Re: Moving rc.d scripts to base.tgz

[David Holland <dholland-tech%netbsd.org@localhost>]

On Thu, Apr 14, 2011 at 05:37:34PM +0100, Julio Merino wrote:
 > > I know it will raise a storm of protest but I would actually like to
 > > see all the shell input in /etc move to a different directory to make
 > > it easier to build systems secured in this way without resorting to
 > > much more complicated solutions such as veriexec.

I agree (in general); configuration should not be Turing-complete.
However, getting there is not going to be trivial.

 > I actually explicitly avoided mentioning moving the files, but it was
 > in my mind :-)  That said, your goal is different than mine (don't get
 > me wrong; I think it's a worthy goal as well).

Please don't shift the files to base.tgz without moving them out of
/etc. The only things that should be in /etc are configuration files
intended to be edited by sysadmins.

(yes, I know there are various other things we have in /etc that don't
belong there by this standard. these are bugs.)

 > I presume moving the files and installing some compatibility symlinks
 > (for one or two releases) would please some protesters.  That said...
 > you can move rc out of /etc, but what do you do with rc.conf?  It is
 > just a shell script...

/libexec. Which is also where /etc/{daily,weekly,monthly,security}
should be, as there hasn't AFAIK been any valid reason for sysadmins
to edit those in a long time.

Anyhow, you can just move the whole pile of rc scripts to /sbin/rc.d;
there's no need for symlinks or other tootling around. Suitable
postinstall logic will take care of anyone who has local mods.

Why would you need or want symlinks anyway? Just to avoid retraining
your fingers? It's easy enough to type /sbin/rc.d/foo instead of
/etc/rc.d/foo, and anyone who gets tired of remembering which one to
type on which machine can easily install their own (one) symlink.  Or
we could add a "service" script that does 'SERVICE=$1; shift; exec
/sbin/rc.d/$SERVICE "$@"'.

However, before you can do any of this you must address the two
reasons /etc/rc.d is still considered configuration:

1. It is currently necessary to edit the rc scripts if you need to
fiddle with the ordering.

2. The recommended method for usin pkgsrc (and local) rc scripts is
still to copy them into /etc/rc.d.

I have a rewritten rcorder(8) (rewritten to tackle other issues) that
may help with both these points, if you'd like to take charge of it.
Or maybe I should just commit it.

-- 
David A. Holland
dholland%netbsd.org@localhost