From owner-freebsd-current@FreeBSD.ORG Sun Feb 23 22:16:55 2014 Return-Path: Delivered-To: freebsd-current@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id B92B858C; Sun, 23 Feb 2014 22:16:55 +0000 (UTC) Received: from mx1.scaleengine.net (beauharnois2.bhs1.scaleengine.net [142.4.218.15]) by mx1.freebsd.org (Postfix) with ESMTP id 7121B1B3E; Sun, 23 Feb 2014 22:16:54 +0000 (UTC) Received: from [10.1.1.1] (S01060001abad1dea.hm.shawcable.net [50.70.146.73]) (Authenticated sender: allan.jude@scaleengine.com) by mx1.scaleengine.net (Postfix) with ESMTPSA id D39385F0D2; Sun, 23 Feb 2014 22:09:43 +0000 (UTC) Message-ID: <530A71A9.5040705@allanjude.com> Date: Sun, 23 Feb 2014 17:09:45 -0500 From: Allan Jude User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.3.0 MIME-Version: 1.0 To: Warner Losh , David Chisnall Subject: Re: libinit idea References: <62A9DF47-C938-464B-92B6-9A2A96B5A9C9@FreeBSD.org> <530A39BB.6070003@allanjude.com> <0DB376E3-8C7F-4F20-9DEE-4DB98C078571@FreeBSD.org> <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com> In-Reply-To: <6B911759-48AC-4981-A5E1-2634B5D01F0D@gmail.com> X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="wRItEN90eih39L3KUEkMt2d5vlhbDUVKw" Cc: FreeBSD Current X-BeenThere: freebsd-current@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Discussions about the use of FreeBSD-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 23 Feb 2014 22:16:55 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --wRItEN90eih39L3KUEkMt2d5vlhbDUVKw Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable On 2014-02-23 17:04, Warner Losh wrote: >=20 > On Feb 23, 2014, at 11:17 AM, David Chisnall wro= te: >=20 >> On 23 Feb 2014, at 18:11, Allan Jude wrote: >> >>> sysrc solves this nicely, it is in base now, and is great for >>> programmatically adding, removing and changing lines in rc.conf style= >>> files. It is also in ports for older versions of FreeBSD where it is = not >>> in base. >> >> The problem is, there is no such thing as an rc.conf style file. rc.c= onf is just a shell script. If you only edit it with sysrc, or you are c= areful to preserve the structure, then it's fine. There is absolutely no= thing stopping you, however, from writing arbitrarily complex shell scrip= ts inside rc.conf. Sure, it's a terrible idea to do so, but when has tha= t ever stopped anyone? >> >> An rc-replacement could enforce this by only accepting purely declarat= ive files for configuration, guaranteeing that if they were syntactically= valid they would also be machine editable, no matter what the user does = to them. >=20 > We already have a rc.conf.default. Why not a rc.conf.automation that do= es that and is added to the list of things to source? Then things like sy= src could operation on that secure in the knowledge that no shell command= s could be there, and all bets are off if someone edits it by hand? >=20 > Warner >=20 This is basically what we do, we have puppet add: rc_conf_files=3D"/etc/rc.conf /etc/rc.conf.local /etc/rc.conf.scaleengine= " to rc.conf, and then we push our global config to the .scaleengine file --=20 Allan Jude --wRItEN90eih39L3KUEkMt2d5vlhbDUVKw Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.16 (MingW32) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQIcBAEBAgAGBQJTCnGsAAoJEJrBFpNRJZKfijMP/2otas8rmwBAuz9b63kw0ySm qr1qDVKNM9ji71TXuwHBd4NGfJfPR6Q55EjhJAEsnBGVmh7iZZZlnCX4I/tsDMJN FtSUCVsmmFINqSndpWxaxUXdjs3nNoQndHlL8L0cydO8JgX/BDhz43YAMAKGMlZu +OuaptiJPEzBjXKUwHpxpNGgp3RdtEEpavuwWwogu6+uqi6m+Th4hgaLCRb5/y/j +4xgHrXWS636Wg+Bn4DBKOFZJg+E7ObgvwrFfFeJg1xXReG3l+Jp9ZLTLYTLPKld 5SJcu9Xl9XGhcH83ltlZeMGquz+KtI4av5N1sOA0sLqM894myxatabMpZg/bbOkP V11wfHGA8pQI6E64zVBvtg/YHABge5X9ljeKi6b0c1WoyaYIW5CwXj1JukE8YXpM AWipF7daguVSlKFwr9+0982ckZJQdq6r8Jm9RtGUqOimWysNCuiBbYl9uAc00HgS TlAGyO7swsKy9lprxERg0TxwdBYB2mfHGOGsG3GXDn2HZUiOznvtiLtyGzpQYCR2 g3sZa//o2KWJoHTqPf6k41TuqY88wi5QTrRtOespZ2QVT/KrlZY+2FHbRW5u0hm/ qXArN5szVQ5g+5hegK5hD5WaI4f8iPGcm3Ll5ciX46fTaoGHFbRQa1MNhHSJcRzz Prr4/XmuYXpm7F1wCxEo =ZqrW -----END PGP SIGNATURE----- --wRItEN90eih39L3KUEkMt2d5vlhbDUVKw--