Summary: | =sys-devel/distcc-3.1-r9 - Needs systemd service unit file improvement to allow to include multiple allow statements. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Mehmet Giritli <mehmet> |
Component: | Current packages | Assignee: | Gentoo Cluster Team <cluster> |
Status: | UNCONFIRMED --- | ||
Severity: | normal | CC: | alexander, cluster, mgorny, michael, systemd, xaviermiller |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- |
Description
Mehmet Giritli
2013-10-09 18:05:42 UTC
(In reply to Mehmet Giritli from comment #0) > Currently unit file contains: > > ExecStart=/usr/bin/distccd --verbose --no-detach --daemon --port 3632 -N 15 > --allow $ALLOWED_SERVERS > > where by default the configuration file contains > > Environment="ALLOWED_SERVERS=127.0.0.1" > > This is problematic for including multiple allow statements and also the log > file setting should also be included in the unit file. I suggest changing > the config file to something like this: > > Environment="ALLOWED_SERVERS=--allow 127.0.0.1 --allow 192.168.2.0/24 > --allow 192.168.1.0/24" I guess we could replace ExecStart dropping "--allow" and moving it to the environment file, but wouldn't add the .2.0/24 and .1.0/24 as they depend on every setup > > and the exec statement to include log file setting and remove the --allow > statement whic is moved into the config file: > > ExecStart=/usr/bin/distccd --no-detach --daemon --port 3632 -N 15 > --log-level notice --log-file /var/log/distccd.log $ALLOWED_SERVERS > > Reproducible: Always Regarding the log, when I reviewed how was this handled in other distros, looks like we can rely on getting logs handled by journald (as fedora and arch do) (In reply to Pacho Ramos from comment #1) > (In reply to Mehmet Giritli from comment #0) > > Currently unit file contains: > > > > ExecStart=/usr/bin/distccd --verbose --no-detach --daemon --port 3632 -N 15 > > --allow $ALLOWED_SERVERS > > > > where by default the configuration file contains > > > > Environment="ALLOWED_SERVERS=127.0.0.1" > > > > This is problematic for including multiple allow statements and also the log > > file setting should also be included in the unit file. I suggest changing > > the config file to something like this: > > > > Environment="ALLOWED_SERVERS=--allow 127.0.0.1 --allow 192.168.2.0/24 > > --allow 192.168.1.0/24" > > I guess we could replace ExecStart dropping "--allow" and moving it to the > environment file, but wouldn't add the .2.0/24 and .1.0/24 as they depend on > every setup > Yeah, I just copy pasted mine for sake of an example to show what I meant. > > > > and the exec statement to include log file setting and remove the --allow > > statement whic is moved into the config file: > > > > ExecStart=/usr/bin/distccd --no-detach --daemon --port 3632 -N 15 > > --log-level notice --log-file /var/log/distccd.log $ALLOWED_SERVERS > > > > Reproducible: Always > > Regarding the log, when I reviewed how was this handled in other distros, > looks like we can rely on getting logs handled by journald (as fedora and > arch do) I preferred distcc to have its own log file directly because this is somewhat easier to handle as there could be a lot of output but I don't actually mind. I'll keep a private unit file under /etc. I have tried to run: # distccd --verbose --no-detach --daemon --port 3632 -N 15 -a 192.168.1.1 192.168.0.1 0.0.0.0 distccd[14023] (dcc_discard_root) discarded root privileges, changed to uid=240 gid=2 ^C and it looks to (at least) run :/, are you sure you need to add a "-a" per each IP? (In reply to Pacho Ramos from comment #3) > I have tried to run: > # distccd --verbose --no-detach --daemon --port 3632 -N 15 -a 192.168.1.1 > 192.168.0.1 0.0.0.0 > distccd[14023] (dcc_discard_root) discarded root privileges, changed to > uid=240 gid=2 > ^C > > and it looks to (at least) run :/, are you sure you need to add a "-a" per > each IP? Yes, it will run like that without an error message but it will not accept from the ones except the first one listed after --allow. This is what I remember at least. Could you verify it? (I don't have the setup for testing that) Thanks (In reply to Pacho Ramos from comment #5) > Could you verify it? (I don't have the setup for testing that) Thanks Will do when I have time for it. No problem. *** Bug 530106 has been marked as a duplicate of this bug. *** I just retested, having "--allow host host host" is a silent fail, it accepts it but does not work. I also tried this circuitous Environment="ALLOWED_SERVERS=\"10.0.0.0/24 --allow 127.0.0.1\"" (hint, yeah, it *looks* like it assembled correctly.) This also does not work. The only way I was able to accept localhost and LAN was to rewrite the the whole ExecStart line with a custom service file... Should this bug just be closed and expect a custom service file be written if we need more than one allow statement? As an aside, IPV6 access control handling by distcc is atrocious, made worse by the allowance of only one hostmask in ALLOWED_SERVERS. Utilizing the an environment variable to pass command line arguments is just a bad idea to begin with. Here are possible solutions I would suggest: 1. Override ExecStart to pass the options you need. This is obviously not ideal, but better than abusing environment vars. 2. Use a shell script to dynamically build a distccd command line, and call the shell script from the service file. 3. Patch distccd to read its configuration from a file instead of relying on command line parameters. Does the distcc.conf file need to be compatible with OpenRC Ignore that last comment... useless comment, they are different... |