On Thu, Apr 8, 2010 at 7:06 AM, Daniel Pittman <[email protected]> wrote: > G'day. > > Further to my previous patch on the topic, here is a proof-of-concept patch > series that implements a 'replace_file' API, then uses that through the code. > > (See <[email protected]> and below for additional context. > > This should hopefully give a clear indication of the direction I think would > be useful for improving both the safety and the security of puppet file > replacement. > > As Markus Roberts correctly points out, the issues that this fixes are > generally a "perfect storm" of problems: puppet running, writing to a file, > the system crashing, and data getting lost is pretty unlikely. > > However, this pretty much eliminates that risk, and as a by-product adds an > API that would make it easier for developers to work safely with files in > puppet. > > > Anyway, this is proof-of-concept because I can't currently test it. It > probably contains some syntax errors, even. Hopefully I can beat enough of > Ruby into shape that I can get that resolved shortly - but I think comments > are still useful in the current form of the patchset. > > Regards, > Daniel
Daniel -- I've read through it once and will want to go through it again with more coffee in me, but as a proof-of-concept I'd give it a +1 and it appears to be pretty much in line with our discussion. We probably want to either do some rescue/ensure cleanup in replace_file (in case they raise an exception in the block) but it's still a net improvement (leaving clutter rather than corrupting the files). -- Markus -- You received this message because you are subscribed to the Google Groups "Puppet Developers" group. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/puppet-dev?hl=en.
