[Pkg-openldap-devel] Bug#254999: slapd: postinst conflicts with daemontools (should also conflict with runit)

[Russ Allbery]

Toni Mueller <support at oeko.net> writes:

> I'm almost entirely running things like slapd through runit these days,
> so a sane runit starting environment would imho be good (chrooted + hdb
> by default).

You mean specifically a run script?  Or something else?  I'm not sure what
you mean by a "sane runit starting environment."  (I personally am not a
fan of running services inside chroots; I think it's excessive hassle for
the amount of real security that it buys.  But of course if someone
contributed example scripts that didn't pose a maintenance burden, I
wouldn't be adverse to including them in the package.)

> If you have a suggestion for a good place, I'll be probably able to
> contribute such a thing, but this doesn't interact too well with
> logcheck (different formats etc.).

And here you've lost me completely, I'm afraid, since I don't understand
what logcheck has to do with using runit.  :)

> Otherwise, I'd assumed that just having a variable like

> START_SLAPD

> in /etc/default/slapd

> similar to what SSH or other packages have, would imho be sufficient.

ssh actually uses a sentinel file.  But several people have now said that
they expect an option in /etc/default/slapd, so my inclination right now
is to add both options; they don't take up much space or add much
complexity, and they have somewhat different "feels."  (Sentinel files are
more useful for temporarily disabling things quickly, similar to
/etc/nologin.)

-- 
Russ Allbery (rra at debian.org)               <http://www.eyrie.org/~eagle/>