New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Change: Make paths bundle dynamic #339
Change: Make paths bundle dynamic #339
Conversation
DO NOT MERGE: THIS IS ONLY FOR CONSIDERATION AND FEEDBACK Instead of having a list of each path that we want to know about we could find bins based on a pre defined path, just like PATH behaves on the cli. This is risky, possibly too risky. I am unsure if this is offset by making the paths bundle more usable. Additionally some bins have characters in the name that make them generate erros. This could probably be worked around. Currently this implementation relies on GNU find. That may be an unacceptable dependancy.
Get PATH from def.cf? |
Perl instead of find? |
Very nice. I would suggest removing the dependency on GNU find by using only standard find, but post-processing the output with perl (also a dependency, but arguably a more common one). The find command could be rewritten like this (untested in CFEngine, but I tested the command on my shell):
The index errors for weird characters could also be fixed by munging $2 before using it in the Perl snippet. |
If I'm going to hit Perl, maybe the find should be done in Perl as well. |
Nice. I do not like the dependency on Perl. Just use the find utility it is installed on most platforms |
Unfortunately |
@dannysauer may have a comment (from his help-cfengine post) :) |
I feel like I shouldn't just leave Ted hanging, since he took the time to tag me. :)
However, as a coworker found on Friday (while debugging our code which builds the audit policy we use), the "[" binary on a bunch of platforms will cause problems in CFEngine arrays like this. So, that's something to keep in mind with anything that dynamically builds arrays based on the contents of /usr/bin. So, to handle that specific case...
Personally, I like the idea of expanding findfiles as an even better option (though I'd rather see find_files just support naming a file_select body as one optional argument and allow CFEngine's file select capabilities to filter it rather than adding a bunch of arguments). :) |
How about using the same approach as in https://github.com/cfengine/core/blob/master/tests/acceptance/dcs.cf.sub, which is tested and proven on all platforms we support? |
@kacfengine listing all the possible executables is a losing proposition. Different users need different paths, from @dannysauer if you're on 3.6, consider generating JSON data to avoid making a new variable for every array entry. The module protocol supports it. I also agree the |
Can one of the admins verify this patch? |
I think this should be prioritized, it would make life easier. I would use |
I tried again for a bit to use findfiles()
|
How is find any different that setting a path? |
I'm wondering if we do really want this feature if it would be best implemented in the C as a language level feature. body agent control body command_paths no_paths Current behavior} body command_paths common_paths first one winssearch_path => {} I don't know. |
IMO the path list source should be a special environment variable, not
output (note the first searched path wins):
IMO it's not necessary to check for executable bits. This is fairly slow currently with large lists. Also, IMVHO, the proper way to speed up this and many other use cases is to implement variable persistence, like we have classes persistence. It's a common need and writing C code just for dynamic paths seems suboptimal. |
ENV would have to be set in policy as well wouldn't it? Without persistent variables currently, couldn't we cache this list of files in $(workdir)/state/paths.cache or something only regenerating that file when the software cache has changed? |
The user can choose to set the environment externally or from policy... I think caching this list would work, just save it in a JSON file. It's not great but would work, especially if the |
If ENV can be modified from outside the agent I would not use that, at least by default. Perhaps a commented out example. |
The choice of the environment variable is up to the user. If you don't want it to be externally configurable, just make it a static slist in |
Created a feature ticket for a native implementation here: https://dev.cfengine.com/issues/6915 Please continue the discussion there, as this pull request will not be merged anyway. |
DO NOT MERGE: THIS IS ONLY FOR CONSIDERATION AND FEEDBACK
Instead of having a list of each path that we want to know about we could find
bins based on a pre defined path, just like PATH behaves on the cli.
This is risky, possibly too risky. I am unsure if this is offset by making the
paths bundle more usable.
Additionally some bins have characters in the name that make them generate
erros. This could probably be worked around.
Currently this implementation relies on GNU find. That may be an unacceptable
dependancy.