From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from mp12.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by ms9.migadu.com with LMTPS id IDyWJohGYmQcGAAASxT56A (envelope-from ) for ; Mon, 15 May 2023 16:49:44 +0200 Received: from aspmx1.migadu.com ([2001:41d0:8:6d80::]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)) by mp12.migadu.com with LMTPS id OGpkJohGYmTiKgAAauVa8A (envelope-from ) for ; Mon, 15 May 2023 16:49:44 +0200 Received: from lists.gnu.org (lists.gnu.org [209.51.188.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by aspmx1.migadu.com (Postfix) with ESMTPS id 631B82D8F2 for ; Mon, 15 May 2023 16:49:44 +0200 (CEST) Received: from localhost ([::1] helo=lists1p.gnu.org) by lists.gnu.org with esmtp (Exim 4.90_1) (envelope-from ) id 1pyZTq-0006AV-CE; Mon, 15 May 2023 10:47:18 -0400 Received: from eggs.gnu.org ([2001:470:142:3::10]) by lists.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_256_GCM_SHA384:256) (Exim 4.90_1) (envelope-from ) id 1pyZTm-00064w-I9 for guix-devel@gnu.org; Mon, 15 May 2023 10:47:15 -0400 Received: from mail-wm1-x32c.google.com ([2a00:1450:4864:20::32c]) by eggs.gnu.org with esmtps (TLS1.2:ECDHE_RSA_AES_128_GCM_SHA256:128) (Exim 4.90_1) (envelope-from ) id 1pyZTj-0000OB-Ip for guix-devel@gnu.org; Mon, 15 May 2023 10:47:14 -0400 Received: by mail-wm1-x32c.google.com with SMTP id 5b1f17b1804b1-3f427118644so84518915e9.0 for ; Mon, 15 May 2023 07:47:10 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20221208; t=1684162029; x=1686754029; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender:from:to :cc:subject:date:message-id:reply-to; bh=cEy1F8I/B06amSRltr3zZ46AW2PB3Hl1MaOvobZ8pjY=; b=qIU5dHNsZ1jZFE1DjTHnkKjVVZV/0j9tLbgtsly4NsELwjvSwjogKiPI/FqxLOVd/k 4Kx03bEIhtiFxVmoNb8EKB/Q9H/eub1+HR/H6Gc9iPkLyVhAql7KaDbRcwq8pFtHD3fP x5NE+wi+jUvDg2Ym0tllkedpVqKZ1+PjLaMBQuupSR3ftnN85sWHrAGUClEhOK9A95Ll 1dohx3rwZYZw+SH1RFtIog2jTfJKywZmK8bO2L61lO0+CrWfy/y+6ItmZCkqOAw9fNTV 1aY3IF92ksvWGoXGgfbCNCGs/byiNWy6XJYms27Rm2NTIawdDTbqo5E8brtalRlcOltp yWDQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20221208; t=1684162029; x=1686754029; h=in-reply-to:content-disposition:mime-version:references :mail-followup-to:message-id:subject:cc:to:from:date:sender :x-gm-message-state:from:to:cc:subject:date:message-id:reply-to; bh=cEy1F8I/B06amSRltr3zZ46AW2PB3Hl1MaOvobZ8pjY=; b=jXWnoKofkYmWlSCKjwIMJQOaDmGTXFox1eBJz9cXNALZ2gGx87k1oFZFUQZzJ3wXP9 8/zQZTygeRiZo/xqyehblaiAvC12yoGX9StwfbglPtPG+niH+9UVG3UnlerD48/m9wKs G9X0xR1gRAYDPNWZi+5qDFcwlI58XNnhIqduZ+LwbDQe3MBxTATlL6FHDIJ/0MTgkmE5 nXmlSNptbwEEbTeJK/AFI57Q21z2sdtFuXZ0+ojhD3ONVnlndAwEckt1muQ2OEEssL/D C+TB5udk4qzKaBnTlMJOW+NrUs5PHhdYLfz+962/bGjjI4E/90GlTDNYrnspw/u/2tJi 2jBg== X-Gm-Message-State: AC+VfDzJm/ESRSrfutENJtEzjRNA41c8aXA8nyu2OT0y6fe9QKp33Nr4 u2AnK4itE0P3W4KqR9FjN/pvR2u698pJPg== X-Google-Smtp-Source: ACHHUZ4xBmPny3KWSMfJ9DQwAPge0Om/peLcb+CGgEJC7MWOvnpRzyBYHeF80Pnd0EW+upqno2d9pA== X-Received: by 2002:a5d:644f:0:b0:307:14a8:50ac with SMTP id d15-20020a5d644f000000b0030714a850acmr25770427wrw.62.1684162028935; Mon, 15 May 2023 07:47:08 -0700 (PDT) Received: from localhost ([2a02:ed3:910:2a00:b62e:99ff:fef0:7bc0]) by smtp.gmail.com with ESMTPSA id i14-20020a5d558e000000b003079f2c2de7sm21224448wrv.112.2023.05.15.07.47.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 15 May 2023 07:47:08 -0700 (PDT) Date: Mon, 15 May 2023 17:47:06 +0300 From: Efraim Flashner To: Felix Lechner Cc: Guix Devel Subject: Re: Defaulting to MAC-based names for network interfaces Message-ID: Mail-Followup-To: Felix Lechner , Guix Devel References: MIME-Version: 1.0 Content-Type: multipart/signed; micalg=pgp-sha256; protocol="application/pgp-signature"; boundary="JxMItR7uqU6Oetob" Content-Disposition: inline In-Reply-To: X-PGP-Key-ID: 0x41AAE7DCCA3D8351 X-PGP-Key: https://flashner.co.il/~efraim/efraim_flashner.asc X-PGP-Fingerprint: A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Received-SPF: pass client-ip=2a00:1450:4864:20::32c; envelope-from=efraim.flashner@gmail.com; helo=mail-wm1-x32c.google.com X-Spam_score_int: -14 X-Spam_score: -1.5 X-Spam_bar: - X-Spam_report: (-1.5 / 5.0 requ) BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.249, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.249, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_SCC_BODY_TEXT_LINE=-0.01 autolearn=no autolearn_force=no X-Spam_action: no action X-BeenThere: guix-devel@gnu.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "Development of GNU Guix and the GNU System distribution." List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: guix-devel-bounces+larch=yhetil.org@gnu.org Sender: guix-devel-bounces+larch=yhetil.org@gnu.org X-Migadu-Flow: FLOW_IN X-Migadu-Country: US ARC-Seal: i=1; s=key1; d=yhetil.org; t=1684162184; a=rsa-sha256; cv=none; b=Spgcf669WJy0cDhIO6L5xbKb710qhzcycnW025/AX3oleJnIW4RJ9DOvjXYTslelZz07uK TtcFn3w5hZApx7MO+oj7hJNnI5E0SUlVJ9mdFoxECyIMZ+FJ1afReKzTkyHlKLGQaTFplH nqHHX1jhfX9Nsd6fD9h8tAR8IK4m/VZnk27jXVlFEBk5fUAkYhPOQiMiV+sZmJNm0D31Lc Mljm+AR1/kX3zBTeOlWzC3FuzeZDa8EbuNmKdmzOR4gKjXs9ACK0Z0Dg2mRw2Bcp2GB1hZ vfVYBRPh0yp7mkaUT2PUpZ6KGO6DauBMKYNpk4Rj1rhNnqGF1/yddSbmwNdc+g== ARC-Authentication-Results: i=1; aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=qIU5dHNs; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=yhetil.org; s=key1; t=1684162184; h=from:from:sender:sender:reply-to:subject:subject:date:date: message-id:message-id:to:to:cc:cc:mime-version:mime-version: content-type:content-type:in-reply-to:in-reply-to: references:references:list-id:list-help:list-unsubscribe: list-subscribe:list-post:dkim-signature; bh=cEy1F8I/B06amSRltr3zZ46AW2PB3Hl1MaOvobZ8pjY=; b=i7AEYdjCtsvwg2aiVHPKplLaf9NQQivjLTSdl1ckhmU9eILYZEJPVYCAt4Tb4XrX7IOE6/ c7rF2URYMoykn6pPqYmwT83kmgyM5IP2a4llRXWy9yFzWwwbSbUl1i2D9c6r9MOqEZKirl TQiR4OP5T7IAz3DggnUvoJmQPgMcz06ZP6D+3kszuMSD7DWDoyvo2lsDaLT3KIecCau68R EPrKIieSbeSAzKNWRG6WHqOk95H37ctoy84rTOUMObNo8BQuu0gwU6VrDL8C/TcdHAnyOz Yz/4ssFgzozfwKo1y/BGw075j7zntebdd1viB/7/omAJMTkTyZOdIoSAQDVCog== X-Migadu-Scanner: scn1.migadu.com Authentication-Results: aspmx1.migadu.com; dkim=fail ("headers rsa verify failed") header.d=gmail.com header.s=20221208 header.b=qIU5dHNs; dmarc=none; spf=pass (aspmx1.migadu.com: domain of "guix-devel-bounces+larch=yhetil.org@gnu.org" designates 209.51.188.17 as permitted sender) smtp.mailfrom="guix-devel-bounces+larch=yhetil.org@gnu.org" X-Migadu-Spam-Score: 0.91 X-Spam-Score: 0.91 X-Migadu-Queue-Id: 631B82D8F2 X-TUID: c0OLoF+ypeJA --JxMItR7uqU6Oetob Content-Type: text/plain; charset=utf-8 Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On Sun, May 14, 2023 at 02:52:26PM -0700, Felix Lechner via Development of = GNU Guix and the GNU System distribution. wrote: > Hi everyone, >=20 > Upon personal reflection, a declarative operating system like Guix probab= ly > ought to use only predictable interface names. >=20 > More details about this proposal, including the text below, are > available in Bug#63508. >=20 > While shorter names like 'eno1' offer an indisputable convenience and bea= uty > when typing on the command line, administrators in Guix are unlikely to d= o so > due to the declarative configuration system. >=20 > Some system services may explicitly refer to interface names in their > configuration. They would also benefit from the predictable and constant > nature of MAC-based names. >=20 > The latter is particularly relevant on multi-homed machines, i.e. those w= ith > more than one network connection. >=20 > A MAC-based interface name as issued by 'eudev' looks like this: >=20 > enx0123456789af (fictitious) >=20 > The commit in Bug#63508 was deployed on two production machines. The > migration to MAC-based interface names took place without issues. A > second reconfiguration was used to add the new interface name in > services tha needed it. The second step can be skipped, since the name > is known with certainty in advance. >=20 > The current naming scheme is less desirable because some services may sil= ently > refuse to start after equipment was added or removed. A removal may take > place, for example, when something broke or when equipment was sold. >=20 > The device enumeration may also change when a CMOS battery fails and syst= em > options are lost. In the author's option, Guix should not depend on BIOS > enumeration for device names. >=20 > In the author's case, the name of the sole network interface changed from > enp3s0 to enp4s0 when a PCIe disk controller (a SAS host-based adapter) w= as > installed. As a result, OpenSMTPd silently failed to start. >=20 > This commit switches 'eudev' from the standard naming order >=20 > ID_NET_NAME_ONBOARD > ID_NET_NAME_SLOT > ID_NET_NAME_PATH >=20 > to ID_NET_NAME_MAC, which is always available. [1] >=20 > The author initially attempted to achieve the same result via >=20 > (udev-rules-service 'net-name-mac > (udev-rule > "01-net-name-mac.rules" > "SUBSYSTEM=3D=3D\"net\", ACTION=3D=3D\"add\", NAME=3D\"$env{ID_NET_NA= ME_MAC}\" > "))) > but that did not work. While the situation was not examined exhaustively,= it > was not clear that udevadm can currently work because the standard comman= d to > test udev setups: [2] >=20 > $ udevadm --debug test /sys/class/net/* >=20 > did not find the script installed via the 'udev-service-type'. I was curious about this, since I've been using a udev rule for quite a while to setup zram swap. I definitely have my zram swap enabled and working, but 'udevadm --debug test /dev/zram0' didn't find any rule for zram. > A review of the 'eudev' sources indicated that the path to find rules [3]= is > hard-coded to the store location during installation. An attempt to set t= he > path to /etc/udev/rules.d yielded a build error because that target folder > outside the store was understandably not writable. >=20 > The manual page for udevadm did not offer a way to select the runtime loc= ation > of the udev/rules.d folder via environment variables or a command-line op= tion. >=20 > Anyone for whom such a setup is working properly should please contact the > author. Thank you! /etc/udev points to /etc/static/udev, which itself is a symlink to a combined udev item in the store, made up of all the udev rules installed in the current system. > This commit may result in some loss of privacy, although it is presently = not > clear how meaningful that is. With this commit, anyone using privacy-enha= nced > IPv6 addresses risks having their MAC exposed when they publish their > configuration files in Git or post a well-meant sample in a chat rooms, > because that configuration may mention the MAC address. >=20 > Moreover, the compatibility with schemes to generate fake one-time MAC > addresses upon boot should be evaluated. One concern is that the explicit > reference to a network interface in a configuration file would likely for= ce > the use of a single and constant MAC address for that interface. >=20 > This commit was tested in production and is currently being used. >=20 > The change here resulted in the recompilation of several seemingly unrela= ted > packages such as Emacs and GTK. Perhaps those dependency relationships sh= ould > be examined. >=20 > [1] https://wiki.debian.org/NetworkInterfaceNames#How_to_migrate_to_this_= scheme_on_upgraded_systems > [2] https://wiki.archlinux.org/title/Udev#Testing_rules_before_loading > [3] https://github.com/eudev-project/eudev/blob/39979ddf46e75d1b75bf381e1= c73914c226c4302/configure.ac#L180 > [4] https://en.wikipedia.org/wiki/IPv6_address#Temporary_addresses >=20 --=20 Efraim Flashner =D7=A8=D7=A0=D7=A9=D7=9C=D7=A4 = =D7=9D=D7=99=D7=A8=D7=A4=D7=90 GPG key =3D A28B F40C 3E55 1372 662D 14F7 41AA E7DC CA3D 8351 Confidentiality cannot be guaranteed on emails sent or received unencrypted --JxMItR7uqU6Oetob Content-Type: application/pgp-signature; name="signature.asc" -----BEGIN PGP SIGNATURE----- iQIzBAABCAAdFiEEoov0DD5VE3JmLRT3Qarn3Mo9g1EFAmRiRecACgkQQarn3Mo9 g1EfuA//UddPh/r3Ps+aBchSbFMuPur1Nj2MN5/fL9isc8r+6l984Ak+iPYwCubZ ttugwojxp11YW38KKds395CuZtZD7xLTXE/8X0bWoDd1rJpVZKUojUBVPuHGl2g0 Faa6otD3SSVmFVSTblakC5PCQsNgbBbvqJAlczzZ1h/czArBG8xfQE4SufMuaFz2 atN7uNW2oKIDPlmieJvWLwQ0jzv9fx6RZV30K+62StTrRDjn6II0E+Qa6zFaphLB GBJxx0Gjtazs92ou3uLFe0Nd6guC6H3t3GkgiOv0h58I6DaCUg78LaaJdhOi9N1J 8XYI4thuyqkD54Jk2Y+7fr+ZjsrY1a572xa4Dfb0ZwJ6Ie1F9BT5EP7zQ7geDtN9 nZaDT2ch7bFv1mbhl9S6hDGyWYkFNMEiXI224UEr524MinlB940cT51smBki1i7/ GTjB56QvOsqyc0fF8pjAWRq75Y75CAP/zF+D4LiUim7L7eYftgUO5gOi6r8CMs6h L0xpfcBngrv5tIr8kkeb19YkP5esT50MfrNtE9/TdLbEzI/H7EXeISxE84mrfeyF FY1YLIPWZTYbCquvxIvgnQijiZpYzttcP06y8nJ0kdtmq0tLqcpTrTlHfMowwWIV Q19uwYtBnkvoIsf7pnGXmso73bAn5BFP1J8xGgupqHQ8sA6wly0= =R+xW -----END PGP SIGNATURE----- --JxMItR7uqU6Oetob--