From owner-svn-src-all@freebsd.org Thu Apr 30 20:58:59 2020 Return-Path: Delivered-To: svn-src-all@mailman.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.nyi.freebsd.org (Postfix) with ESMTP id 95B372C8AD4; Thu, 30 Apr 2020 20:58:59 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) server-signature RSA-PSS (4096 bits) client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 49Cnmg3G9Fz43bj; Thu, 30 Apr 2020 20:58:59 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 6B0CC24F57; Thu, 30 Apr 2020 20:58:59 +0000 (UTC) (envelope-from kevans@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id 03UKwxcM081107; Thu, 30 Apr 2020 20:58:59 GMT (envelope-from kevans@FreeBSD.org) Received: (from kevans@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id 03UKwx3s081106; Thu, 30 Apr 2020 20:58:59 GMT (envelope-from kevans@FreeBSD.org) Message-Id: <202004302058.03UKwx3s081106@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: kevans set sender to kevans@FreeBSD.org using -f From: Kyle Evans Date: Thu, 30 Apr 2020 20:58:59 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r360505 - head/stand/lua X-SVN-Group: head X-SVN-Commit-Author: kevans X-SVN-Commit-Paths: head/stand/lua X-SVN-Commit-Revision: 360505 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 30 Apr 2020 20:58:59 -0000 Author: kevans Date: Thu Apr 30 20:58:58 2020 New Revision: 360505 URL: https://svnweb.freebsd.org/changeset/base/360505 Log: lualoader: config: add a table for restricted environment vars This new table should be used for transient values that don't need to end up in the loader environment. Generally, these will be things that are internal details that really aren't needed or interesting outside of the config module (e.g. if we changed how ${module}_* directives work, they might use this instead). To start, populate it with loader_conf_files. Any specific value of loader_conf_files isn't all that interesting; if we're going to export it, we should really instead export a loader_conf_files that indicates all of the configuration files we processed. This will be used to reduce bookkeeping overhead in a future commit that cleans up readConfFiles. Modified: head/stand/lua/config.lua Modified: head/stand/lua/config.lua ============================================================================== --- head/stand/lua/config.lua Thu Apr 30 20:58:38 2020 (r360504) +++ head/stand/lua/config.lua Thu Apr 30 20:58:58 2020 (r360505) @@ -61,6 +61,17 @@ local QVALREPL = QVALEXPR:gsub('%%', '%%%%') local WORDEXPR = "([%w]+)" local WORDREPL = WORDEXPR:gsub('%%', '%%%%') +-- Entries that should never make it into the environment; each one should have +-- a documented reason for its existence, and these should all be implementation +-- details of the config module. +local loader_env_restricted_table = { + -- loader_conf_files should be considered write-only, and consumers + -- should not rely on any particular value; it's a loader implementation + -- detail. Moreover, it's not a particularly useful variable to have in + -- the kenv. Save the overhead, let it get fetched other ways. + loader_conf_files = true, +} + local function restoreEnv() -- Examine changed environment variables for k, v in pairs(env_changed) do @@ -88,14 +99,31 @@ local function restoreEnv() env_restore = {} end +-- XXX This getEnv/setEnv should likely be exported at some point. We can save +-- the call back into loader.getenv for any variable that's been set or +-- overridden by any loader.conf using this implementation with little overhead +-- since we're already tracking the values. +local function getEnv(key) + if loader_env_restricted_table[key] ~= nil or + env_changed[key] ~= nil then + return env_changed[key] + end + + return loader.getenv(key) +end + local function setEnv(key, value) + env_changed[key] = value + + if loader_env_restricted_table[key] ~= nil then + return 0 + end + -- Track the original value for this if we haven't already if env_restore[key] == nil then env_restore[key] = {value = loader.getenv(key)} end - env_changed[key] = value - return loader.setenv(key, value) end @@ -465,7 +493,7 @@ function config.readConfFiles(files, loaded_files) -- The caller may not have passed in loader_conf_files; we could -- have instead gotten some other string of files. We don't -- want to trigger any redundant re-read/loads based on this. - local prefiles = loader.getenv("loader_conf_files") + local prefiles = getEnv("loader_conf_files") for name in files:gmatch("([%w%p]+)%s*") do if loaded_files[name] ~= nil then goto continue @@ -480,7 +508,7 @@ function config.readConfFiles(files, loaded_files) end loaded_files[name] = true - local newfiles = loader.getenv("loader_conf_files") + local newfiles = getEnv("loader_conf_files") if prefiles ~= newfiles then -- Recurse; process the new files immediately. -- If we come back and it turns out we've @@ -607,7 +635,7 @@ function config.load(file, reloading) end local loaded_files = {file = true} - config.readConfFiles(loader.getenv("loader_conf_files"), loaded_files) + config.readConfFiles(getEnv("loader_conf_files"), loaded_files) checkNextboot()