| 1 |
On Tue, Aug 23, 2011 at 4:18 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 2 |
> On Tue, Aug 23, 2011 at 3:47 PM, Canek Peláez Valdés <caneko@×××××.com> wrote: |
| 3 |
>> On Tue, Aug 23, 2011 at 3:08 PM, Michael Mol <mikemol@×××××.com> wrote: |
| 4 |
>>> Because I generally update my desktop system while running X, and on |
| 5 |
>>> at least two occasions, an update killed my X session by restarting |
| 6 |
>>> DBUS on me |
| 7 |
>> |
| 8 |
>> The update don't restart D-Bus: from the dbus-1.4.14 ebuild: |
| 9 |
>> |
| 10 |
>> elog "To start the D-Bus system-wide messagebus by default" |
| 11 |
>> elog "you should add it to the default runlevel :" |
| 12 |
>> elog "\`rc-update add dbus default\`" |
| 13 |
>> elog |
| 14 |
>> elog "Some applications require a session bus in addition to the system" |
| 15 |
>> elog "bus. Please see \`man dbus-launch\` for more information." |
| 16 |
>> elog |
| 17 |
>> ewarn "You must restart D-Bus \`/etc/init.d/dbus restart\` to run" |
| 18 |
>> ewarn "the new version of the daemon." |
| 19 |
>> ewarn "Don't do this while X is running because it will restart your X as well." |
| 20 |
>> |
| 21 |
>> Emphasising: "Don't do this while X is running because it will restart |
| 22 |
>> your X as well." So I will assume something went terribly wrong when |
| 23 |
>> updating, and again, if that's the case then it's a bug and should be |
| 24 |
>> reported. |
| 25 |
> |
| 26 |
> I see. Apologies for the snark, but this feels like it leads to a |
| 27 |
> "Setup requires that you restart your computer to continue" situation. |
| 28 |
> |
| 29 |
> (This becomes less and less of an exaggeration as more and more system |
| 30 |
> components choose to route their traffic through D-Bus) |
| 31 |
|
| 32 |
And I think it's OK. To upgrade the kernel, we need a computer |
| 33 |
restart. To upgrade the system bus, we need a system bus (service) |
| 34 |
restart. To upgrade the session bus, we need a session restart |
| 35 |
(logout/login). Nobody is saying that a bus restart needs a complete |
| 36 |
computer restart (although I'm pretty sure some distros would do that |
| 37 |
by default). |
| 38 |
|
| 39 |
>>> On the other hand, sshd handles restarts without killing active sessions. |
| 40 |
>> |
| 41 |
>> Because the daemon state for sshd is tiny compared with the one from |
| 42 |
>> D-Bus. Apples and oranges. |
| 43 |
> |
| 44 |
> That doesn't really enter into it. To me, that means you would want to |
| 45 |
> use something like shared memory (is there any multi-tasking operating |
| 46 |
> system with protected memory which can't mmap?) and rigorous checks |
| 47 |
> and controls for managing that state. Even sqlite can manage that. |
| 48 |
> (Not that I'm suggesting you would use sqlite for tracking D-Bus |
| 49 |
> state, just that you'd look at what they do with locks and integrity |
| 50 |
> checks for guaranteeing integrity on shared memory with multiple |
| 51 |
> consuming processes.) |
| 52 |
|
| 53 |
You are right, I stand corrected. And actually, D-Bus is very much |
| 54 |
capable of restart without kicking out sessions (read Havoc |
| 55 |
explanation in http://article.gmane.org/gmane.comp.freedesktop.dbus/7730). |
| 56 |
The problem is that many apps don't handle this correctly, and the |
| 57 |
D-Bus developers choose the "safe" option. If all the apps supported |
| 58 |
gracefully the restart, there would be no problems. |
| 59 |
|
| 60 |
> And, yes, upgrades on live data can be a royal PITA. Designing a |
| 61 |
> system which can handle it requires careful attention and testing. The |
| 62 |
> more anal you want to be about it, the more you start talking about |
| 63 |
> writing provable and verifiable code and other stringent debugging, |
| 64 |
> development and testing practices. |
| 65 |
|
| 66 |
It's a matter of cost-benefit. Given the open source community, I |
| 67 |
think the PITA is not worth it in several cases, D-Bus being one of |
| 68 |
them. |
| 69 |
|
| 70 |
> Yet it's done. Last Friday, I sat at a table with someone who |
| 71 |
> witnessed an IBM tech replace a CPU in a mainframe. Flip a switch, |
| 72 |
> pull out the old part, insert the new part, flip the switch back on, |
| 73 |
> everything's fine. Saturday, I listened to a guy present on how he |
| 74 |
> dynamically reroutes live calls through a VOIP network based on |
| 75 |
> hardware faults. |
| 76 |
|
| 77 |
I have seen those kind of systems. And again, it's a matter of |
| 78 |
cost-benefit: See the difference in budgets for that kind of systems |
| 79 |
and our open source software stack. |
| 80 |
|
| 81 |
> D-Bus wants to be a core system service, and *that's* what should be |
| 82 |
> setting its design goals, not how difficult it would be for the system |
| 83 |
> to be worthy of the core. |
| 84 |
> |
| 85 |
> Again, I really don't believe D-Bus is badly-written. I just think its |
| 86 |
> community isn't fully aware of the trends of its position in the |
| 87 |
> system, and what responsibilities it carries. |
| 88 |
|
| 89 |
I think we are fully aware. The thing is, given the community |
| 90 |
resources, D-Bus is good enough, which, as everybody knows, is the |
| 91 |
enemy of (the impossible) perfect. |
| 92 |
|
| 93 |
Just my 0.02 ${CURRENCY}. |
| 94 |
-- |
| 95 |
Canek Peláez Valdés |
| 96 |
Posgrado en Ciencia e Ingeniería de la Computación |
| 97 |
Universidad Nacional Autónoma de México |
Archives