[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Thoughts regarding package installation



Chris Fearnley:
> This is wonderful.  I'm in ecstasy!

You're easy to please. I need to find a girl that is similar
to you.[0] :-)

> I'm not usre we need to wait so long.  Can't we start switching over
> now?

It isn't workable, unless and until just about all packages use
it. We can't delay 1.2 until all packages have been inspected
and converted. We can start it now, but we first need a working
implementation of cfgtool. cfgtool needs to be runnable
by anyone (in read-only mode) so that, for example, cgi-bins
running as nobody can ask for information. The current prototype
can't do that.

[sounds of hacking frenzy]

Now it does. I've set up the variable repository as
"/etc/cfgtool.d", and the lock file as "/tmp/.cfgtool.lock.ilv"[1],
they can be easily overridden. However, this is a hack,
and it can be used for a denial-of-service (DOS) attack: since
cfgtool won't do anything unless it can create the lock file, a
malicious user can create the lock file. Then no-one can do anything.

[sounds of hacking frenzy]

Hah! That was easy to fix. I think. No locking is needed for
reading the variables, only for changing. You can read even if
the repository is locked. The idea is that it's better to get
a possibly wrong answer than to fail completely. No more DOS!
I moved the lock file to /etc/cfgtool as well.

I'll make a new release in a few days.

Assuming there's no more need to change the interface, we can
start thinking about a proper implementation and some policy.

The current implementation uses a separate file for each variable.
If we have a hundred variables, this will use a hundred kilobytes,
which is a huge waste of disk space. This needs to be fixed, but
we can live with it for now.

We also need some guidelines for what kinds of stuff is stored
with cfgtool. I've been talking about "system configuration
variables". More specifically, the following are OK:

	- settings used by /etc/init.d/*
	- settings used by /etc/cron.*/*
	- settings used by other similar scripts
	- answers to questions by package installation scripts

All settings mentioned must of course be system wide.
	
The following are not:

	- application configuration not relevant to installation
	  on a Debian system, because it would make the
	  application non-portable

Oh yes, we also need a full screen interface. Anyone want to
start working on that? It would be easy to make a library
of the relevant cfgtool routines so that it isn't necessary
to keep forking and execing all the time.

Enough for now. I'm so hungry and tired I'm having trouble
sitting straight. :)

-- 
Please read <http://www.iki.fi/liw/mail-to-lasu.html> before mailing me.
Please don't Cc: me when replying to my message on a mailing list.

[0] Or possibly not. I've just managed to avoid becoming involved
with someone. I hope. But we're friends.

[1] Speculation about what "ilv" means will only make me smile.


Attachment: pgppCbY0DkjPa.pgp
Description: PGP signature


Reply to: