1 |
On Tue, Aug 23, 2011 at 4:18 PM, Michael Mol <mikemol@×××××.com> wrote: |
2 |
> On Tue, Aug 23, 2011 at 3:47 PM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
3 |
>> On Tue, Aug 23, 2011 at 3:08 PM, Michael Mol <mikemol@×××××.com> wrote: |
4 |
>>> Because I generally update my desktop system while running X, and on |
5 |
>>> at least two occasions, an update killed my X session by restarting |
6 |
>>> DBUS on me |
7 |
>> |
8 |
>> The update don't restart D-Bus: from the dbus-1.4.14 ebuild: |
9 |
>> |
10 |
>> elog "To start the D-Bus system-wide messagebus by default" |
11 |
>> elog "you should add it to the default runlevel :" |
12 |
>> elog "\`rc-update add dbus default\`" |
13 |
>> elog |
14 |
>> elog "Some applications require a session bus in addition to the system" |
15 |
>> elog "bus. Please see \`man dbus-launch\` for more information." |
16 |
>> elog |
17 |
>> ewarn "You must restart D-Bus \`/etc/init.d/dbus restart\` to run" |
18 |
>> ewarn "the new version of the daemon." |
19 |
>> ewarn "Don't do this while X is running because it will restart your X as well." |
20 |
>> |
21 |
>> Emphasising: "Don't do this while X is running because it will restart |
22 |
>> your X as well." So I will assume something went terribly wrong when |
23 |
>> updating, and again, if that's the case then it's a bug and should be |
24 |
>> reported. |
25 |
> |
26 |
> I see. Apologies for the snark, but this feels like it leads to a |
27 |
> "Setup requires that you restart your computer to continue" situation. |
28 |
> |
29 |
> (This becomes less and less of an exaggeration as more and more system |
30 |
> components choose to route their traffic through D-Bus) |
31 |
|
32 |
And I think it's OK. To upgrade the kernel, we need a computer |
33 |
restart. To upgrade the system bus, we need a system bus (service) |
34 |
restart. To upgrade the session bus, we need a session restart |
35 |
(logout/login). Nobody is saying that a bus restart needs a complete |
36 |
computer restart (although I'm pretty sure some distros would do that |
37 |
by default). |
38 |
|
39 |
>>> On the other hand, sshd handles restarts without killing active sessions. |
40 |
>> |
41 |
>> Because the daemon state for sshd is tiny compared with the one from |
42 |
>> D-Bus. Apples and oranges. |
43 |
> |
44 |
> That doesn't really enter into it. To me, that means you would want to |
45 |
> use something like shared memory (is there any multi-tasking operating |
46 |
> system with protected memory which can't mmap?) and rigorous checks |
47 |
> and controls for managing that state. Even sqlite can manage that. |
48 |
> (Not that I'm suggesting you would use sqlite for tracking D-Bus |
49 |
> state, just that you'd look at what they do with locks and integrity |
50 |
> checks for guaranteeing integrity on shared memory with multiple |
51 |
> consuming processes.) |
52 |
|
53 |
You are right, I stand corrected. And actually, D-Bus is very much |
54 |
capable of restart without kicking out sessions (read Havoc |
55 |
explanation in http://article.gmane.org/gmane.comp.freedesktop.dbus/7730). |
56 |
The problem is that many apps don't handle this correctly, and the |
57 |
D-Bus developers choose the "safe" option. If all the apps supported |
58 |
gracefully the restart, there would be no problems. |
59 |
|
60 |
> And, yes, upgrades on live data can be a royal PITA. Designing a |
61 |
> system which can handle it requires careful attention and testing. The |
62 |
> more anal you want to be about it, the more you start talking about |
63 |
> writing provable and verifiable code and other stringent debugging, |
64 |
> development and testing practices. |
65 |
|
66 |
It's a matter of cost-benefit. Given the open source community, I |
67 |
think the PITA is not worth it in several cases, D-Bus being one of |
68 |
them. |
69 |
|
70 |
> Yet it's done. Last Friday, I sat at a table with someone who |
71 |
> witnessed an IBM tech replace a CPU in a mainframe. Flip a switch, |
72 |
> pull out the old part, insert the new part, flip the switch back on, |
73 |
> everything's fine. Saturday, I listened to a guy present on how he |
74 |
> dynamically reroutes live calls through a VOIP network based on |
75 |
> hardware faults. |
76 |
|
77 |
I have seen those kind of systems. And again, it's a matter of |
78 |
cost-benefit: See the difference in budgets for that kind of systems |
79 |
and our open source software stack. |
80 |
|
81 |
> D-Bus wants to be a core system service, and *that's* what should be |
82 |
> setting its design goals, not how difficult it would be for the system |
83 |
> to be worthy of the core. |
84 |
> |
85 |
> Again, I really don't believe D-Bus is badly-written. I just think its |
86 |
> community isn't fully aware of the trends of its position in the |
87 |
> system, and what responsibilities it carries. |
88 |
|
89 |
I think we are fully aware. The thing is, given the community |
90 |
resources, D-Bus is good enough, which, as everybody knows, is the |
91 |
enemy of (the impossible) perfect. |
92 |
|
93 |
Just my 0.02 ${CURRENCY}. |
94 |
-- |
95 |
Canek Peláez Valdés |
96 |
Posgrado en Ciencia e Ingeniería de la Computación |
97 |
Universidad Nacional Autónoma de México |