How to avoid stealth installation of systemd?

Here you can discuss every aspect of Debian. Note: not for support requests!

Re: How to avoid stealth installation of systemd?

Postby timbgo » 2014-08-19 06:18

keithpeter wrote:
sunrat wrote:TL:DR
I get the gist of it, but I suggest the best answer to "How to avoid stealth installation of systemd?" is "Stick with Wheezy".

Especially if there is a Wheezy LTS following on from Squeeze LTS, and a non-systemd Jessie might be possible which gives another 3 to 5 years with LTS. Slackware would allow compilation from source for any more recent applications that themselves do not have systemd dependencies. The slackers seem to support releases for around 5 years or so. EL6 distros have support until 2020. The bsd based distros can't be using systemd I gather because of deps on Linux kernel (I might have that wrong).

More food for thought! Thanks!
keithpeter wrote:Interesting times but choices will exist I think.

But, keithpeter, if we lose that choice in Debian, even though systemd was introduced only as default, and not as the sole option, GNU/Linux loses huge!
Aarghhhh!... It's my slowliness. I will need more time to study more info given here generally, esp. because also busy elsewhere.

naednaem wrote:
timbgo wrote:find the string "systemd-must-die" there.

I highly doubt that anyone will get a package like that into the debian repo so you will need to get that package from a 3rd party repository.


naednaem wrote:But it sounds as if the only thing that package does is try to block the installation of systemd as well as anything that relies on systemd. I would suspect that unless you pin/hold that package that it will likely just be removed if you try to install something systemd related. You could just as easily pin/hold the proper sysv packages and.or pin the systemd packages so that they arent installed.

Having a system without systemd probably isnt that hard...having a system with software you are familiar with without systemd is probably going to be the problem.

Just like I said: I will need more time to study more info like this one given here.

If I make it, which can not be soon, my intellectual resources, and free time, are unlikely to allow me coming up with any solution soon. But if I make it, I'll check with people like you guys, and if no one else will, I'll make a tip of the same (EDIT: or maybe better just similar) name as this topic in the Tips and Tricks section of Debian Forums (where I already have tips that are followed somewhat, such as with the jigdo-automate-script and on grsecurity install).

But if anyone else does such a thing so Debian remains non-systemd as option for hopefully multitude of users, a big thanks to him or her!

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
timbgo
 
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

Postby edbarx » 2014-08-19 07:10

I think an attempt at a solution may be implementing an interface between init and the superstructure above it so that whatever is dependent upon systemd sees it but gets any services from init instead. This is done in WINE for MS Windows executables which expect to find MS Windows. A reimplementation of init or systemd is quite a daunting task, that is why I think a compatibilty layer is a more feasible solution.
Debian == { > 30, 000 packages }; Debian != systemd
The worst infection of all, is a false sense of security!
It is hard to get away from CLI tools.
User avatar
edbarx
 
Posts: 5398
Joined: 2007-07-18 06:19
Location: 35° 50 N, 14 º 35 E

Re: How to avoid stealth installation of systemd?

Postby llivv » 2014-08-19 12:59

edbarx wrote:I think an attempt at a solution may be implementing an interface between init and the superstructure above it so that whatever is dependent upon systemd sees it but gets any services from init instead. This is done in WINE for MS Windows executables which expect to find MS Windows. A reimplementation of init or systemd is quite a daunting task, that is why I think a compatibilty layer is a more feasible solution.

edbarx- I just got a 64 bit /uefi system to replace my 12 year old i386 box and wanted to ask you what you thought the possibilities of switching my i386 installs to amd64 which I have just now installed my first 64 bit kernel on.
With a two hard disk, backed - up, grub legacy booting all installs from either disk.
I want to try adding uefi capabilities to both disks while keeping grub-legacy compatibility ( if I ever want to switch out the mobos again and boot normally on the old non-uefi mobo using my current grub legacy boot menus.
I'll search for your post where you explained uefi in a way that looked like the best most basic concept I've read so far for uefi and post my questions above to that thread with output of disk stats and more definitions, later as time permits.

Regarding your quoted post above, It seems to me that you are thinking along the lines of how it's done using windows and suggestioning using windows type method(s) to fix systemd compatibility when using Debian.
Call me nuts, but I'll bet that is close to the core of the issue with systemd in the first place.
At least that is my opinion, currently.
Yes, probably easier to add a compatibility layer, but should we be using windows methods to build Linux workarounds?
In memory of Ian Ashley Murdock (1973 - 2015) founder of the Debian project.
User avatar
llivv
 
Posts: 5488
Joined: 2007-02-14 18:10
Location: cold storage

Re: How to avoid stealth installation of systemd?

Postby newgnudude » 2014-08-19 13:44

edbarx wrote:I think an attempt at a solution may be implementing an interface between init and the superstructure above it so that whatever is dependent upon systemd sees it but gets any services from init instead.

Any idea how hard that would be?

I noticed you stated the same thing in viewtopic.php?f=20&t=116860 but did not reply again.

Maybe you would like to answer some of the concerns brought up in the other thread since you are still proposing the same idea as a solution?
newgnudude
 
Posts: 5
Joined: 2014-08-19 13:13

Re: How to avoid stealth installation of systemd?

Postby timbgo » 2014-08-19 14:55

Hi, Maltese (that's edbarx, my fellow European)!

I first wish to inform the reading public there is another one topic on basically the same issue as this topic that you are reading right now. The other one is:

The future with Systemd
viewtopic.php?f=20&t=116860

(and the Maltese started it).

I think I concur with llivv that we should not be
llivv wrote:using windows methods to build Linux workarounds

and also Wine would introduce more vulnerabilities into my system.

Also, I fear it is not a solution tha can be so easily explained and recommended, like I managed, with some success, to explain, for beginners or early inremediate level users, how to compile Grsecurity enabled kernel. I'll give a link to it:

Grsecurity/Pax installation on Debian GNU/Linux
viewtopic.php?f=16&t=108616&p=550296#p550383

I gave the link, because it really would be great if someone made a your-machine-without-systemd-howto Tip, that people could use.

Probably if one would wait for me to do it, it would be weeks if not months, and could already be late, if it would be at all.

My wish is that regular Joe users [1] be given tips from you more capable guys on how to free their machines from systemd if they want to, because that is what is sorely missing (as far as simple Joe users) [2].

That also would make for some democratic pressure on developers to give us a non-systemd option, exactly the kind of pressure some of them are actually craving for, and would finally make that option maistream.

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr

[1] including me to large extent as far as Debian; I know the way to free me of it in Gentoo
[2] But a genuine Debian way to do it, not through Wine
timbgo
 
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

Postby timbgo » 2014-08-19 15:15

I found this superb recount in the thread previously suggested by naednaem:

Re: SV: MATE 1.8 has now fully arrived in Debian
https://lists.debian.org/debian-devel/2 ... 00455.html

Simon McVittie wrote:
On 25/06/14 15:43, Svante Signell wrote wrote:Regarding mate desktop policykit-1 build-depends on libsystemd-login-dev only for linux-any. What functionality is missing for other architectures?


The interesting dependency chain is:

Code: Select all
policykit-1 Depends libpam-systemd [linux-any] (degraded functionality
                                                on !linux)
libpam-systemd Depends systemd (i.e. systemd binaries are installed)
libpam-systemd Depends systemd-sysv (i.e. systemd is pid 1)
                    or systemd-shim (i.e. systemd-logind runs, but
                                          systemd is probably not pid 1)


Runtime dependencies on systemd support libraries like libsystemd-login0 are harmless for people who don't want to run the systemd-logind daemon, the same way a dependency on libselinux0 has no effect on people who don't boot Linux with SELinux enabled.

At a guess, the desired capability here is the ability to have policies of the form "users may $verb, but only if they are logged-in locally, not from a remote login or a cron job". $verb might be something like "suspend the computer", "reconfigure networking" or "use the microphone/webcam to record the local user of the computer", for instance; it's fine for a sysadmin to be able to set up users who can do those things remotely, but the sensible default for all of them is "only if you're logged-in locally".

In Debian 7, PolicyKit could answer the question "is Svante logged-in locally?" by asking ConsoleKit. ConsoleKit is no longer maintained upstream, so in the current version of PolicyKit, the only implementation of an answer to that question is asking systemd-logind, which CK's upstream maintainers consider to have superseded CK. In the absence of systemd (or an actively-maintained ConsoleKit code path), the best available answer to "is Svante logged-in locally?" is "I have no idea, assume 'no'".

#751028 (policykit-1's dependency on libpam-systemd, which is the component that tells systemd-logind that you are logged in locally, and depends on systemd-logind itself) is marked wontfix. I would guess that this is because the maintainers of policykit-1 are not willing to deal with the support burden of users opening bugs of the form "PolicyKit won't let me $verb" which turn out, after investigation, to be because they do not have libpam-systemd installed.

In practice, many (most?) of the actions controlled by PK have a default policy of "only if you're logged-in locally", so the lack of logind is a significant functionality loss: you'd need to give the root password or add additional local group-based PK policies to be able to do a lot of "reasonable desktop things" like suspending, configuring networking, using audio.

Upstream developers in various projects increasingly oppose group-based access, because membership of many "desktop stuff" groups essentially means "can ssh in and do bad things to a local user". For instance, putting desktop users in group 'audio' or 'video' is no longer a requirement for access to sound cards on systems with systemd-logind (it hands out access using temporary ACLs instead) - which is just as well, because putting those users in a group with permanent rw access to the sound device or webcam would essentially mean they can ssh in while someone else is using a computer, and spy on what is said near it.

Svante Signell wrote:What about libselinux for olicykit-1, this dependency is also linux-any.


The ability to have policies of the form "users may $verb if they do so from a process in the foo_t SELinux context", presumably.

S


That is one of the main points of the thread, so far (another huge read in my quest)... I hope you readers like it too.

EDIT START: I think I make the first four posts of mine at the start of this topic much much clearer and easier to read, just now.
I allow that the objections were partly justified.
I hope anyone studying this thread will later not find _so_ many objections (some of the things, such as on my search, I can't find time (I really input a lot work in this improvement), to properly improve...

EDIT END

Miroslav Rovis
Zagreb, Croatia
http://www.CroatiaFidelis.hr
Last edited by timbgo on 2014-08-20 06:01, edited 3 times in total.
timbgo
 
Posts: 265
Joined: 2013-04-14 12:17

Re: How to avoid stealth installation of systemd?

Postby confuseling » 2014-08-19 15:33

Is it too much to ask that you write a comprehensive post first, edit it to your satisfaction, then post it? And secondly, that you try to avoid mixing subjects, to the extent that that's possible?

Nobody objects to you posting your opinions. But the length and meandering content makes them hard to read.

And it is preferable for the board (in my opinion, which doesn't carry any weight, so there you go, but I reckon quite a few people would agree), that the two sides of this are kept separate: threads that are technical in nature (how you do stuff) contain as little politics as possible, and threads that are political in nature (why you should do stuff) contain as little technical description as possible. There's nothing wrong with linking between relevant threads, but writing a single giant thread about everything creates an unnecessary headache for the poor benighted souls trying to keep this board organised...
The Forum's search box is terrible. Use site specific search, e.g.
https://www.google.com/search?q=site%3A ... terms+here
confuseling
 
Posts: 2143
Joined: 2009-10-21 01:03

Re: How to avoid stealth installation of systemd?

Postby jonathon1982 » 2014-08-19 18:05

It sounds like a lot of what systemd tries to fix is problems you would find in an enterprise environment rather than anything related to a home user.

Sound like that to anyone else?
jonathon1982
 
Posts: 10
Joined: 2014-08-19 17:01

Re: How to avoid stealth installation of systemd?

Postby golinux » 2014-08-19 19:43

jonathon1982 wrote:It sounds like a lot of what systemd tries to fix is problems you would find in an enterprise environment rather than anything related to a home user.

Sound like that to anyone else?

Sounds like you're a little late to the party . . .
May the FORK be with you!
User avatar
golinux
 
Posts: 1514
Joined: 2010-12-09 00:56
Location: not a 'buntard!

Re: How to avoid stealth installation of systemd?

Postby Randicus » 2014-08-19 22:54

jonathon1982 wrote:It sounds like a lot of what systemd tries to fix is problems you would find in an enterprise environment rather than anything related to a home user.

Sound like that to anyone else?

And which problems are those?
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: How to avoid stealth installation of systemd?

Postby golinux » 2014-08-19 23:37

Randicus wrote:
jonathon1982 wrote:It sounds like a lot of what systemd tries to fix is problems you would find in an enterprise environment rather than anything related to a home user.

And which problems are those?

Faster boot times is the one most often mentioned.
May the FORK be with you!
User avatar
golinux
 
Posts: 1514
Joined: 2010-12-09 00:56
Location: not a 'buntard!

Re: How to avoid stealth installation of systemd?

Postby Randicus » 2014-08-20 00:37

Indeed. If I could only solve the problem of reducing that one minute boot time once day, the world would be perfect.
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: How to avoid stealth installation of systemd?

Postby jonathon1982 » 2014-08-20 04:23

Randicus wrote:And which problems are those?

Rather than saying problems I should of said features that would benefit enterprise solutions, things like login management, console management, device management, fine grained permissions via ACLs, and so forth. Not to mention unifying a lot of separate components.

That isn't to say I am interested in it, then again I am not sure I will have a choice anyway.
jonathon1982
 
Posts: 10
Joined: 2014-08-19 17:01

Re: How to avoid stealth installation of systemd?

Postby Randicus » 2014-08-20 05:35

Remove the need for CLI from system administration?
Randicus
 
Posts: 2664
Joined: 2011-05-08 09:11

Re: How to avoid stealth installation of systemd?

Postby buntunub » 2014-08-28 15:02

sunrat wrote:TL:DR
I get the gist of it, but I suggest the best answer to "How to avoid stealth installation of systemd?" is "Stick with Wheezy".


You can stick with Squeeze too, now that its long term support.
User avatar
buntunub
 
Posts: 591
Joined: 2011-02-11 05:23

PreviousNext

Return to General Discussion

Who is online

Users browsing this forum: No registered users and 6 guests

fashionable