Mike Gerdts wrote: > On 9/13/07, Danek Duvall <danek.duvall at sun.com> wrote: >> They're much like class >> action scripts, except you can't deliver your own. > > [contrived example, I don't really manage sudo like this] > Suppose I use sudo in my environment because RBAC is not > cross-platform and I want a package to deliver new sudo rules. Are > you saying that there is no way for me to deliver (presumably with the > sudo package) a module to the packaging system that knows how to add > and remove sudo rules? > > This would seem to mean that my best bet for packages that in the old > days would have modified sudoers, their only option now is to deliver > a transient service that adds the rules on start and removes them on > stop. Since I may have many such services delivered by various > packages, I need to be very careful to have a locking mechanism that > prevents race conditions. Of course, this assumes that a service that > is delivered in a pkg is is automatically started after installation > and automatically stopped before removal. > >> The set of recognized actions will obviously need to grow over time (at >> first, certainly). A customer may need to upgrade the packaging system >> before being able to perform some installs, much like live upgrade today >> needs to be upgraded before anything else. There's room for the ability to >> do that automatically. > > I do like the idea of saying "add a user" or "alter this rights > profile". Sun or other distro maintainers shouldn't be the only once > to define and deliver the recognized actions. >
In most cases, these sorts of actions can be postponed until either the service is started (for a simple case) or the machine is rebooted. Very few third-party packages should need to perform unique actions before the machine reboots. The problem is that getting scripting correct is difficult enough when one is talking about running in a normal context. Getting the scripting right when we're modifying a local zone of a diskless client on an alternate architecture down-reved boot server is downright hard since so much of the installation environment affects the script... we want to defer these sorts of actions until the service starts. - Bart -- Bart Smaalders Solaris Kernel Performance barts at cyber.eng.sun.com http://blogs.sun.com/barts
