On Wed, Apr 27, 2011 at 12:15, Jan-Frode Myklebust <janfrode@xxxxxxxxx> wrote: > On Wed, Apr 27, 2011 at 09:50:11AM -0500, Greg Swift wrote: >> >> I am not saying it is required to be compliant, I'm saying that it is >> syntactically correct. I may be wrong, but I hold to what I say. In >> the old chkconfig method you defined start and stop order, and orders >> it should be on in when enabled. Why would you not do the same in the >> new? > > You´re not doing the same in new and old. In the old method you define > start and stop order, yes, but you don´t define which runlevels it should > default start/stop in (notice the "-" in the chkconfig line). Okay.. func/certmaster don't seem to, you are correct. I was basing my statement on every time I've written a init script. I didn't write these. And the fact that we weren't doing it for the old chkconfig header didn't click in my head. > > Also, the recommendation for fedora packaging says about Default-Start: > > Each Fedora SysV-style initscript which needs to start by default in any > runlevel must include this line in the LSB Header, and it must match the > list of runlevels defined for startup in the Chkconfig header. Only > services which are really required for a vital system should define > runlevels here. > > Ref: > http://fedoraproject.org/wiki/Packaging/SysVInitScript#.23_Default-Start:_line Since the Fedora guidelines are more specific about this than LSB, and define which of the two ways I mentioned earlier to address this, then thats fine, we can follow them. > > The reason I´m objecting is both that I think this is a bad default > security wise (principle of least surprise -- it surprised me that a > func dependency suddenly installed a network listening daemon that > func didn´t need), and also it forces me to add logic to work around > this when deploying minions trough puppet. I agree that we needed to make sure it isn't starting something just because it installed certmaster (or func for that matter). It is a problem, and needs to be resolved. seth, do you see any problem with removing the default-start and stop lines from the init scripts? -greg _______________________________________________ Func-list mailing list Func-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/func-list
