The ulogd initscript needs "net" before starting. Shorewall-init needs to run before "net" but *after* ulogd. This results in a circular wait loop during boot that, by default, takes 50 seconds to resolve, before timing out and waiting 50 seconds again before timing out a second time and allowing login. I don't know which package is at fault, only that taking 2 minutes for OpenRC to finish its work before letting me log in is... counter-productive, to say the least.
shorewall-init should run in "boot" runlevel and will set each configured firewall (shorewall, shorewall6, shorewall-lite, shorewall6-lite) into the stop state, which should secure your machine before the real firewall (which often needs the physical network device) is able to start. Because you maybe have configured your firewall to log traffic and set ulog as log target, shorewall-init has "rc_after ulogd" to tell OpenRC: "When ulogd is scheduled to start in the same runlevel, start ulogd before" -- Otherwise you could lose some logs. So this shouldn't be a shorewall-init problem. As shown, "rc_after ulogd" in shorewall-init is correct (if anybody thinks I am wrong, please correct me!). Now the question is, if ulogd really needs net. I think that's the bug (see bug 439092). But because I am not really familiar with ulogd I am assigning this bug to "Coacher" (app-admin/ulogd maintainer).
(In reply to Thomas D. from comment #1) > shorewall-init should run in "boot" runlevel and will set each configured > firewall (shorewall, shorewall6, shorewall-lite, shorewall6-lite) into the > stop state, which should secure your machine before the real firewall (which > often needs the physical network device) is able to start. [snipped] > Now the question is, if ulogd really needs net. I think that's the bug (see > bug 439092). But because I am not really familiar with ulogd I am assigning > this bug to "Coacher" (app-admin/ulogd maintainer). Shorewall-init is in "boot" runlevel on my system, and ulogd in "default". Commenting out the "need net" line in ulogd's initscript has resulted in no issues as far as I can see, and also apparently fixed the issue, but my system isn't fully set up yet so I haven't been able to properly test firewall logging.
(In reply to Michael Rowell from comment #2) > Shorewall-init is in "boot" runlevel on my system, and ulogd in "default". Then I cannot reproduce your problem. I ask this (and verified) today in #openrc. When serviceA has 'rc_after="serviceB"' but serviceB isn't scheduled to run in the same runlevel like serviceA, serviceA won't trigger serviceB nor wait for serviceB. In other words: You shouldn't experience the problem you are reporting. 0) Undo your manual runscript modification. 1) Activate OpenRC logging, set 'rc_logger="YES"' in "/etc/rc.conf". 2) Please run "rc-update --update" to make sure OpenRC's dependency tree is up to date. Now please reboot, to test again. If you are able to reproduce the problem again: 1) Which OpenRC version do you use? 2) Please show us the output of "rc-update" 3) Please show us your "/var/log/rc.log" > Commenting out the "need net" line in ulogd's initscript has resulted in no > issues as far as I can see, and also apparently fixed the issue, but my > system isn't fully set up yet so I haven't been able to properly test > firewall logging. You don't need to modify the runscript. In "/etc/conf.d/ulogd" add 'rc_need="!net"' to remove the "net" dependency.
(In reply to Thomas D. from comment #1) > Now the question is, if ulogd really needs net. I think that's the bug (see > bug 439092). But because I am not really familiar with ulogd I am assigning > this bug to "Coacher" (app-admin/ulogd maintainer). No, ulogd really does not need net. Thanks for pointing this out.
Created attachment 383298 [details] ulogd-2-ng.init @proxy-maint, here is a fixed initscript. Also added some initscript love besides depend() adjustment. Please push this to the tree. Here is a diff for convenience: diff --git a/var/portage/app-admin/ulogd/files/ulogd-2-ng.init b/app-admin/ulogd/files/ulogd-2-ng.init index a818ce2..ea590ca 100644 --- a/var/portage/app-admin/ulogd/files/ulogd-2-ng.init +++ b/app-admin/ulogd/files/ulogd-2-ng.init @@ -1,22 +1,23 @@ #!/sbin/runscript -# Copyright 1999-2013 Gentoo Foundation +# Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd-2-ng.init,v 1.1 2013/12/17 21:38:07 hwoarang Exp $ +# $Header: $ ULOGD_PIDFILE="/run/ulogd.pid" -ULOGD_EXEC="/usr/sbin/ulogd" +ULOGD_BINARY="/usr/sbin/ulogd" ULOGD_OPTS="--daemon --uid ulogd --pidfile ${ULOGD_PIDFILE}" extra_started_commands="reload reopen_logs" depend() { - need net + before iptables ip6tables ebtables firewall + after mysql postgresql } start() { ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --quiet \ - --exec ${ULOGD_EXEC} \ + start-stop-daemon --start \ + --exec ${ULOGD_BINARY} --pidfile ${ULOGD_PIDFILE} \ -- ${ULOGD_OPTS} eend $? }
Created attachment 383300 [details] ulogd-2.init ulogd-2.init with fixes as in the previous one. @proxy-maint, please push this one as well. Diff: diff --git a/var/portage/app-admin/ulogd/files/ulogd-2.init b/app-admin/ulogd/files/ulogd-2.init index 68718f3..958c92e 100644 --- a/var/portage/app-admin/ulogd/files/ulogd-2.init +++ b/app-admin/ulogd/files/ulogd-2.init @@ -1,25 +1,26 @@ #!/sbin/runscript # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd-2.init,v 1.3 2014/04/27 09:57:27 hwoarang Exp $ +# $Header: $ ULOGD_PIDFILE="/run/ulogd.pid" -ULOGD_EXEC="/usr/sbin/ulogd" +ULOGD_BINARY="/usr/sbin/ulogd" ULOGD_OPTS="-u ulogd" extra_started_commands="reload reopen_logs" depend() { - need net + before iptables ip6tables ebtables firewall + after mysql postgresql } start() { ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --quiet \ + start-stop-daemon --start \ --make-pidfile \ --pidfile ${ULOGD_PIDFILE} \ --background \ - --exec ${ULOGD_EXEC} \ + --exec ${ULOGD_BINARY} \ -- ${ULOGD_OPTS} eend $? }
Created attachment 383336 [details] ulogd-2.init A bit more love for ulogd-2.init. This is final version. Diff: diff --git a/var/portage/app-admin/ulogd/files/ulogd-2.init b/app-admin/ulogd/files/ulogd-2.init index 68718f3..dee3543 100644 --- a/var/portage/app-admin/ulogd/files/ulogd-2.init +++ b/app-admin/ulogd/files/ulogd-2.init @@ -1,25 +1,26 @@ #!/sbin/runscript # Copyright 1999-2014 Gentoo Foundation # Distributed under the terms of the GNU General Public License v2 -# $Header: /var/cvsroot/gentoo-x86/app-admin/ulogd/files/ulogd-2.init,v 1.3 2014/04/27 09:57:27 hwoarang Exp $ +# $Header: $ ULOGD_PIDFILE="/run/ulogd.pid" -ULOGD_EXEC="/usr/sbin/ulogd" -ULOGD_OPTS="-u ulogd" +ULOGD_BINARY="/usr/sbin/ulogd" +ULOGD_OPTS="--uid ulogd" extra_started_commands="reload reopen_logs" depend() { - need net + before iptables ip6tables ebtables firewall + after mysql postgresql } start() { ebegin "Starting ${SVCNAME}" - start-stop-daemon --start --quiet \ + start-stop-daemon --start \ --make-pidfile \ --pidfile ${ULOGD_PIDFILE} \ --background \ - --exec ${ULOGD_EXEC} \ + --exec ${ULOGD_BINARY} \ -- ${ULOGD_OPTS} eend $? }
+ 22 Aug 2014; Yixun Lan <dlan@gentoo.org> files/ulogd-2-ng.init, + files/ulogd-2.init: + bug 520294, fix init script issue. proxy for itumaykin at gmail.com hello @itumaykin, mind you provide your full name? I could add it to metadata.xml
Looks like I am too late, but for any runscript update in future I recommend that you will look at "man openrc-run": You don't need - ULOGD_PIDFILE - ULOGD_BINARY Just define "command", "pidfile" variable, remove your custom start/stop function end enjoy OpenRC's default start/stop function *including* a working status function. See http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/rsyslog/files/7-stable/rsyslog.initd-r1?view=markup to get an idea. @ Michael Rowell: My question from https://bugs.gentoo.org/show_bug.cgi?id=520294#c3 is still open. If you are able to reproduce the problem please open a new bug against OpenRC.
(In reply to Thomas D. from comment #9) > Looks like I am too late, but for any runscript update in future I recommend > that you will look at "man openrc-run": Where is it? $ man openrc-run No manual entry for openrc-run $ equery l -p openrc * Searching for openrc ... [IP-] [ ] sys-apps/openrc-0.12.4:0 [-P-] [ ~] sys-apps/openrc-0.13:0 [-P-] [ -] sys-apps/openrc-9999:0 > You don't need > > - ULOGD_PIDFILE > - ULOGD_BINARY > > Just define "command", "pidfile" variable, remove your custom start/stop > function end enjoy OpenRC's default start/stop function *including* a > working status function. > > See > http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/app-admin/rsyslog/ > files/7-stable/rsyslog.initd-r1?view=markup to get an idea. These are nice features I was not aware of, thanks. No mention of them in initscript section of handbook or start-stop-daemon man. Where can I get more info? Also 'pidfile' variable is not so useful, as it cannot be adjusted through conf.d. rsyslog init actually has to create RSYSLOG_PIDFILE for this purpose. 'command' variable is useful though. My initscript was inspired by net-misc/openssh one, which I used for reference at the time.
OpenRC 0.13 is current :) Before openrc-0.13 it is "man runscript".
(In reply to Yixun Lan from comment #8) > + 22 Aug 2014; Yixun Lan <dlan@gentoo.org> files/ulogd-2-ng.init, > + files/ulogd-2.init: > + bug 520294, fix init script issue. proxy for itumaykin at gmail.com Thank you. > hello @itumaykin, mind you provide your full name? I could add it to > metadata.xml I'd prefer to keep it just itumaykin@gmail.com. My bugzilla nickname (Coacher) is a suitable replacement for full name, I think. I have one more thing to ask from @proxy-maint. Please remove ulogd-2.0.2 from tree, i.e. remove ulogd-2.0.2.ebuild, files/ulogd-2.init, files/ulogd-2.0.2-automagic.patch. ulogd-2.0.2 has problems with automagic and pidfile handling and I've wanted for it to be removed for a long time. Now, ulogd-2.0.3 has gone stable, so ulogd-2.0.2 can safely be removed.
(In reply to Thomas D. from comment #11) > OpenRC 0.13 is current :) Not on amd64;) > Before openrc-0.13 it is "man runscript". Thanks!
(In reply to Thomas D. from comment #9) > @ Michael Rowell: > My question from https://bugs.gentoo.org/show_bug.cgi?id=520294#c3 is still > open. If you are able to reproduce the problem please open a new bug against > OpenRC. Unfortunately my primary development machine is dead. I have a new one with a Gentoo virtual machine, but I have not found the time to mess with it. I will get back to you when I can.
+ 26 Aug 2014; Sergey Popov <pinkbyte@gentoo.org> -ulogd-2.0.2.ebuild, + -files/ulogd-2.0.2-automagic.patch, -files/ulogd-2.init: + Drop old version as requested by proxied maintainer
(In reply to Sergey Popov from comment #15) > + 26 Aug 2014; Sergey Popov <pinkbyte@gentoo.org> -ulogd-2.0.2.ebuild, > + -files/ulogd-2.0.2-automagic.patch, -files/ulogd-2.init: > + Drop old version as requested by proxied maintainer Thanks.