Most active commenters

    ←back to thread

    InitWare, a portable systemd fork running on BSDs and Linux

    (github.com)
    167 points sunshine-o | 11 comments | 03 Apr 25 12:11 UTC | HN request time: 0.018s | source | bottom
    Show context
    exceptione ◴[03 Apr 25 17:18 UTC] No.43572744[source]
    The list of dropped components is quite large. The cryptsetup, cryptenroll, unified kernel images, kernel signing and systemd-boot work nicely together.

    I think Systemd has a view that those things should reliably work together. I do not fancy a revival of the past where the user has to cobble a mesh of hopefully compatible libraries to achieve the same, taking weeks to study the Arch manual and resolving tons of gotcha's, all to be broken by next week's update.

    The integration of all this stuff is now actively under test and maintenance with systemd.

    And yes, the mentioned services also have an impact on the scope of service managing. Because if you have a unit that depends on a disk that needs to be unencrypted, this has to be resolved somehow in the right time.

    I personally have had no need for systemd-resolved, but I think for *desktop* the list of droppable components is not large.

    So maybe we should first have a conversation about the *desktop* vs *container-os* purpose?

    replies(5): >>43573274 #>>43573308 #>>43573459 #>>43575409 #>>43576185 #
    1. DrillShopper ◴[03 Apr 25 18:21 UTC] No.43573459[source]
    > The cryptsetup, cryptenroll, unified kernel images, kernel signing and systemd-boot work nicely together.

    This has not been my experience across Debian and Arch

    replies(3): >>43573589 #>>43574196 #>>43578459 #
    2. mattpallissard ◴[03 Apr 25 18:32 UTC] No.43573589[source]
    Arch user here. These things work much nicer than any of the previous alternatives. Sure, kernel signing is a bit of a mess, but that's more of a product of how key-signing at a low-level works than anything. Cryptsetup, cryptenroll, unified kernel images, and systemd-boot worked for me out of box.
    replies(1): >>43576134 #
    3. donnachangstein ◴[03 Apr 25 19:23 UTC] No.43574196[source]
    That's because Debian 'stable' has a half-assed implementation of systemd, frozen in time on some ancient version. So you are stuck waiting years between upgrades. Bookworm finally supports the crypto functions.

    Arch OTOH was where these functions first worked out of the box.

    replies(1): >>43574966 #
    4. bogantech ◴[03 Apr 25 20:28 UTC] No.43574966[source]
    > frozen in time on some ancient version.

    Yeah that's a feature of Debian stable

    replies(2): >>43575746 #>>43581058 #
    5. donnachangstein ◴[03 Apr 25 21:35 UTC] No.43575746{3}[source]
    It stops being a feature and becomes a bug bordering on retardation when they purposefully ship broken software.

    First example coming to mind, TLS is broken in the version of OpenSMTPD that ships with Debian Stable.

    Yes you read that correctly.

    The version of OpenSMTPD in Debian Stable does not have functioning TLS. It's also not well documented why this is, things just don't work and you are forced to discover why.

    It has to do with a broken dependency on their ancient version of OpenSSL. They refuse to patch it because muh stability - it requires a version jump. So you are forced to jump through hoops and install a newer version from backports if you expect TLS to work on your SMTP server.

    replies(2): >>43577140 #>>43581638 #
    6. DrillShopper ◴[03 Apr 25 22:15 UTC] No.43576134[source]
    They very much did not for me. I beat things into shape with sbctl but it was very much an uphill battle.

    idk why Arch seems allergic to packaging shim-signed (it's an AUR, why would I trust such a key component to essentialy a stranger?), but here we are I guess.

    replies(2): >>43578471 #>>43581671 #
    7. ◴[04 Apr 25 00:37 UTC] No.43577140{4}[source]
    8. Timber-6539 ◴[04 Apr 25 04:53 UTC] No.43578459[source]
    Am on Arch and I use them with unattended boot(TPM) and they work flawlessly.
    9. Timber-6539 ◴[04 Apr 25 04:55 UTC] No.43578471{3}[source]
    The AUR is just a repository of PKGBUILDs. You don't need to trust a stranger to use PKGBUILD.
    10. Vilian ◴[04 Apr 25 12:07 UTC] No.43581058{3}[source]
    A broken implementation?
    11. udev4096 ◴[04 Apr 25 12:59 UTC] No.43581671{3}[source]
    you can inspect the PKGBUILD file very easily. it's same as alpine's abuild and various other build file formats from distros. don't just blindly build it