Chris Fearnley: > This is wonderful. I'm in ecstasy! You're easy to please. I need to find a girl that is similar to you.[0] :-) > I'm not usre we need to wait so long. Can't we start switching over > now? It isn't workable, unless and until just about all packages use it. We can't delay 1.2 until all packages have been inspected and converted. We can start it now, but we first need a working implementation of cfgtool. cfgtool needs to be runnable by anyone (in read-only mode) so that, for example, cgi-bins running as nobody can ask for information. The current prototype can't do that. [sounds of hacking frenzy] Now it does. I've set up the variable repository as "/etc/cfgtool.d", and the lock file as "/tmp/.cfgtool.lock.ilv"[1], they can be easily overridden. However, this is a hack, and it can be used for a denial-of-service (DOS) attack: since cfgtool won't do anything unless it can create the lock file, a malicious user can create the lock file. Then no-one can do anything. [sounds of hacking frenzy] Hah! That was easy to fix. I think. No locking is needed for reading the variables, only for changing. You can read even if the repository is locked. The idea is that it's better to get a possibly wrong answer than to fail completely. No more DOS! I moved the lock file to /etc/cfgtool as well. I'll make a new release in a few days. Assuming there's no more need to change the interface, we can start thinking about a proper implementation and some policy. The current implementation uses a separate file for each variable. If we have a hundred variables, this will use a hundred kilobytes, which is a huge waste of disk space. This needs to be fixed, but we can live with it for now. We also need some guidelines for what kinds of stuff is stored with cfgtool. I've been talking about "system configuration variables". More specifically, the following are OK: - settings used by /etc/init.d/* - settings used by /etc/cron.*/* - settings used by other similar scripts - answers to questions by package installation scripts All settings mentioned must of course be system wide. The following are not: - application configuration not relevant to installation on a Debian system, because it would make the application non-portable Oh yes, we also need a full screen interface. Anyone want to start working on that? It would be easy to make a library of the relevant cfgtool routines so that it isn't necessary to keep forking and execing all the time. Enough for now. I'm so hungry and tired I'm having trouble sitting straight. :) -- Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me. Please don't Cc: me when replying to my message on a mailing list. [0] Or possibly not. I've just managed to avoid becoming involved with someone. I hope. But we're friends. [1] Speculation about what "ilv" means will only make me smile.
Attachment:
pgppCbY0DkjPa.pgp
Description: PGP signature