[arch-dev-public] Moving from procps to procps-ng?
Hi, The procps project didn't had any new release for a while and the current package use a dozen of patches to fix miscellenaous things. I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng (although, like Debian, the package is still named procps). I also intend to replace the home made sysctl.conf that we currently provide by the upstream version of that file. Any comments, objections? Eric [1] http://gitorious.org/procps/
On Apr 24, 2012 1:29 AM, "Eric Bélanger" <snowmaniscool@gmail.com> wrote:
Hi,
The procps project didn't had any new release for a while and the current package use a dozen of patches to fix miscellenaous things. I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng (although, like Debian, the package is still named procps).
I also intend to replace the home made sysctl.conf that we currently provide by the upstream version of that file.
Any comments, objections?
+1 T
On Tue, Apr 24, 2012 at 3:58 AM, Tom Gundersen <teg@jklm.no> wrote:
On Apr 24, 2012 1:29 AM, "Eric Bélanger" <snowmaniscool@gmail.com> wrote:
Hi,
The procps project didn't had any new release for a while and the current package use a dozen of patches to fix miscellenaous things. I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng (although, like Debian, the package is still named procps).
I also intend to replace the home made sysctl.conf that we currently provide by the upstream version of that file.
Any comments, objections?
+1
Objection to the now-shipped /etc/sysctl.conf file, so I'm giving a -1 signoff here. It moved my existing file to a .pacsave, and the defaults are total shit, not to mention the file is a formatting nightmare. Some lowlights: # see the evil packets in your log files net/ipv4/conf/all/log_martians=1 # makes you vulnerable or not :-) net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/all/accept_source_route=0 net/ipv4/icmp_echo_ignore_broadcasts =1 # This limits PID values to 4 digits, which allows tools like ps # to save screen space. kernel/pid_max=10000
On Sat, Apr 28, 2012 at 8:16 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Tue, Apr 24, 2012 at 3:58 AM, Tom Gundersen <teg@jklm.no> wrote:
On Apr 24, 2012 1:29 AM, "Eric Bélanger" <snowmaniscool@gmail.com> wrote:
Hi,
The procps project didn't had any new release for a while and the current package use a dozen of patches to fix miscellenaous things. I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng (although, like Debian, the package is still named procps).
I also intend to replace the home made sysctl.conf that we currently provide by the upstream version of that file.
Any comments, objections?
+1
Objection to the now-shipped /etc/sysctl.conf file, so I'm giving a -1 signoff here. It moved my existing file to a .pacsave, and the defaults are total shit, not to mention the file is a formatting nightmare. Some lowlights:
# see the evil packets in your log files net/ipv4/conf/all/log_martians=1
# makes you vulnerable or not :-) net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/all/accept_source_route=0 net/ipv4/icmp_echo_ignore_broadcasts =1
# This limits PID values to 4 digits, which allows tools like ps # to save screen space. kernel/pid_max=10000
+1. Let's keep the existing default sysctl.conf from procps.
On Sat, Apr 28, 2012 at 08:49:56PM +0300, Evangelos Foutras wrote:
On Sat, Apr 28, 2012 at 8:16 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Tue, Apr 24, 2012 at 3:58 AM, Tom Gundersen <teg@jklm.no> wrote:
On Apr 24, 2012 1:29 AM, "Eric Bélanger" <snowmaniscool@gmail.com> wrote:
Hi,
The procps project didn't had any new release for a while and the current package use a dozen of patches to fix miscellenaous things. I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng (although, like Debian, the package is still named procps).
I also intend to replace the home made sysctl.conf that we currently provide by the upstream version of that file.
Any comments, objections?
+1
Objection to the now-shipped /etc/sysctl.conf file, so I'm giving a -1 signoff here. It moved my existing file to a .pacsave, and the defaults are total shit, not to mention the file is a formatting nightmare. Some lowlights:
# see the evil packets in your log files net/ipv4/conf/all/log_martians=1
# makes you vulnerable or not :-) net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/all/accept_source_route=0 net/ipv4/icmp_echo_ignore_broadcasts =1
# This limits PID values to 4 digits, which allows tools like ps # to save screen space. kernel/pid_max=10000
+1.
Let's keep the existing default sysctl.conf from procps.
I'm not a fan of this either, but keeping the original config file means that we just rename procps-ng as procps, no? Any other way will result in /etc/sysctl.conf being renamed with .pacsave. d
On Sat, Apr 28, 2012 at 2:07 PM, Dave Reisner <d@falconindy.com> wrote:
On Sat, Apr 28, 2012 at 08:49:56PM +0300, Evangelos Foutras wrote:
On Sat, Apr 28, 2012 at 8:16 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Tue, Apr 24, 2012 at 3:58 AM, Tom Gundersen <teg@jklm.no> wrote:
On Apr 24, 2012 1:29 AM, "Eric Bélanger" <snowmaniscool@gmail.com> wrote:
Hi,
The procps project didn't had any new release for a while and the current package use a dozen of patches to fix miscellenaous things. I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng (although, like Debian, the package is still named procps).
I also intend to replace the home made sysctl.conf that we currently provide by the upstream version of that file.
Any comments, objections?
+1
Objection to the now-shipped /etc/sysctl.conf file, so I'm giving a -1 signoff here. It moved my existing file to a .pacsave, and the defaults are total shit, not to mention the file is a formatting nightmare. Some lowlights:
# see the evil packets in your log files net/ipv4/conf/all/log_martians=1
# makes you vulnerable or not :-) net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/all/accept_source_route=0 net/ipv4/icmp_echo_ignore_broadcasts =1
# This limits PID values to 4 digits, which allows tools like ps # to save screen space. kernel/pid_max=10000
+1.
Let's keep the existing default sysctl.conf from procps.
I'm not a fan of this either, but keeping the original config file means that we just rename procps-ng as procps, no?
The config file doesn't affect the package name so I'm not sure what you're trying to say. Anyway, the upstream sysctl.conf are exactly the same for both procps and procps-ng. For the procps package in [core], the upstream sysctl.conf is being replaced by a homemade sysctl.conf. From what I can gather, it was added to the package several years ago when no config file was provided by upstream. As several people don't like the upstream sysctl.conf (I had assumed that it was using sane defaults), I see two possible fixes: 1) Replace the upstream sysctl.conf by the homemade one like we were doing for procps 2) Keep the upstream sysctl.conf but change the default values I don't mind either of these solutions so just let me know which one you prefer. In the case of #2, you'll need to tell me what changes you want to make. Eric
Any other way will result in /etc/sysctl.conf being renamed with .pacsave.
d
On Sat, Apr 28, 2012 at 1:52 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Sat, Apr 28, 2012 at 2:07 PM, Dave Reisner <d@falconindy.com> wrote:
On Sat, Apr 28, 2012 at 08:49:56PM +0300, Evangelos Foutras wrote:
On Sat, Apr 28, 2012 at 8:16 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Tue, Apr 24, 2012 at 3:58 AM, Tom Gundersen <teg@jklm.no> wrote:
On Apr 24, 2012 1:29 AM, "Eric Bélanger" <snowmaniscool@gmail.com> wrote:
Hi,
The procps project didn't had any new release for a while and the current package use a dozen of patches to fix miscellenaous things. I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng (although, like Debian, the package is still named procps).
I also intend to replace the home made sysctl.conf that we currently provide by the upstream version of that file.
Any comments, objections?
+1
Objection to the now-shipped /etc/sysctl.conf file, so I'm giving a -1 signoff here. It moved my existing file to a .pacsave, and the defaults are total shit, not to mention the file is a formatting nightmare. Some lowlights:
# see the evil packets in your log files net/ipv4/conf/all/log_martians=1
# makes you vulnerable or not :-) net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/all/accept_source_route=0 net/ipv4/icmp_echo_ignore_broadcasts =1
# This limits PID values to 4 digits, which allows tools like ps # to save screen space. kernel/pid_max=10000
+1.
Let's keep the existing default sysctl.conf from procps.
I'm not a fan of this either, but keeping the original config file means that we just rename procps-ng as procps, no?
The config file doesn't affect the package name so I'm not sure what you're trying to say.
Anyway, the upstream sysctl.conf are exactly the same for both procps and procps-ng. For the procps package in [core], the upstream sysctl.conf is being replaced by a homemade sysctl.conf. From what I can gather, it was added to the package several years ago when no config file was provided by upstream. As several people don't like the upstream sysctl.conf (I had assumed that it was using sane defaults), I see two possible fixes:
1) Replace the upstream sysctl.conf by the homemade one like we were doing for procps 2) Keep the upstream sysctl.conf but change the default values
I don't mind either of these solutions so just let me know which one you prefer. In the case of #2, you'll need to tell me what changes you want to make.
I think #1 makes sense; we should ship exactly what we had before instead of upstream, although we may want to look through the upstream file and add some commented out versions of what is in there in a sanely formatted way. The package name thing Dave was referring to is that our backup file handling is less than ideal in the case of package replacements, as the user's file gets moved to pacsave rather than the expected behavior of the new file being installed to pacnew. -Dan
On Sat, Apr 28, 2012 at 5:05 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sat, Apr 28, 2012 at 1:52 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Sat, Apr 28, 2012 at 2:07 PM, Dave Reisner <d@falconindy.com> wrote:
On Sat, Apr 28, 2012 at 08:49:56PM +0300, Evangelos Foutras wrote:
On Sat, Apr 28, 2012 at 8:16 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Tue, Apr 24, 2012 at 3:58 AM, Tom Gundersen <teg@jklm.no> wrote:
On Apr 24, 2012 1:29 AM, "Eric Bélanger" <snowmaniscool@gmail.com> wrote: > > Hi, > > The procps project didn't had any new release for a while and the > current package use a dozen of patches to fix miscellenaous things. > I'm thinking about switching to procps-ng[1]. Procps-ng is a fork of > procps by Debian, Fedora and openSUSE. Gentoo is also using procps-ng > (although, like Debian, the package is still named procps). > > I also intend to replace the home made sysctl.conf that we currently > provide by the upstream version of that file. > > Any comments, objections?
+1
Objection to the now-shipped /etc/sysctl.conf file, so I'm giving a -1 signoff here. It moved my existing file to a .pacsave, and the defaults are total shit, not to mention the file is a formatting nightmare. Some lowlights:
# see the evil packets in your log files net/ipv4/conf/all/log_martians=1
# makes you vulnerable or not :-) net/ipv4/conf/all/accept_redirects=0 net/ipv4/conf/all/accept_source_route=0 net/ipv4/icmp_echo_ignore_broadcasts =1
# This limits PID values to 4 digits, which allows tools like ps # to save screen space. kernel/pid_max=10000
+1.
Let's keep the existing default sysctl.conf from procps.
I'm not a fan of this either, but keeping the original config file means that we just rename procps-ng as procps, no?
The config file doesn't affect the package name so I'm not sure what you're trying to say.
Anyway, the upstream sysctl.conf are exactly the same for both procps and procps-ng. For the procps package in [core], the upstream sysctl.conf is being replaced by a homemade sysctl.conf. From what I can gather, it was added to the package several years ago when no config file was provided by upstream. As several people don't like the upstream sysctl.conf (I had assumed that it was using sane defaults), I see two possible fixes:
1) Replace the upstream sysctl.conf by the homemade one like we were doing for procps 2) Keep the upstream sysctl.conf but change the default values
I don't mind either of these solutions so just let me know which one you prefer. In the case of #2, you'll need to tell me what changes you want to make.
I think #1 makes sense; we should ship exactly what we had before instead of upstream, although we may want to look through the upstream file and add some commented out versions of what is in there in a sanely formatted way.
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax. Eric
The package name thing Dave was referring to is that our backup file handling is less than ideal in the case of package replacements, as the user's file gets moved to pacsave rather than the expected behavior of the new file being installed to pacnew.
-Dan
On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax.
I'd change this comment to at least drop the silly ascii smiley face: # makes you vulnerable or not :-) and try to elaborate more, e.g. # if not functioning as a router, there is no need to accept redirects or source routes And maybe add the corresponding ipv6 settings too, since this is 2012. -Dan
On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax.
I'd change this comment to at least drop the silly ascii smiley face: # makes you vulnerable or not :-) and try to elaborate more, e.g. # if not functioning as a router, there is no need to accept redirects or source routes
And maybe add the corresponding ipv6 settings too, since this is 2012.
Sure. I also got an email from a user who suggested to remove them (the accept_redirects and source_route) as well as the forwarding as they are are turned off by default. What do you think about that? I think we can keep them. The old procps sysctl.conf has the forward option and the redirect is probably a common option too. Eric
-Dan
On Mon, Apr 30, 2012 at 2:00 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax.
I'd change this comment to at least drop the silly ascii smiley face: # makes you vulnerable or not :-) and try to elaborate more, e.g. # if not functioning as a router, there is no need to accept redirects or source routes
And maybe add the corresponding ipv6 settings too, since this is 2012.
Sure. I also got an email from a user who suggested to remove them (the accept_redirects and source_route) as well as the forwarding as they are are turned off by default. What do you think about that? I think we can keep them. The old procps sysctl.conf has the forward option and the redirect is probably a common option too.
My kernel says otherwise about accept_redirects, at least: dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_redirects net.ipv4.conf.all.accept_redirects = 1 net.ipv6.conf.all.accept_redirects = 1 dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_source_route net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0
On Mon, Apr 30, 2012 at 3:03 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Mon, Apr 30, 2012 at 2:00 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax.
I'd change this comment to at least drop the silly ascii smiley face: # makes you vulnerable or not :-) and try to elaborate more, e.g. # if not functioning as a router, there is no need to accept redirects or source routes
And maybe add the corresponding ipv6 settings too, since this is 2012.
Sure. I also got an email from a user who suggested to remove them (the accept_redirects and source_route) as well as the forwarding as they are are turned off by default. What do you think about that? I think we can keep them. The old procps sysctl.conf has the forward option and the redirect is probably a common option too.
My kernel says otherwise about accept_redirects, at least:
dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_redirects net.ipv4.conf.all.accept_redirects = 1 net.ipv6.conf.all.accept_redirects = 1
dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_source_route net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0
I just checked and it's the same here. Let's keep them then and I'll make the changes you suggested.
On Mon, Apr 30, 2012 at 3:18 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Mon, Apr 30, 2012 at 3:03 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Mon, Apr 30, 2012 at 2:00 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax.
I'd change this comment to at least drop the silly ascii smiley face: # makes you vulnerable or not :-) and try to elaborate more, e.g. # if not functioning as a router, there is no need to accept redirects or source routes
And maybe add the corresponding ipv6 settings too, since this is 2012.
Sure. I also got an email from a user who suggested to remove them (the accept_redirects and source_route) as well as the forwarding as they are are turned off by default. What do you think about that? I think we can keep them. The old procps sysctl.conf has the forward option and the redirect is probably a common option too.
My kernel says otherwise about accept_redirects, at least:
dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_redirects net.ipv4.conf.all.accept_redirects = 1 net.ipv6.conf.all.accept_redirects = 1
dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_source_route net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0
I just checked and it's the same here. Let's keep them then and I'll make the changes you suggested.
I've uploaded a fixed config file: https://dev.archlinux.org/~eric/sysctl.conf BTW, Should I add a net.ipv4.conf.all.forwarding option? Can it replace the current net.ipv4.ip_forward ? Eric
On Mon, Apr 30, 2012 at 3:48 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Mon, Apr 30, 2012 at 3:18 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Mon, Apr 30, 2012 at 3:03 PM, Dan McGee <dpmcgee@gmail.com> wrote:
On Mon, Apr 30, 2012 at 2:00 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
On Mon, Apr 30, 2012 at 8:34 AM, Dan McGee <dpmcgee@gmail.com> wrote:
On Sat, Apr 28, 2012 at 8:01 PM, Eric Bélanger <snowmaniscool@gmail.com> wrote:
Here's a tentative sysctl.conf : https://dev.archlinux.org/~eric/sysctl.conf that I obtained with the help of Jan and Dave on IRC. The unusefull stuff from the upstream config have been dropped and the rest has been commented out. I've also cleaned the syntax.
I'd change this comment to at least drop the silly ascii smiley face: # makes you vulnerable or not :-) and try to elaborate more, e.g. # if not functioning as a router, there is no need to accept redirects or source routes
And maybe add the corresponding ipv6 settings too, since this is 2012.
Sure. I also got an email from a user who suggested to remove them (the accept_redirects and source_route) as well as the forwarding as they are are turned off by default. What do you think about that? I think we can keep them. The old procps sysctl.conf has the forward option and the redirect is probably a common option too.
My kernel says otherwise about accept_redirects, at least:
dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_redirects net.ipv4.conf.all.accept_redirects = 1 net.ipv6.conf.all.accept_redirects = 1
dmcgee@galway ~ $ sudo sysctl -a | grep all.accept_source_route net.ipv4.conf.all.accept_source_route = 0 net.ipv6.conf.all.accept_source_route = 0
I just checked and it's the same here. Let's keep them then and I'll make the changes you suggested.
I've uploaded a fixed config file: https://dev.archlinux.org/~eric/sysctl.conf
Is that sysctl.conf fine with everyone? Does it need other changes (like the ones I suggested below)? If I don't get feedback in the next 2 days, then I'll assume it's OK and will push a procps-ng in testing with that sysctl.conf
BTW, Should I add a net.ipv4.conf.all.forwarding option? Can it replace the current net.ipv4.ip_forward ?
Eric
participants (5)
-
Dan McGee
-
Dave Reisner
-
Eric Bélanger
-
Evangelos Foutras
-
Tom Gundersen