[Fedora-livecd-list] Use of lokkit in livecd-builder
Daniel P. Berrange
berrange at redhat.com
Thu Aug 28 14:07:07 UTC 2008
On Thu, Aug 28, 2008 at 09:22:13AM -0400, Jeremy Katz wrote:
> On Thu, 2008-08-28 at 08:44 -0400, Bryan Kearney wrote:
> > The F9 version of livecd-tools usese /usr/sbin/lokkit to enable and
> > disable the firewall. There is a FIXME near it to suport the rest of the
> > options which lokkit takes. The current implementation executes this in
> > the chroot environment, so forces several packages to be deployed into
> > the image when it is built. Since I would be curious in reducing the
> > package set for the images which are built, I am curious if there are
> > plans around any of the following:
> >
> > 1) Remove the use of lokkit and instead directly manipulate the files
> > (or perhaps use augeas).
>
> Not really. We use lokkit so that when things change, there's only one
> implementation that needs changing. And this is a *good* thing. And
> augeas would be seen as a far more "one-off" dep than lokkit at this
> point to most of the world.
If augeas were to be used I'd expect lokkit itself to use it directly,
rather than livecd-creator using it.
> > 2) Look to break up system-config-firewall-tui so that lokkit is a
> > separate package with less dependencies.
>
> The big dep that looks trimmable is rhpl as it's just used for
> translation stuff (... and I want to get things off of using
> rhpl.translate and just using the gettext module directly anyway).
> There's not really anything else which is even feasible to remove
It is not worth worrying about rhpl. The killer piece that causes pain
for oVirt in this scenario is the presense of python. Unless that's
killable, the rest is just a rounding error.
The way we currently do it is include lokkit packages at first, and then
use a %post script to uninstall python and everything using it. Unless
someone wants to re-implement entire of lokkit in C, I don't see any
other viable approach other than this uninstall in %post.
Daniel.
--
|: Red Hat, Engineering, London -o- http://people.redhat.com/berrange/ :|
|: http://libvirt.org -o- http://virt-manager.org -o- http://ovirt.org :|
|: http://autobuild.org -o- http://search.cpan.org/~danberr/ :|
|: GnuPG: 7D3B9505 -o- F3C9 553F A1DA 4AC2 5648 23C1 B3DF F742 7D3B 9505 :|
More information about the Fedora-livecd-list
mailing list