For Review: Latest update to rcorder patch

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

For Review: Latest update to rcorder patch

dougb
Howdy,

The attached patch contains what I hope are the final tweaks to the new
rcorder code. It has the following changes:

1. Silences a grep warning when an rc.d directory in $local_startup is empty.

2. Adds a variable to /etc/defaults/rc.conf called early_late_divider
(better name suggestions welcome) that defines the script to use to separate
the early and late stages, and the commensurate code in rc. This makes the
option configurable, which on the one hand puts a bullet in the
foot-shooting gun for careless admins, but on the other hand gives more
flexibility to those that can make use of it.

3. Defaults the divider to mountcritlocal, instead of mountcritremote. When
last I talked to Brooks about this, he said that this would "probably" be ok
even for diskless booting, however I'm willing to make it mountcritremote
for now if we're not sure of this. Alternatively, we can make the default
mountcritlocal, and instruct diskless booters to change this setting. Since
I am not really involved in the diskless booting stuff, I'm totally open to
the consensus opinion on this. If we change it, this will move the following
scripts into the late stage:

/etc/rc.d/var
/etc/rc.d/cleanvar
/etc/rc.d/random
/etc/rc.d/adjkerntz
/etc/rc.d/atm1
/etc/rc.d/hostname
/etc/rc.d/ipfilter
/etc/rc.d/ipnat
/etc/rc.d/ipfs
/etc/rc.d/kldxref
/etc/rc.d/sppp
/etc/rc.d/addswap
/etc/rc.d/sysctl
/etc/rc.d/serial
/etc/rc.d/pccard
/etc/rc.d/netif
/etc/rc.d/isdnd
/etc/rc.d/ppp
/etc/rc.d/ipfw
/etc/rc.d/nsswitch
/etc/rc.d/newsyslog
/etc/rc.d/syslogd
/etc/rc.d/ip6addrctl
/etc/rc.d/atm2
/etc/rc.d/pfsync
/etc/rc.d/pflog
/etc/rc.d/pf
/etc/rc.d/routing
/etc/rc.d/ip6fw
/etc/rc.d/network_ipv6
/etc/rc.d/mroute6d
/etc/rc.d/route6d
/etc/rc.d/mrouted
/etc/rc.d/routed
/etc/rc.d/NETWORKING
/etc/rc.d/devd
/etc/rc.d/ipsec


Enjoy,

Doug

--

     This .signature sanitized for your protection


Index: rc
===================================================================
RCS file: /usr/local/ncvs/src/etc/rc,v
retrieving revision 1.337
diff -u -r1.337 rc
--- rc 2 Dec 2005 20:06:07 -0000 1.337
+++ rc 8 Dec 2005 21:23:56 -0000
@@ -73,7 +73,7 @@
 skip="-s nostart"
 [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] && skip="$skip -s nojail"
 
-# Do a first pass to get everything up to mountcritremote so that
+# Do a first pass to get everything up to $early_late_divider so that
 # we can do a second pass that includes $local_startup directories
 #
 files=`rcorder ${skip} /etc/rc.d/* 2>/dev/null`
@@ -82,7 +82,7 @@
  run_rc_script ${_rc_elem} ${_boot}
 
  case "$_rc_elem" in
- */mountcritremote) break ;;
+ */${early_late_divider}) break ;;
  esac
 done
 
@@ -101,7 +101,7 @@
 for _rc_elem in ${files}; do
  case "$_skip_early" in
  1) case "$_rc_elem" in
- */mountcritremote) _skip_early=0 ;;
+ */${early_late_divider}) _skip_early=0 ;;
  esac
  continue
  ;;
Index: rc.subr
===================================================================
RCS file: /usr/local/ncvs/src/etc/rc.subr,v
retrieving revision 1.45
diff -u -r1.45 rc.subr
--- rc.subr 5 Dec 2005 07:04:15 -0000 1.45
+++ rc.subr 8 Dec 2005 21:20:15 -0000
@@ -1380,7 +1380,7 @@
  local_rc=''
  for dir in ${local_startup}; do
  if [ -d "${dir}" ]; then
- for file in `grep -l '^# PROVIDE:' ${dir}/*`; do
+ for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do
  case "$file" in
  *.sample) ;;
  *) if [ -x "$file" ]; then
Index: defaults/rc.conf
===================================================================
RCS file: /usr/local/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.265
diff -u -r1.265 rc.conf
--- defaults/rc.conf 24 Nov 2005 14:39:41 -0000 1.265
+++ defaults/rc.conf 8 Dec 2005 21:27:04 -0000
@@ -24,6 +24,10 @@
 rc_debug="NO" # Set to YES to enable debugging output from rc.d
 rc_info="NO" # Enables display of informational messages at boot.
 rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown
+early_late_divider="mountcritlocal" # Script that separates early/late
+ # stages of the boot process.  Make sure you know
+ # the ramifications if you change this.
+
 swapfile="NO" # Set to name of swapfile if aux swapfile desired.
 apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO).
 apmd_enable="NO" # Run apmd to handle APM event from userland.

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-rc
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: For Review: Latest update to rcorder patch

Brooks Davis
On Thu, Dec 08, 2005 at 01:53:46PM -0800, Doug Barton wrote:

> Howdy,
>
> The attached patch contains what I hope are the final tweaks to the new
> rcorder code. It has the following changes:
>
> 1. Silences a grep warning when an rc.d directory in $local_startup is
> empty.
>
> 2. Adds a variable to /etc/defaults/rc.conf called early_late_divider
> (better name suggestions welcome) that defines the script to use to
> separate the early and late stages, and the commensurate code in rc. This
> makes the option configurable, which on the one hand puts a bullet in the
> foot-shooting gun for careless admins, but on the other hand gives more
> flexibility to those that can make use of it.
>
> 3. Defaults the divider to mountcritlocal, instead of mountcritremote.
> When last I talked to Brooks about this, he said that this would
> "probably" be ok even for diskless booting, however I'm willing to make it
> mountcritremote for now if we're not sure of this. Alternatively, we can
> make the default mountcritlocal, and instruct diskless booters to change
> this setting. Since I am not really involved in the diskless booting
> stuff, I'm totally open to the consensus opinion on this. If we change it,
> this will move the following scripts into the late stage:
Conceptually, I'm happy with this.  A few things.

 - I'd suggest explicitly stating that the only sane values
   for $early_late_divider are probably root, mountcritlocal, and
   mountcritremote.
 - diskless.8 should probably be updated to mentation that
   early_late_divider must be set to mountcritremote for the documented
   configuration to work.
 - If you want to depend on an rc.conf value in /etc/rc,
   /etc/rc.d/rcconf.sh should die.  early_late_divider is only non-zero
   every time through the loop by accident at this point.  Since
   rcconf.sh is no longer needed due to moving rc.d/initdiskless back
   to /etc/rc.initdiskless, it's safe to handle configuration in /etc/rc.

-- Brooks

--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: For Review: Latest update to rcorder patch

dougb
Brooks Davis wrote:

> Conceptually, I'm happy with this.  A few things.
>
>  - I'd suggest explicitly stating that the only sane values
>    for $early_late_divider are probably root, mountcritlocal, and
>    mountcritremote.

Yeah, I ended up having to finish my message in a hurry (real life called),
and I forgot to add that I hadn't finished the rc.conf man page entry yet. I
am always hesitant to add too much info to the rc.conf file, mostly because
people who are determined to self foot-shoot will ignore it anyway. :)

I've added my proposed patch to rc.conf(5).

>  - diskless.8 should probably be updated to mentation that
>    early_late_divider must be set to mountcritremote for the documented
>    configuration to work.

I can do that as part of the change if you want, or you can do it, just let
me know.

>  - If you want to depend on an rc.conf value in /etc/rc,
>    /etc/rc.d/rcconf.sh should die.  early_late_divider is only non-zero
>    every time through the loop by accident at this point.

Ok, good plan. :) Based on our earlier conversation, I've also moved the
sourcing of rc.subr to after rc.initdiskless. In the non-diskless case, this
should be a total noop, so I'm not worried about this part of the change,
and if we're going to do it, we should do it now. Although I didn't include
it in this patch, I'll remove rcconf.sh as well.

> Since
>    rcconf.sh is no longer needed due to moving rc.d/initdiskless back
>    to /etc/rc.initdiskless, it's safe to handle configuration in /etc/rc.

Sounds great to me!

Thanks as always for your feedback and careful thought here.

Doug

--

      This .signature sanitized for your protection




Index: etc/rc
===================================================================
RCS file: /usr/local/ncvs/src/etc/rc,v
retrieving revision 1.337
diff -u -r1.337 rc
--- etc/rc 2 Dec 2005 20:06:07 -0000 1.337
+++ etc/rc 9 Dec 2005 09:55:41 -0000
@@ -50,12 +50,6 @@
 PATH=/sbin:/bin:/usr/sbin:/usr/bin
 export HOME PATH
 
-. /etc/rc.subr
-
-# Note: the system configuration files are loaded as part of
-# the rc.d system (rc.d/rcconf.sh).  Do not load them here as it may
-# interfere with diskless booting.
-#
 if [ "$1" = autoboot ]; then
  autoboot=yes
  _boot="faststart"
@@ -70,10 +64,18 @@
  sh /etc/rc.initdiskless
 fi
 
+# Run these after determining whether we are booting diskless in order
+# to minimize the number of files that are needed on a diskless system,
+# and to make the configuration file variables available to rc itself.
+#
+. /etc/rc.subr
+echo "Loading configuration files."
+load_rc_config 'XXX'
+
 skip="-s nostart"
 [ `/sbin/sysctl -n security.jail.jailed` -eq 1 ] && skip="$skip -s nojail"
 
-# Do a first pass to get everything up to mountcritremote so that
+# Do a first pass to get everything up to $early_late_divider so that
 # we can do a second pass that includes $local_startup directories
 #
 files=`rcorder ${skip} /etc/rc.d/* 2>/dev/null`
@@ -82,7 +84,7 @@
  run_rc_script ${_rc_elem} ${_boot}
 
  case "$_rc_elem" in
- */mountcritremote) break ;;
+ */${early_late_divider}) break ;;
  esac
 done
 
@@ -101,7 +103,7 @@
 for _rc_elem in ${files}; do
  case "$_skip_early" in
  1) case "$_rc_elem" in
- */mountcritremote) _skip_early=0 ;;
+ */${early_late_divider}) _skip_early=0 ;;
  esac
  continue
  ;;
Index: etc/rc.subr
===================================================================
RCS file: /usr/local/ncvs/src/etc/rc.subr,v
retrieving revision 1.45
diff -u -r1.45 rc.subr
--- etc/rc.subr 5 Dec 2005 07:04:15 -0000 1.45
+++ etc/rc.subr 8 Dec 2005 21:20:15 -0000
@@ -1380,7 +1380,7 @@
  local_rc=''
  for dir in ${local_startup}; do
  if [ -d "${dir}" ]; then
- for file in `grep -l '^# PROVIDE:' ${dir}/*`; do
+ for file in `grep -l '^# PROVIDE:' ${dir}/* 2>/dev/null`; do
  case "$file" in
  *.sample) ;;
  *) if [ -x "$file" ]; then
Index: etc/defaults/rc.conf
===================================================================
RCS file: /usr/local/ncvs/src/etc/defaults/rc.conf,v
retrieving revision 1.265
diff -u -r1.265 rc.conf
--- etc/defaults/rc.conf 24 Nov 2005 14:39:41 -0000 1.265
+++ etc/defaults/rc.conf 9 Dec 2005 10:16:12 -0000
@@ -24,6 +24,11 @@
 rc_debug="NO" # Set to YES to enable debugging output from rc.d
 rc_info="NO" # Enables display of informational messages at boot.
 rcshutdown_timeout="30" # Seconds to wait before terminating rc.shutdown
+early_late_divider="mountcritlocal" # Script that separates early/late
+ # stages of the boot process.  Make sure you know
+ # the ramifications if you change this.
+ # See rc.conf(5) for more details.
+
 swapfile="NO" # Set to name of swapfile if aux swapfile desired.
 apm_enable="NO" # Set to YES to enable APM BIOS functions (or NO).
 apmd_enable="NO" # Run apmd to handle APM event from userland.
Index: share/man/man5/rc.conf.5
===================================================================
RCS file: /usr/local/ncvs/src/share/man/man5/rc.conf.5,v
retrieving revision 1.271
diff -u -r1.271 rc.conf.5
--- share/man/man5/rc.conf.5 18 Nov 2005 10:52:23 -0000 1.271
+++ share/man/man5/rc.conf.5 9 Dec 2005 10:18:37 -0000
@@ -90,6 +90,29 @@
 Informational messages are displayed when
 a condition that is not serious enough to warrant a warning or
 an error occurs.
+.It Va early_late_divider
+.Pq Vt str
+The name of the script that should be used as the
+delimiter between the
+.Dq early
+and
+.Dq late
+stages of the boot process.
+The early stage should contain all the services needed to
+get the disks (local or remote) mounted so that the late
+stage can include scripts contained in the directories
+listed in the
+.Va local_startup
+variable (see below).
+Thus, the two likely candidates for this value are
+mountcritlocal for the typical system,
+and mountcritremote if the system is
+.Dq diskless .
+Extreme care should be taken when changing this value,
+and before changing it one should ensure that there are
+adequate provisions to recover from a failed boot
+(such as physical contact with the machine,
+or reliable remote console access).
 .It Va swapfile
 .Pq Vt str
 If set to


_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-rc
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: For Review: Latest update to rcorder patch

Brooks Davis
On Fri, Dec 09, 2005 at 02:45:23AM -0800, Doug Barton wrote:

> Brooks Davis wrote:
>
> >Conceptually, I'm happy with this.  A few things.
> >
> > - I'd suggest explicitly stating that the only sane values
> >   for $early_late_divider are probably root, mountcritlocal, and
> >   mountcritremote.
>
> Yeah, I ended up having to finish my message in a hurry (real life
> called), and I forgot to add that I hadn't finished the rc.conf
> man page entry yet.  I am always hesitant to add too much info to
> the rc.conf file, mostly because people who are determined to self
> foot-shoot will ignore it anyway. :)
That's fair. :)

> I've added my proposed patch to rc.conf(5).

Instead of talking about diskless systems I'd talk about having remote
file systems in ${local_startup} such as if /usr were an nfs mount.
The reason for this suggestion is that this and not being diskless are
what makes the difference.  All my diskless systems could actually have
early_late_divider=root since the roots contain everything in a chroot
to allow them to be out of sync with the OS of the build system.  You
could also do something old school and have the base system on the local
disk and have all packages be shared.  That's certainly still popular in
some places with lots of workstations.

> > - diskless.8 should probably be updated to mentation that
> >   early_late_divider must be set to mountcritremote for the documented
> >   configuration to work.
>
> I can do that as part of the change if you want, or you can do it, just let
> me know.

Please go ahead.  diskless.8 annoys me because I don't like its
suggested design.  I really need to get around to doing a writeup on
how I like to do diskless stuff.  Probably after I work up a modified
nanobsd build to handle it (in process for an upgrade from 4.10 to 6.0
on my cluster).

> > - If you want to depend on an rc.conf value in /etc/rc,
> >   /etc/rc.d/rcconf.sh should die.  early_late_divider is only non-zero
> >   every time through the loop by accident at this point.
>
> Ok, good plan. :) Based on our earlier conversation, I've also moved the
> sourcing of rc.subr to after rc.initdiskless. In the non-diskless case,
> this
> should be a total noop, so I'm not worried about this part of the change,
> and if we're going to do it, we should do it now. Although I didn't include
> it in this patch, I'll remove rcconf.sh as well.
OK.  I might make rcconf.sh into a no-op that provides rcconf in the
first commit and remove it for real in a day or so to make it easier to
debug any inadvertent issues that result from increasing the number of
scripts with no dependencies.

> >Since
> >   rcconf.sh is no longer needed due to moving rc.d/initdiskless back
> >   to /etc/rc.initdiskless, it's safe to handle configuration in /etc/rc.
>
> Sounds great to me!
>
> Thanks as always for your feedback and careful thought here.

You're welcome.  I'm glad to see this is being done.  Despite the
increase in complexity in /etc/rc, I think we're well on our way to a
more sane and comprehensible startup process.

-- Brooks

--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: For Review: Latest update to rcorder patch

dougb
Brooks Davis wrote:

> Instead of talking about diskless systems I'd talk about having remote
> file systems in ${local_startup}

Ok, how's this:

+The early stage should contain all the services needed to
+get the disks (local or remote) mounted so that the late
+stage can include scripts contained in the directories
+listed in the
+.Va local_startup
+variable (see below).
+Thus, the two likely candidates for this value are
+mountcritlocal for the typical system,
+and mountcritremote if the system needs remote file
+systems mounted to get access to the
+.Va local_startup
+directories.
+For example when
+.Pa /usr/local
+is NFS mounted.

>>> - diskless.8 should probably be updated to mentation that
>>>   early_late_divider must be set to mountcritremote for the documented
>>>   configuration to work.
>> I can do that as part of the change if you want, or you can do it, just let
>> me know.
>
> Please go ahead.

Ok, how is this:

+.Pp
+One difference that you should pay particular attention to is
+the value of
+.Va local_startup
+in
+.Pa /etc/defaults/rc.conf .
+A typical value for a
+.Nm
+boot is
+.Va mountcritremote ,
+however your needs may be different.
+.Pp
  The scripts provide four

Suggestions for improvements are welcome, it's been a long day.

> OK.  I might make rcconf.sh into a no-op that provides rcconf in the
> first commit and remove it for real in a day or so to make it easier to
> debug any inadvertent issues that result from increasing the number of
> scripts with no dependencies.

Yeah, not only is this a factor, but I also failed to take into account
another critical element. rcorder needs at least one script without any
REQUIRE lines to know where to start. Right now that's rcconf.sh by design,
but I think we need to replace that, rather than just delete rcconf.sh. This
is one of the few times when I think a dummy dependency would be useful. I
propose that I add a dummy dependency called START, and change everything
that currently depends on rcconf to depend on START instead. Sound good?

BTW, I noticed that there are several scripts that have no REQUIRE or
nostart. Should those be updated? They are: ccd, gbde, mixer, and securelevel.

Doug

--

     This .signature sanitized for your protection

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-rc
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: For Review: Latest update to rcorder patch

dougb
In reply to this post by Brooks Davis
Brooks Davis wrote:

> Instead of talking about diskless systems I'd talk about having remote
> file systems in ${local_startup}

Ok, how's this:

+The early stage should contain all the services needed to
+get the disks (local or remote) mounted so that the late
+stage can include scripts contained in the directories
+listed in the
+.Va local_startup
+variable (see below).
+Thus, the two likely candidates for this value are
+mountcritlocal for the typical system,
+and mountcritremote if the system needs remote file
+systems mounted to get access to the
+.Va local_startup
+directories.
+For example when
+.Pa /usr/local
+is NFS mounted.

>>> - diskless.8 should probably be updated to mentation that
>>>   early_late_divider must be set to mountcritremote for the documented
>>>   configuration to work.
>> I can do that as part of the change if you want, or you can do it, just let
>> me know.
>
> Please go ahead.

Ok, how is this:

+.Pp
+One difference that you should pay particular attention to is
+the value of
+.Va local_startup
+in
+.Pa /etc/defaults/rc.conf .
+A typical value for a
+.Nm
+boot is
+.Va mountcritremote ,
+however your needs may be different.
+.Pp
  The scripts provide four

Suggestions for improvements are welcome, it's been a long day.

> OK.  I might make rcconf.sh into a no-op that provides rcconf in the
> first commit and remove it for real in a day or so to make it easier to
> debug any inadvertent issues that result from increasing the number of
> scripts with no dependencies.

Yeah, not only is this a factor, but I also failed to take into account
another critical element. rcorder needs at least one script without any
REQUIRE lines to know where to start. Right now that's rcconf.sh by design,
but I think we need to replace that, rather than just delete rcconf.sh. This
is one of the few times when I think a dummy dependency would be useful. I
propose that I add a dummy dependency called START, and change everything
that currently depends on rcconf to depend on START instead. Sound good?

BTW, I noticed that there are several scripts that have no REQUIRE or
nostart. Should those be updated? They are: ccd, gbde, mixer, and securelevel.

Doug

--

     This .signature sanitized for your protection

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-rc
To unsubscribe, send any mail to "[hidden email]"
Reply | Threaded
Open this post in threaded view
|

Re: For Review: Latest update to rcorder patch

Brooks Davis
In reply to this post by dougb
On Sat, Dec 10, 2005 at 12:56:55AM -0800, Doug Barton wrote:

> Brooks Davis wrote:
>
> >Instead of talking about diskless systems I'd talk about having remote
> >file systems in ${local_startup}
>
> Ok, how's this:
>
> +The early stage should contain all the services needed to
> +get the disks (local or remote) mounted so that the late
> +stage can include scripts contained in the directories
> +listed in the
> +.Va local_startup
> +variable (see below).
> +Thus, the two likely candidates for this value are
> +mountcritlocal for the typical system,
> +and mountcritremote if the system needs remote file
> +systems mounted to get access to the
> +.Va local_startup
> +directories.
> +For example when
> +.Pa /usr/local
> +is NFS mounted.
That looks fine.

> >>>- diskless.8 should probably be updated to mentation that
> >>>  early_late_divider must be set to mountcritremote for the documented
> >>>  configuration to work.
> >>I can do that as part of the change if you want, or you can do it, just
> >>let
> >>me know.
> >
> >Please go ahead.
>
> Ok, how is this:
>
> +.Pp
> +One difference that you should pay particular attention to is
> +the value of
> +.Va local_startup
> +in
> +.Pa /etc/defaults/rc.conf .
> +A typical value for a
> +.Nm
> +boot is
> +.Va mountcritremote ,
> +however your needs may be different.
> +.Pp
>  The scripts provide four
That looks OK as well.

> Suggestions for improvements are welcome, it's been a long day.
>
> >OK.  I might make rcconf.sh into a no-op that provides rcconf in the
> >first commit and remove it for real in a day or so to make it easier to
> >debug any inadvertent issues that result from increasing the number of
> >scripts with no dependencies.
>
> Yeah, not only is this a factor, but I also failed to take into account
> another critical element. rcorder needs at least one script without any
> REQUIRE lines to know where to start. Right now that's rcconf.sh by
> design, but I think we need to replace that, rather than just delete
> rcconf.sh. This is one of the few times when I think a dummy dependency
> would be useful. I propose that I add a dummy dependency called START, and
> change everything that currently depends on rcconf to depend on START
> instead. Sound good?
I'm not sure you actually need a dummy.  NetBSD just lets early things
have no REQUIRE lines (for instance cdd only contains "PROVIDE:
disks").  There's no requirement that the tree have a single top.

> BTW, I noticed that there are several scripts that have no REQUIRE or
> nostart. Should those be updated? They are: ccd, gbde, mixer, and
> securelevel.

mixer is broken and should REQUIRE on cleanvar.  The ccd script probably
doesn't depend on anything but the obsolete rcconf.sh (which it
currently gets from initrandom's BEFORE: disks), but gbde may depend on
initrandom (I haven't read the code).  I might just let initrandom take
the top slot. securelevel is just plain wrong in the current setup.  If
it's going to do any good, it needs to come much earlier (NetBSD has it
BEFORE: DAEMON which makes sense if it's supposed to secure your system
from bad guys.)  Right now it's in the noise at the end of the list due
to a whole lot of IMO rather bogus BEFORE: securelevel entries.

-- Brooks

--
Any statement of the form "X is the one, true Y" is FALSE.
PGP fingerprint 655D 519C 26A7 82E7 2529  9BF0 5D8E 8BE9 F238 1AD4

attachment0 (196 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: For Review: Latest update to rcorder patch

dougb
Brooks Davis wrote:
> On Sat, Dec 10, 2005 at 12:56:55AM -0800, Doug Barton wrote:

Thanks for the review on the man page stuff.

>>> OK.  I might make rcconf.sh into a no-op that provides rcconf in the
>>> first commit and remove it for real in a day or so to make it easier to
>>> debug any inadvertent issues that result from increasing the number of
>>> scripts with no dependencies.
>> Yeah, not only is this a factor, but I also failed to take into account
>> another critical element. rcorder needs at least one script without any
>> REQUIRE lines to know where to start. Right now that's rcconf.sh by
>> design, but I think we need to replace that, rather than just delete
>> rcconf.sh. This is one of the few times when I think a dummy dependency
>> would be useful. I propose that I add a dummy dependency called START, and
>> change everything that currently depends on rcconf to depend on START
>> instead. Sound good?
>
> I'm not sure you actually need a dummy.  NetBSD just lets early things
> have no REQUIRE lines (for instance cdd only contains "PROVIDE:
> disks").  There's no requirement that the tree have a single top.

Hrrrm ... ok. I removed rcconf.sh and all it's REQUIRE lines, and nothing
changed in the order. David O'Brien added a BEFORE: initrandom to dumpon so
that it would be easier to debug panics related to it, and I don't see any
reason to change that, so I think we're set there.

>> BTW, I noticed that there are several scripts that have no REQUIRE or
>> nostart. Should those be updated? They are: ccd, gbde, mixer, and
>> securelevel.
>
> mixer is broken and should REQUIRE on cleanvar.  The ccd script probably
> doesn't depend on anything but the obsolete rcconf.sh (which it
> currently gets from initrandom's BEFORE: disks), but gbde may depend on
> initrandom (I haven't read the code).  I might just let initrandom take
> the top slot. securelevel is just plain wrong in the current setup.  If
> it's going to do any good, it needs to come much earlier (NetBSD has it
> BEFORE: DAEMON which makes sense if it's supposed to secure your system
> from bad guys.)  Right now it's in the noise at the end of the list due
> to a whole lot of IMO rather bogus BEFORE: securelevel entries.

Ok. Changing mixer is an easy call (and ironically pushes it further down
the order), but I'm not comfortable changing the others. Things work as they
are, even if it is by accident, and I don't want to be the one who breaks it. :)

Doug


--

     This .signature sanitized for your protection

_______________________________________________
[hidden email] mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-rc
To unsubscribe, send any mail to "[hidden email]"