Date: Fri, 20 Nov 2015 15:14:34 -0500 From: "Michael B. Eichorn" <ike@michaeleichorn.com> To: Allan Jude <allanjude@freebsd.org>, freebsd-hackers@freebsd.org Subject: Re: libUCL / UCL as FreeBSD config question Message-ID: <1448050474.2765.77.camel@michaeleichorn.com> In-Reply-To: <564F771F.4060408@freebsd.org> References: <5B598F72-C5DD-48FD-866D-F90E117D646E@rdsor.ro> <564F6118.5030702@freebsd.org> <1448048197.2765.74.camel@michaeleichorn.com> <564F771F.4060408@freebsd.org>
index | next in thread | previous in thread | raw e-mail
[-- Attachment #1 --]
On Fri, 2015-11-20 at 14:40 -0500, Allan Jude wrote:
> On 2015-11-20 14:36, Michael B. Eichorn wrote:
> > On Fri, 2015-11-20 at 13:06 -0500, Allan Jude wrote:
> > >
> > > Although some limitation in libucl mean that, if you have a
> > > config
> > > that
> > > has comments in it, the comments are lost, as they are not
> > > represented
> > > in the in-memory version of the object that then gets serialized
> > > for
> > > output. If you treat the config files as a database, then this is
> > > fine,
> > > but if the user expects to still hand edit them with an editor,
> > > this
> > > is
> > > a fairly big POLA violation.
> > >
> >
> > Even if someday we stop editing by hand, comments are far to useful
> > IMHO to drop yet. Context is very important to what we do, and
> > sometimes keys are just to cryptic.
> >
> > I think I see two ways to avoid the POLA violation (but I am still
> > rather new at this so be gentle)
> >
> > 1) Add special keys for use in memory 'value' and 'comment' such
> > that
> > the file:
> >
> > FreeBSD: {
> > url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
> > mirror_type: "srv",
> > signature_type: "fingerprints",
> > # A comment about fingerprints
> > # More comments
> > fingerprints: "/usr/share/keys/pkg", # an inline comment
> > enabled: yes
> > }
> >
> > becomes in memory:
> >
> > FreeBSD: {
> > url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
> >
> > mirror_type: "srv",
> > signature_type: "fingerprints",
> > fingerprints: {
> >
> > value: "/usr/share/keys/pkg"
> > comment: {
> > above: "A comment
> > about fingerprints\nMore comments"
> > inline: "an inline comment"
> >
> > }
> > }
> > enabled: yes
> > }
> >
> > uclcmd should just return value like:
> >
> > # uclcmd get -f /etc/pkg/FreeBSD.conf FreeBSD.fingerprints
> >
> > returns
> > /usr/share/keys/pkg
> >
> > unless the comment (C?) flag is used:
> > # uclcmd get -f -C /etc/pkg/FreeBSD.conf FreeBSD.fingerprints
> >
> > returns
> > # A comment about fingerprints
> > # More comments
> > /usr/share/keys/pkg # an inline comment
> >
> > Finally if uclcmd set is used, if the session is interactive, ask
> > the user what to do about the existing comment. If not append a
> > note of the change to the comment so that the file becomes:
> >
> > FreeBSD: {
> > url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
> > mirror_type: "srv",
> > signature_type: "fingerprints",
> > # A comment about fingerprints
> > # More comments
> > ## Comments may be outdated, non-interactive edit 20151120T1400
> > ## /usr/share/keys/pkg -> /root/keys/pkg
> > fingerprints: "/root/keys/pkg", # an inline comment
> > enabled: yes
> > }
> >
> > 2) Assume everything can be commented, everything gets an extra
> > pointer for a potential comment string. Output all comments as the
> > 'above' style (bonus: comments become predictible in style). Same
> > uclcmd behavior as described above.
> >
> > The above are just ideas (and I know next to nothing about the guts
> > of libucl), but I think comments are important, if this or
> > something else works I am willing to help with the implementation.
> >
> > Regards,
> > Ike
> >
>
> This was discussed at the developer summit at BSDCan, sadly the video
> is
> not online yet.
>
> The issue is that UCL allows comments anywhere, for example:
>
> #above
> FreeBSD: {
> /* before */ url: "pkg+http://pkg.FreeBSD.org/${ABI}/latest",
> mirror_type: /* middle */ "srv",
> signature_type: "fingerprints", /* after */
> # under
> fingerprints: "/root/keys/pkg", # inline-after
> enabled: yes
> }
>
> Etc. So the solution that was discussed was changing libucl to use an
> Abstract Syntax Tree, but that is a lot of work. So for now, I am not
> sure what the best approach is.
>
>
>
Ok, I am satified that comments are a topic of discussion and that
improvement may be forthcoming.
I will wait on the video before making more chatter.
Ike
[-- Attachment #2 --]
0 *H
010
`He�0 *H
��000]0
*H
�01
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H1 0
U
ike@michaeleichorn.com1%0# *H
ike@michaeleichorn.com0"0
*H
��0
�UՀ,k9D %Z|Y6J<rrK
g;&|uNlUE9)V.[ט̊:qS](#v
SYDz*
CpugYݔ,v<`j(w
aS#ڒ6n(K5'KVLåErv<
J=[}W
bLA%gޭnVb| I?M7D
:$׃bM_T[,ƃ\�00 U
0�0
U
0
U
%0++0
U
jj: γ+39啖0 U
#0Sr풜\|~5NԸQ0!U
0ike@michaeleichorn.com0LU
C0?0;
+70*0.+"http://www.startssl.com/policy.pdf0+00' StartCom Certification Authority0This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U
/0-0+)'%http://crl.startssl.com/crtu1-crl.crl0+009+0-http://ocsp.startssl.com/sub/class1/client/ca0B+06http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U
0http://www.startssl.com/0
*H
��x+ȐF}pw.X
vF?rg
P]EOp)L˻yA
;hi0u2]m [Sbp$_
gr
Xm*YP3 #H>mKAǠt)HO|=@} 3ӝ'iO81>
03 v'h5U
"H;ECZtpҗ4rWHu^6+i*kJL8shAV|5;?HMc\
j[j|+000]0
*H
�01
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0
150613202446Z
160614003550Z0H1 0
U
ike@michaeleichorn.com1%0# *H
ike@michaeleichorn.com0"0
*H
��0
�UՀ,k9D %Z|Y6J<rrK
g;&|uNlUE9)V.[ט̊:qS](#v
SYDz*
CpugYݔ,v<`j(w
aS#ڒ6n(K5'KVLåErv<
J=[}W
bLA%gޭnVb| I?M7D
:$׃bM_T[,ƃ\�00 U
0�0
U
0
U
%0++0
U
jj: γ+39啖0 U
#0Sr풜\|~5NԸQ0!U
0ike@michaeleichorn.com0LU
C0?0;
+70*0.+"http://www.startssl.com/policy.pdf0+00' StartCom Certification Authority0This certificate was issued according to the Class 1 Validation requirements of the StartCom CA policy, reliance only for the intended purpose in compliance of the relying party obligations.06U
/0-0+)'%http://crl.startssl.com/crtu1-crl.crl0+009+0-http://ocsp.startssl.com/sub/class1/client/ca0B+06http://aia.startssl.com/certs/sub.class1.client.ca.crt0#U
0http://www.startssl.com/0
*H
��x+ȐF}pw.X
vF?rg
P]EOp)L˻yA
;hi0u2]m [Sbp$_
gr
Xm*YP3 #H>mKAǠt)HO|=@} 3ӝ'iO81>
03 v'h5U
"H;ECZtpҗ4rWHu^6+i*kJL8shAV|5;?HMc\
j[j|+040
0
*H
�0}1
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1)0'U StartCom Certification Authority0
071024210155Z
171024210155Z01
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA0"0
*H
��0
� -).2AUGo#G
B|NDRpM-B=o
-we5JQpa>O.#._<V
[~**pz~3WG�.ᘟMlr[<Ce6fqO"uxfWN#uicgkv$Lb%y`_{`xK'GN�00U
00U
0
U
Sr풜\|~5NԸQ0 U
#0N
@[i04hCA0f+Z0X0'+0http://ocsp.startssl.com/ca0-+0!http://www.startssl.com/sfsca.crt0[U
T0R0'%#!http://www.startssl.com/sfsca.crl0'%#!http://crl.startssl.com/sfsca.crl0U
y0w0u
+70f0.+"http://www.startssl.com/policy.pdf04+(http://www.startssl.com/intermediate.pdf0
*H
��
}x,\c^
#wMq}>UK/^yX֏y frMIŲB61ymQҨݬZ0&�;@#13qۑ& ̢o 6r_;GO>*I(
74XS1r3)!LJy6Kotˆ#
_wSr
;B
ADp(fs
䰷6%.W0J3:bC<8t X1<Cn=t==wST~\wkBf|15zUP)(IjVB!OfI=bb\4-*em/нSJm7N[]'@ڽ
D9Kr>R7/|o^I@ټ'Pa
$ z9a'L)(
I}vcH]۸D*W}
m>Q|C.(,lQ10{001
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
`He�0 *H
1
*H
0
*H
1
151120201434Z0/ *H
1" xAPJS20iߘ.i*0 +71001
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
*H
101
0 UIL10U
StartCom Ltd.1+0)U
"Secure Digital Certificate Signing1806U/StartCom Class 1 Primary Intermediate Client CA]0
*H
��s?>ƙ
mx%t5߿QZ21|xLwC!IE
UU<֝HZ<Ob5NĬ= Lo zCź=pCZ@&Qzxp<8Un7Fjk(I Q[Y9uWHQ)6cD:_t@`
+}sɬ;%2Ո[Z>/~^
z7Wj~2:
ڀS������
help
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1448050474.2765.77.camel>