On Sat, 27 Jun 2015 at 16:20:56 +0200, Christian Seiler wrote: > On 06/27/2015 02:19 PM, Guilhem Moulin wrote: >> Alright, that's it :-) The changelog is pretty heavy because I also >> lintian-cleaned and modernized (using dh_* tools) the packages, as well as >> fixed most bugs: >> [...] >> + Bring down interfaces and flush network configuration before existing >> the ramdisk, to avoid misconfigured network in the regular kernel. >> (Closes: #715048, #720987, #720988.) > > Having just read the debian-devel thread: isn't it dangerous to do > that unconditionally? > > Sure, if you have a normal system then you want to down your network > configuration for the aforementioned reasons, but if you additionally > also have root on NFS or iSCSI or something similar, then this would > break that. Also, dropbear didn't do that in the past, so this could > be seen as a regression for those kinds of systems.
Sorry the changelog didn't mention that, but the ifdown script is installed to ‘initramfs-tools/scripts/local-bottom’ hence, according to initramfs-tools(8), is not run on NFS mounts. > - activate the new feature by default (because that's probably the > majority use case, root on network is probably not commonly used > in this combination), but provide an option to switch it off I used a config variable for it (‘DROPBEAR_IFDOWN’, default to ‘all’), but I couldn't see any reason not to bring down the network on local mounts so I removed it in the end. If there is need for it I can always bring it back, though. -- Guilhem.
signature.asc
Description: Digital signature
