Running mandos in a container without dbus: small code change request

Mike Klein mike at kleinnet.com
Sun Sep 22 22:01:06 CEST 2024 

Thank you Teddy for the quick response. Building from source sounds straightforward but in my very small instance I wasn’t sure whether I could create the build environment, so I opted for the container approach. In hindsight it is probably more space-efficient to simply build Mandos (the container image is about 150 MB), and easier as well. But I learned a few things along the way and maybe someone else can benefit. I will try the build.

No, the Mandos server is not running without python3-dbus downloaded, but dbus is not running in the instance. The Python module is imported but not used.

Many thanks for maintaining and improving Mandos.

		-Mike

BTW I was able to reduce the Dockerfile to its bare minimum below, and with the updated mandos server code the “sed” command is no longer necessary:

FROM debian:stable-slim

EXPOSE <port number>

RUN apt update \
    && apt install -y --no-install-recommends --no-install-suggests mandos \
    && sed -i.orig "s/^    bus = dbus.SystemBus()/    if use_dbus or zeroconf:\n        bus = dbus.SystemBus()/" /usr/sbin/mandos

COPY ./config/mandos.conf /etc/mandos/mandos.conf
COPY ./config/clients.conf /etc/mandos/clients.conf

CMD ["/usr/sbin/mandos", "--foreground"]


> On Sep 22, 2024, at 10:56 AM, Teddy Hogeborn <teddy at recompile.se> wrote:
> 
> Mike Klein <mike at kleinnet.com <mailto:mike at kleinnet.com>> writes:
> 
>> BTW the Dockerfile that builds the image that runs is below, in case
>> anyone else wants to try. It has dbus in it because the mandos package
>> lists python3-dbus as a dependency. In the Dockerfile I’m commenting
>> out the offending line.
> 
> Do you mean that the Mandos server is running without python3-dbus
> installed?  I don't see how that is possible; we "import dbus" and use
> the dbus module all over the place, even if we don't connect to the
> D-Bus unless use_dbus or zeroconf is set (using your patch).
> 
> /Teddy Hogeborn
> 
> -- 
> The Mandos Project
> https://www.recompile.se/mandos
> _______________________________________________
> Mandos-Dev mailing list
> Mandos-Dev at recompile.se <mailto:Mandos-Dev at recompile.se>
> https://mail.recompile.se/cgi-bin/mailman/listinfo/mandos-dev

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20240922/5645943e/attachment-0001.htm>

More information about the Mandos-Dev mailing list