[gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Michał Górny]

[-- Attachment #1.1: Type: text/plain, Size: 1239 bytes --]

Hello,

Many modern systems have their /etc/resolv.conf files autogenerated at
runtime with DHCP, PPP or so on. Thus, storing that file in /etc seems
no longer correct as that directory may be mounted read-only.

I'm attaching a net-dns/resolvconf-symlink ebuild which
replaces /etc/resolv.conf with a symlink to a runtime-writable location
when installed. That package could be added to PDEPEND of packages like
net-misc/networkmanager or net-dns/openresolv.

Right now, that location is /var/run/resolv.conf. Using /run seems
better for it but that directory is not yet in our baselayout.

The package has USE=symlink which could be disabled by users which want
to keep /etc/resolv.conf as-is.

Right now, pkg_preinst() ensures that /etc/resolv.conf is autogenerated
(tested with resolvconf and networkmanager) or doesn't exist and refuses
to install otherwise. In future, this will be expanded to support more
cases if necessary.

In addition to that, pkg_preinst() and pkg_postrm() handle moving
resolv.conf there and back to avoid leaving user with no nameservers.

I also covered a similar idea in bug #377595 [1].

[1]:https://bugs.gentoo.org/show_bug.cgi?id=377595

-- 
Best regards,
Michał Górny

[-- Attachment #1.2: resolvconf-symlink-0.ebuild --]
[-- Type: application/octet-stream, Size: 1506 bytes --]

# Copyright 1999-2011 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
# $Header: $

EAPI=4

DESCRIPTION="Make /etc/resolv.conf a symlink to runtime-writable location"
HOMEPAGE="http://www.gentoo.org"
SRC_URI=""

LICENSE="public-domain"
SLOT="0"
KEYWORDS="~amd64 ~x86"
IUSE="+symlink"

S=${WORKDIR}

pkg_preinst() {
	if use symlink; then
		if [[ -f "${ROOT}"etc/resolv.conf && ! -L "${ROOT}"etc/resolv.conf ]]
		then # migrate existing resolv.conf
			if [[ "$(head -n 1 "${ROOT}"etc/resolv.conf)" \
					!= "# Generated by "* ]]; then

				eerror "${ROOT}etc/resolv.conf seems not to be autogenerated."
				eerror "Aborting build to avoid removing user data. If that file is supposed"
				eerror "to be autogenerated, please remove it manually. Otherwise, please"
				eerror "set USE=-symlink to avoid installing resolv.conf symlink."

				die "${ROOT}etc/resolv.conf not autogenerated"
			else
				ebegin "Moving ${ROOT}etc/resolv.conf to ${ROOT}var/run/"
				mv "${ROOT}"etc/resolv.conf "${ROOT}"var/run/
				eend ${?} || die
			fi
		fi
	fi
}

src_install() {
	# XXX: /run should be more correct, when it's supported by baselayout

	use symlink && dosym /var/run/resolv.conf /etc/resolv.conf
}

pkg_postrm() {
	# Don't leave the user with no resolv.conf
	if [[ ! -e "${ROOT}"etc/resolv.conf && -f "${ROOT}"var/run/resolv.conf ]]; then
		ebegin "Moving ${ROOT}var/run/resolv.conf to ${ROOT}etc/"
		mv "${ROOT}"var/run/resolv.conf "${ROOT}"etc/
		eend ${?} || die
	fi
}

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Sergei Trofimovich]

[-- Attachment #1: Type: text/plain, Size: 703 bytes --]

On Wed, 10 Aug 2011 11:55:19 +0200
Michał Górny <mgorny@gentoo.org> wrote:

> Hello,
> 
> Many modern systems have their /etc/resolv.conf files autogenerated at
> runtime with DHCP, PPP or so on. Thus, storing that file in /etc seems
> no longer correct as that directory may be mounted read-only.

Hi Michał!

While i don't disagree on that move i'm suspocious about the whole /etc/ ro mode.
I don't think it's usable right now. Is your main goal to make it working by default?

[assuming it is] What is the plan of other volatile stuff in /etc?
- /etc/mtab
- /etc/mtab.fuselock
- /etc/blkid*
- /etc/adjtime?
Move to /var for default setup as well?

Thanks.

-- 

  Sergei

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1539 bytes --]

On Wed, 10 Aug 2011 13:37:30 +0300
Sergei Trofimovich <slyfox@gentoo.org> wrote:

> On Wed, 10 Aug 2011 11:55:19 +0200
> Michał Górny <mgorny@gentoo.org> wrote:
> 
> > Hello,
> > 
> > Many modern systems have their /etc/resolv.conf files autogenerated
> > at runtime with DHCP, PPP or so on. Thus, storing that file in /etc
> > seems no longer correct as that directory may be mounted read-only.
> 
> While i don't disagree on that move i'm suspocious about the
> whole /etc/ ro mode. I don't think it's usable right now. Is your
> main goal to make it working by default?

I would really like to do so but I don't think I have enough power to
do so. Right now, I'm running one machine with read-only root and
resolv.conf was the only really problematic file for it.

> [assuming it is] What is the plan of other volatile stuff in /etc?
> - /etc/mtab

I personally symlink it to /proc/mounts as I don't need additional
features it provides.

> - /etc/mtab.fuselock

Never heard of this one. But I guess it's FUSE-specific and thus easy
to move. I guess you can open a bugreport for it.

> - /etc/blkid*

That one's udev specific? I guess it could be moved as well.

> - /etc/adjtime?

I was never sure what this is for. Does it really need to be updated
randomly during runtime or once is enough?

> Move to /var for default setup as well?

I'd personally prefer /run instead of /var for things that aren't
supposed to last longer than for a single boot.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Sergei Trofimovich]

[-- Attachment #1: Type: text/plain, Size: 1354 bytes --]

> > > Many modern systems have their /etc/resolv.conf files autogenerated
> > > at runtime with DHCP, PPP or so on. Thus, storing that file in /etc
> > > seems no longer correct as that directory may be mounted read-only.
> > 
> > While i don't disagree on that move i'm suspocious about the
> > whole /etc/ ro mode. I don't think it's usable right now. Is your
> > main goal to make it working by default?
> 
> I would really like to do so but I don't think I have enough power to
> do so. Right now, I'm running one machine with read-only root and
> resolv.conf was the only really problematic file for it.

Ah, i see.

> > - /etc/blkid*
> 
> That one's udev specific? I guess it could be moved as well.

It's a blkid(8) cache to mount stuff by uuid/label and guess FS.
Used at least by udev rules and stuff linked against libblkid (fsck.*).
Both can be triggered at any time later after boot.
blkid(8) can work w/o cache.

> > - /etc/adjtime?
> 
> I was never sure what this is for. Does it really need to be updated
> randomly during runtime or once is enough?

It's saved/restored by hwclock(8) when system shutdowns/starts.
In theory hwclock can be reran time to time on running system,
but i don't think it's common. In-kernel copy of clock skew is expected
to be maintained by ntp-alike daemon.

-- 

  Sergei

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 198 bytes --]

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1680 bytes --]

On Wed, 10 Aug 2011 14:28:09 +0300
Sergei Trofimovich <slyfox@gentoo.org> wrote:

> > > > Many modern systems have their /etc/resolv.conf files
> > > > autogenerated at runtime with DHCP, PPP or so on. Thus, storing
> > > > that file in /etc seems no longer correct as that directory may
> > > > be mounted read-only.
> > > 
> > > While i don't disagree on that move i'm suspocious about the
> > > whole /etc/ ro mode. I don't think it's usable right now. Is your
> > > main goal to make it working by default?
> > 
> > I would really like to do so but I don't think I have enough power
> > to do so. Right now, I'm running one machine with read-only root and
> > resolv.conf was the only really problematic file for it.
> 
> Ah, i see.
> 
> > > - /etc/blkid*
> > 
> > That one's udev specific? I guess it could be moved as well.
> 
> It's a blkid(8) cache to mount stuff by uuid/label and guess FS.
> Used at least by udev rules and stuff linked against libblkid
> (fsck.*). Both can be triggered at any time later after boot.
> blkid(8) can work w/o cache.

'Cache' is the key-word here. I suggest pinging upstream
that /var/cache is there for some reason.

> > > - /etc/adjtime?
> > 
> > I was never sure what this is for. Does it really need to be updated
> > randomly during runtime or once is enough?
> 
> It's saved/restored by hwclock(8) when system shutdowns/starts.
> In theory hwclock can be reran time to time on running system,
> but i don't think it's common. In-kernel copy of clock skew is
> expected to be maintained by ntp-alike daemon.

Ah, then it should be stored in /var indeed.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Robin H. Johnson]

On Wed, Aug 10, 2011 at 01:32:12PM +0200, Michał Górny wrote:
> > > That one's udev specific? I guess it could be moved as well.
> > 
> > It's a blkid(8) cache to mount stuff by uuid/label and guess FS.
> > Used at least by udev rules and stuff linked against libblkid
> > (fsck.*). Both can be triggered at any time later after boot.
> > blkid(8) can work w/o cache.
> 'Cache' is the key-word here. I suggest pinging upstream
> that /var/cache is there for some reason.
It was historically in /etc because it got used to mount /var.
As an example, if you grab some RHEL systems on the default install,
every entry in the fstab is UUID=... rather than fixed devices. Not
having the cache the mounts will still work, but will be very slow as
all devices will be rescanned.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Rich Freeman]

On Wed, Aug 10, 2011 at 4:06 PM, Robin H. Johnson <robbat2@gentoo.org> wrote:
> On Wed, Aug 10, 2011 at 01:32:12PM +0200, Michał Górny wrote:
>> > > That one's udev specific? I guess it could be moved as well.
>> >
>> > It's a blkid(8) cache to mount stuff by uuid/label and guess FS.
>> > Used at least by udev rules and stuff linked against libblkid
>> > (fsck.*). Both can be triggered at any time later after boot.
>> > blkid(8) can work w/o cache.
>> 'Cache' is the key-word here. I suggest pinging upstream
>> that /var/cache is there for some reason.
> It was historically in /etc because it got used to mount /var.
> As an example, if you grab some RHEL systems on the default install,
> every entry in the fstab is UUID=... rather than fixed devices. Not
> having the cache the mounts will still work, but will be very slow as
> all devices will be rescanned.

I would think that something like this would change so infrequently as
to not matter much.  If you're going to actually install new block
devices relevant to the boot process, I have to think that somewhere
along the lines you'll probably need to mount /etc read-write.

mdadm.conf is in a similar boat.  So is fstab for that matter (my
fstab probably changes more often than the list of permanent block
devices does).

Note that dracut at least expects to find some of this stuff on /etc.
Much of the key stuff gets copied to the initramfs, but dracut
actually tries to remount things according to whatever rules it finds
in /etc/fstab so that it can respect stuff like noatime, etc.  Now,
right now that logic only applies to root, since that is all dracut
tries to mount right now.

Rich

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Robin H. Johnson]

On Wed, Aug 10, 2011 at 04:13:16PM -0400, Rich Freeman wrote:
> > It was historically in /etc because it got used to mount /var.
> > As an example, if you grab some RHEL systems on the default install,
> > every entry in the fstab is UUID=... rather than fixed devices. Not
> > having the cache the mounts will still work, but will be very slow as
> > all devices will be rescanned.
> I would think that something like this would change so infrequently as
> to not matter much.  If you're going to actually install new block
> devices relevant to the boot process, I have to think that somewhere
> along the lines you'll probably need to mount /etc read-write.
It can change more often than you realize in some more enterprisy
situations. The one that I've seen the most was a fibrechannel SAN,
where the disk order varied with the response time of the devices
(first-come first-serve in allocation of device nodes). Alternatively
booting with USB/Firewire storage devices attached, if those storage
modules are loaded before whatever other controller, it will vary
depending what you have attached.

> mdadm.conf is in a similar boat.  So is fstab for that matter (my
> fstab probably changes more often than the list of permanent block
> devices does).
mdadm.conf is less of a concern as it's written by the user, not the
system, and it contains just UUIDs and scans devices directly to
assemble.

-- 
Robin Hugh Johnson
Gentoo Linux: Developer, Trustee & Infrastructure Lead
E-Mail     : robbat2@gentoo.org
GnuPG FP   : 11AC BA4F 4778 E3F6 E4ED  F38E B27B 944E 3488 4E85

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 1006 bytes --]

On Wed, 10 Aug 2011 20:06:28 +0000
"Robin H. Johnson" <robbat2@gentoo.org> wrote:

> On Wed, Aug 10, 2011 at 01:32:12PM +0200, Michał Górny wrote:
> > > > That one's udev specific? I guess it could be moved as well.
> > > 
> > > It's a blkid(8) cache to mount stuff by uuid/label and guess FS.
> > > Used at least by udev rules and stuff linked against libblkid
> > > (fsck.*). Both can be triggered at any time later after boot.
> > > blkid(8) can work w/o cache.
> > 'Cache' is the key-word here. I suggest pinging upstream
> > that /var/cache is there for some reason.
> It was historically in /etc because it got used to mount /var.
> As an example, if you grab some RHEL systems on the default install,
> every entry in the fstab is UUID=... rather than fixed devices. Not
> having the cache the mounts will still work, but will be very slow as
> all devices will be rescanned.

I guess /run would be the correct modern location for it then.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Mike Frysinger]

[-- Attachment #1: Type: Text/Plain, Size: 406 bytes --]

On Wednesday, August 10, 2011 05:55:19 Michał Górny wrote:
> I'm attaching a net-dns/resolvconf-symlink ebuild which
> replaces /etc/resolv.conf with a symlink to a runtime-writable location
> when installed. That package could be added to PDEPEND of packages like
> net-misc/networkmanager or net-dns/openresolv.

sounds like useless layer.  why not just merge it into openresolv itself ?
-mike

[-- Attachment #2: This is a digitally signed message part. --]
[-- Type: application/pgp-signature, Size: 836 bytes --]

Re: [gentoo-dev] [RFC] /etc/resolv.conf symlink through net-dns/resolvconf-symlink

[Michał Górny]

[-- Attachment #1: Type: text/plain, Size: 619 bytes --]

On Wed, 10 Aug 2011 22:03:42 -0400
Mike Frysinger <vapier@gentoo.org> wrote:

> On Wednesday, August 10, 2011 05:55:19 Michał Górny wrote:
> > I'm attaching a net-dns/resolvconf-symlink ebuild which
> > replaces /etc/resolv.conf with a symlink to a runtime-writable
> > location when installed. That package could be added to PDEPEND of
> > packages like net-misc/networkmanager or net-dns/openresolv.
> 
> sounds like useless layer.  why not just merge it into openresolv
> itself ? -mike

To avoid a collision if some other package decides to do a similar
thing.

-- 
Best regards,
Michał Górny

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 316 bytes --]