Bug#552144: cfengine3: Please keep on the promises given in README.Debian ;)

Fri, 23 Oct 2009 10:50:38 -0700 

Package: cfengine3
Version: 3.0.2+dfsg-1
Severity: normal


Hi!

Thanks  for packaging v3 of cfengine! I've been using cfengine2 for a while on
some other systems, but for a new one decided to give a try to the 3rd version.
Since it is a complete rewrite and configuration is different, it takes a bit
of time to get off the ground.  Therefor I first consulted README.Debian of
cause ;)

Per README.Debian:

if you want to test that everything is
working you can do:

cp /usr/share/doc/cfengine3/examples/* /etc/cfengine3/
/etc/init.d/cfengine3 start

BUT:

1. please avoid compressing .cf files with dh_compress -X.cf

r...@head1:/etc/cfengine3# ls /usr/share/doc/cfengine3/examples/*gz
/usr/share/doc/cfengine3/examples/site.cf.gz

2. adjust the paths in the example configs to reflect Debian-specifics outlined
   in README.Debian

r...@head1:/etc/cfengine3# zgrep -e /var/cfengine -e /usr/local 
/usr/share/doc/cfengine3/examples/*
/usr/share/doc/cfengine3/examples/library.cf:      
"0,5,10,15,20,25,30,35,40,45,50,55 * * * * /var/cfengine/bin/cf-execd -F";
/usr/share/doc/cfengine3/examples/update.cf: "master_location" string => 
"/var/cfengine/masterfiles";
/usr/share/doc/cfengine3/examples/update.cf:  "/var/cfengine/inputs" 
/usr/share/doc/cfengine3/examples/update.cf:  "/var/cfengine/bin" 
/usr/share/doc/cfengine3/examples/update.cf:    copy_from => 
mycopy("/usr/local/sbin","localhost"),

3. Don't advise such a simple action and copy/start, since it might do
evil things and possibly open-up to evil people:

e.g.

bundle edit_line resolver

{
vars:

 "search" slist => { "search cfengine.com" };
...


roles:

  ".*"  authorize => { "mark" };
...


or even worse, if path gets adjusted and rule executed:

  "/var/cfengine/bin"

    perms => u_p("700"),
    copy_from => mycopy("/usr/local/sbin","localhost"),
    depth_search => recurse("inf"),
    action => immediate;


THANK you in advance!  I guess now I will go and check up/change more to
actually get it running ;)

-- System Information:
Debian Release: squeeze/sid
  APT prefers unstable
  APT policy: (901, 'unstable'), (900, 'testing'), (300, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 2.6.31.2-rt13-1-amd64 (SMP w/2 CPU cores; PREEMPT)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to