[Fedora-livecd-list] Use of lokkit in livecd-builder

Bryan Kearney bkearney at redhat.com
Thu Aug 28 13:44:31 UTC 2008 

Jeremy Katz wrote:
> On Thu, 2008-08-28 at 09:25 -0400, Bryan Kearney wrote:
>> Jeremy Katz wrote:
>>> On Thu, 2008-08-28 at 08:44 -0400, Bryan Kearney wrote:
>>>> The F9 version of livecd-tools usese /usr/sbin/lokkit to enable and 
>>>> disable the firewall. There is a FIXME near it to suport the rest of the 
>>>> options which lokkit takes. The current implementation executes this in 
>>>> the chroot environment, so forces several packages to be deployed into 
>>>> the image when it is built. Since I would be curious in reducing the 
>>>> package set for the images which are built, I am curious if there are 
>>>> plans around any of the following:
>>>>
>>>> 1) Remove the use of lokkit and instead directly manipulate the files 
>>>> (or perhaps use augeas).
>>> Not really.  We use lokkit so that when things change, there's only one
>>> implementation that needs changing.  And this is a *good* thing.  And
>>> augeas would be seen as a far more "one-off" dep than lokkit at this
>>> point to most of the world.
>> I can understand that... and I expected that was the reason. And I 
>> assume since the whole hting is done in the chroot, it would be 
>> difficult to move this part out of the chroot?
> 
> Absolutely impossible.  It would require that something outside the
> chroot know the details (past, present, and future) of how to configure
> something inside the chroot.
> 
>>>> 2) Look to break up system-config-firewall-tui so that lokkit is a 
>>>> separate package with less dependencies.
>>> The big dep that looks trimmable is rhpl as it's just used for
>>> translation stuff (... and I want to get things off of using
>>> rhpl.translate and just using the gettext module directly anyway).
>>> There's not really anything else which is even feasible to remove
>> I scanend it, and if all you need is lokkit then the following seem 
>> "unnecessary"
> [snip]
>> I agree they are needed if you want the tui, but if there ware other 
>> config paths.. then these are not necessary.
> 
> lokkit *IS* the tui.  Removing that would be like saying "well, let's
> take out bash's interactive mode because that's not strictly necessary"
> as you also use it just to run scripts

It looks like the tui is /usr/bin/system-config-firewall-tui which 
loads /usr/share/system-config-firewall/fw_tui.py that then makes calls 
to lokkit.

So.. it seems possible to seperate out the acutal presentaiton from the 
command line (tui, gui, etc) from the execution (lokkit)

-- bk

More information about the Fedora-livecd-list mailing list