Hi,
I am looking to have the following package reviewed for inclusion into fedora.
Tayga is a NAT64 implementation in userland. With the help of DNS64 (BIND), it allows an ipv6 only client to communicate with the ipv4 internet. http://www.litech.org/tayga/
I have attached the SRPM of what I have created.
There are a few things that could change. First, I had thought that I would need more selinux policy than I did. At the moment the policy just provides a filecontext. Is there a better way to do this?
The ifup / ifdown script read their variables from the /etc/tayga configuration file. In most scenarios, a system will run only one instance of this. However I would like feedback on:
Should I enable it so that the ifup/down can accept a tayga.conf parameter to read OR Should the ifup/ifdown script generate the tayga.conf on the fly to say /var/run/tmp somewhere from values provided in the ifup / ifdown?
Additionally, what I have in these scripts should really be reviewed, as I have never written them before.
Finally, tayga is a long running process, as such, I have enabled the hardened build. It is possible to run as an alternate user and in a chroot of it's DB dir. What is the best way to go about adding a user for this package for the daemon to run as?
Looking forwards to comments and advice,
On Wed, Nov 06, 2013 at 05:14:22PM +1030, William Brown wrote:
I am looking to have the following package reviewed for inclusion into fedora.
I'll review it.
BUGNO or didn't happen? ;-)
On Wed, Nov 06, 2013 at 05:14:22PM +1030, William Brown wrote:
I have attached the SRPM of what I have created.
I just figured, that you are asking questions before actually creating review request...
Should the ifup/ifdown script generate the tayga.conf on the fly to say /var/run/tmp somewhere from values provided in the ifup / ifdown?
Better configure NAT64 in ifcfg-* files and generate tayga.conf. That approach worked in OpenWRT ;-)
Don't forget, that it is possible to configure static V4-V6 mappings. It could be placed into /e/s/n-s/nat64-$DEVICE file or whatsoever.
Avoid using "REALDEVICE" variable - it is being used somewhere inside network-scripts.
You still have hardcoded "nat64" interface name in ifdown-nat64 script.
Additionally, what I have in these scripts should really be reviewed, as I have never written them before.
I can help with that if you test it - I only have tayga on OpenWRT box.
Finally, tayga is a long running process, as such, I have enabled the hardened build. It is possible to run as an alternate user and in a chroot of it's DB dir. What is the best way to go about adding a user for this package for the daemon to run as?
This is described here - https://fedoraproject.org/wiki/Packaging:UsersAndGroups
Also, take a look at other packages, like qemu-common.
On Wed, 2013-11-06 at 14:41 +0400, Alexey I. Froloff wrote:
On Wed, Nov 06, 2013 at 05:14:22PM +1030, William Brown wrote:
I have attached the SRPM of what I have created.
I just figured, that you are asking questions before actually creating review request...
There is a different way to make an "official" request? (It's a learning process ...)
Should the ifup/ifdown script generate the tayga.conf on the fly to say /var/run/tmp somewhere from values provided in the ifup / ifdown?
Better configure NAT64 in ifcfg-* files and generate tayga.conf. That approach worked in OpenWRT ;-)
Yep, I'll work on this in the next few days.
Don't forget, that it is possible to configure static V4-V6 mappings. It could be placed into /e/s/n-s/nat64-$DEVICE file or whatsoever.
Avoid using "REALDEVICE" variable - it is being used somewhere inside network-scripts.
I'll stick to ${DEVICE}. What does ${REALDEVICE} do then?
You still have hardcoded "nat64" interface name in ifdown-nat64 script.
Oops. I thought I fixed that.
Additionally, what I have in these scripts should really be reviewed, as I have never written them before.
I can help with that if you test it - I only have tayga on OpenWRT box.
Once I make the changes you suggest, I'll let you know so yo ucan have a test.
Finally, tayga is a long running process, as such, I have enabled the hardened build. It is possible to run as an alternate user and in a chroot of it's DB dir. What is the best way to go about adding a user for this package for the daemon to run as?
This is described here - https://fedoraproject.org/wiki/Packaging:UsersAndGroups
Also, take a look at other packages, like qemu-common.
Again, will look at.
Thanks for your time.
On Thu, Nov 07, 2013 at 12:46:56AM +1030, William Brown wrote:
I just figured, that you are asking questions before actually creating review request...
There is a different way to make an "official" request? (It's a learning process ...)
https://fedoraproject.org/wiki/Package_Review_Process
I'll stick to ${DEVICE}. What does ${REALDEVICE} do then?
REALDEVICE is the real interface name. Like, "eth0" for "eth0:1" alias device. It is set in network-functions, better not to override this variable.
After some review in bugzilla, some progress from me, some time to collect dust I have once again turned to look at getting tayga into fedora.
https://bugzilla.redhat.com/show_bug.cgi?id=1028206
https://copr.fedoraproject.org/coprs/firstyear/tayga/
Any help and advice is appreciated!