~alpine/devel

8 8

Proposed change: drop busybox iproute2, always use real iproute2

Details
Message ID
<e6bc9817f0e78e797cd83f5e189791f2@dereferenced.org>
DKIM signature
missing
Download raw message
Hello,

I would like to propose that we drop busybox iproute2, in favor of
always using real iproute2.

The primary reasons are:

- Real iproute2 has significantly advanced by comparison to the
  busybox implementation.  While the busybox implementation is
  passable for basic tasks, it is lacking for more advanced
  tasks.
- Because of this, many tutorials concerning iproute2 provide
  advice that is not particularly useful to our default iproute2
  implementation.
- Because of that, many people recommend installing real iproute2
  anyway.

Providing real iproute2 and removing the busybox implementation
results in approximately 1.4MiB increase in the base image.

However, I think we get a *lot* for that 1.4MiB -- iproute2 can
potentially replace ifenslave and other utilities as well, but
we will need to adjust some of our ifupdown addon scripts to
handle this.  In general, I think it is a good move for us in
general, especially with the work being done to enable service
isolation in VRFs and network namespaces that is underway.  By
switching the default implementation, users will be able to make
use of these features out of the box.

I would like to implement this next week before freeze if nobody
objects.

Thanks,
Ariadne
Timo Teras <timo.teras@iki.fi>
Details
Message ID
<20200320102110.565ad389@vostro.wlan>
In-Reply-To
<e6bc9817f0e78e797cd83f5e189791f2@dereferenced.org> (view parent)
DKIM signature
missing
Download raw message
Hi,

On Fri, 20 Mar 2020 07:29:55 +0000
"Ariadne Conill" <ariadne@dereferenced.org> wrote:

> I would like to propose that we drop busybox iproute2, in favor of
> always using real iproute2.
> 
> The primary reasons are:
> 
> - Real iproute2 has significantly advanced by comparison to the
>   busybox implementation.  While the busybox implementation is
>   passable for basic tasks, it is lacking for more advanced
>   tasks.
> - Because of this, many tutorials concerning iproute2 provide
>   advice that is not particularly useful to our default iproute2
>   implementation.
> - Because of that, many people recommend installing real iproute2
>   anyway.
> 
> Providing real iproute2 and removing the busybox implementation
> results in approximately 1.4MiB increase in the base image.
> 
> However, I think we get a *lot* for that 1.4MiB -- iproute2 can
> potentially replace ifenslave and other utilities as well, but
> we will need to adjust some of our ifupdown addon scripts to
> handle this.  In general, I think it is a good move for us in
> general, especially with the work being done to enable service
> isolation in VRFs and network namespaces that is underway.  By
> switching the default implementation, users will be able to make
> use of these features out of the box.
> 
> I would like to implement this next week before freeze if nobody
> objects.

I understand this makes perfect sense for routers, firewalls and even
some network appliances.

However, for embedded setups like RPis, and similar, this can be an
unnecessary weight.

I personally would not do this. It also opens the same reasoning for
other busybox tools. Most of the utilities there are reduced in
functionality somehow. And there's specific target groups that the real
version is preferred and needed. That's why we make them available.

In other words, I'd rather not do this. But if majority thinks
otherwise, then sure.

I would hope that many comment/vote on this.

Thanks,
Timo
Rasmus Thomsen <oss@mail.cogitri.dev>
Details
Message ID
<83e208048a862b0b0ff8141463d556f387b55527.camel@mail.cogitri.dev>
In-Reply-To
<20200320102110.565ad389@vostro.wlan> (view parent)
DKIM signature
missing
Download raw message
Hello,

On Fri, 2020-03-20 at 10:21 +0200, Timo Teras wrote:
> Hi,
> 
> I understand this makes perfect sense for routers, firewalls and even
> some network appliances.
> 
> However, for embedded setups like RPis, and similar, this can be an
> unnecessary weight.

I think for many setups iproute2 isn't strictly necessary - if it
wasn't for openVPN needing it I wouldn't have it installed on any of my
devices.

> I personally would not do this. It also opens the same reasoning for
> other busybox tools. Most of the utilities there are reduced in
> functionality somehow. And there's specific target groups that the
> real
> version is preferred and needed. That's why we make them available.

+1 on that, many of the Busybox tools don't provide (nearly) as much
functionality as e.g. the GNU Coreutils versions (and we regularly trip
over that on CI), e.g. mktemp or ln. I feel like we should keep using
busybox and just make it as easy as possible for users to install
alternative packages if they so desire.

> In other words, I'd rather not do this. But if majority thinks
> otherwise, then sure.
> 
> I would hope that many comment/vote on this.
> 
> Thanks,
> Timo
> 
> 
> 

Regards,

Rasmus

(Also, offtopic, this is one of the first mails from my mail server
because protonmail doesn't like sending non-html mail right now. Sorry
if I land in your spam (a note about that would be appreciated :).
Details
Message ID
<20200320095843.0d7d5fad@ncopa-desktop.copa.dup.pw>
In-Reply-To
<e6bc9817f0e78e797cd83f5e189791f2@dereferenced.org> (view parent)
DKIM signature
missing
Download raw message
On Fri, 20 Mar 2020 07:29:55 +0000
"Ariadne Conill" <ariadne@dereferenced.org> wrote:

> Hello,
> 
> I would like to propose that we drop busybox iproute2, in favor of
> always using real iproute2.
> 
> The primary reasons are:
> 
> - Real iproute2 has significantly advanced by comparison to the
>   busybox implementation.  While the busybox implementation is
>   passable for basic tasks, it is lacking for more advanced
>   tasks.

I think most users does not need more than basic tasks like setting ip
address.

> - Because of this, many tutorials concerning iproute2 provide
>   advice that is not particularly useful to our default iproute2
>   implementation.
> - Because of that, many people recommend installing real iproute2
>   anyway.
> 
> Providing real iproute2 and removing the busybox implementation
> results in approximately 1.4MiB increase in the base image.
> 
> However, I think we get a *lot* for that 1.4MiB -- iproute2 can

The downside is that all the users that don't need those 1.4M will get
that cost.

> potentially replace ifenslave and other utilities as well, but
> we will need to adjust some of our ifupdown addon scripts to
> handle this.  In general, I think it is a good move for us in
> general, especially with the work being done to enable service
> isolation in VRFs and network namespaces that is underway.  By
> switching the default implementation, users will be able to make
> use of these features out of the box.
> 
> I would like to implement this next week before freeze if nobody
> objects.

I vote for keeping busybox iproute2 and document that apk add iproute2
is needed for advanced use.

Thanks though, for offering do the work.

> 
> Thanks,
> Ariadne
Jakub Jirutka <jakub@jirutka.cz>
Details
Message ID
<f3c3880d-7bc5-a954-3e55-18f9acf479ff@jirutka.cz>
In-Reply-To
<e6bc9817f0e78e797cd83f5e189791f2@dereferenced.org> (view parent)
DKIM signature
missing
Download raw message
Hi,

I strongly disagree with this proposal. I never had any problem with busybox’s iproute2, not even on systems that acts as a router. I believe that busybox’s iproute2 is sufficient for most of the users. Others can always install real iproute2. It’s the same as with coreutils.

Jakub

On 3/20/20 8:29 AM, Ariadne Conill wrote:
> Hello,
> 
> I would like to propose that we drop busybox iproute2, in favor of
> always using real iproute2.
> 
> The primary reasons are:
> 
> - Real iproute2 has significantly advanced by comparison to the
>   busybox implementation.  While the busybox implementation is
>   passable for basic tasks, it is lacking for more advanced
>   tasks.
> - Because of this, many tutorials concerning iproute2 provide
>   advice that is not particularly useful to our default iproute2
>   implementation.
> - Because of that, many people recommend installing real iproute2
>   anyway.
> 
> Providing real iproute2 and removing the busybox implementation
> results in approximately 1.4MiB increase in the base image.
> 
> However, I think we get a *lot* for that 1.4MiB -- iproute2 can
> potentially replace ifenslave and other utilities as well, but
> we will need to adjust some of our ifupdown addon scripts to
> handle this.  In general, I think it is a good move for us in
> general, especially with the work being done to enable service
> isolation in VRFs and network namespaces that is underway.  By
> switching the default implementation, users will be able to make
> use of these features out of the box.
> 
> I would like to implement this next week before freeze if nobody
> objects.
> 
> Thanks,
> Ariadne
> 
Francesco Colista <fcolista@alpinelinux.org>
Details
Message ID
<cd75fa5cf446454a1b3ce005cc27054d@alpinelinux.org>
In-Reply-To
<f3c3880d-7bc5-a954-3e55-18f9acf479ff@jirutka.cz> (view parent)
DKIM signature
missing
Download raw message
>> I would like to propose that we drop busybox iproute2, in favor of
>> always using real iproute2.

I disagree, sharing the same thought the other devs have expressed.
https://alpinelinux.org/ : Small, Simple, Secure.

Let's stick to this goal.

.: Francesco Colista
.: Alpine Linux Core Dev Team
Details
Message ID
<9afce4b2f8604239f2a4f28648b88eae@dereferenced.org>
In-Reply-To
<20200320095843.0d7d5fad@ncopa-desktop.copa.dup.pw> (view parent)
DKIM signature
missing
Download raw message
Hello,

On March 20, 2020 3:58 AM, "Natanael Copa" <ncopa@alpinelinux.org> wrote:

> On Fri, 20 Mar 2020 07:29:55 +0000
> "Ariadne Conill" <ariadne@dereferenced.org> wrote:
> 
>> Hello,
>> 
>> I would like to propose that we drop busybox iproute2, in favor of
>> always using real iproute2.
>> 
>> The primary reasons are:
>> 
>> - Real iproute2 has significantly advanced by comparison to the
>> busybox implementation. While the busybox implementation is
>> passable for basic tasks, it is lacking for more advanced
>> tasks.
> 
> I think most users does not need more than basic tasks like setting ip
> address.
> 
>> - Because of this, many tutorials concerning iproute2 provide
>> advice that is not particularly useful to our default iproute2
>> implementation.
>> - Because of that, many people recommend installing real iproute2
>> anyway.
>> 
>> Providing real iproute2 and removing the busybox implementation
>> results in approximately 1.4MiB increase in the base image.
>> 
>> However, I think we get a *lot* for that 1.4MiB -- iproute2 can
> 
> The downside is that all the users that don't need those 1.4M will get
> that cost.
> 
>> potentially replace ifenslave and other utilities as well, but
>> we will need to adjust some of our ifupdown addon scripts to
>> handle this. In general, I think it is a good move for us in
>> general, especially with the work being done to enable service
>> isolation in VRFs and network namespaces that is underway. By
>> switching the default implementation, users will be able to make
>> use of these features out of the box.
>> 
>> I would like to implement this next week before freeze if nobody
>> objects.
> 
> I vote for keeping busybox iproute2 and document that apk add iproute2
> is needed for advanced use.

As responses are overwhelmingly not in favor of the proposal, I would
say that it lacks consensus.  Therefore, I am not going to pursue it
in Alpine further at this time.

Thanks,
Ariadne
Nathan Angelacos <nangel@alpinelinux.org>
Details
Message ID
<12638474be4928d083a0e73436f16ec66d560a9d.camel@alpinelinux.org>
In-Reply-To
<9afce4b2f8604239f2a4f28648b88eae@dereferenced.org> (view parent)
DKIM signature
missing
Download raw message
On Fri, 2020-03-20 at 17:02 +0000, Ariadne Conill wrote:
> 
> As responses are overwhelmingly not in favor of the proposal, I would
> say that it lacks consensus.  Therefore, I am not going to pursue it
> in Alpine further at this time.
> 
> Thanks,
> Ariadne


I agree that iproute2 is overkill for simple cases, but I'm also one of
those that installs iproute2 as the first step in setting up a new box.

We already offer choices in setup-alpine for NTP and SSH servers, could
we offer the option for iproute?
David Demelier <markand@malikania.fr>
Details
Message ID
<20200323074738.GA22426@kiwi.home>
In-Reply-To
<e6bc9817f0e78e797cd83f5e189791f2@dereferenced.org> (view parent)
DKIM signature
missing
Download raw message
On Fri, Mar 20, 2020 at 07:29:55AM +0000, Ariadne Conill wrote:
> Hello,
> 
> I would like to propose that we drop busybox iproute2, in favor of
> always using real iproute2.
> 
> The primary reasons are:
> 
> - Real iproute2 has significantly advanced by comparison to the
>   busybox implementation.  While the busybox implementation is
>   passable for basic tasks, it is lacking for more advanced
>   tasks.
> - Because of this, many tutorials concerning iproute2 provide
>   advice that is not particularly useful to our default iproute2
>   implementation.
> - Because of that, many people recommend installing real iproute2
>   anyway.

Warning, iproute2 does not work well with openconnect. For example with
iproute2 I'm unable to access my enterprise vpn.

See:

https://gitlab.com/openconnect/vpnc-scripts/-/issues/4

-- 
David
Reply to thread Export thread (mbox)