How to avoid stealth installation of systemd?

[emarsk]

Miroslav, your posts are too long, and they are repeated from the Offtopic rant. You do the movement to stop Systemd in Jessie no good service by posting like this. There is a growing movement afoot already, and from well seasoned and reasoned folks that are long time Debian users/developers. Really, there is no need to rant. Let's keep things moving in the right direction, please, and know that many Debian users feel as you do.

+1

Miroslav, I tried multiple times to read your stream of consciousness style rants, because I suspect that you can have interesting ideas to share, but I always gave up before reaching the first half of the first post.
If you want to share your thoughts, keep them short and readable and to the point. Otherwise I just assume that you don't give a **** about others being able to comprehend you.

[timbgo]

In time soon or later this text will, hopefully, be cleared out and finalized by me. Keep in mind if replying. These 30-ish words will be removed when that done. Why? Reasons given in text. Thanks.

I get kind of irony attacks (and I'll leave it to readers themselves to decide why) that I prefer to suppress when I get readers who report reading parts of my "rants" and declare them "too long, therefore next reader pls. don't read this", or tl;dr. Recently they mostly decided to declare how they weren't able to read more than just half of some of my posts which they decided to declare tl;dr, but what is fascinating is them needing to tell the world how obnoxious my posts were...

Why can't you then, OK, I accept you don't like to see me posting on Debina Forums, some of you... But why can't you then, OK, just quit reading my posts? End of story...

EDIT: Some of you people who occasionally expressed tl:dr attitude, I have to admit you do have some points. Not all the points. So I was unduly too harsh here, and as you can see, I'm revisiting this post explicitly to admit being somewhat at fault, esp. such as in the latests of the post previous to the tl:dr remarks above. Sorry.

However, the reasoning of my writing is mostly standing.

It is standing that for some two years during which the Pseudo Random Number Generator (PRNG) routine that Debian developers introduced, intentionally or incompetently, left pretty much any (IIUC) encrypting by the Debian user on his Debian OS installed machine very much useless, because for those two years all Debians in the world were perfectly decryptable by not only secret services but also by most any somewhat skilled hacker.

What I wrote above, I don't know, just like I don't know that the Earth revolves around the Sun, but I believe that it does. I likewise do believe what I wrote above, and I stand by it, because two undeniable experts have, in two completely unrelated events, declared the above to have been the case.

I should hope that no Debian distro defender will rise up to defend Debian against my alleged disparaging of it, in this post, because this is a well known fact in the IT world.

Anyway I didn't post the above recount of the two experts speeches (which I also took down parts of and offered readers the transcription, which I would like to correct just a detail or two, but time, time is very very scarce here)...

Anyway I didn't post the above recount of the speeches, of Julian Assange and Poul-Heening Kamp (they are the experts who can't be dismissed and on whose expert recounts I only repeated, in my words, above), I didn't and I wouldn't be posting those and this today's post for the sake of disparaging Debian,

Not just because I still like Debian, and still need it, but because I truly hope that it is salvageable, still salvageable, it's not yet broken so much as to abandon it.

Broken in the sense of useable for privacy computing.

I'll try and explain what I mean (as if I haven't yet, but OK).

If I can't have control over my computer in the way that, be it with great effort and care, no one else can compromise the security of my computer when I go online, as they easily could on any users' Debian computers for some two years of time during which the PRNG in all Debian machines in the world was compromised in such way that NSA or FSB or any other secret service could easily and silently read anything on the computers they were interested in, and we know that mostly those agencies harvest data indiscriminately, such as that on the eff.org (can't look up the link now, but sure it can be found and confirmed what I write here) there was talk of NSA's world tap (wiretapping the whole world)...

So if I can't have control over my computer in the way that, be it that for such result great effort and care would be needed... in the way that no one can reach through whatever that I decide to encrypt and want to keep in private in my computer...

If I can't have control over my computer in such way, but instead those leviathans like Google, the giant greatest of all friends of NSA, or small leviathans like my former provider (just recently switched to a different provider) whom I undeniably uncovered in their censorship of my emails thrown to waste right after I sent them

Postfix smtp-tls-wrapper, Bkp/Cloning Mthd, A Zerk Provider
https://forums.gentoo.org/viewtopic-t-999436.html
(zerk in the title is for beserk, on Gentoo forums)

So if I can't have control over my computer in such way as to keep it secure and private, at least say my /home/ukrainian (replace ukrainian which whichever your regular user name is) directory... well. at least if I encrypt things in there (was decryptable by those agencies and such hackers as mentioned a few paragraphs above in this post for all the two years of the PRNG Debian bug in all Debians worldwide)...

So if I can't have control over my computer in such way, well then I can't have privacy computing with installing Debian.

Now, I have, in this topic or the neighboring edbarx's topic, expressed my fear for my privacy.

Readers, tell me, can I trust Debian? Unreservedly? (No need replying: I can't, well, I surely can't *unreservedly* trust Debian, with the facts of those two year of all Debians worldwide having been with that huge security hole.)

And yet, I repeat, it is Debian who I still hope that it is recoverable to be reliably useable for privacy computing.

However, dear all you of the tl;dr syntagma, it will *not* be salvageable if you keep sweeping any whistleblowing under the carpet, it you keep telling off posters like me, and if you don't allow freedom.

What I mean, is, tell users what happened, just like you promised you would in Debian Social Contract!

Do tell! Don't istead attack people like me who tell what is happening, or dedicate terrible time to analyze and show to other users what is otherwise kind of hidden for so many... What exactly am I saying?

What exactly am I saying? I started this topic which have had a few thousand views so far, after, and I said so, at the start somewhere (of course I'm offline while writing this, I am so sparingly online because I don't feel invulnerable online with my Debian at all!, and so I can't check it while I'm writing this), after a few days of studying discusisons held where the Debian matters get decided (well that's just one of the places, but it is the place where opinions are confronted and the ensuing desicions implemented), and that is the debian-devel mail-list.

Pls. take note of the words "after a few days of studying" in the paragraph above. I had started this topic after loong study of matters of this topic.

So, what I am saying is: Do tell what is happening in Debian! And don't attack people like me who tell what is happening in Debian, after they study for loong time to find it out, and who tell what it happening in Debian to the users of Debian.

So, I hope that Debian is still salageable for privacy computing, but, dear all you of the tl;dr syntagma, it will *not* be salvageable if you keep sweeping the truth of moves and events in Debain under the carpet and attack people like me who employ their own terrible time to find out that truth and tell it to the users of Debian.

And...

And also...

And also, all you honest and loving and truthful Debian users, and I am in particular referring to the advanced, verging on becoming Debian developers with a real say on the future of Debian, like the fine people of the neighboring topic, up until now, and currently, not very cleverly named ( ) "Future with systemd"...

And also, good and advanced Debian users, Debian will *not* be salvageable if you, either of the following:

first) remain timid in these respects, instead of speaking loud and doing what you can once you see that things have started to go wrong (action there taken, as reported on the neighboring topic, and that is really comforting)

second) if you don't keep the big picture!

Do keep the big picture in your view!

It's not just systemd. And neither is it just poetteringware!

As the true expert, who evaded the most powerful agancy of the world, Julian Assange, said, it is so easy to compromise an OS... Only one program in the chain needs to be compromise and the whole OS is compromised.

And yet I stand by the claim that among the sole lines of defences left to the free world in the Orwellian age of ours is the, and I'll use the term without "GNU", which I explained is because Richard Stallman has introduced NSA SELinux in his Emacs options, but not without anything, to correct the incorrect solely "Linux" name), and yet I stand by the claim that among the sole lines of defences left to the free world in the Orwellian age of ours is:

the Debian FOSS Linux

The sole lines of defences left to the free world, as it just must be repeated: it's only FOSS, from FOSS Linux to FOSS BSD and others, all, again all of Micro$oft and all of Mac is being totally controled, no room for privacy.

And by not reducing your view to solely systemd tree in the danger forest in our story, as if the sole problem, the sole blockage and black hole on our path to getting privacy computing capable Debian, as if the sole program ruining the FOSS nature of FOSS Linux, as if the sole architecture that endangers FOSS Linux was systemd and its associates (or poetteringware by the main developer Lennart Poettering).

This goes to goulo really (I haven't seen if there have been any followups to my yesterday's very clumsy post; luckily I explained which problems were on me, should have sufficed and excused my clumsiness there:

Defeat and Hope for FOSS Linux
http://forums.debian.net/viewtopic.php? ... 15#p554026
):

You do need to see wider than just the bits of the program, brother. You do need to ask what the intentions are of those introducing those programs.

And that is why I lost my faith completely in Richard Matthew Stallman of the GNU.

SELinux, introducing SELinux, introducing that spyware into the world that is supposed to be free, the GNU world, is certainly not witlessness, because opening that world to spyware by Richard himself (he is in full charge of Emacs IIUC), is compromise of GNU, and could not have been done in some state of unawareness.

Look, the real intentions of programs in the panorama of bad-for-privacy programs from SELinux to systemd is surveilling, and then controling of us, users.

And there are very likely, very probably FONs in Debian, yes: in among the deciders at various levels, who consciously betray Debian, else that kind of moves would never even get as close as D of Debian, let alone get to be the default in Debian, such as the SELinux, because such was the enthusiasm that is left to be seen to must have been around at the time of instituting the Debian distro.

Tired. Will leave this somewhat unfinished. Also, those problems mentioned in "Defeat and Hope for FOSS Linux" are the big picture that you need to know and think about, dear users.

And the most important program if you want to defend yourself from surveillance and from being controled is Grsecurity.

[harrycaul]

http://www.linuxquestions.org/questions ... 175521593/

I'll take Godfather Vito Corleone's stance...

If they wish to poison themselves with systemd, let them. They're all hipster loving fadware coddling animals anyway, so let them lose their souls.

And as Pontius Pilate, I wash my hands of this.

[timbgo]

Corleone's stance...
If they wish to poison themselves with systemd, let them.

I wish they'd come to reason, but I don't reckon with that happening, sadly.

On another note, more saga on the betrayal of Debian values by infiltrators, who I am not an insider to know who they are, but good developers, they are not you friends! You should!

I know it from Gentoo Forums:

Why is Gentoo not switching to systemd?
https://forums.gentoo.org/viewtopic-t-9 ... ml#7629342

I think it is important enough to quote it here as well. I like most the line:

This is illicit abuse of process and they need to be prosecuted.

The entire message is available from:
https://lkml.org/lkml/2014/10/7/254
and what I provide here is amplifying the message by having it right before your eyes a fraction of a second sooner, or still after you disconnect, if you go offline after opening pages:

Code: Select all

Date	Tue, 7 Oct 2014 11:25:45 +0000
Subject	Debian "Administration" cancels systemd-shim to force systemd lock-in upon "users"

You could also work with uselessd, whether on the project itself or work on adapting a distro
to use it.

A few days ago the Debian administration ruled out any use of a systemd "substitute"
(cancelling its own systemd-shim project for desktop users) and now requires systemd whole
hog.

We knew that would happen. Accommodations are only a temporary stratagem with the systemd people. They are out to conquer. They need to be stopped, halted.

There has been no General Resolution amongst debian package maintainers. Red Hat has instituted a regulatory capture of the "bug squashing" committee within debian (the "Technical Committee") by having current or former (but stock holding) employees moonlight in debian and gradually gain membership in that comittie.

Once their numbers were sufficient they proceeded to file a bug report on the fact that systemd was not standard in debian.

This is illicit abuse of process and they need to be prosecuted.

Debian is an unincorporated association. It has bylaws, trade practices, and dealings by which it was governed. The RedHat associated members of the Technical Committee have illegally and in bad faith abused their positions in-order to realize financial and strategic gain for their employer.

Curiously, I wasn't able to see other messages in that thread, from lkml.org. Could be against me only, some filtering, for some error, could be wider, don't know.

[twoflowers]

Now this was enlighening, but I has seen it comming, too. FreeBSD looks more and more attractive.

[PAP]

I hate to say this, but the best way to avoid stealth installation of systemd is to switch to another distro that doesn't use it. It is sad, but true.
I really hate to say this, because after trying several distros for years, I ended up using Debian for more than 10 years now (the "testing" version). Since then, I never thought to switch to another distro... until the systemd plague hit the Debian community (some even like it).
There is no need to start another flame war about systemd and poettering-crapware in general; no need to mention his haughty messiah style either. The internet is full of it. The fact is, I decided not to use systemd - and Debian doesn't really give me the option not to use it.

For more than one year, I keep my Debian installation systemd-free, but as more and more packages rely on it, it is obvious I will not be able to do that forever. I am about to buy a new desktop computer and, under these circumstances, I will not pick Debian as my OS for that new computer. No time to cope with avoiding systemd in a distribution that defaults to it. Yes, I can still avoid it, but for how long? Latest addition in my blacklist was hplip, which depends on systemd. Now I have to find another way to be able to configure/use my printer (cups, apparently, but it doesn't support all my printer's features).
What about tomorrow? Another package will start to depend on systemd, so i will need to find an alternative, then another one, and so on. Sadly, migrating to another distro (quite probably Slackware) seems to me the best way to avoid stealth installation of systemd.

I understand Miroslav's motivation to keep using Debian while still boycotting systemd; I want the same too. But it seems futile to me. Since April 25, systemd is the default even for the officially stable Debian distro. We knew it was coming, now it's here. And, as systemd fanatics love to say blatantly, it came to stay. That would be ok for me, as long I could still have the option not to use it. But Debian does not really give me that option.

[golinux]

@PAP . . . Devuan will provide a systemd-free Debian-based option. Check out Devuan on gitlab

[PAP]

@PAP . . . Devuan will provide a systemd-free Debian-based option. Check out Devuan on gitlab

I am aware of Debuan, but it seems it will take a long time till released and being comparable to Debian. There is a lot of work to be done, and I can only see it coming in the distant future. In the meantime, I have a few computers here, and they all need a working GNU/Linux distro, systemd-free. Sadly, that distro can't be Debian anymore; believe me, this is the most sad statement I ever made about Linux.

[mor]

… and Debian doesn't really give me the option not to use it.

You mean that it is impossible not to have any trace of systemd on your system, or that, on Debian, systemd must be installed and run as PID 1 in any case?

Because although I have never tried to, I'm told that as long as one is not religious about having a few libraries installed (that do not require systemd to be in charge!), running a systemd-free system is still quite possible.

Cheers

[golinux]

That depends on your definition of systemd-free, of course. I wouldn't trust even one lib not to act as a gateway to a future lockin.

[edbarx]

golinux, don't waste your time. You are talking to someone who intently differentiates between running the systemd daemon as PID1 and running auxiliary code, also referred as libraries, from systemd. systemd as PID1 would be running code, while code from systemd libraries, oddly enough, would be something else.

[Head_on_a_Stick]

The fact is, I decided not to use systemd - and Debian doesn't really give me the option not to use it.

Code: Select all

# apt-get install sysvinit
# update-grub

You will then find an option to boot with SysVinit as PID1 in the GRUB menu under "Advanced Options" -- you can make this the default entry by editing /etc/default/grub & running `update-grub` again.

More information here:
https://wiki.debian.org/FAQsFromDebianUser#systemd

@edbarx -- may I ask what the problem with the libraries is?

From the Debian-user mailing list FAQ I have linked above:

Please note the library is only used by other packages when they need to interact with systemd (or one of its components) and is otherwise inert.

I am pretty n00b so I would appreciate your opinion on this.

[oswaldkelso]

I would suggest you try and upgrade from a systemd-free debian without installing any systemd en route. To my mind that seems to be the problem. I don't care if you use systemd. I do care if I have to use systemd to not use systemd. That seems to be the main issue.

[PAP]

Maybe I was not so clear.... I do not have systemd installed, and I still use Debian. I already have sysvinit as my default init. I am also aware of systemd-shim, which at least avoids the systemd init service.
But all that are not what I want. I want complete, total absence of any systemd trace, and still being able to use the packages I used before. Sadly, this is NOT the case anymore, even though I upgraded from previous systemd-free distros (I actually didn't install a fresh Debian for years now - just upgraded regularly).
I don't mind about Gnome being dependent on systemd - I don't use Gnome anyway. I am talking about systemd dependencies that make little or no sense at all - including "essential" packages. I already had to accept the fact i cannot avoid libsystemd0 because of that. But there is more: almost every time I upgrade, I have to blacklist packages I previously used because they are now systemd-dependent, like network-manager, hplip, K3b, and many others. The way it goes, we will have even Xterm being dependent on poettering-crapware one day, without the option to still use the package while not using systemd.

You are talking to someone who intently differentiates between running the systemd daemon as PID1 and running auxiliary code, also referred as libraries, from systemd. systemd as PID1 would be running code, while code from systemd libraries, oddly enough, would be something else.

This is not nice. You assume I "intently differentiate between running the systemd daemon as PID1 and running auxiliary code". I will answer you the way you behave (which, by the way, is only a little less rude than Poettering's reaction when someone says he dislikes his monolithic crapware): What part of "more and more packages are systemd-dependent and I have to blacklist them" don't you understand?

[golinux]

Have you looked at these from dzz? This was posted to the Devuan list a few weeks ago. I would send a link but currently the mail archives are down:

I posted two new live iso's with no *systemd* (yes that means also no
libsystemd0) with installers and remaster tools:

xfce4 (Refracta-based):
http://www.exegnulinux.net/refracta/iso/

Trinity Desktop Environment (the fork of KDE3):
http://www.exegnulinux.net/downloads/jessie/

Some debs here (including consolekit2) maybe not yet available elsewhere:
http://www.exegnulinux.net/refracta/exp ... nosystemd/

Thanks to all others who have compiled systemd-free debs.

http://packages.devuan.org/devuan/
http://angband.pl/debian/

Please note none of my work is "official" Devuan (nor Refracta).

[mor]

Ed you're wrong (if you were referring to me as I think, but I see PAP thinks you were referring to him), I don't have a clue about what that means, I'm only referring to the opinion of a few people with strong feelings against systemd I read along the way, who argue that there should be a little more sanity about how invasive systemd really is.
Judging by some comments here and elsewhere it seems that we are just minutes away from having to purchase systemd merchandise in order to be able to operate Debian or any other distro for that matter.

That depends on your definition of systemd-free, of course. I wouldn't trust even one lib not to act as a gateway to a future lockin.

Indeed, the point I was trying to make is that some users, like you, don't trust the mere presence of a few libraries that do not really do much beside providing an interface for those packages that need it when one runs systemd.

Case in point, my question to PAP was just to verify if he was meaning that, in fact he answered:

But all that are not what I want. I want complete, total absence of any systemd trace, and still being able to use the packages I used before.

There are many examples of dependencies that one doesn't need or want but that have to be there for much other stuff to work, how is systemd different?
Ah yes, because Poettering is evil and Redhat wants to take over the world.

This is not true, you know it and the only thing that is true is that there are a few interfacing dependencies that do not require a system to be run under systemd and that certainly do not infect anything beside the irrational minds of the ones who live their anti-systemd-ism like a religion.

Take you for instance, you don't "trust even one lib" but do you really know what they do?
Or are you just assuming they do harm, let alone that they will "act as a gateway to a future lockin"?
This is irrational behavior, paranoid and everything said starting from there can only be utter and complete FUD.

Well, sorry if I disturbed you.

[PAP]

Have you looked at these from dzz? This was posted to the Devuan list a few weeks ago. I would send a link but currently the mail archives are down:

I posted two new live iso's with no *systemd* (yes that means also no
libsystemd0) with installers and remaster tools:
...

Looks quite promising. What about other graphical desktops? I prefer lightweight window managers. I guess I could switch to xfce since it is in that list, but what about really lightweight stuff, like WindowMaker or LXDE? Can I install them from Debian repos (they are both systemd-free at the moment) or I need to compile them from source?

There are many examples of dependencies that one doesn't need or want but that have to be there for much other stuff to work, how is systemd different?
Ah yes, because Poettering is evil and Redhat wants to take over the world.

I wonder if systemd would have been adopted by Debian and many other "major" distros, if its core developers didn't work for RedHat. Guess what, in that case either nobody would know about systemd, or nobody would even think to set that monolithic, binary-loving thing as pid 1. Not to mention how extremely invasive it is, for no apparent reason other than making everything dependent in poettering-crapware. Am I the only one thinking that this invasive behavior is quite similar to Micro$oft's way, "use our crapware, you want it or not"?

Anyway, I am not here to start a pointless flame war, but to find a solution, if any, as an old Debian user who loved Debian and would prefer not to switch to another distro. Correct me if I am wrong, but if I still want to use Debian together with the packages I used before (like hplip, for example), my options are:

(1) Accept systemd as pid 1, [No way; rejected without any further discussion.]

(2) Prevent systemd to run as an init service, but still using some components of it via systemd-shim, in order to have packages that need libpam-systemd working as before. [Far from willing to do that.]

(3) Accept libsystemd0 being on my system (as even essential packages depend on it), but blacklist everything that depends on systemd itself (directly or indirectly); wait for Debuan to be ready. [That's what I do right now; far from being convenient in any way, as very often packages I used for years become all of a sudden systemd-infected after an update, so I have to blacklist them and find a systemd-free alternative.]

(4) Stick with a systemd-free Debian. [I can't do that forever, not to mention I use gcc compilers on a daily basis and having them up-to-date is essential for my work.]

None of the above is a real solution, especially for a new desktop computer I am about to buy. Did I forget any other way?

[edbarx]

You assume I "intently differentiate between running the systemd daemon as PID1 and running auxiliary code".

My post was not referring to you but to the many who distinguish between the systemd central daemon running on a system and its auxiliary libraries like say libsystemd. Both of them are code written by the same people, who like anyone of us, have their dreams and, I dare say, priorities. I understand anyone wanting to avoid any kind of code that has to do with systemd, as the latter, represent a paradigm shift from what GNU/Linux used to be to the likes of Microsoft Windows. I am with you here, I am not a systemd supporter, nor someone who thinks of software freedom as some set of irrational beliefs that are almost as rigid as religious beliefs. In fact, I am in the long wait to install Devuan as that is only my present hope. When I succeed to install Devuan on my system, partition /dev/sda8 is patiently waiting for it to be filled, if the need arises, I intend to port the software I use assuming its complexity is not beyond my capabilities.

@mor
Well done for the exemplary way you presented your arguments. All I can say, is I commend your educated way of replying.

[NkfzGx3ok]

Both of them are code written by the same people, who like anyone of us, have their dreams and, I dare say, priorities.

Yet amusingly most of the dependencies for desktop software will be because of systemd-udevd; udev was and has been developed since 2003 by GregKH and Ksievers and they are still the main guys behind it and all these years nobody complained about it like this, suddenly systemd gets it in 2012 (because nobody else stepped up even though there was 6 month time frame given iirc) and people start losing their sh**

[mor]

I wonder if systemd would have been adopted by Debian and many other "major" distros, if its core developers didn't work for RedHat. Guess what, in that case either nobody would know about systemd, or nobody would even think to set that monolithic, binary-loving thing as pid 1.

This is completely irrelevant to the matter of you and others being "far from willing" (as you put it) to go with option 2.

Systemd is here, how it came to be has nothing to do with what you choose to do now.

Anyway, I am not here to start a pointless flame war, but to find a solution

No, you are not here to find a solution.

The solution is already there (option 2), if you feel that having a few inoffensive libs sitting on your system is not kosher enough, then you are simply looking for a place to rant, which I don't oppose, but certainly call out.

, if any, as an old Debian user who loved Debian and would prefer not to switch to another distro.

Debian is what it is, if you don't love it anymore, just move on. And remember that Debian is a DISTRIBUTION!

Debian doesn't make code, apps, programs.
They get what's there and package it.

The choice was made not to invest precious resources in fighting the "systemd doom" and whether you like it or not, the status quo is this, either systemd or whatever else with a few systemd dependencies, as a price to get all the software you want, which is systemd dependent because their upstream developers decided so, not Debian.

I think that the essence of a system without systemd is pretty much still intact and any whining about the "purity" of a system that absolutely can't have a few dependencies that do nothing, well, speaks for itself in telling what is really important for the anti-systemd fanatics. (hint: making a fuss.)

Just so you know, because maybe you didn't read my posts in several past discussion on the matter, I am not a systemd fan, even if I have been using it ever since it entered Testing a long time ago, being a Gnome user (another "sin" I suppose).
I am neutral, mostly because I don't know better and the only reason I chime in in threads like this is because I am fed up with people of the anti-systemd brigade spreading FUD and playing name-calling games in every thread and showing, for the most part, paranoia and a clear lack of understanding of the situation, pushing on in their blind faith driven crusade.

Systemd is here and is here to stay. Hopefully projects like Devuan will offer an alternative for users seeking "purity", or maybe in the end you guys will realize that option 2 is fair enough so do yourself a favor: just run the freaking system with sysvinit and a few systemd libs and get over it.

Bye