Date: Sun, 23 Feb 2014 17:09:45 -0500 From: Allan Jude <freebsd@allanjude.com> To: Warner Losh <bsdimp@gmail.com>, David Chisnall <theraven@FreeBSD.org> Cc: FreeBSD Current <freebsd-current@freebsd.org> Subject: Re: libinit idea Message-ID: <530A71A9.5040705@allanjude.com> In-Reply-To: <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com> References: <BLU179-W28221A0539478FDDF45ADDC6840@phx.gbl> <62A9DF47-C938-464B-92B6-9A2A96B5A9C9@FreeBSD.org> <530A39BB.6070003@allanjude.com> <0DB376E3-8C7F-4F20-9DEE-4DB98C078571@FreeBSD.org> <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wRItEN90eih39L3KUEkMt2d5vlhbDUVKw Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-02-23 17:04, Warner Losh wrote: >=20 > On Feb 23, 2014, at 11:17 AM, David Chisnall <theraven@FreeBSD.org> wro= te: >=20 >> On 23 Feb 2014, at 18:11, Allan Jude <freebsd@allanjude.com> wrote: >> >>> sysrc solves this nicely, it is in base now, and is great for >>> programmatically adding, removing and changing lines in rc.conf style= >>> files. It is also in ports for older versions of FreeBSD where it is = not >>> in base. >> >> The problem is, there is no such thing as an rc.conf style file. rc.c= onf is just a shell script. If you only edit it with sysrc, or you are c= areful to preserve the structure, then it's fine. There is absolutely no= thing stopping you, however, from writing arbitrarily complex shell scrip= ts inside rc.conf. Sure, it's a terrible idea to do so, but when has tha= t ever stopped anyone? >> >> An rc-replacement could enforce this by only accepting purely declarat= ive files for configuration, guaranteeing that if they were syntactically= valid they would also be machine editable, no matter what the user does = to them. >=20 > We already have a rc.conf.default. Why not a rc.conf.automation that do= es that and is added to the list of things to source? Then things like sy= src could operation on that secure in the knowledge that no shell command= s could be there, and all bets are off if someone edits it by hand? >=20 > Warner >=20 This is basically what we do, we have puppet add: rc_conf_files=3D"/etc/rc.conf /etc/rc.conf.local /etc/rc.conf.scaleengine= " to rc.conf, and then we push our global config to the .scaleengine file --=20 Allan Jude --wRItEN90eih39L3KUEkMt2d5vlhbDUVKw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTCnGsAAoJEJrBFpNRJZKfijMP/2otas8rmwBAuz9b63kw0ySm qr1qDVKNM9ji71TXuwHBd4NGfJfPR6Q55EjhJAEsnBGVmh7iZZZlnCX4I/tsDMJN FtSUCVsmmFINqSndpWxaxUXdjs3nNoQndHlL8L0cydO8JgX/BDhz43YAMAKGMlZu +OuaptiJPEzBjXKUwHpxpNGgp3RdtEEpavuwWwogu6+uqi6m+Th4hgaLCRb5/y/j +4xgHrXWS636Wg+Bn4DBKOFZJg+E7ObgvwrFfFeJg1xXReG3l+Jp9ZLTLYTLPKld 5SJcu9Xl9XGhcH83ltlZeMGquz+KtI4av5N1sOA0sLqM894myxatabMpZg/bbOkP V11wfHGA8pQI6E64zVBvtg/YHABge5X9ljeKi6b0c1WoyaYIW5CwXj1JukE8YXpM AWipF7daguVSlKFwr9+0982ckZJQdq6r8Jm9RtGUqOimWysNCuiBbYl9uAc00HgS TlAGyO7swsKy9lprxERg0TxwdBYB2mfHGOGsG3GXDn2HZUiOznvtiLtyGzpQYCR2 g3sZa//o2KWJoHTqPf6k41TuqY88wi5QTrRtOespZ2QVT/KrlZY+2FHbRW5u0hm/ qXArN5szVQ5g+5hegK5hD5WaI4f8iPGcm3Ll5ciX46fTaoGHFbRQa1MNhHSJcRzz Prr4/XmuYXpm7F1wCxEo =ZqrW -----END PGP SIGNATURE----- --wRItEN90eih39L3KUEkMt2d5vlhbDUVKw--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?530A71A9.5040705>