On 10 July 2012 21:45, <bnewb...@robocracy.org> wrote: > > Spoke with James and a few others here at the OpenITP event, notes and a > rought plan are below. Some of this feels like reinventing the wheel; a > future/mature implementation might use: > > D-Bus for message passing, PolicyKit for access control, Augeas for > read/write > > or > > building off ubus (IPC from OpenWrt) and netif (network interface > configuration from OpenWrt), extending with augeas configuration > > or > > libassuan (from GPG) to handle narrow scope trusted IPC > > But for now i'm just going to bang something out so that plinth can use > the python-augeas interface through an access controlled unix domain pipe. > > ------------------------------**------------------------------** > ----------------- > > requirements/compromises: > - scope of configuration middleware is "regular" system files, mostly in > /etc > (no user/identity management) > - files should be edited "in place" > - local changes should be respected > - single root/wheel permissions level for reading, writing, and applying > changes > - configuration "versioning" taken as a seperate problem from editing > - "client code" (aka plinth) is responsible for semantic/logical > validation, > and service restarts > > new program: "exmachina: hand of root" > configuration management daemon which runs with root permissions, > listens on a unix domain socket with access controlled by filesystem > permissions. uses a very simple api to provide access to augeas > configuration file editing and service restarts. > > plinth/apache, running not-as-root, is passed access at startup (ENV > vars? > file handle pass?) > > single-thread, serializes edits > > simple, written in python (for now), including python "client library" > which replicates python-augeas interface > > extra features (somedaymaybe): > general purpose ncurses, gui, or web interface > no-downtime reloads of daemon via HUP (a la nginx) > fine-grain ACL > dpkg installation > general purpose features: process execution, package installation, file > read/write >
BTW I came across this bootstrap 2 based admin console for sale for $20 lately http://wbpreview.com/previews/WB00U99JJ/ Perhaps some ideas for jazzing up plinth? > > -bryan > > ______________________________**_________________ > Freedombox-discuss mailing list > Freedombox-discuss@lists.**alioth.debian.org<Freedombox-discuss@lists.alioth.debian.org> > http://lists.alioth.debian.**org/cgi-bin/mailman/listinfo/** > freedombox-discuss<http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss> >
_______________________________________________ Freedombox-discuss mailing list Freedombox-discuss@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss