On 21/03/11 5:56 AM, Daniel Pittman wrote:
Hey. I love the basic change, but have a few semantic questions that I
hope you can answer more quickly than I could by reading the augeas
source.
Is augeus creating these temporary files in a way that is safe against
symlink attacks and similar security issues?
I'm not familiar with the Augeas source, so I don't know. I'll need to
look as well.
Am I correct in understanding that we are writing a temporary copy for
the diff, then rewriting the change to the real file separately?
Yes
If so, could we instead use "rename" to avoid the costly parse/write
cycle being run twice per file?
Probably, my concern would be the maintenance of file permissions,
timestamps etc.
I'll have a look and see about reworking the patch to do a "rename"
Cheers
Regards,
Daniel
--
Puppet Labs Developer –http://puppetlabs.com
Daniel Pittman <dan...@puppetlabs.com <mailto:dan...@puppetlabs.com>>
Contact me via gtalk, email, or phone: +1 (877) 575-9775
Sent from a mobile device. Please forgive me if this is briefer than
usual.
On Mar 18, 2011 5:11 AM, "Michael Knox" <michael.knox.au
<http://michael.knox.au>@gmail.com <http://gmail.com>> wrote:
> From: Michael Knox <m...@sysam.com.au <mailto:m...@sysam.com.au>>
>
> Utilising Augeas's SAVE_NEWFILE mode (similar to augtool -n) to
> determine the changes that will be made be made by Augeas.
> Output a unified diff to info
>
> Signed-off-by: Mike Knox <michael.knox.au
<http://michael.knox.au>@gmail.com <http://gmail.com>>
> ---
> lib/puppet/provider/augeas/augeas.rb | 12 ++++++++++--
> 1 files changed, 10 insertions(+), 2 deletions(-)
>
> diff --git a/lib/puppet/provider/augeas/augeas.rb
b/lib/puppet/provider/augeas/augeas.rb
> index 427d997..7a8b4d1 100644
> --- a/lib/puppet/provider/augeas/augeas.rb
> +++ b/lib/puppet/provider/augeas/augeas.rb
> @@ -22,6 +22,7 @@ require 'strscan'
>
> Puppet::Type.type(:augeas).provide(:augeas) do
> include Puppet::Util
> + include Puppet::Util::Diff
>
> confine :true => Puppet.features.augeas?
>
> @@ -29,6 +30,8 @@ Puppet::Type.type(:augeas).provide(:augeas) do
>
> SAVE_NOOP = "noop"
> SAVE_OVERWRITE = "overwrite"
> + SAVE_NEWFILE = "newfile"
> + SAVE_BACKUP = "backup"
>
> COMMANDS = {
> "set" => [ :path, :string ],
> @@ -286,14 +289,19 @@ Puppet::Type.type(:augeas).provide(:augeas) do
> # actually do the save.
> if return_value and get_augeas_version >= "0.3.6"
> debug("Will attempt to save and only run if files changed")
> - set_augeas_save_mode(SAVE_NOOP)
> + set_augeas_save_mode(SAVE_NEWFILE)
> do_execute_changes
> save_result = @aug.save
> - saved_files = @aug.match("/augeas/events/saved")
> + saved_files = @aug.get("/augeas/events/saved")
> if save_result and not files_changed?
> debug("Skipping because no files were changed")
> return_value = false
> else
> + saved_files.each do |tmp_file|
> + saved_file = tmp_file.sub(/^\/files/, '')
> + info(diff(saved_file, saved_file + ".augnew"))
> + File.delete(saved_file + ".augnew")
> + end
> debug("Files changed, should execute")
> end
> end
> --
> 1.7.3.5
>
> --
> You received this message because you are subscribed to the Google
Groups "Puppet Developers" group.
> To post to this group, send email to puppet-dev@googlegroups.com
<mailto:puppet-dev@googlegroups.com>.
> To unsubscribe from this group, send email to
puppet-dev+unsubscr...@googlegroups.com
<mailto:puppet-dev%2bunsubscr...@googlegroups.com>.
> For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
>
--
You received this message because you are subscribed to the Google
Groups "Puppet Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
--
You received this message because you are subscribed to the Google Groups "Puppet
Developers" group.
To post to this group, send email to puppet-dev@googlegroups.com.
To unsubscribe from this group, send email to
puppet-dev+unsubscr...@googlegroups.com.
For more options, visit this group at
http://groups.google.com/group/puppet-dev?hl=en.
