Re: ISC's EoL dhcp suite, including dhcpd

To: kre%munnari.OZ.AU@localhost, tech-net%NetBSD.org@localhost
Subject: Re: ISC's EoL dhcp suite, including dhcpd
From: Martin Neitzel <neitzel%hackett.marshlabs.gaertner.de@localhost>
Date: Fri, 27 Jun 2025 18:51:08 +0200 (CEST)

>>   You really need DHCP client for this, NOT server.
> And what does that DCHP client communicate with?

bootpd(8) for the win!

Half in jest.   (I really run it instead of DHCPD, mostly
because It Just Works and I'm too lazy to learn new syntax.)


On a more serious note:

I also like our system to be self-contained/self-sufficient, i.e. having
servers for everything we need as clients.

For example, I am not really happy that we have only the OpenLDAP
client software but not the server component.

Those few extra slap* binaries wouldn't be much of an extra burden,
even if unused.  The main burden resides with libraries already coming
the clients, shared by the server components.

If you need the server, and install it with "pkgin install
openldap-server", you'll end up with all the client files
duplicated, as in:

/usr/bin/ldapsearch		Version 2.4.23 (nbsd-9) or 2.5.6 (nbsd-10)
/usr/pkg/bin/ldapsearch		Version 2.6.9

because of

	% pkgin show-deps openldap-server
	direct dependencies for openldap-server-2.6.9
		openldap-client>=2.3.27nb1
		libltdl>=2.4.2

and thusly the installation of openldap-client-2.6.9 pkg, even though
or existing clients from base would be "good enough", version-wise.

And there you  have it:  we waste much more space for the sake of
saving just a little space.   And let me tell you:  I'm too freaking
senile to not get confused by the duplistic hodge-pogde of two
client/lib versions.

How do I *exactly* know that I'm easily confused?

Because I wanted to make my first pkg-audit CVE exemption just a
few days ago, and it took me two days.  Why?   Because during the
first day, I learned during testing that

	$ pkg_admin audit

won't pick up my INGORE_URL=... entry made in the newly created
file /etc/pkg_install.conf.  Because what I run is really
/usr/pkg/sbin/pkg_admin, and that refers to /usr/pkg/etc/pkg_install.conf.

No big deal, mv /etc/pkg_install.conf /usr/pkg/etc/pkg_install.conf,
and the test succeeds:  the CVE is now ignored.

A night passes, and the nightly /etc/security job reports the vulnerabilty
once more.  Because it uses /usr/sbin/pkg_admin, stupid!

No big deal, mv /usr/pkg/etc/pkg_install.conf /etc/pkg_install.conf,
or throw a symlink, or choose any other poison.

							Martin

References:
- Re: ISC's EoL dhcp suite, including dhcpd
  - From: Vadim Goncharov
- Re: ISC's EoL dhcp suite, including dhcpd
  - From: John Nemeth
- Re: ISC's EoL dhcp suite, including dhcpd
  - From: Robert Elz
- Re: ISC's EoL dhcp suite, including dhcpd
  - From: Robert Elz

Prev by Date: Re: ISC's EoL dhcp suite, including dhcpd
Next by Date: Re: ISC's EoL dhcp suite, including dhcpd
Previous by Thread: Re: ISC's EoL dhcp suite, including dhcpd
Next by Thread: Re: ISC's EoL dhcp suite, including dhcpd
Indexes:

Home | Main Index | Thread Index | Old Index