[Fedora-livecd-list] Use of lokkit in livecd-builder
Bryan Kearney
bkearney at redhat.com
Thu Aug 28 13:44:31 UTC 2008
Jeremy Katz wrote:
> On Thu, 2008-08-28 at 09:25 -0400, Bryan Kearney wrote:
>> Jeremy Katz wrote:
>>> On Thu, 2008-08-28 at 08:44 -0400, Bryan Kearney wrote:
>>>> The F9 version of livecd-tools usese /usr/sbin/lokkit to enable and
>>>> disable the firewall. There is a FIXME near it to suport the rest of the
>>>> options which lokkit takes. The current implementation executes this in
>>>> the chroot environment, so forces several packages to be deployed into
>>>> the image when it is built. Since I would be curious in reducing the
>>>> package set for the images which are built, I am curious if there are
>>>> plans around any of the following:
>>>>
>>>> 1) Remove the use of lokkit and instead directly manipulate the files
>>>> (or perhaps use augeas).
>>> Not really. We use lokkit so that when things change, there's only one
>>> implementation that needs changing. And this is a *good* thing. And
>>> augeas would be seen as a far more "one-off" dep than lokkit at this
>>> point to most of the world.
>> I can understand that... and I expected that was the reason. And I
>> assume since the whole hting is done in the chroot, it would be
>> difficult to move this part out of the chroot?
>
> Absolutely impossible. It would require that something outside the
> chroot know the details (past, present, and future) of how to configure
> something inside the chroot.
>
>>>> 2) Look to break up system-config-firewall-tui so that lokkit is a
>>>> separate package with less dependencies.
>>> The big dep that looks trimmable is rhpl as it's just used for
>>> translation stuff (... and I want to get things off of using
>>> rhpl.translate and just using the gettext module directly anyway).
>>> There's not really anything else which is even feasible to remove
>> I scanend it, and if all you need is lokkit then the following seem
>> "unnecessary"
> [snip]
>> I agree they are needed if you want the tui, but if there ware other
>> config paths.. then these are not necessary.
>
> lokkit *IS* the tui. Removing that would be like saying "well, let's
> take out bash's interactive mode because that's not strictly necessary"
> as you also use it just to run scripts
It looks like the tui is /usr/bin/system-config-firewall-tui which
loads /usr/share/system-config-firewall/fw_tui.py that then makes calls
to lokkit.
So.. it seems possible to seperate out the acutal presentaiton from the
command line (tui, gui, etc) from the execution (lokkit)
-- bk
More information about the Fedora-livecd-list
mailing list