Date: Thu, 12 Jul 2001 15:44:32 +0100 From: Paul Robinson <paul@akita.co.uk> To: "Karsten W. Rohrbach" <karsten@rohrbach.de> Cc: Terry Lambert <tlambert2@mindspring.com>, Bill Moran <wmoran@iowna.com>, freebsd-hackers@FreeBSD.ORG Subject: Re: getting rid of sysinstall - Was: FreeBSD Mall now BSDCentral Message-ID: <20010712154432.N53408@jake.akitanet.co.uk> In-Reply-To: <20010711190247.D52923@mail.webmonster.de>; from karsten@rohrbach.de on Wed, Jul 11, 2001 at 07:02:47PM %2B0200 References: <20010706144935.A61843@xor.obsecurity.org> <3B4650D0.97F10B83@bellatlantic.net> <20010707002340.B16071@widomaker.com> <20010707004731V.jkh@osd.bsdi.com> <3B49F8D5.2C9BFA73@mindspring.com> <3B4A0124.26025FB5@iowna.com> <3B4A1423.E8E365E@mindspring.com> <20010711190247.D52923@mail.webmonster.de>
next in thread | previous in thread | raw e-mail | index | archive | help
On Jul 11, "Karsten W. Rohrbach" <karsten@rohrbach.de> wrote:
=20
> some rough and spontaneuos ideas:
> - stripped down python interpreter runs as init
Wow. If you think about it, that's quite a big departure from where FBSD is
at the moment (or I'm missing the point). You might find a lot more people
would prefer Perl if you're going to move to this kind of model (however
it's been so long since I looked at this stuff, you might already be using
this model, and I don't know about it), but I say ignore them. ;-)
> - every class has properties which can be preloaded (=3Dunattended install
> functionality from 'recorded' install session or manually generated
> setup)
Potentially a hazardous thing to offer. I can see where you're coming from,
but there are basic questions that would need to be resolved before we get
into the other issues - e.g. where exactly is the install session going to
be recorded to? You can't put it on the CD you're pulling from, floppies are
a pain in the backside, and the early (more confusing parts) are not going
to have a network available to them. Probably. Is their an existing
installer that does this, and if so how does it record sessions?
> so on, perhaps stuff configuration metadata into xml and re-write it
> to the appropriate (maybe new/different) format -- oops, i said the
> x-word :->
That's quite a big project. Just getting decent XML parsers in place at
early stages of install would be problematic IMHO.
> - remote install dialog ui using ethernet as transport (yay!) would be
> a nice idea
No, no, no, NO! Please don't do this. Although it seems like a nice idea,
securing this would be a nightmare, because the only way this could
realistically be done is if the box decided to do a pure network boot,
brought over an install image, and then you managed to ssh in or something
at the right moment. It's too open to abuse. Again, it's a nice idea, but I
think on a practical level it might be too complicated.
> - making the base system consist of packages would raise the need for
> package db flagging of non-removable/mandatory pkgs
Yeah, really decent top-notch package management is something sorely missing
in FBSD. I have several times sat down and thought about writing something
decent or even lift something from somewhere else, but never got around to
it. One idea I had was to trojan install so that it could track dependancies
on standard 'make install' builds. Maybe even put some stuff in 'make'
itself, or 'configure'. When you think about it, it's not that bad an
idea. But then, if it was a good idea, somebody else would have done it,
except they haven't, probably for reasons I haven't thought about.
> - with that step we also could package sendmail and bind out of the base
> system ;-) hint-hint
sendmail sucks. I think this comes back to the issue of taste. First thing I
do after an install once I've secured it down, etc. is get sendmail off the
box and exim in place instead. If that was an option at install time
(sendmail was never even on the box in the first place) I would jump up and
down and smile. And stuff.
> - package signature verification would also be a nice thing to have,
> especially with signature fetching over the net
Still open to abuse. To really secure that you would need to put in measures
to prevent man-in-the-middle attacks, etc. Good idea though.
=20
<snip big ascii diagram that seems to make sense and disclaimer>
Yeah, all seems to make sense. I think python might be a choice that will
raise some eyebrows, but on the whole it seems pretty cool.
--=20
Paul Robinson ,---------------------------------------
Technical Director @ Akita | A computer lets you make more mistakes
PO Box 604, Manchester, M60 3PR | than any other invention with the=20
T: +44 (0) 161 228 6388 (F:6389)| possible exceptions of handguns and
| Tequila - Mitch Ratcliffe
`-----
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010712154432.N53408>