|
|
Subscribe / Log in / New account

Böck: Multiple vulnerabilities in RPM – and a rant

Böck: Multiple vulnerabilities in RPM – and a rant

Posted Aug 30, 2016 4:41 UTC (Tue) by voltagex (guest, #86296)
In reply to: Böck: Multiple vulnerabilities in RPM – and a rant by SEJeff
Parent article: Böck: Multiple vulnerabilities in RPM – and a rant

What don't you like about preseed? I haven't had to use it all that much but other than it being difficult to test it doesn't seem too bad.

to post comments

Böck: Multiple vulnerabilities in RPM – and a rant

Posted Aug 30, 2016 13:56 UTC (Tue) by imMute (guest, #96323) [Link]

Not the guy you were responding to, but I attempted to use preseed a while ago. The biggest complains I had with it were the minimal documentation.

The biggest problem I had with the whole process was not actually with preseed itself, it was with repackaging the installation media. I was simply trying to take the netinstall image, slip in my own preseed file, and repackage it for use with a USB stick. I found a couple sets of instructions on how to do that and the repackage step either would use a command that doesn't work on Jessie, or would produce an image that wouldn't boot. I eventually got it mostly working using an Ubuntu 14.04 system to run the repackage command.

It was about a year ago when I attempted this, and we gave up since cloning the entire drive was a faster way anyway - things may be different these days.

Böck: Multiple vulnerabilities in RPM – and a rant

Posted Aug 30, 2016 15:41 UTC (Tue) by SEJeff (guest, #51588) [Link] (2 responses)

I guess it is more what do I like about kickstart, which is that it is 99% simply a shell script with a few special stanzas. To any sysadmin, it is super obvious.

On the other hand, preseed is more murky in comparison and the documentation (used to be) horrible:

# This is how to make the installer shutdown when finished, but not
# reboot into the installed system.
d-i debian-installer/exit/halt boolean true

The redhat equivalent (https://access.redhat.com/documentation/en-US/Red_Hat_Ent...) is halt, just like the shell command. This is a relatively obscure reference, but in general as a sysadmin to write a preseed from scratch, you have to understand a lot of how debian-installer works.

As a sysadmin to write a kickstart from scratch, you need a lightly templated shell script with a few special stanzas. It is just so much easier.

Böck: Multiple vulnerabilities in RPM – and a rant

Posted Aug 31, 2016 12:05 UTC (Wed) by pizza (subscriber, #46) [Link] (1 responses)

> As a sysadmin to write a kickstart from scratch, you need a lightly templated shell script with a few special stanzas. It is just so much easier.

You don't even need to write it from scratch -- Do a single installation with the rough (or exact) settings you want, and as part of the installation it'll generate a kickstart file that corresponds to your installation choices. Customize it to your heart's content with addtional packages and your postinstallation scripts, and go to town.

(Kickstart is a wonderful feature. I've been using it since the RHL7 days; every single system we had in production could be completely recreated automatically; stick in a floppy and come back in a couple of hours...)

Böck: Multiple vulnerabilities in RPM – and a rant

Posted Aug 31, 2016 13:53 UTC (Wed) by SEJeff (guest, #51588) [Link]

Oh you're entirely right. I was pointing out that it would be quite easy to write a working kickstart file from scratch. I doubt anyone but perhaps a debian-installer developer could do the same for preseed from scratch.

Böck: Multiple vulnerabilities in RPM – and a rant

Posted Aug 30, 2016 18:32 UTC (Tue) by edgewood (subscriber, #1123) [Link]

Also not the person you were responding to, but I've been learning preseed as a way to have a reproducible install of servers, both bare metal and VMs. From my perspective, the things I don't like about preseed are:
  • Weak documentation outside of "here's an example file with # comments before each couple lines". To figure out anything moderately complicated I used trial-and-error and searching Google to find blog posts and Stack Exchange posts. I'd love to have a list of all the things I can put in a preseed file, and especially documentation of conflicts (eg, setting up an encrypted /home and supplying an encrypted password for the user). In retrospect I can understand why you can't do both, but having doc for user-setup/encrypt-home that says "conflicts passwd/user-password-crypted") would have saved me a lot of time.
  • For partitioning, nothing between predefined recipes and having to master, with not a lot of great documentation, the baroque, proprietary, domain-specific language that is the 'expert recipe'. Did I mention it has to be all on one line?
  • Expert recipe, despite its name, is hard to use if I want a specific layout, and doesn't support some basic use cases (eg, to locate a specific plain partition on a specific block device)
  • If I'm going to have to write shell scripts to get custom behavior, I'd like more hooks where I can call those scripts, so that I can, eg, fix the partitioning before preseed installs all the files
  • No direct way in an expert recipe to leave some space on the disk/LVM volume group unpartitioned. Usual workaround is to create a large high-priority dummy partition/LV and delete it in a post-install action.
So basically doc and improvements to partitioning, I guess.

preseed (was Böck: Multiple vulnerabilities in RPM – and a rant)

Posted Aug 30, 2016 19:05 UTC (Tue) by dskoll (subscriber, #1630) [Link]

Oh, hey, I love Debian. But let me say this: I hate, hate, hate preseed with a bitter, burning passion. And working with d-i is also an exercise in pain... lots of twisty shell scripts, Perl scripts, C programs, and magical run-parts invocations without any damn clue how it all fits together.

Pressed: no documentation. Extremely fiddly. Incredibly long edit-test cycle (you basically have to make new boot media or PXE images, boot the thing, see what breaks, rinse, repeat.)

And the worst part (though I think this may have been fixed... not sure) was that some of the answers were locale-sensitive. So if you had a user who picked an unexpected locale, all the preseed answers would be borked.

Böck: Multiple vulnerabilities in RPM – and a rant

Posted Aug 30, 2016 21:30 UTC (Tue) by seyman (subscriber, #1172) [Link]

> What don't you like about preseed?

One of the things I've alway appreciated when using kickstart is that a kickstart file is always generated during an installation of Fedora/RHEL/Centos (found in /root/anaconda-ks.cfg). This allows you to perform an install, grab the kickstart file and be 99% done.


Copyright © 2025, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds