On 2014-02-23 17:04, Warner Losh wrote:
> On Feb 23, 2014, at 11:17 AM, David Chisnall <thera...@freebsd.org> wrote:
>> On 23 Feb 2014, at 18:11, Allan Jude <free...@allanjude.com> wrote:
>>> sysrc solves this nicely, it is in base now, and is great for
>>> programmatically adding, removing and changing lines in rc.conf style
>>> files. It is also in ports for older versions of FreeBSD where it is not
>>> in base.
>> The problem is, there is no such thing as an rc.conf style file.  rc.conf is 
>> just a shell script.  If you only edit it with sysrc, or you are careful to 
>> preserve the structure, then it's fine.  There is absolutely nothing 
>> stopping you, however, from writing arbitrarily complex shell scripts inside 
>> rc.conf.  Sure, it's a terrible idea to do so, but when has that ever 
>> stopped anyone?
>> An rc-replacement could enforce this by only accepting purely declarative 
>> files for configuration, guaranteeing that if they were syntactically valid 
>> they would also be machine editable, no matter what the user does to them.
> We already have a rc.conf.default. Why not a rc.conf.automation that does 
> that and is added to the list of things to source? Then things like sysrc 
> could operation on that secure in the knowledge that no shell commands could 
> be there, and all bets are off if someone edits it by hand?
> Warner

This is basically what we do, we have puppet add:

rc_conf_files="/etc/rc.conf /etc/rc.conf.local /etc/rc.conf.scaleengine"

to rc.conf, and then we push our global config to the .scaleengine file

Allan Jude

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to