To simplify maintenance of a carp firewall cluster, I setup system
replication with rdist(1), which works rather nicely with one notable
exception where cmdspecial fires even when there are no updated files.
It is the only instance of cmdspecial that misfires, it is also the
only instance that specifies globbing explicitly.
If this is known (or a feature), where is it documented? If this is a
bug, how do I go about tracking it down?
Relevant parts of Distfile:
(Yes, there is a bunch of pf.conf* files in addition to the main one --
each logical function of the firewall is in its own anchor loaded via a
separate pf.conf.<anchor> file.)
NOTIFY = ( root ad...@bitwise.net )
SAVED = ( \\.OLD\$ ) # previously saved
TRASH = ( \\..*\\.swp\$ ~\$ ) # vim junk
USERS = ( /etc/{master.passwd,passwd,{,s}pwd.db} )
LOCAL = ( myname hostname.* ssh/ssh_host_*key* *.orig
disklabels dumpdates iked isakmpd rndc.key )
etc:
/etc -> ${HOSTS}
install -compare,savetargets,updateperm,younger ;
notify ( ${NOTIFY} ) ;
except ( /etc/${LOCAL} ${USERS} ) ;
except_pat ( ${TRASH} ${SAVED} ) ;
cmdspecial ( /etc/pf.conf* ) "/sbin/pfctl -f /etc/pf.conf" ;
special /etc/relayd.conf "/usr/sbin/relayctl reload" ;
special /etc/syslogd.conf "/etc/rc.d/syslogd reload" ;
special /etc/inetd.conf "/etc/rc.d/inetd reload" ;
special /etc/ntpd.conf "/etc/rc.d/ntpd restart" ;
special /etc/ssh/sshd_config "/usr/sbin/sshd -qt
&& /etc/rc.d/sshd reload
|| mv -f \$FILE.OLD \$FILE" ;
