Re: [gentoo-dev] RFC: Package Manager Specification: configuration protection

public inbox for gentoo-dev@lists.gentoo.org
 help / color / mirror / Atom feed

From: Thomas de Grenier de Latour <degrenier@easyconnect.fr>
To: gentoo-dev@lists.gentoo.org
Subject: Re: [gentoo-dev] RFC: Package Manager Specification: configuration protection
Date: Thu, 14 Sep 2006 21:30:43 +0200	[thread overview]
Message-ID: <20060914213043.3bebb26e@eusebe> (raw)
In-Reply-To: <200609131947.13027.benno.schulenberg@gmail.com>

On Wed, 13 Sep 2006 19:47:12 +0200,
Benno Schulenberg <benno.schulenberg@gmail.com> wrote:

> I would much prefer new files to be treated as if replacing an 
> existing zero length file. 
...
> it should be up to tools like etc-update to (configurably) automerge
> new files

A quick look through my CONFIG_PROTECTed directories shows that, on a
total of ~1000 config files installed by ebuilds, only ~60 may have
affected my system when they were new and have been unconditionnaly
installed.  With such a false-positive rate, i would probably have soon
disabled the etc-update paranoid mode you propose, and i think most
users would have done the same.

I think that protection against harmfull new config files should be
selective to be useful.  It should only affect directories from which
files are blindly sourced by some services you are already running.
There, and only there¹, new config files are unexpected change of your 
existing configuration, and thus lead to unexpected behaviors.

 ¹ Well, ok, that's not exactly true. There is also the case of config
files being moved (a program expecting /etc/foo.conf in one version,
and /etc/foo/foo.conf in the later), things like that.  But imho, in
such cases, documentation (postinst messages, or GLEP 42) is enough,
whereas an anti-new-files-protection wouldn't really help.

The directories i'm thinking of are all this /etc/*.d/: "acpi.d",
"logrotate.d", "pam.d", etc.  There, adding a new file is really
just like appending a new chunk to an existing config file.

Implementation of a special anti-new-file-protection for this critical
directories could be done in at least two ways:
 - a global NEW_CONFIG_PROTECT variable (but i don't think it's would be
a good idea, too hard to maintain given the number of packages / devs
which would have a path to add to the list),
 - an ebuild-specific variable, which would be taken into account by the
contents merging function of the package manager (sure, this variable
should be accessible through aux_get() or alike, ie. not bash-level
only, but part of the ebuild metadatas).

But anyway, sorry for the off-topic Ciaran, i realize that this
discussion is far from being comments on the specs you've written.

--
TGL.
-- 
gentoo-dev@gentoo.org mailing list

next prev parent reply	other threads:[~2006-09-14 19:33 UTC|newest]

Thread overview: 26+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2006-09-11 22:22 [gentoo-dev] RFC: Package Manager Specification: configuration protection Ciaran McCreesh
2006-09-11 23:02 ` Chris White
2006-09-11 23:15   ` Ciaran McCreesh
2006-09-16  7:21     ` Brian Harring
2006-09-12  1:13   ` Robin H. Johnson
2006-09-12  0:30 ` Michael Cummings
2006-09-13 20:05   ` Peter Volkov (pva)
2006-09-12  8:19 ` Simon Stelling
2006-09-12  9:31   ` Ciaran McCreesh
2006-09-12 17:36     ` Zac Medico
2006-09-12 22:44     ` Zac Medico
2006-09-12 22:51       ` Ciaran McCreesh
2006-09-12 23:57         ` Zac Medico
2006-09-20 20:11           ` Mike Frysinger
2006-09-13  1:00         ` Ilya A. Volynets-Evenbakh
2006-09-13 17:47 ` Benno Schulenberg
2006-09-13 20:42   ` Daniel Gryniewicz
2006-09-14 17:34     ` Benno Schulenberg
2006-09-14 19:30   ` Thomas de Grenier de Latour [this message]
2006-09-15 20:27     ` Benno Schulenberg
2006-09-14  6:51 ` Harald van Dĳk
2006-09-15 18:39   ` Ciaran McCreesh
2006-09-16  6:56     ` Harald van Dĳk
2006-09-16  7:17 ` Brian Harring
2006-09-16 22:02   ` Ciaran McCreesh
2006-09-17  0:26     ` Brian Harring

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=20060914213043.3bebb26e@eusebe \
    --to=degrenier@easyconnect.fr \
    --cc=gentoo-dev@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox