system-config-services and you
by Nils Philippsen
Hi everybody,
if you maintain a package that ships a SysV initscript, this message is
for you.
I've meant to write this mail in a long time. The overhaul of
system-config-services for Fedora 9 revealed that some of the current
SysV initscripts could be improved. System-config-services relies on the
scripts to be standard-conformant[1], which means that they must have a
certain structure (chkconfig, LSB headers)[2] and support certain
actions (start, stop, restart, status)[3] which give appropriate exit
codes[4]. Then there are scripts that technically conform to the
standard, but could make system-config-services behave better with some
changes.
I'll give some real life examples below, which are not to single out
anybody, only as reference.
The issues I have found so far are:
- Some scripts always give a zero exit code on "status" (atd).
System-config-services interprets a zero exit code as "service is
running" and doesn't let the user start a service that e.g. is actually
stopped. The error here may be that the return code of the status
function isn't properly passed to exit.
- Some scripts give erroneous exit codes on status, e.g. openvpn gives
"1" if it isn't running which is interpreted as "dead".
- Some scripts return exit codes reserved for non-status actions on
"status", e.g. rpcgssd returns 6 on "status" here, probably because it
isn't configured on my system. This will let such services be shown with
an "unknown" status, or worse, a bogus one.
- Some scripts list a pidfile in the chkconfig/non-LSB header(*), but
the daemon doesn't write it (anacron). In this case,
system-config-services will wait on that file to appear, which never
will happen so the service will always be listed as "stopped".
(*): The existence of a pidfile helps system-config-services
tremendously because it can then just monitor the actual processes and
instantly respond to status changes. The absence of a pidfile means that
system-config-services can only react to intentional status changes, but
won't detect a service dieing for whatever reason. If your service
writes a pidfile, but your script doesn't reflect it, please add the
chkconfig header "pidfile: /path/to/pidfile" and/or the LSB header
"X-Fedora-Pidfile: /path/to/pidfile" (the latter one will be supported
in future versions of the tool). If your service doesn't write a
pidfile, well, it should ;-).
- Some scripts aren't starting long-running daemons, but execute
nonrecurring actions. These often also just return a zero exit code on
"status", but this doesn't reflect if they in fact have been run or not
(udev-post). System-config-services can't tell one kind from the other,
so while this situation isn't covered by the standard, it would be very
helpful if these scripts tried to emulate a "normal" service as close as
possible. I.e. if they just touched /var/lock/subsys/<name> on "start",
removed it on "stop", ran "stop" then "start" on "restart" and let
status return 0 or 3 depending on if that files exists. This would let
the user see some reaction in the interface on their actions.
- Some scripts use backslashes for continuation in the LSB description
(xinetd). In the service description of the LSB header, you can specify
that lines are to be continued by having the next line start with
"#<tab>" or "# " (hash + two or more spaces). Using backslashes here
will let them appear in the service description which doesn't look too
well.
I've already filed some bugs on that and will do so when I come across
problematic initscripts, but I'd really appreciate if you could quickly
check your scripts against these things because I won't find everything
by myself ;-).
Thanks and feedback welcome,
Nils
[1]: https://fedoraproject.org/wiki/Packaging/SysVInitScript
[2]: https://fedoraproject.org/wiki/Packaging/SysVInitScript#Chkconfig_Header
https://fedoraproject.org/wiki/Packaging/SysVInitScript#LSB_Header
[3]: https://fedoraproject.org/wiki/Packaging/SysVInitScript#Required_Actions
[4]: https://fedoraproject.org/wiki/Packaging/SysVInitScript#Exit_Codes_for_th...
https://fedoraproject.org/wiki/Packaging/SysVInitScript#Exit_Codes_for_no...
--
Nils Philippsen "Those who would give up Essential Liberty to purchase
Red Hat a little Temporary Safety, deserve neither Liberty
nils(a)redhat.com nor Safety." -- Benjamin Franklin, 1759
PGP fingerprint: C4A8 9474 5C4C ADE3 2B8F 656D 47D8 9B65 6951 3011
15 years, 9 months
RFC: Firefox general.autoScroll to true
by Mark
Hey,
When you run firefox on windows, get on a big page and press the
scroll wheel you get this [1].
When you press it on linux in firefox you get... nothing...
It looked like mozilla intended to make it on (true) by default [2]
but could not find a later document of it.
I was planning on filing a bug report for this on bugzilla but it gave
me the message: Bugzilla will be down until 19:00 EDT for
maintenance.
So no report (for now).
The advantage of having this turned to true by default is to get the
expected behavior compared to firefox for windows.
Also reported the same "bug" on ubuntu's firefox bugs [3]
All that's needed to "fix" this is: the firefox maintainer needs to
add this line:
pref("general.autoScroll", true);
to firefox-redhat-default-prefs.js (btw.. fedora is splitted from
redhat so why not make a fedora specific prefs file like
firefox-fedora-default-prefs.js?)
And for a user that wants this turn on:
type about:config
type general.autoScroll
double click it or just change it to true
And done.
Also while looking through the firefox-redhat-default-prefs.js i
noticed that general.smoothScroll is turned on by default which is
probably because firefox is having scrolling issues with compiz
enabled. Here on my ubuntu box i have that part disabled! (actually bu
default) and compiz on and smooth scrolling (like in as smooth as in
windows)... so the "fix" is not to enable smoothscroll because that
simply reduces the lines that get scrolled when you.. scroll ^_^
[1] http://www.techspot.com/tweaks/firefox2/firefo54.gif
[2] http://kb.mozillazine.org/Talk:General.autoScroll
[3] https://bugs.launchpad.net/ubuntu/+source/firefox/+bug/254230
15 years, 9 months
Why does PackageKit depend on NetworkManager?
by Martin Langhoff
Is there anything preventing PK from connecting to the network over
non-NM-controlled network interfaces?
(I am not using PackageKit facilities, just surprised at the dependencies...)
cheers,
m
--
martin.langhoff(a)gmail.com
martin(a)laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
15 years, 9 months
New certs woes
by Martin Sourada
Hi,
I'm having several issues with the new certificates, can somebody help
me solve them? I successfully uploaded new ssh key to fas (git push on
fedorahosted.org is working for me), also I replaced the old
certificates with new ones via fedora-packager-setup. Here is the ls:
-rw-rw-r-- 1 mso mso 2725 2008-08-24 10:25 fedora-browser-cert.p12
-rw------- 1 mso mso 8557 2008-08-19 15:49 .fedora.cert
-rw-rw-r-- 1 mso mso 6162 2008-08-20 18:47 .fedora-server-ca.cert
-rw-rw-r-- 1 mso mso 6162 2008-08-20 18:47 .fedora-upload-ca.cert
However, I cannot log in to koji web interface. Firefox (after
confirming an exception for the new koji's ssh certificate) asks for my
certificate, I use the fedora-browser-cert.p12 listed above. Details of
the certificate:
Issued to: E=martin.sourada(a)gmail.com,CN=mso,OU=Upload Files,O=Fedora
Project,ST=North Carolina,C=US
Serial Number: 00:90
Valid from 19/08/08 15:49:44 to 19/08/09 15:49:44
Email: martin.sourada(a)gmail.com
Issued by: E=admin(a)fedoraproject.org,CN=Fedora Project CA,OU=Fedora
Project CA,O=Fedora Project,L=Raleigh,ST=North Carolina,C=US
Stored in: Software Security Device
Then error page appears:
Secure Connection Failed
-----------------------------------------------------------------------
An error occurred during a connection to koji.fedoraproject.org.
SSL peer cannot verify your certificate.
(Error code: ssl_error_bad_cert_alert)
-----------------------------------------------------------------------
The page you are trying to view can not be shown because the
authenticity of the received data could not be verified.
* Please contact the web site owners to inform them of this problem.
[Try again]
Any thoughts of what am I doing wrong? I deleted the old certificate
from firefox and imported the new one, also I restarted firefox numerous
times already and still no luck.
Also uploading new sources to cvs is not working for me (cvs co and cvs
update does though):
make new-sources FILES=subtitleeditor-0.22.3.tar.gz
Checking : subtitleeditor-0.22.3.tar.gz on
https://cvs.fedoraproject.org/repo/pkgs/upload.cgi...
ERROR: could not check remote file status
make: *** [new-sources] Error 255
Any thoughts what I am missing?
Thanks,
Martin
15 years, 9 months
Pungi - genisoimage not finding isolinux
by Martin Langhoff
I have am getting "genisoimage: Uh oh, I cant find the boot catalog
directory 'isolinux'!". Granted, my repository is a bit of a hack job:
I rsync from an Australian mirror (no local mirror in NZ) to a local
directory so I can generate builds while offline, and I exclude
several parts of the repo (exact rsync line below).
How does pungi/genisoimage locate the isolinux file? How can I debug/fix this?
cmdline:
$ sudo pungi --force -c kickstarts/pungi-f9-minimal.ks --nosource
--name XS --ver=0.5dev --discs=1 --nosplitmedia
error:
genisoimage 1.1.6 (Linux)
Scanning /home/martin/src/xs-livecd/0.5dev/i386/os
Excluded by match: /home/martin/src/xs-livecd/0.5dev/i386/os/repoview
Scanning /home/martin/src/xs-livecd/0.5dev/i386/os/repodata
Scanning /home/martin/src/xs-livecd/0.5dev/i386/os/Packages
Scanning /home/martin/src/xs-livecd/0.5dev/i386/os/images
genisoimage: Uh oh, I cant find the boot catalog directory 'isolinux'!
Traceback (most recent call last):
File "/usr/bin/pungi", line 189, in <module>
main()
File "/usr/bin/pungi", line 101, in main
mypungi.doCreateIsos(split=opts.nosplitmedia)
File "/usr/lib/python2.5/site-packages/pypungi/pungi.py", line 460,
in doCreateIsos
pypungi._doRunCommand(mkisofs + extraargs, self.logger)
File "/usr/lib/python2.5/site-packages/pypungi/__init__.py", line
70, in _doRunCommand
raise OSError, "Got an error from %s: %s" % (command[0], err)
>From the kickstart file:
repo --name=fedora --baseurl=file:///media/disk/xs/releases/9/Fedora/i386/os/
repo --name=everything
--baseurl=file:///media/disk/xs/releases/9/Everything/i386/os/
the first repo _does_ have isolinux.
$ ls -la /media/disk/xs/releases/9/Fedora/i386/os/isolinux
total 11892
drwxr-xr-x 2 martin martin 4096 2008-05-08 13:50 .
drwxr-xr-x 6 martin martin 4096 2008-05-08 13:56 ..
-rw-r--r-- 1 martin martin 292 2008-05-08 13:50 boot.msg
-rw-r--r-- 1 martin martin 919 2008-05-08 13:50 general.msg
-rw-r--r-- 1 martin martin 166 2008-05-08 13:50 grub.conf
-rw-r--r-- 1 martin martin 9592925 2008-05-08 13:50 initrd.img
-rw-r--r-- 1 martin martin 12331 2008-05-08 13:58 isolinux.bin
-rw-r--r-- 1 martin martin 996 2008-05-08 13:50 isolinux.cfg
-rw-r--r-- 1 martin martin 112076 2008-05-08 13:50 memtest
-rw-r--r-- 1 martin martin 817 2008-05-08 13:50 options.msg
-rw-r--r-- 1 martin martin 517 2008-05-08 13:50 param.msg
-rw-r--r-- 1 martin martin 490 2008-05-08 13:50 rescue.msg
-rw-r--r-- 1 martin martin 156211 2008-05-08 13:50 splash.jpg
-rw-r--r-- 1 martin martin 128364 2008-05-08 13:50 vesamenu.c32
-rw-r--r-- 2 martin martin 2086048 2008-05-08 13:50 vmlinuz
How I rsync the F9 repo so that it fits in my laptop (suggestions for
a better lightweight mirror welcome):
RELEASE=rsync://mirror.internode.on.net/fedora-enchilada/linux/releases/9
rsync -rlptgHv -P --progress \
--exclude ppc --exclude '*.html' --exclude SRPMS --exclude '*.ppc.rpm' \
--exclude ppc64 --exclude source --exclude x86_64 --exclude debug
--exclude repoview \
--exclude iso --exclude jigdo --exclude Live \
--exclude 'kde*' --exclude 'openoffice*' --exclude 'openarena*' \
--exclude '*-data-*' --exclude 'themes-*' --exclude 'koffice*' \
$RELEASE /media/disk/xs/releases/
cheers,
m
--
martin.langhoff(a)gmail.com
martin(a)laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
15 years, 9 months
Re: compiler bug turning up in cmake package?
by Rex Dieter
Matthew Woehlke wrote:
> Obviously this should be fixed upstream, but will we be able to do a
> patched fedora build before this goes into F10-stable? (And, er,
> incidentally, so I can install a fixed rpm? Guess I have good timing
> catching it now, eh? ;-) )
Used Ulrich's patch, building cmake-2.6.1-2 for rawhide now.
-- Rex
15 years, 9 months
What's cooking in the XS pot this week (2008-08-26)
by Martin Langhoff
More OLPC spam :-) -- If you see a raft of "how do I make $something
work in F9" questions from me on fedora-devel... the email below
outlines what I am working on (in a nutshell, upgrading the School
Server spin to F9).
Help is deeply appreciated. While most stuff "just works", we have
some significant challenges:
- Networking infrastructure. Jerry has been helping lots, and any
pointers into how to tweak the udev-triggered in ways that don't
backfire... welcome! Not many people seem to be playing with it, and
our setup has some "special needs".
- Upgrade nicely.
- Pungi/revisor configuration and scripts for a truly minimal install.
- Kickstart / anaconda / firstboot tweaking.
cheers, m
---------- Forwarded message ----------
From: Martin Langhoff <martin.langhoff(a)gmail.com>
Date: Tue, Aug 26, 2008 at 11:57 AM
Subject: What's cooking in the XS pot this week (2008-08-26)
To: XS Devel <server-devel(a)lists.laptop.org>
xs-0.4 is out - so now we're on to xs-0.5. The plan for this week is to
- Keep track of any issues on 0.4 -- please report them via Trac or
post them here
- Add an activity installation server -- which may be available for
0.4. Douglas is working on this.
- Make an attempt to rebase on F9. This attempt is time-boxed - if by
EoB Friday we have a reasonably well cooked F9-based XS installer,
it's all go and xs-0.5 will be based on F9. If instead we have a pile
of issues, we'll document the issues and ask for help, but we'll drop
the F9 port from the xs-0.5 plans.
This is a hard-nosed risk mgmt strategy. F9 gives us security support
and a hopefully better build toolchain (anaconda, pungi and revisor
seem to be in much better shape, bugs in the F7 versions have been a
problem for us). On the other hand, it gives us no user-visible
features, and issues with the rebase can be very time consuming to
resolve.
Reaching end-of-Sept with only a F9-based version with no new features
for end users would be a bad scenario. Same date but with a buggy
F9-based version and no new features is our worst case. My plan does
not allow for either to happen :-)
The other non-ideal scenario is a F7-based release with features, but
with no security support. This is not the best, but on the risks map
this is not as serious because most XS installs we are planning to
support in deployments are _not_ on the internet -- they either have
no WAN/Internet connection or they are behind NAT. Their value as
targets and their exposure is very low.
I know some readers care a lot about security, and I am deeply
grateful that they do. If you are one of them, do your bit: help us
make the F9 port a success.
cheers,
m
--
martin.langhoff(a)gmail.com
martin(a)laptop.org -- School Server Architect
- ask interesting questions
- don't get distracted with shiny stuff - working code first
- http://wiki.laptop.org/go/User:Martinlanghoff
15 years, 9 months