On Mon, 26 Aug 2002, Greywolf wrote:

> On Mon, 26 Aug 2002, Luke Mewburn wrote:
>
> # There was a proposal about this a few months ago on tech-userlevel
> # that gave further details of the benefits of this.
>
> "a few" == "somewhere between nine and twelve".
> "proposal" == "This is going to happen, so get ready and deal."
>
> If I recall correctly, there was quite a bit of debate on this, and I
> didn't see any clear rationale nor consensus.  Admittedly the rationale
> seems a bit more clear...

dlopen().

> Was ANY thought ever given to making it possible to preserve the current
> static-root/dynamic-user semantics?  i.e. STATIC={no,yes,root-only}?

Luke covered that in the original post. Though one thing that might be
nice is for bin/Makefile.inc and sbin/Makefile.inc to have something like:

LDSTATIC_BIN?=no
LDSTATIC?=$LDSTATIC_BIN

That way setting LDSTATIC_BIN=-static turns it on ONLY for /bin and /sbin,
but setting LDSTATIC=-static covers everything.

> By introducing shared libraries as a static root, to my perception,
> this introduces one more point of failure.

Yes, that's why we now have /rescue, and why you can tell the kernel to
look for /rescue/init. We talked about auto-failover (if /sbin/init fails
try /rescue/init or some such) but the problem is how to tell when
"loading" is finished; we panic if init exists, so when do we know to
panic or look at /rescue/init...

> In single-user mode, I'd say that only init really stands to benefit from
> this, really.  I don't see a single reason to rebuild the entire rest of
> the tree dynamically-linked.

Two problems (I see) with that. 1) From running large systems back at NAS,
I can envision cases where you need things from nsswitch in single-user
mode. Like you're ls'ing files and want to know who user 12943 is, and
you have to go to the net, with an auth plugin that needs nsswtich, to
find out. Yes, that means you have to ifconfg stuff, but I'm assuming a
savy admin focused on solving a problem. :-)

2) All the programs in /bin and /sbin are not used ONLY in single-user
mode. So keeping them static means that we say can't add new ways of
finding users (can't dload a module) at all. Also, a lot of the locale
stuff (which admittedly you and I being roman-alphabet-users won't need as
much) needs dynamic loading.

> # Do you build your own systems with
> # 	LDSTATIC=-static
> # in /etc/mk.conf (or equivalent)?
> #
> # If not, there should be no effective difference to you whether the
> # statically linked binaries used to manage & repair the system in
> # "single user" mode are in /rescue versus /bin and /sbin.  (Since in a
> # non failure condition, dynamic /sbin binaries will work in single user
> # mode).
> #
> # If you do have LDSTATIC=-static, there will still be no difference to you
> # except you'll end up with some libraries in /lib and a populated /rescue.
>
> That should be conditioned out, don't you think?
>
> The concept isn't completely horrid, but the mechanism appears to be
> brute-force, all-or-nothing.  This seems much less elegant than NetBSD
> has been thus reknowned.

Agreed. What do you think of the suggestion above?

Take care,

Bill