systemd requires HTTP server and serves QR codes

[Lennart Poettering]

On Mon, 08.10.12 11:49, Matthew Miller (mattdm at fedoraproject.org) wrote:

> On Mon, Oct 08, 2012 at 02:50:23PM +0000, Petr Pisar wrote:
> > Am I the only one who raised his eyebrow when today's systemd update to
> > systemd-194-1.fc18 pulled in libmicrohttpd and qrencode-libs?
> 
> In terms of _size_, there's not much concern, as these are both very small
> libraries.
> 
> In terms of *policy*, it does seem like this may be headed towards the path
> of an eventual realization that putting all this functionality into one
> monolithic package has some drawbacks.

Well, sure it has drawbacks. But it also has benefits. Right now I
believe the benefits outweigh the drawbacks, and splitting this off one
day is easy. Hence I'd like to leave it as it is right now in F18.

> I believe that both of these are for the journal (ie, logging). If the
> systemd-journal-gatewayd service is running, one can connect via http on
> localhost and get a file in /var/log/messages-like format or JSON.

Correct. Note that this is not accessible at all, by default, and mostly
a preview for now. Later on we will add http digest auth and proper TLS
support (including client certs) if people want to control
access. (thankfully, libmicrohttpd already implements auth+tls, so this
is easy for us to provide).

> This is kind of nifty, but raises a few questions. Traditionally, "messages"
> data is world-readable, but for a few years we've been shipping it readable
> only by root. What policy do we want for this, and what's the mechanism for
> enforcing it?

Well, the idea is certainly here to provide read access to all
messages, if this is enabled. The default will always be to grant no
access at all via HTTP.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.