Stories
Slash Boxes
Comments

SoylentNews is people

posted by martyb on Sunday September 22 2019, @01:00PM   Printer-friendly
from the all-your-computer-are-belong-to-us dept.

At the All Systems Go conference in Berlin 20-22 September, Lennart Poettering proposed a new extension to systemd, systemd-homed.service. A video of his session can be downloaded from media.ccc.de with accompanying slides [PDF].

In his presentation, Poettering outlines a number of problems he sees with the current system, like /etc needs to be writeable, UIDs need to be consistent across systems, and lack of encryption and resource management.

His goals with the proposed solution are migrateable and self-contained, UID-independent home directories with extensible user records that unify the user's password and encryption key; LUKS locking on system suspend; and Yubikey support.

He identifies a number of problems this new idea could cause with SSH logins, disk space assignments, UID assignments, and LUKS locking.

He plans to introduce JSON user records that can be queried via a Varlink interface and to a certain extent are convertible to and from existing formats. The home directories will be stored as LUKS-encrypted files that will be managed by the proposed new service, systemd-homed.service. The system integration will be supported by pam_systemd and systemd-logind.service.

It will be interesting to see how the world responds to this new take on systemd's ever-increasing encroachment of Linux.

... and lastly, this story is brought to you from a systemd-free laptop.


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 4, Insightful) by Anonymous Coward on Sunday September 22 2019, @05:08PM

    by Anonymous Coward on Sunday September 22 2019, @05:08PM (#897162)

    Poettering's ideas are decent. But basically he is reinventing the the windows/VMS subsystems that do these exact things. He just described good swaths of active directory and ldap.

    But the problem is he half asses these huge ideas. It takes *ages* to fix the damage he does. Then after 10 years of *other* people fixing the holes the thing works again.

    One big is issue is his scope creep on things. There are things in system.d that have 0 place in that stack. Yet they are there. An init system should init things. Do it consistently then get the hell out of the way. But it contains things that do not belong like DNS another reinvented logging syste. Those are subsystems. We already had a few dozen of those yet they reinvented yet another one. Which is fine. But why is it part of the systemd packages? He completely blew up the sound subsystem in linux. It took *years* before people could reliably get sound out of their computers again with out a major config pain.

    He has done this pattern over and over of blowing things up then leaving to wander off to some other new toy. Leaving behind a ruin of code that someone else has to clean up.

    THAT is why we look at what he does with disdain. Not the idea itself. But the implementation stinks.

    as it takes a second to run the make-systemd-default-sane.yml Ansible playbook
    A perfect example. The out of the box is un-sain. You have to spend time fiddling and tweaking to get it to behave in a nice way. That sums up pretty much everything he does. Half assed with no '90%' case looking to the average user and config points for the non average. Just 'haha you should have RTFM'. Freeking annoying and a freeking waste of everyone's time.

    Starting Score:    0  points
    Moderation   +4  
       Insightful=2, Interesting=2, Total=4
    Extra 'Insightful' Modifier   0  

    Total Score:   4