependency chains,
they can be cleanly removed, and they show up in dpkg.log
(and apt/term.log if apt is used to install them).

#######################################################
# Solution probably better than the one above: #
#######################################################
From:
https://lists.debian.org/debian-devel/2 ... 00018.html
Wookey wrote: Ah yes. E-busy. Just uploaded 'prevent-systemd'. Whilst it's sat in NEW, you can get it from:
http://wookware.org/software/repo/
i.e.

Code: Select all

deb http://wookware.org/software/repo/ sid main 
You get a choice of 'prevent-systemd' which stops it running as init
but allows the -shim and libpam packages so that logind and the like
will work. Or 'systemd-must-die' which conflicts with everything
systemdish. There may be a need for an intermediate package too, but
lets see how this goes for people.

Wookey
Lots more talk follows, and a mite closer to whatever the solution finally ended up to be (if it has), seems to be here:

From:
https://lists.debian.org/debian-devel/2 ... 00078.html
Wookey wrote:
Lars Wirzenius wrote:
Wookey wrote: You get a choice of 'prevent-systemd' which stops it running as init
but allows the -shim and libpam packages so that logind and the like
will work. Or 'systemd-must-die' which conflicts with everything
systemdish.
Wookey,

Please rename the systemd-must-die package to something neutral. Thank
you.
OK. I did rename the source package, but I liked the binary and thought
anyone else who actually wanted this would enjoy it too, so it seemed
appropriate despite not being entirely 'PC'.

I think some people are failing to see the humour in this name
(and Dawkins knows we could use some humour round this subject), but I
guess if it's not going to be allowed then it's not going to be
allowed.

Wookey
--
Principal hats: Linaro, Emdebian, Wookware, Balloonboard, ARM
http://wookware.org/

From:
https://lists.debian.org/debian-devel/2 ... 00223.html
Thorsten Glaser wrote: OT: prevent-systemd-*_9_all.deb are in my repo. Wookey, feel
free to use the changes I made as suggestions for yours.
As usual, Origin/Bugs are repo-specific, and to be removed
for the main archive.

bye,
//mirabilos

None of the above statements/attitudes/ways-to-go/other have found consesus among the DDs (Debian Developers), and the packages prevent-systemd / systemd-must-die I don't know how to use them to accomplish the purpose of living without systemd. It's now one month and more later, not such long time later on...

I support this view:
From:
https://lists.debian.org/debian-devel/2 ... 00137.html
Thorsten Glaser wrote: Furthermore, the TC(-chairman) decision only was the default
init system for the Linux ports of jessie. This means that
• installing jessie with other init systems
• switching between init systems
• default init system for kFreeBSD ports
• default init system for Hurd port
• which non-default init systems are there?
are still on the table. (Due to Debian’s requirements for sane
upgrades, running a jessie system that was upgraded from an older
release with sysvinit MUST be fully supported, anyway.)

That statement has not found any consensus either.

I'm on the most used of all, the AMD64 system, and I suppose many other amd64 Debian users will want to be able to choose systemd-free install.

The above, is the gist for anyone who is not necessarily interested in reading how the Debian Developers fight it out for the right (IMO: non-systemd, or systemd-free) or the wrong causes (IMO: anything that generally windozes GNU/Linux, most notably poetteringware, after Lennart Pöttering).

I hope the above will reduce the reading time of the original thread for at least some users.

After all, not even Lennart Pöttering himself read the whole story, and it's not at all so repetitive, just too detailed and really very polarized, with lots of conflicting views/attitudes/you-name-it for someone who wants to just find the solution (which is IMO: live systemd-free, and generally poetteringware-free). I didn't read his own article any much further than the beginning, really:

https://plus.google.com/+LennartPoetter ... RmiAQsW9qf

I researched a little further, just a little more has become clear to me, in the sense of, what end those packages (prevent-systemd / systemd-must-die) may have made, where they can be gotten from, and installed, such as on my AMD64 systems, are they available in Jessie or not... just a little.

So, I plan to post more on this quest of mine. Next.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
========= cut all underneath if verifying hashes ============
File corresponding to this post, Deb_no_LPware_140813_EDITED.txt,
has Publictimestamp # 1238792
It's an edited, for readability only, and shortened, version of the previous that was here, and which had the Publictimestamp # 1238258
--
publictimestamp.org/ptb/PTB-21395 sha256 2014-08-17 18:01:45
CE01A970329E7B2A1C6683F3147240F3E33B53C02B84D249BDB8126DFCE7D560
Last edited by timbgo on 2014-08-19 16:46, edited 3 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

naednaem
Posts: 46
Joined: 2014-07-26 09:12

Re: How to avoid stealth installation of systemd?

#2 Post by naednaem »

whats the question?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#3 Post by timbgo »

I searched on:
Debian Website search, such as:
http://search.debian.org/cgi-bin/omega? ... E=10&DB=en

which is the search for "systemd-must-die", and nothing gives.

I think I also searched for prevent-systemd, and nothing came out.

Well, nothing really, no such literal string "prevent-systemd" or "systemd-must-die" in any pages, as if the thread "How to avoid stealth installation of systemd?" never existed on:

debian.org

(which it does, it does exist, links aplenty to that thread in my previous post).

Typing ddg.gg and Enter in a blank browser window is my way of searching (I don't google, I don't trust Google)...

ddg.gg gave me back a few links... But...

But the link that it gave me:

https://twitter.com/mricordeau

and which does have both those strings to be found:
Retweeted by Michael Ricordeau
Guillaume Plessis @gui · Jul 1

Oh, two new packages in Debian : prevent-systemd & systemd-must-die https://ftp-master.debian.org/new/preve ... emd_1.html
contains however, the link that is now dead:

Namely:

https://ftp-master.debian.org/new/preve ... emd_1.html

reads:

Not Found
The requested URL /new/prevent-systemd_1.html was not found on this server.

without any apologies whatsoever.

On the other hand, I have the Jessie Jigdo debian-testing-amd64-DVD-NN.iso set of 13 DVDs that I downloaded 2014-07-22, more than three weeks ago, and they're mounted and served from the local mirror for my Debian boxes, and...

And searching in those DVDs for '*systemd*' gave a lot of packages, but searching for '*prevent-systemd*' and '*systemd-must-die*' returned nothing.

Anyone can say, are those, maybe, in the sources?

I like Debian, but I want to live free from poetteringware...

(
I don't see that I may not use that term, it is used widely in other forums, such as on Gentoo Forums, or may I not?
)
...I'm late a little on, and will postpone trying to, live without pulseaudio and D-bus [which are currently installed in my systemd AFAIK], but this systemd is kind of fresh, it must be possible to remove it and live without it easily, if Debian team keeps to maintaining freedom and choice for their users.

So, are the packages prevent-systemd & systemd-must-die in the sources, so that I can compile them after I download the DVDs from:

http://cdimage.debian.org/cdimage/weekl ... jigdo-dvd/

?

Are they somewhere else, in some other (official) repo?

I sure see that the link in the debian-devel is given to:

[pasting the link again from the first post, to ask more precise question in regard]
https://lists.debian.org/debian-devel/2 ... 00018.html
Wookey wrote: you can get it from: http://wookware.org/software/repo/
i.e.

Code: Select all

deb http://wookware.org/software/repo/ sid main
But I'm on Jessie, I'm not on Sid (the unstable IIUC), and I'm not so versed in Debian. Is that the repo to use? Is there nothing in official repos for Jessie, to use it the regular mainstrem 'apt-get install' way?

Are there any tutorials or tips on how to employ those packages, and where?
[1] <-- pls. read this late Appendix to this post, and sorry for my wandering/finding out things only while writing, really quite an effort in all, so can't rewrite it all now, thank you for bearing with me!

I can see that prevent-systemd is there for MirBSD:

https://eurynome.mirbsd.org/debs/debidx.htm

I, and likely other AMD64 users, would need something similar to what can be found on that page:

prevent-systemd-installed mirabilos metapackage to mostly remove systemd

for my systems, I guess.

Well, I think that I haven't used any harsh words, that I haven't offended anyone, and that I have in this new topic that I am trying to start, simply complied with the Code of Conduct:

https://www.debian.org/code_of_conduct

and that this topic won't be sent Offtopic.

As you can see below in the Appendix below, I'm closer to solving of this problem which I believe many other users feel similarly about too...

Anyway, I did my best to deploy this issue that I believe _kindly_ discussing it is beneficial to Debian, and which issue's solving in the above stated getting systemd-free way I believe will also be similarly beneficial to freedom and choice in Debian.

If I may add, for users unaware of the issues concerning systemd in GNU/Linux generally, I suggest to read, but keeping the useful from less useful information to be found there, my more blunt Offtopic'd thread:

Defeat and Hope for GNU/Linux
http://forums.debian.net/viewtopic.php? ... 72#p548548

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

========================================================================
Appendix
[1] I already wrote all of the text, and am in the process of figuring out much more. Namely, while the following page is not a tutorial, it tells a lot, only in terms pretty terse, as many things are that developers write, aargh...:

http://wookware.org/software/repo/incom ... 64.changes

So, I hope I can be forgiven if I now don't rewrite the whole of this post and some of the previous post, and I hope I won't be required to rewrite these lines, because I'm likely to arrive at more conclusions that might differ as I continue in my quest deployed so far in this topic, but...

...But it seems to me, that what that page says, is...:

Source: prevent-systemd
Binary: systemd-must-die prevent-systemd

... that I can use the binaries, no need to go for the sources.
Apparently, that is the only place where these two packages can be found, they're not in the official (and that fact, IMO, not this topic, is in breach of the Debian rules, such as:

Debian Social Contract
https://www.debian.org/social_contract
where it reads about [non discrimination] against any person or group of persons

and I believe that fact might be discriminatory. Does such non inclusion of these packages comply to documents such as, maybe:

Diversity Statement
https://www.debian.org/intro/diversity

does it?
========= cut all underneath if verifying hashes ============
File corresponding to this post, Deb_no_LPware_140814_EDITED.txt,
has Publictimestamp # 1238810
It's an edited, for readability only, and shortened, version of the previous that was here, and which had the Publictimestamp # 1238276
--
publictimestamp.org/ptb/PTB-21395 sha256 2014-08-17 18:01:45
CE01A970329E7B2A1C6683F3147240F3E33B53C02B84D249BDB8126DFCE7D560
Last edited by timbgo on 2014-08-19 18:05, edited 3 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

confuseling
Posts: 2121
Joined: 2009-10-21 01:03

Re: How to avoid stealth installation of systemd?

#4 Post by confuseling »

Honestly, I write long posts, but this is ridiculous.

You say you don't have time to edit it in place, well guess what, nobody has time to read it either. I scan your posts for political content, since you've been warned about it before, but I'm getting really bored of doing that.

Make them shorter, and edit them in place rather than just tacking a 'new' take on the same subject on the end, or I suspect they'll start being summarily sent to off-topic, or just plain deleted.
The Forum's search box is terrible. Use site specific search, e.g.
https://www.google.com/search?q=site%3A ... terms+here

User avatar
llivv
Posts: 5340
Joined: 2007-02-14 18:10
Location: cold storage

Re: How to avoid stealth installation of systemd?

#5 Post by llivv »

I agree,
this post does not belong in in either the Help section or the Documentation section o the forum,
but should rather be posted in the Disscussion section of this forum.
IMO,
this thread belongs in the Debian Development Sub-Topic area. http://forums.debian.net/viewforum.php?f=19

scanning it myself I see little if any political content, other then the politics of systemd,
which in itself is fraught with political innuendo, sadly.
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.

User avatar
sunrat
Administrator
Administrator
Posts: 6382
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 115 times
Been thanked: 456 times

Re: How to avoid stealth installation of systemd?

#6 Post by sunrat »

TL:DR
I get the gist of it, but I suggest the best answer to "How to avoid stealth installation of systemd?" is "Stick with Wheezy".
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#7 Post by timbgo »

Me being off, after starting this topic is not disrespect, I am not only rather old (60 in a couple of years), so not fresh in figuring out all this, and not very healthy, but have had other problems, and so haven't been available.

Thanks for the replies, folks. Have nothing to add, will just emphasize again:

pls. no conflicts, no flames.

And allow us, users who think differently the following, which I will paste over from the thread left for me to read yet (because, no, I hadn't yet read the entire thread, as I thought I did):

From:
https://lists.debian.org/debian-devel/2 ... 00143.html
Alexander Pushkin wrote:
Can we get over this now and start making Jessie the most awesome stable
release we've ever prepared together?
For some of us there will never be an awesome Debian release that at it's core contains systemd. It's core developers, Lennart Poettering and Kay Sievers, work for a company that has multi-billion dollar contracts with NSA. It is your choice to assume good faith on their part. It is our choice not to.

Please respect our decision to stay away from systemd and still be Debian users. If possible, please, don't resist changes that make our lives easier.
Alexander Pushkin, the author of the above massage, was asked later to substantiate his claim with evidence, and anyway I just wrote a letter to most of the authors of the messages that I report in this topic, or are involved in them, including him, so his position, which to me doesn't look at all far-fetched or conspiratorially-theoretical, I hope may be clarified at some later date.

However, what Thorsten Glaser, mirabilos, writes in a folloup to Alexander's message, is entirely evidently here already (for systems from Testing branch today, and so for stable Debian of tomorrow, unless corrections in this systemd-or-go-away behavior is not mended in among the Debian Team), in real world Debian boxes:

From:
https://lists.debian.org/debian-devel/2 ... 00185.html
Thorsten Glaser wrote:
Russ Allbery wrote: systemd is open source. Every line of code is available to you to read. If you think the NSA has hidden some strange back-door in systemd, please
You know, backdoors are not only code vulnerabilities.

systemd is a backdoor in that, like the availability of Steam games for DDs, it has a chance to hinder the progress of all projects done in the spare time of the people affected.

systemd is a backdoor in that, by means of vendor lock-in, it will make future subversing a system easier, because there will be no alternative implementation of
* init
* syslog
* ntpd
* dhcp, IIUC
* udev
* dbus
* and whatever else systemd is going to ship or push into the kernel any more, to which people could switch in case of a fatal emergency with the systemd-provided code.
Didn't I say I may come to possibly differing understanding than in my previous posts here? No, I haven't yet, but I don't know among the two: apt-pinning or conflicting packages. Read on.

From:
https://lists.debian.org/debian-devel/2 ... 00220.html
Juliusz Chroboczek wrote: Coming back to the subject at hand, this thread has been pretty productive in showing that I'm not alone in wanting my servers and my netbook to run Debian without systemd (I've given up on my full-fledged desktops, for better or worse), and in showing that it can be achieved with the existing mechanisms (apt pinning). I have good hope that the systemd maintainers will take this minority of users into account in their further development.

-- Juliusz
A reminder: Juliusz is the Original Poster of the thread in debian-devel that I based this topic on, and from... So he is opting here for the pinning method, see: "can be achieved with the existing mechanisms (apt pinning)" above... Hmmmh...

From:
https://lists.debian.org/debian-devel/2 ... 00222.html
Tollef Fog Heen wrote: I (and I believe I speak for all the systemd maintainers) bear no ill
will against non-systemd users and will try to avoid breaking stuff for
them, but it's also a use case we don't hit, so breakage there is less
likely to be seen by us. We'll do our best to fix it when reported, of
course.
That's a nice attitude. Much easier to get on with systemd supporters/developers who don't work against us users (or developers for that matter) who _don't want_ systemd in our Debian machines.

So, I just wrote to the developers asking for help, here on System configuration section of the Debian Forums (or elsewhere if they decide so), where (in this System configuration section of the Forums) I believe this topic rightfully belongs to, unless the Debian Administrators assume the systemd-or-go-away attitude towards us users, which I hope is not going to happen.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
==== cut this line and all underneath if verifying hashes ====
File corresponding to this post, Deb_no_LPware_140816_EDITED.txt,
has Publictimestamp # 1238858
It's an edited, for readability only, and shortened, version of the previous that was here, and which had Publictimestamp # 1238480
--
publictimestamp.org/ptb/PTB-21414 sha256 2014-08-20 03:01:46
ED13D697C8D181BDF456AE74C06FD8A18991F3C956C0A2AB9FB79E072DE0A3EA
Last edited by timbgo on 2014-08-20 05:08, edited 2 times in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#8 Post by timbgo »

This is who I sent the message Saturday 14:58 CET (which I believe is GMT+2):

wookey _at_ wookware dot org
tg _at_ debian dot org
alex904633 _at_ mail dot ru
vorlon _at_ debian dot org
jch _at_ pps dot univ-paris-diderot.fr
steve _at_ einval dot com
alessio _at_ debian dot org
stse+debian _at_ fsing dot rootsland.net
preining _at_ logic dot at

And this is what I sent:

http://www.croatiafidelis.hr/gnu/pts/De ... RAPPED.txt

( there are other files in that directory:
http://www.croatiafidelis.hr/gnu/pts/
all starting with "Deb_DD_mail_140816cor", some are signatures, some publictimestamps. The domain is fine, the hosting is great, just if some leviathans, read below on those, start eating small fry and you can't open those, pls., do tell here openly! I'll do what I can, when I can; I have had attacks on my websites, on my SOHO, even had connection to the internet cut off at times, or for loong period had it down at desperately and miserably slow... )

It and those can be downloaded and read from there what I wrote. Do tell if it were to be blocked for you somehow.

However, like I haven't seen in long time, last night and today: no messages, and knowing that some of the above, like Wookey and mirabilos (the first two addresses), the Russian (third address)... and also Juliusz who started the thread, would probably have replied to my message...

Knowing their concern and their views in regard to the matter of this topic, I worry that they may have not received my electronic mail.

Surely some of the above DDs may have been busy to even look up their mailbox. Sure. But how likely is it that all of them have?

As it goes with the electronic mail, you don't know if, to any of the addresses I sent to, my mail actually arrived. There are very powerful Leviathans, well more like huge, very huge octopuses with tentacles everywhere... in this medium encircling the globe that to them is like transparent waters, through which packets of messages like mine swim like small fry... those can do pretty much anything with such...

I don't know, I'm guessing...

Or, if these fine Debian Developers have replied, I worry that they could be led to believe how I might not be serious about the matter.

I have regard for other Debian Developers who I wrote to above, even if I tell some of them off a little sometimes. I actually chose who to write to based on who discussed the matter, not only who I agree with on the matter discussed. I don't talk behind people's back.

And I am earnest about this matter which I wrote to them about.

So I hereby kindly ask the friends and acquantainces of the above developers, who will recognize their email addresses, to call their attention to the message that I sent them, and to the other facts about the strange lack of any emails arriving in my mailbox, almost none from anywhere, for the latest some cca 24 hours.
Thanks in advance!

Else, regardless of previously having decided that I wasn't qualified to participate in the discussion on the debian-devel, I will have to try and inform the DD list briefly of this topic "How to avoid stealth installation of systemd?" on this System configuration section on our Debian Forums, that is started by me with the input of hours upon hours long sifting through their discussions in the same-name topic on debian-devel list.

I am still searching for the right solution that would enable me and other users who wish so, to have a systemd-free Debian.

Thank you everybody for your kind consideration,

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
==== cut this line and all underneath if verifying hashes ====
File corresponding to this post, Deb_no_LPware_140817_EDITED.txt,
has Publictimestamp # 1238864
It's an edited, for readability only, version of the previous that was here, and which has Publictimestamp # 1238606
--
publictimestamp.org/ptb/PTB-21414 sha256 2014-08-20 03:01:46
ED13D697C8D181BDF456AE74C06FD8A18991F3C956C0A2AB9FB79E072DE0A3EA
Last edited by timbgo on 2014-08-20 05:56, edited 1 time in total.
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
sunrat
Administrator
Administrator
Posts: 6382
Joined: 2006-08-29 09:12
Location: Melbourne, Australia
Has thanked: 115 times
Been thanked: 456 times

Re: How to avoid stealth installation of systemd?

#9 Post by sunrat »

Could an admin please move this thread to General Discussion? I would move it to Meaningless Fluff if I was an admin.

@ timbgo - if you cant be bothered editing your posts to important paragraphs, you are failing to engage anyone reading. You may have a valid point of view but I'm not going to read any more if you can't remove irrelevant sections like email headers and hashes.
“ computer users can be divided into 2 categories:
Those who have lost data
...and those who have not lost data YET ”
Remember to BACKUP!

User avatar
deltaflyer
Posts: 282
Joined: 2007-10-02 18:03
Location: EastAnglia,U.K.

Re: How to avoid stealth installation of systemd?

#10 Post by deltaflyer »

moved to General Discussion
free your computer,use opensource

naednaem
Posts: 46
Joined: 2014-07-26 09:12

Re: How to avoid stealth installation of systemd?

#11 Post by naednaem »

timbgo wrote: I am still searching for the right solution that would enable me and other users who wish so, to have a systemd-free Debian.
I assume you would just NOT install systemd or anything that pulled in systemd. I am not sure you are going to find the result to be satisfactory though...

It does seem any bug about systemd non-usage is just going to be closed. *sad*


Another juicy thread which discussed systemd - https://lists.debian.org/debian-devel/2 ... 00479.html

naednaem
Posts: 46
Joined: 2014-07-26 09:12

Re: How to avoid stealth installation of systemd?

#12 Post by naednaem »

Personally I would say that shim is a sham. I don't think it is maintainable. I also think developers will focus on being systemd compatible and any 'alternative' init system will have to handle use/conversion cases not them. So, in my opinion, like it or not, systemd will be your init system sooner or later.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#13 Post by timbgo »

sunrat wrote: @ timbgo - ...[snip]...
I'm not going to read any more if you can't remove irrelevant sections like email headers and hashes.
You kind of want to see me banned? for using:
http://www.publictimestamp.org
which is what I am doing where the hashes are.
naednaem wrote:
timbgo wrote: I am still searching for the right solution that would enable me and other users who wish so, to have a systemd-free Debian.
I assume you would just NOT install systemd or anything that pulled in systemd. I am not sure you are going to find the result to be satisfactory though...

It does seem any bug about systemd non-usage is just going to be closed. *sad*
Thanks, naednaem!
naednaem wrote:Another juicy thread which discussed systemd - https://lists.debian.org/debian-devel/2 ... 00479.html
Looking into it. (I work really slowly.)
EDIT: In that thread I found another useful tip in this message:
https://lists.debian.org/debian-devel/2 ... 00430.html
find the string "systemd-must-die" there.
Still looking into it, argh... it's so much to sift for what is needed for this system configuration question exposed here...

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
keithpeter
Posts: 502
Joined: 2009-06-14 08:06
Location: 5230n 0155w

Re: How to avoid stealth installation of systemd?

#14 Post by keithpeter »

sunrat wrote:TL:DR
I get the gist of it, but I suggest the best answer to "How to avoid stealth installation of systemd?" is "Stick with Wheezy".
Especially if there is a Wheezy LTS following on from Squeeze LTS, and a non-systemd Jessie might be possible which gives another 3 to 5 years with LTS. Slackware would allow compilation from source for any more recent applications that themselves do not have systemd dependencies. The slackers seem to support releases for around 5 years or so. EL6 distros have support until 2020. The bsd based distros can't be using systemd I gather because of deps on Linux kernel (I might have that wrong).

Interesting times but choices will exist I think.

naednaem
Posts: 46
Joined: 2014-07-26 09:12

Re: How to avoid stealth installation of systemd?

#15 Post by naednaem »

timbgo wrote: find the string "systemd-must-die" there.
I highly doubt that anyone will get a package like that into the debian repo so you will need to get that package from a 3rd party repository.

But it sounds as if the only thing that package does is try to block the installation of systemd as well as anything that relies on systemd. I would suspect that unless you pin/hold that package that it will likely just be removed if you try to install something systemd related. You could just as easily pin/hold the proper sysv packages and.or pin the systemd packages so that they arent installed.

Having a system without systemd probably isnt that hard...having a system with software you are familiar with without systemd is probably going to be the problem.

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#16 Post by timbgo »

keithpeter wrote:
sunrat wrote:TL:DR
I get the gist of it, but I suggest the best answer to "How to avoid stealth installation of systemd?" is "Stick with Wheezy".
Especially if there is a Wheezy LTS following on from Squeeze LTS, and a non-systemd Jessie might be possible which gives another 3 to 5 years with LTS. Slackware would allow compilation from source for any more recent applications that themselves do not have systemd dependencies. The slackers seem to support releases for around 5 years or so. EL6 distros have support until 2020. The bsd based distros can't be using systemd I gather because of deps on Linux kernel (I might have that wrong).
More food for thought! Thanks!
keithpeter wrote:Interesting times but choices will exist I think.
But, keithpeter, if we lose that choice in Debian, even though systemd was introduced only as default, and not as the sole option, GNU/Linux loses huge!
Aarghhhh!... It's my slowliness. I will need more time to study more info given here generally, esp. because also busy elsewhere.
naednaem wrote:
timbgo wrote: find the string "systemd-must-die" there.
I highly doubt that anyone will get a package like that into the debian repo so you will need to get that package from a 3rd party repository.
naednaem wrote:But it sounds as if the only thing that package does is try to block the installation of systemd as well as anything that relies on systemd. I would suspect that unless you pin/hold that package that it will likely just be removed if you try to install something systemd related. You could just as easily pin/hold the proper sysv packages and.or pin the systemd packages so that they arent installed.

Having a system without systemd probably isnt that hard...having a system with software you are familiar with without systemd is probably going to be the problem.
Just like I said: I will need more time to study more info like this one given here.

If I make it, which can not be soon, my intellectual resources, and free time, are unlikely to allow me coming up with any solution soon. But if I make it, I'll check with people like you guys, and if no one else will, I'll make a tip of the same (EDIT: or maybe better just similar) name as this topic in the Tips and Tricks section of Debian Forums (where I already have tips that are followed somewhat, such as with the jigdo-automate-script and on grsecurity install).

But if anyone else does such a thing so Debian remains non-systemd as option for hopefully multitude of users, a big thanks to him or her!

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

User avatar
edbarx
Posts: 5401
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E
Been thanked: 2 times

Re: How to avoid stealth installation of systemd?

#17 Post by edbarx »

I think an attempt at a solution may be implementing an interface between init and the superstructure above it so that whatever is dependent upon systemd sees it but gets any services from init instead. This is done in WINE for MS Windows executables which expect to find MS Windows. A reimplementation of init or systemd is quite a daunting task, that is why I think a compatibilty layer is a more feasible solution.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.

User avatar
llivv
Posts: 5340
Joined: 2007-02-14 18:10
Location: cold storage

Re: How to avoid stealth installation of systemd?

#18 Post by llivv »

edbarx wrote:I think an attempt at a solution may be implementing an interface between init and the superstructure above it so that whatever is dependent upon systemd sees it but gets any services from init instead. This is done in WINE for MS Windows executables which expect to find MS Windows. A reimplementation of init or systemd is quite a daunting task, that is why I think a compatibilty layer is a more feasible solution.
edbarx- I just got a 64 bit /uefi system to replace my 12 year old i386 box and wanted to ask you what you thought the possibilities of switching my i386 installs to amd64 which I have just now installed my first 64 bit kernel on.
With a two hard disk, backed - up, grub legacy booting all installs from either disk.
I want to try adding uefi capabilities to both disks while keeping grub-legacy compatibility ( if I ever want to switch out the mobos again and boot normally on the old non-uefi mobo using my current grub legacy boot menus.
I'll search for your post where you explained uefi in a way that looked like the best most basic concept I've read so far for uefi and post my questions above to that thread with output of disk stats and more definitions, later as time permits.

Regarding your quoted post above, It seems to me that you are thinking along the lines of how it's done using windows and suggestioning using windows type method(s) to fix systemd compatibility when using Debian.
Call me nuts, but I'll bet that is close to the core of the issue with systemd in the first place.
At least that is my opinion, currently.
Yes, probably easier to add a compatibility layer, but should we be using windows methods to build Linux workarounds?
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.

newgnudude
Posts: 5
Joined: 2014-08-19 13:13

Re: How to avoid stealth installation of systemd?

#19 Post by newgnudude »

edbarx wrote:I think an attempt at a solution may be implementing an interface between init and the superstructure above it so that whatever is dependent upon systemd sees it but gets any services from init instead.
Any idea how hard that would be?

I noticed you stated the same thing in http://forums.debian.net/viewtopic.php?f=20&t=116860 but did not reply again.

Maybe you would like to answer some of the concerns brought up in the other thread since you are still proposing the same idea as a solution?

timbgo
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

#20 Post by timbgo »

Hi, Maltese (that's edbarx, my fellow European)!

I first wish to inform the reading public there is another one topic on basically the same issue as this topic that you are reading right now. The other one is:

The future with Systemd
http://forums.debian.net/viewtopic.php?f=20&t=116860

(and the Maltese started it).

I think I concur with llivv that we should not be
llivv wrote:using windows methods to build Linux workarounds
and also Wine would introduce more vulnerabilities into my system.

Also, I fear it is not a solution tha can be so easily explained and recommended, like I managed, with some success, to explain, for beginners or early inremediate level users, how to compile Grsecurity enabled kernel. I'll give a link to it:

Grsecurity/Pax installation on Debian GNU/Linux
http://forums.debian.net/viewtopic.php? ... 96#p550383

I gave the link, because it really would be great if someone made a your-machine-without-systemd-howto Tip, that people could use.

Probably if one would wait for me to do it, it would be weeks if not months, and could already be late, if it would be at all.

My wish is that regular Joe users [1] be given tips from you more capable guys on how to free their machines from systemd if they want to, because that is what is sorely missing (as far as simple Joe users) [2].

That also would make for some democratic pressure on developers to give us a non-systemd option, exactly the kind of pressure some of them are actually craving for, and would finally make that option maistream.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

[1] including me to large extent as far as Debian; I know the way to free me of it in Gentoo
[2] But a genuine Debian way to do it, not through Wine
Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Anyone can dismiss these: kernel hooks for rootkits
linux capabilities for intrusion?

Post Reply