-
The last few days a new boot system called
-systemd
-has been
-introduced
+
After a long break from debian-installer development, I finally
+found time today to return to the project. Having to spend less time
+working dependency based boot in debian, as it is almost complete now,
+definitely helped freeing some time.
-to the free software world. I have not yet had time to play around
-with it, but it seem to be a very interesting alternative to
-
upstart, and might prove to be
-a good alternative for Debian when we are able to switch to an event
-based boot system. Tollef is
-
in the process of getting
-systemd into Debian, and I look forward to seeing how well it work. I
-like the fact that systemd handles init.d scripts with dependency
-information natively, allowing them to run in parallel where upstart
-at the moment do not.
+
A while back, I ran into a problem while working on Debian Edu. We
+include some firmware packages on the Debian Edu CDs, those needed to
+get disk and network controllers working. Without having these
+firmware packages available during installation, it is impossible to
+install Debian Edu on the given machine, and because our target group
+are non-technical people, asking them to provide firmware packages on
+an external medium is a support pain. Initially, I expected it to be
+enough to include the firmware packages on the CD to get
+debian-installer to find and use them. This proved to be wrong.
+Next, I hoped it was enough to symlink the relevant firmware packages
+to some useful location on the CD (tried /cdrom/ and
+/cdrom/firmware/). This also proved to not work, and at this point I
+found time to look at the debian-installer code to figure out what was
+going to work.
-
Unfortunately do systemd have the same problem as upstart regarding
-platform support. It only work on recent Linux kernels, and also need
-some new kernel features enabled to function properly. This means
-kFreeBSD and Hurd ports of Debian will need a port or a different boot
-system. Not sure how that will be handled if systemd proves to be the
-way forward.
+
The firmware loading code is in the hw-detect package, and a closer
+look revealed that it would only look for firmware packages outside
+the installation media, so the CD was never checked for firmware
+packages. It would only check USB sticks, floppies and other
+"external" media devices. Today I changed it to also look in the
+/cdrom/firmware/ directory on the mounted CD or DVD, which should
+solve the problem I ran into with Debian edu. I also changed it to
+look in /firmware/, to make sure the installer also find firmware
+provided in the initrd when booting the installer via PXE, to allow us
+to provide the same feature in the PXE setup included in Debian
+Edu.
-
In the mean time, based on the
-input
-on debian-devel@ regarding parallel booting in Debian, I have
-decided to enable full parallel booting as the default in Debian as
-soon as possible (probably this weekend or early next week), to see if
-there are any remaining serious bugs in the init.d dependencies. A
-new version of the sysvinit package implementing this change is
-already in experimental. If all go well, Squeeze will be released
-with parallel booting enabled by default.
+
To make sure firmware deb packages with a license questions are not
+activated without asking if the license is accepted, I extended
+hw-detect to look for preinst scripts in the firmware packages, and
+run these before activating the firmware during installation. The
+license question is asked using debconf in the preinst, so this should
+solve the issue for the firmware packages I have looked at so far.
+
+
If you want to discuss the details of these features, please
+contact us on debian-boot@lists.debian.org.
- 14th May 2010
+ 21st May 2010
-
In the recent Debian Edu versions, the
-sitesummary
-system is used to keep track of the machines in the school
-network. Each machine will automatically report its status to the
-central server after boot and once per night. The network setup is
-also reported, and using this information it is possible to get the
-MAC address of all network interfaces in the machines. This is useful
-to update the DHCP configuration.
+
For en stund tilbake kjøpte jeg en magnetkortleser for å kunne
+titte på hva som er skrevet inn på magnetstripene til ulike kort. Har
+ikke hatt tid til å analysere mange kort så langt, men tenkte jeg
+skulle dele innholdet på to kort med mine lesere.
-
To give some idea how to use sitesummary, here is a one-liner to
-ist all MAC addresses of all machines reporting to sitesummary. Run
-this on the collector host:
+
For noen dager siden tok jeg flyet til Harstad og Hurtigruten til
+Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med
+magnetstripe. Påtrykket finner jeg følgende informasjon:
-
-perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
-
+
+Flytoget Airport Express Train
-This will list all MAC addresses assosiated with all machine, one
-line per machine and with space between the MAC addresses.
+Fra - Til : Oslo Sentralstasjon
+Kategori : Voksen
+Pris : Nok 170,00
+Herav mva. 8,00% : NOK 12,59
+Betaling : Kontant
+Til - Fra : Oslo Lufthavn
+Utstedt: : 08.05.10
+Gyldig Fra-Til : 08.05.10-07.11.10
+Billetttype : Enkeltbillett
-To allow system administrators easier job at adding static DHCP
-addresses for hosts, it would be possible to extend this to fetch
-machine information from sitesummary and update the DHCP and DNS
-tables in LDAP using this information. Such tool is unfortunately not
-written yet.
+102-1015-100508-48382-01-08
+
-
-
-
-
-
- 14th May 2010
-
-
-
Since this evening, parallel booting is the default in
-Debian/unstable for machines using dependency based boot sequencing.
-Apparently the testing of concurrent booting has been wider than
-expected, if I am to believe the
-input
-on debian-devel@, and I concluded a few days ago to move forward
-with the feature this weekend, to give us some time to detect any
-remaining problems before Squeeze is frozen. If serious problems are
-detected, it is simple to change the default back to sequential boot.
-The upload of the new sysvinit package also activate a new upstream
-version.
+
PÃ¥ selve magnetstripen er innholdet
+;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?.
+Aner ikke hva innholdet representerer, og det er lite overlapp mellom
+det jeg ser trykket på billetten og det jeg ser av tegn i
+magnetstripen. HÃ¥per det betyr at de bruker kryptografiske metoder
+for å gjøre det vanskelig å forfalske billetter.
-More information about
-
dependency
-based boot sequencing is available from the Debian wiki. It is
-currently possible to disable parallel booting when one run into
-problems caused by it, by adding this line to /etc/default/rcS:
+
Den andre billetten er fra Hurtigruten, der jeg mistenker at
+strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert
+fall den biten vi stakk inn i dørlåsen).
-
-CONCURRENCY=none
-
+
Påtrykket forsiden er følgende:
-
If you report any problems with dependencies in init.d scripts to
-the BTS, please usertag the report to get it to show up at
-the
-list of usertagged bugs related to this.
+
+Romnummer 727
+Hurtigruten
+Midnatsol
+Reinholdtsen
+Petter
+Bookingno: SAX69 0742193
+Harstad-Bergen
+Dep: 09.05.2010 Arr: 12.05.2010
+Lugar fra Risøyhamn
+Kost: FRO=4
+
+
+
PÃ¥ selve magnetstripen er innholdet
+;1316010007421930=00000000000000000000?+E?. Heller ikke her
+ser jeg mye korrespondanse mellom påtrykk og magnetstripe.
@@ -382,72 +288,141 @@ please contact us on debian-edu@lists.debian.org.
- 21st May 2010
+ 14th May 2010
-
For en stund tilbake kjøpte jeg en magnetkortleser for å kunne
-titte på hva som er skrevet inn på magnetstripene til ulike kort. Har
-ikke hatt tid til å analysere mange kort så langt, men tenkte jeg
-skulle dele innholdet på to kort med mine lesere.
+
Since this evening, parallel booting is the default in
+Debian/unstable for machines using dependency based boot sequencing.
+Apparently the testing of concurrent booting has been wider than
+expected, if I am to believe the
+input
+on debian-devel@, and I concluded a few days ago to move forward
+with the feature this weekend, to give us some time to detect any
+remaining problems before Squeeze is frozen. If serious problems are
+detected, it is simple to change the default back to sequential boot.
+The upload of the new sysvinit package also activate a new upstream
+version.
-
For noen dager siden tok jeg flyet til Harstad og Hurtigruten til
-Bergen. Flytoget fra Oslo S til flyplassen ga meg en billett med
-magnetstripe. Påtrykket finner jeg følgende informasjon:
+More information about
+
dependency
+based boot sequencing is available from the Debian wiki. It is
+currently possible to disable parallel booting when one run into
+problems caused by it, by adding this line to /etc/default/rcS:
-
-Flytoget Airport Express Train
+
+CONCURRENCY=none
+
-Fra - Til : Oslo Sentralstasjon
-Kategori : Voksen
-Pris : Nok 170,00
-Herav mva. 8,00% : NOK 12,59
-Betaling : Kontant
-Til - Fra : Oslo Lufthavn
-Utstedt: : 08.05.10
-Gyldig Fra-Til : 08.05.10-07.11.10
-Billetttype : Enkeltbillett
+If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+the
+list of usertagged bugs related to this.
-102-1015-100508-48382-01-08
-
+
+
+
+
+
+
+
+
+ 14th May 2010
+
+
+
In the recent Debian Edu versions, the
+sitesummary
+system is used to keep track of the machines in the school
+network. Each machine will automatically report its status to the
+central server after boot and once per night. The network setup is
+also reported, and using this information it is possible to get the
+MAC address of all network interfaces in the machines. This is useful
+to update the DHCP configuration.
+
+
To give some idea how to use sitesummary, here is a one-liner to
+ist all MAC addresses of all machines reporting to sitesummary. Run
+this on the collector host:
+
+
+perl -MSiteSummary -e 'for_all_hosts(sub { print join(" ", get_macaddresses(shift)), "\n"; });'
+
-
PÃ¥ selve magnetstripen er innholdet
-;E?+900120011=23250996541068112619257138248441708433322932704083389389062603279671261502492655?.
-Aner ikke hva innholdet representerer, og det er lite overlapp mellom
-det jeg ser trykket på billetten og det jeg ser av tegn i
-magnetstripen. HÃ¥per det betyr at de bruker kryptografiske metoder
-for å gjøre det vanskelig å forfalske billetter.
+
This will list all MAC addresses assosiated with all machine, one
+line per machine and with space between the MAC addresses.
-
Den andre billetten er fra Hurtigruten, der jeg mistenker at
-strekkoden på fronten er mer brukt enn magnetstripen (det var i hvert
-fall den biten vi stakk inn i dørlåsen).
+
To allow system administrators easier job at adding static DHCP
+addresses for hosts, it would be possible to extend this to fetch
+machine information from sitesummary and update the DHCP and DNS
+tables in LDAP using this information. Such tool is unfortunately not
+written yet.
-
Påtrykket forsiden er følgende:
+
+
+
+
+
+
+
+
+ 13th May 2010
+
+
+
The last few days a new boot system called
+systemd
+has been
+introduced
-
-Romnummer 727
-Hurtigruten
-Midnatsol
-Reinholdtsen
-Petter
-Bookingno: SAX69 0742193
-Harstad-Bergen
-Dep: 09.05.2010 Arr: 12.05.2010
-Lugar fra Risøyhamn
-Kost: FRO=4
-
+to the free software world. I have not yet had time to play around
+with it, but it seem to be a very interesting alternative to
+
upstart, and might prove to be
+a good alternative for Debian when we are able to switch to an event
+based boot system. Tollef is
+
in the process of getting
+systemd into Debian, and I look forward to seeing how well it work. I
+like the fact that systemd handles init.d scripts with dependency
+information natively, allowing them to run in parallel where upstart
+at the moment do not.
-
PÃ¥ selve magnetstripen er innholdet
-;1316010007421930=00000000000000000000?+E?. Heller ikke her
-ser jeg mye korrespondanse mellom påtrykk og magnetstripe.
+
Unfortunately do systemd have the same problem as upstart regarding
+platform support. It only work on recent Linux kernels, and also need
+some new kernel features enabled to function properly. This means
+kFreeBSD and Hurd ports of Debian will need a port or a different boot
+system. Not sure how that will be handled if systemd proves to be the
+way forward.
+
+
In the mean time, based on the
+input
+on debian-devel@ regarding parallel booting in Debian, I have
+decided to enable full parallel booting as the default in Debian as
+soon as possible (probably this weekend or early next week), to see if
+there are any remaining serious bugs in the init.d dependencies. A
+new version of the sysvinit package implementing this change is
+already in experimental. If all go well, Squeeze will be released
+with parallel booting enabled by default.
@@ -456,59 +431,53 @@ ser jeg mye korrespondanse mellom påtrykk og magnetstripe.
- 22nd May 2010
+ 6th May 2010
-
After a long break from debian-installer development, I finally
-found time today to return to the project. Having to spend less time
-working dependency based boot in debian, as it is almost complete now,
-definitely helped freeing some time.
+
These days, the init.d script dependencies in Squeeze are quite
+complete, so complete that it is actually possible to run all the
+init.d scripts in parallell based on these dependencies. If you want
+to test your Squeeze system, make sure
+dependency
+based boot sequencing is enabled, and add this line to
+/etc/default/rcS:
-
A while back, I ran into a problem while working on Debian Edu. We
-include some firmware packages on the Debian Edu CDs, those needed to
-get disk and network controllers working. Without having these
-firmware packages available during installation, it is impossible to
-install Debian Edu on the given machine, and because our target group
-are non-technical people, asking them to provide firmware packages on
-an external medium is a support pain. Initially, I expected it to be
-enough to include the firmware packages on the CD to get
-debian-installer to find and use them. This proved to be wrong.
-Next, I hoped it was enough to symlink the relevant firmware packages
-to some useful location on the CD (tried /cdrom/ and
-/cdrom/firmware/). This also proved to not work, and at this point I
-found time to look at the debian-installer code to figure out what was
-going to work.
+
+CONCURRENCY=makefile
+
-
The firmware loading code is in the hw-detect package, and a closer
-look revealed that it would only look for firmware packages outside
-the installation media, so the CD was never checked for firmware
-packages. It would only check USB sticks, floppies and other
-"external" media devices. Today I changed it to also look in the
-/cdrom/firmware/ directory on the mounted CD or DVD, which should
-solve the problem I ran into with Debian edu. I also changed it to
-look in /firmware/, to make sure the installer also find firmware
-provided in the initrd when booting the installer via PXE, to allow us
-to provide the same feature in the PXE setup included in Debian
-Edu.
+
That is it. It will cause sysv-rc to use the startpar tool to run
+scripts in parallel using the dependency information stored in
+/etc/init.d/.depend.boot, /etc/init.d/.depend.start and
+/etc/init.d/.depend.stop to order the scripts. Startpar is configured
+to try to start the kdm and gdm scripts as early as possible, and will
+start the facilities required by kdm or gdm as early as possible to
+make this happen.
-
To make sure firmware deb packages with a license questions are not
-activated without asking if the license is accepted, I extended
-hw-detect to look for preinst scripts in the firmware packages, and
-run these before activating the firmware during installation. The
-license question is asked using debconf in the preinst, so this should
-solve the issue for the firmware packages I have looked at so far.
+
Give it a try, and see if you like the result. If some services
+fail to start properly, it is most likely because they have incomplete
+init.d script dependencies in their startup script (or some of their
+dependent scripts have incomplete dependencies). Report bugs and get
+the package maintainers to fix it. :)
-
If you want to discuss the details of these features, please
-contact us on debian-boot@lists.debian.org.
+
Running scripts in parallel could be the default in Debian when we
+manage to get the init.d script dependencies complete and correct. I
+expect we will get there in Squeeze+1, if we get manage to test and
+fix the remaining issues.
+
+
If you report any problems with dependencies in init.d scripts to
+the BTS, please usertag the report to get it to show up at
+the
+list of usertagged bugs related to this.
@@ -517,57 +486,88 @@ contact us on debian-boot@lists.debian.org.
- 27th May 2010
+ 2nd May 2010
-
A few days ago, parallel booting was enabled in Debian/testing.
-The feature seem to hold up pretty well, but three fairly serious
-issues are known and should be solved:
+
One interesting feature in Active Directory, is the ability to
+create a new user with an expired password, and thus force the user to
+change the password on the first login attempt.
-
+I'm not quite sure how to do that with the LDAP setup in Debian
+Edu, but did some initial testing with a local account. The account
+and password aging information is available in /etc/shadow, but
+unfortunately, it is not possible to specify an expiration time for
+passwords, only a maximum age for passwords.
-- The wicd package seen to
-break NFS mounting and
-network setup when
-parallel booting is enabled. No idea why, but the wicd maintainer
-seem to be on the case.
+A freshly created account (using adduser test) will have these
+settings in /etc/shadow:
-- The nvidia X driver seem to
-have a race condition
-triggered more easily when parallel booting is in effect. The
-maintainer is on the case.
+
+root@tjener:~# chage -l test
+Last password change : May 02, 2010
+Password expires : never
+Password inactive : never
+Account expires : never
+Minimum number of days between password change : 0
+Maximum number of days between password change : 99999
+Number of days of warning before password expires : 7
+root@tjener:~#
+
-- The sysv-rc package fail to properly enable dependency based boot
-sequencing (the shutdown is broken) when old file-rc users
-try to switch back to
-sysv-rc. One way to solve it would be for file-rc to create
-/etc/init.d/.legacy-bootordering, and another is to try to make
-sysv-rc more robust. Will investigate some more and probably upload a
-workaround in sysv-rc to help those trying to move from file-rc to
-sysv-rc get a working shutdown.
+The only way I could come up with to create a user with an expired
+account, is to change the date of the last password change to the
+lowest value possible (January 1th 1970), and the maximum password age
+to the difference in days between that date and today. To make it
+simple, I went for 30 years (30 * 365 = 10950) and January 2th (to
+avoid testing if 0 is a valid value).
-
+
After using these commands to set it up, it seem to work as
+intended:
-
All in all not many surprising issues, and all of them seem
-solvable before Squeeze is released. In addition to these there are
-some packages with bugs in their dependencies and run level settings,
-which I expect will be fixed in a reasonable time span.
+
+root@tjener:~# chage -d 1 test; chage -M 10950 test
+root@tjener:~# chage -l test
+Last password change : Jan 02, 1970
+Password expires : never
+Password inactive : never
+Account expires : never
+Minimum number of days between password change : 0
+Maximum number of days between password change : 10950
+Number of days of warning before password expires : 7
+root@tjener:~#
+
-
If you report any problems with dependencies in init.d scripts to
-the BTS, please usertag the report to get it to show up at
-the
-list of usertagged bugs related to this.
+
So far I have tested this with ssh and console, and kdm (in
+Squeeze) login, and all ask for a new password before login in the
+user (with ssh, I was thrown out and had to log in again).
-
Update: Correct bug number to file-rc issue.
+
Perhaps we should set up something similar for Debian Edu, to make
+sure only the user itself have the account password?
+
+
If you want to comment on or help out with implementing this for
+Debian Edu, please contact us on debian-edu@lists.debian.org.
+
+
Update 2010-05-02 17:20: Paul Tötterman tells me on IRC that the
+shadow(8) page in Debian/testing now state that setting the date of
+last password change to zero (0) will force the password to be changed
+on the first login. This was not mentioned in the manual in Lenny, so
+I did not notice this in my initial testing. I have tested it on
+Squeeze, and 'chage -d 0 username' do work there. I have not
+tested it on Lenny yet.
+
+
Update 2010-05-02-19:05: Jim Paris tells me via email that an
+equivalent command to expire a password is 'passwd -e
+username', which insert zero into the date of the last password
+change.