View previous topic :: View next topic |
Author |
Message |
maverick6664 Guru
Joined: 13 May 2005 Posts: 413 Location: Tokyo / Japan
|
Posted: Tue Aug 10, 2010 11:50 pm Post subject: Is webmin extinct? |
|
|
Hi,
Today I found all the webmin versions were masked. So I am at a loss what to use in the future....any recommendations?
Code: | $ equery list -p webmin
[ Searching for package 'webmin' in all categories among: ]
* installed packages
* Portage tree (/usr/portage)
[-P-] [M~] app-admin/webmin-1.500 (0)
[-P-] [M~] app-admin/webmin-1.510 (0) |
TIA! _________________ Tetsuji Rai
a.k.a. Lukiest in the world |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Wed Aug 11, 2010 12:12 am Post subject: |
|
|
Don't have access to Gentoo at the moment, but I suspect it's because Webmin has a very bizarre and non-free license. It's really short and easy to understand last I looked, but some distros I know of (most notably Debian, which means any derivative as well) refuse to have it in their package list in any normal way because of the license. It seems really chummy at first, then you start thinking about how you can reasonably include it anywhere and you get stuck. |
|
Back to top |
|
|
genterminl Guru
Joined: 12 Feb 2005 Posts: 523 Location: Connecticut, USA
|
Posted: Wed Aug 11, 2010 12:23 am Post subject: |
|
|
It's not the license. Look at /usr/portage/profiles/package.mask:
Quote: | ....
# Diego E. Pettenò <flameeyes@gentoo.org> (10 Aug 2010)
# on behalf of QA team
#
# Breaks about any QA policy regarding not touching
# live filesystem as it writes to LVM configuration,
# cron configuration, current-running kernel modules, RPM
# library, ...
#
# Removal on 2010-10-09
app-admin/webmin
.... |
|
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Wed Aug 11, 2010 1:10 am Post subject: |
|
|
LOL!
Dude, that's what it's FOR!
|
|
Back to top |
|
|
John R. Graham Administrator
Joined: 08 Mar 2005 Posts: 10590 Location: Somewhere over Atlanta, Georgia
|
Posted: Wed Aug 11, 2010 1:21 am Post subject: |
|
|
Hmm. Expect coreutils to follow as the dangerous utilities rm, cp, and mv have the same issues.
- John _________________ I can confirm that I have received between 0 and 499 National Security Letters. |
|
Back to top |
|
|
jeffk l33t
Joined: 13 Sep 2003 Posts: 671
|
Posted: Wed Aug 11, 2010 4:39 am Post subject: |
|
|
I unmerged webmin-1.510, per the new mask change. It was a huge help when I was learning linux, but now I only use it for the batch user dump-add.
For my own edification, can someone summarize what webmin is doing that it shouldn't be per QA? And are those things central to the function of webmin, such that it will never be coming back to portage?
Thanks. |
|
Back to top |
|
|
MoonWalker Guru
Joined: 04 Jul 2002 Posts: 510
|
Posted: Wed Aug 11, 2010 8:13 am Post subject: |
|
|
Now I haven't checked on this, if webmin suddenly started to do something new in terms of breaking gentoo QA rules but I doubt it. In such case it's sort of a bizzare move as webmin probably does what it always have done, fibbling with core system files.
I wonder if not this really boild down to lack of maintainer, that no gentoo folks really want to deal with webmin, with perl, as bumps allways have been late or very late even when it just been a matter of renaming the ebuild, basically. But webmin is a too widespread and popular tool by sysadmins or was, so you cannot just remove it, not without a reason or a replacement. Now a reason have been found.
The alternative? Well you can either maintain your own ebuild in your private overlay (e.g. PORTDIR_OVERLAY=/usr/local/portage in make.conf) or possibly an ebuild will come to live in one of the many overlays available through layman. You can also use webmins own intsall routine and maintain it outside of portage as webmin basically is able to update it self. This is what I did before there was an ebuild and probably will go back to if the ebuild will be removed from the tree altogether. _________________ /Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
Back to top |
|
|
Genone Retired Dev
Joined: 14 Mar 2003 Posts: 9555 Location: beyond the rim
|
Posted: Wed Aug 11, 2010 8:34 am Post subject: |
|
|
The problem listed in package.mask is not that webmin itself (when installed) does these things, but the setup script (just take a look at the ebuild). |
|
Back to top |
|
|
maverick6664 Guru
Joined: 13 May 2005 Posts: 413 Location: Tokyo / Japan
|
Posted: Wed Aug 11, 2010 11:27 am Post subject: |
|
|
Let's narrow the question; then what is the best administration package for samba? My main problem is controlling samba w/o webmin. (note usermin is masked).
Thanks _________________ Tetsuji Rai
a.k.a. Lukiest in the world |
|
Back to top |
|
|
M Guru
Joined: 12 Dec 2006 Posts: 432
|
Posted: Wed Aug 11, 2010 12:51 pm Post subject: |
|
|
Did you tried SWAT? It comes with samba if you set use flag. I think you can create/delete users from swat. If you are using ldap with samba then any web frontend for ldap can do the job. |
|
Back to top |
|
|
bobtongue n00b
Joined: 11 Aug 2010 Posts: 16
|
Posted: Wed Aug 11, 2010 1:10 pm Post subject: |
|
|
Genone wrote: | The problem listed in package.mask is not that webmin itself (when installed) does these things, but the setup script (just take a look at the ebuild). |
For those of us that do not write ebuilds, but happily use them, do you think you could describe exactly what the ebuild does that has earned it a HARD MASK? I have been using webmin for some time, and although I do not NEED to use it, it is quick and dirty when you are in a hurry. Is this bad ebuild behavior new? Now that Webmin is installed, I am assuming that the ebuild behavior is irrelevant to me, is this true? Is this more of an excuse to drop it from the package database because it is not maintained in a timely manner? More info is appreciated. |
|
Back to top |
|
|
MoonWalker Guru
Joined: 04 Jul 2002 Posts: 510
|
Posted: Wed Aug 11, 2010 1:13 pm Post subject: |
|
|
Genone wrote: | The problem listed in package.mask is not that webmin itself (when installed) does these things, but the setup script (just take a look at the ebuild). |
Do you mean the setup script webmin provide or this is plainly an ebuild issue? In such case I think it's true to say it's an maintainer issue or there simply isn't any any "correct" way ala gentoo to install webmin?
I'm basically a windows developer so I have some rudimentary capability to read and understand ebuilds as a part of maintaining my own gentoo server, but that's about what I have time for. So have never done any deeper studies into the secrets of ebuilds and hence can't provide much of help. Still I would hate to see webmin go as it's one of the first relationships I established when I found linux back in 1996! _________________ /Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year.
Last edited by MoonWalker on Wed Aug 11, 2010 1:16 pm; edited 1 time in total |
|
Back to top |
|
|
maverick6664 Guru
Joined: 13 May 2005 Posts: 413 Location: Tokyo / Japan
|
Posted: Wed Aug 11, 2010 1:16 pm Post subject: |
|
|
M wrote: | Did you tried SWAT? It comes with samba if you set use flag. I think you can create/delete users from swat. If you are using ldap with samba then any web frontend for ldap can do the job. |
Thank you for the info. I didn't know swat. However now I've compiled with swat USE flag and am trying to start it with xinetd, (swat file is in /etc/xinet.d and it's defined in /etc/services), it doesn't start with "/etc/init.d/xinetd restart". What's wrong with my procedure? Even if it is started as root, it doesn't appear in "netstat -lpn". _________________ Tetsuji Rai
a.k.a. Lukiest in the world |
|
Back to top |
|
|
MoonWalker Guru
Joined: 04 Jul 2002 Posts: 510
|
Posted: Wed Aug 11, 2010 1:20 pm Post subject: |
|
|
maverick6664 wrote: | M wrote: | Did you tried SWAT? It comes with samba if you set use flag. I think you can create/delete users from swat. If you are using ldap with samba then any web frontend for ldap can do the job. |
Thank you for the info. I didn't know swat. However now I've compiled with swat USE flag and am trying to start it with xinetd, (swat file is in /etc/xinet.d and it's defined in /etc/services), it doesn't start with "/etc/init.d/xinetd restart". What's wrong with my procedure? |
I know you are the topic started so of course it's up to you, but I would still ask you to not turn this treed in to a "how to solve my swat problems" but instead start a new topic. I think that would be a nice and respectful genture towards webmin, if nothing else. _________________ /Joakim
Living on earth is expensive, but it includes a free trip around the sun
every year. |
|
Back to top |
|
|
maverick6664 Guru
Joined: 13 May 2005 Posts: 413 Location: Tokyo / Japan
|
Posted: Wed Aug 11, 2010 1:23 pm Post subject: |
|
|
I see. I won't start a new topic here. I'd like to stick to webmin. _________________ Tetsuji Rai
a.k.a. Lukiest in the world |
|
Back to top |
|
|
ali3nx l33t
Joined: 21 Sep 2003 Posts: 722 Location: Winnipeg, Canada
|
Posted: Wed Aug 11, 2010 5:09 pm Post subject: |
|
|
maverick6664 wrote: | I see. I won't start a new topic here. I'd like to stick to webmin. |
Sadly webmin is not supported. All good things come to an end eventually. webmin also has several known CVE security vulnerabilities i believe which open your system to a security compromise. _________________ Compiling Gentoo since version 1.4
Thousands of Gentoo Installs Completed
Emerged on every continent but Antarctica
Compile long and Prosper! |
|
Back to top |
|
|
jeffk l33t
Joined: 13 Sep 2003 Posts: 671
|
Posted: Wed Aug 11, 2010 5:15 pm Post subject: |
|
|
Just so I'm clear on the reason for removal (please correct me):
The webmin ebuild writes to filesystems outside of the portage sandbox, against QA policy.
If the ebuild were compliant, would that reopen webmin's portage inclusion chances? It's not the program itself that's causing the problem, right?
(update: wrong, per ali3nx's updated comment on CVE's, etc.
Thanks.
Last edited by jeffk on Wed Aug 11, 2010 5:30 pm; edited 1 time in total |
|
Back to top |
|
|
dmpogo Advocate
Joined: 02 Sep 2004 Posts: 3269 Location: Canada
|
Posted: Wed Aug 11, 2010 5:24 pm Post subject: |
|
|
maverick6664 wrote: | M wrote: | Did you tried SWAT? It comes with samba if you set use flag. I think you can create/delete users from swat. If you are using ldap with samba then any web frontend for ldap can do the job. |
Thank you for the info. I didn't know swat. However now I've compiled with swat USE flag and am trying to start it with xinetd, (swat file is in /etc/xinet.d and it's defined in /etc/services), it doesn't start with "/etc/init.d/xinetd restart". What's wrong with my procedure? Even if it is started as root, it doesn't appear in "netstat -lpn". |
You should go into swat file in /etc/xinetd.d and change "disable=yes" to "disable=no" (all xinetd services at installation are disabled by default) |
|
Back to top |
|
|
genterminl Guru
Joined: 12 Feb 2005 Posts: 523 Location: Connecticut, USA
|
Posted: Wed Aug 11, 2010 5:52 pm Post subject: |
|
|
ali3nx: just for clarification - webmin is unsupported within Gentoo (i.e., nobody maintaining the ebuild), but upstream is still supported.
Also, I only searched fairly briefly, but I did not find any current CVEs for webmin. The most recent one I found was for versions before 1.500.
I also ask in general, is there any good replacement with similar functionality?
Jack |
|
Back to top |
|
|
1clue Advocate
Joined: 05 Feb 2006 Posts: 2569
|
Posted: Wed Aug 11, 2010 5:54 pm Post subject: |
|
|
IMO Webmin is a great idea in the abstract. It allows a relatively lightweight UI over a system which need not have any sort of X.
On the other hand, there seem to be two major issues as far as I can tell:
The first is some sort of unpleasant editing of files during the installation process.
The second is the license, at least if it hasn't changed in the last couple years. It seems that the person who develops it has particular ideas about conditions of use. That's fine, but unfortunate since it has prevented Webmin from being included more widely and possibly becoming an extremely common front-end for headless servers and appliances.
That said, it seems to me that some sort of replacement could be crafted to fit into a standard web server and follow more rules, and have a more friendly license. |
|
Back to top |
|
|
bobtongue n00b
Joined: 11 Aug 2010 Posts: 16
|
Posted: Wed Aug 11, 2010 7:20 pm Post subject: |
|
|
So the bottom line is that no one wants to maintain the ebuild, and so it will be dropped from the package database? Someone must have written the ebuild that seems to be offending the developers. Is this a pissing contest between them and the maintainers of the package database? It seems very sudden to remove a product from the tree that is still being supported by the author. I am confused about how this all works. I suppose that I can still use Webmin if I want to install it manually, but it seems so silly to remove it from the tree. I like to keep a stable up to date OS, and installing outside of portage is probably not the best way to do that. I am wondering if anyone has communicated with the author of the ebuild. |
|
Back to top |
|
|
krinn Watchman
Joined: 02 May 2003 Posts: 7470
|
Posted: Wed Aug 11, 2010 8:20 pm Post subject: |
|
|
it's not just authoring an ebuild, it's following the program.
if no devs wish to support kde -> no ebuild for kde
if i do a kde ebuild and follow the update and patch for its bug -> everyone happy
if i do a kde ebuild and just leave it as-is -> devs handle bugs for something they don't wish and like -> getting bore, showing the exit for that ebuild.
but i must agree with you that it's a bit rude as currently i didn't saw any open bugs for webmin (but maybe they already close all bugs for it as invlid/won't fix...)
anyone feeling to open one to get an answer ? (nah, not me, devs hates me enough like that) |
|
Back to top |
|
|
Genone Retired Dev
Joined: 14 Mar 2003 Posts: 9555 Location: beyond the rim
|
Posted: Wed Aug 11, 2010 8:41 pm Post subject: |
|
|
Just to clarify: the problems apparently are in the setup script provided by webmin, which is called by the ebuild. Normally the script would cause several sandbox violations, the ebuild contains some code to supress them, but that's not a permanent solution (that's the QA issue mentioned in the package.mask comment). If anyone wants more details, the ebuild contains references to the relevant bug reports. |
|
Back to top |
|
|
ikshaar Veteran
Joined: 23 Jul 2002 Posts: 1339 Location: Baltimore, MD
|
Posted: Fri Aug 27, 2010 5:34 pm Post subject: |
|
|
I can understand the hard mask (kinda), but it's annoying if it is removed from portage.
I have it setup on all my cluster nodes (~20 computers), that will be huge pain if I have to setup a local portage tree just for it on all of them...
I can unmask for now, but once it is removed from portage, i guess I won't be able to use emerge world for my updates... _________________ "May God stands between you and harm in all the empty places where you must walk" - Babylon 5 |
|
Back to top |
|
|
darkphader Veteran
Joined: 09 May 2002 Posts: 1219 Location: Motown
|
|
Back to top |
|
|
|