Re: libinit idea
This is an OpenPGP/MIME signed message (RFC 4880 and 3156)
--wRItEN90eih39L3KUEkMt2d5vlhbDUVKw
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
On 2014-02-23 17:04, Warner Losh wrote:
>=20
> On Feb 23, 2014, at 11:17 AM, David Chisnall <theraven@FreeBSD.org> wro=
te:
>=20
>> On 23 Feb 2014, at 18:11, Allan Jude <freebsd@allanjude.com> wrote:
>>
>>> sysrc solves this nicely, it is in base now, and is great for
>>> programmatically adding, removing and changing lines in rc.conf style=
>>> files. It is also in ports for older versions of FreeBSD where it is =
not
>>> in base.
>>
>> The problem is, there is no such thing as an rc.conf style file. rc.c=
onf is just a shell script. If you only edit it with sysrc, or you are c=
areful to preserve the structure, then it's fine. There is absolutely no=
thing stopping you, however, from writing arbitrarily complex shell scrip=
ts inside rc.conf. Sure, it's a terrible idea to do so, but when has tha=
t ever stopped anyone?
>>
>> An rc-replacement could enforce this by only accepting purely declarat=
ive files for configuration, guaranteeing that if they were syntactically=
valid they would also be machine editable, no matter what the user does =
to them.
>=20
> We already have a rc.conf.default. Why not a rc.conf.automation that do=
es that and is added to the list of things to source? Then things like sy=
src could operation on that secure in the knowledge that no shell command=
s could be there, and all bets are off if someone edits it by hand?
>=20
> Warner
>=20
This is basically what we do, we have puppet add:
rc_conf_files=3D"/etc/rc.conf /etc/rc.conf.local /etc/rc.conf.scaleengine=
"
to rc.conf, and then we push our global config to the .scaleengine file
--=20
Allan Jude
--wRItEN90eih39L3KUEkMt2d5vlhbDUVKw
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.16 (MingW32)
Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/
iQIcBAEBAgAGBQJTCnGsAAoJEJrBFpNRJZKfijMP/2otas8rmwBAuz9b63kw0ySm
qr1qDVKNM9ji71TXuwHBd4NGfJfPR6Q55EjhJAEsnBGVmh7iZZZlnCX4I/tsDMJN
FtSUCVsmmFINqSndpWxaxUXdjs3nNoQndHlL8L0cydO8JgX/BDhz43YAMAKGMlZu
+OuaptiJPEzBjXKUwHpxpNGgp3RdtEEpavuwWwogu6+uqi6m+Th4hgaLCRb5/y/j
+4xgHrXWS636Wg+Bn4DBKOFZJg+E7ObgvwrFfFeJg1xXReG3l+Jp9ZLTLYTLPKld
5SJcu9Xl9XGhcH83ltlZeMGquz+KtI4av5N1sOA0sLqM894myxatabMpZg/bbOkP
V11wfHGA8pQI6E64zVBvtg/YHABge5X9ljeKi6b0c1WoyaYIW5CwXj1JukE8YXpM
AWipF7daguVSlKFwr9+0982ckZJQdq6r8Jm9RtGUqOimWysNCuiBbYl9uAc00HgS
TlAGyO7swsKy9lprxERg0TxwdBYB2mfHGOGsG3GXDn2HZUiOznvtiLtyGzpQYCR2
g3sZa//o2KWJoHTqPf6k41TuqY88wi5QTrRtOespZ2QVT/KrlZY+2FHbRW5u0hm/
qXArN5szVQ5g+5hegK5hD5WaI4f8iPGcm3Ll5ciX46fTaoGHFbRQa1MNhHSJcRzz
Prr4/XmuYXpm7F1wCxEo
=ZqrW
-----END PGP SIGNATURE-----
--wRItEN90eih39L3KUEkMt2d5vlhbDUVKw--
討論串 (同標題文章)
完整討論串 (本文為第 14 之 26 篇):