Re: DragonFly 3.4 release planning

["Samuel J. Greear" <sjg@xxxxxxxxxxxx>]

--bcaec54eef8c51a1c304d92a181c
Content-Type: text/plain; charset=ISO-8859-1

On Sat, Mar 30, 2013 at 12:25 PM, Matthew Dillon <
dillon@apollo.backplane.com> wrote:

>
> :> Binaries in /bin and /sbin are compiled statically, which makes them
> unusable
> :> with NSS modules.
> :> This is IMHO the biggest remaining issue with this release.
> :
> :Just curious - hasn't this been the case for some time?
> :And if so / not - why did this become an issue for you now?
> :
> :Not taking one side or another, just wondering about more background info,
> :though I do seem to recall a rather strong position taken *against*
> :dynamic /bin /sbin in this project when FreeBSD switched to dynamic
> :builds in the freebsd ~6.x-7.x era
> :
> :Cheers,
> :
> :- Chris
>
>     I think I'm the only one who is really against making /bin and /sbin
>     dynamic.  I feel kinda silly standing on top of the hill holding up
>     the red flag :-(.
>
>     I really hate the concept of a /rescue.  I could live with a nullfs
>     overloading of /bin and /sbin, but so far nobody (including I) has
>     thought up a good clean way to do it and still have the safety of
>     static binaries in single-user mode.
>
>                                         -Matt
>                                         Matthew Dillon
>                                         <dillon@backplane.com>
>

For the record, both Sascha and I are against it as well.

I think the cleanest solution is to compile in a pam module to kick auth
requests to an auth daemon that is capable of loading nss modules (or even
other pam modules). That said, I have neither verified that this is
absolutely possible within the constraints of the NSS API, nor do I intend
to be the one doing the work, not having any pressing need for NSS myself.

Sam

--bcaec54eef8c51a1c304d92a181c
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

<div dir=3D"ltr"><div class=3D"gmail_extra">On Sat, Mar 30, 2013 at 12:25 P=
M, Matthew Dillon <span dir=3D"ltr">&lt;<a href=3D"mailto:dillon@apollo.bac=
kplane.com" target=3D"_blank">dillon@apollo.backplane.com</a>&gt;</span> wr=
ote:<br>
<div class=3D"gmail_quote"><blockquote class=3D"gmail_quote" style=3D"margi=
n:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204=
);border-left-style:solid;padding-left:1ex"><br>
:&gt; Binaries in /bin and /sbin are compiled statically, which makes them =
unusable<br>
<div class=3D"im">:&gt; with NSS modules.<br>
:&gt; This is IMHO the biggest remaining issue with this release.<br>
:<br>
:Just curious - hasn&#39;t this been the case for some time?<br>
:And if so / not - why did this become an issue for you now?<br>
:<br>
:Not taking one side or another, just wondering about more background info,=
<br>
:though I do seem to recall a rather strong position taken *against*<br>
:dynamic /bin /sbin in this project when FreeBSD switched to dynamic<br>
:builds in the freebsd ~6.x-7.x era<br>
:<br>
:Cheers,<br>
:<br>
:- Chris<br>
<br>
</div>=A0 =A0 I think I&#39;m the only one who is really against making /bi=
n and /sbin<br>
=A0 =A0 dynamic. =A0I feel kinda silly standing on top of the hill holding =
up<br>
=A0 =A0 the red flag :-(.<br>
<br>
=A0 =A0 I really hate the concept of a /rescue. =A0I could live with a null=
fs<br>
=A0 =A0 overloading of /bin and /sbin, but so far nobody (including I) has<=
br>
=A0 =A0 thought up a good clean way to do it and still have the safety of<b=
r>
=A0 =A0 static binaries in single-user mode.<br>
<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 -Matt<br>
<span class=3D""><font color=3D"#888888">=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 Matthew Dillon<br>
=A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0 =A0=
 =A0 &lt;<a href=3D"mailto:dillon@backplane.com";>dillon@backplane.com</a>&g=
t;<br>
</font></span></blockquote></div><br></div><div class=3D"gmail_extra">For t=
he record, both Sascha and I are against it as well.</div><div class=3D"gma=
il_extra"><br></div><div class=3D"gmail_extra">I think the cleanest solutio=
n is to compile in a pam module to kick auth requests to an auth daemon tha=
t is capable of loading nss modules (or even other pam modules). That said,=
 I have neither verified that this is absolutely possible within the constr=
aints of the NSS API, nor do I intend to be the one doing the work, not hav=
ing any pressing need for NSS myself.</div>
<div class=3D"gmail_extra"><br></div><div class=3D"gmail_extra" style>Sam</=
div></div>

--bcaec54eef8c51a1c304d92a181c--