From: Phil Sutter <phil@nwl.cc>
To: Arturo Borrero Gonzalez <arturo@netfilter.org>
Cc: Pablo Neira Ayuso <pablo@netfilter.org>, netfilter-devel@vger.kernel.org
Subject: Re: [nft PATCH 1/2] files: Drop shebangs from config files
Date: Tue, 12 Nov 2019 12:36:41 +0100 [thread overview]
Message-ID: <20191112113641.GA11663@orbyte.nwl.cc> (raw)
In-Reply-To: <99bf1a8a-96e9-3ad6-bef4-3defe0da951b@netfilter.org>
Hi Arturo,
On Tue, Nov 12, 2019 at 12:15:07PM +0100, Arturo Borrero Gonzalez wrote:
> On 11/7/19 12:45 PM, Phil Sutter wrote:
> > These are not meant to be executed as is but instead loaded via
> > 'nft -f' - all-in-one.nft even points this out in header comment.
> > While being at it, drop two spelling mistakes found along the way.
> >
> > Consequently remove executable bits - being registered in automake as
> > dist_pkgsysconf_DATA, they're changed to 644 upon installation anyway.
> >
> > Also there is obviously no need for replacement of nft binary path
> > anymore, drop that bit from Makefile.am.
>
> If you drop the shebang, the shell may not know how to execute these files. Why
> not executing them with the python interpreter instead of `nft -f`?
Even without dropping it, shell won't execute them because we don't
install them with executable bit set.
> As pablo commented, the intention was to allow simple use cases like:
>
> root@server:~# ./load-my-ruleset.nft
>
> This use case would still be allowed after this patch but it would be a little
> less obvious (less examples). So I'm not sure about ACK'ing this patch.
While it is inconvenient for users to set the file executable first,
adding a shebang is certainly beyond that. IMO, we basically have two
options:
A) Apply my patch and stick to all-in-one.nft's header comment ("This
script is meant to be loaded with `nft -f <file>`").
B) Ignore my patch and declare the configs as dist_pkgsysconf_SCRIPTS
(untested) so they are installed with executable bit set.
Personally I find it awkward to directly execute files in /etc other
than sysv init scripts, hence why I prefer (A). For an example of "real"
nft scripts, there are the samples in files/examples/ which get
installed into $docdir/examples/ with executable bit set if my other
patch is applied.
But for me, (B) is fine as well. I just think we should be consistent.
:)
Cheers, Phil
next prev parent reply other threads:[~2019-11-12 11:36 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2019-11-07 11:45 [nft PATCH 1/2] files: Drop shebangs from config files Phil Sutter
2019-11-07 11:45 ` [nft PATCH 2/2] files: Install sample scripts from files/examples Phil Sutter
2019-11-07 12:06 ` Pablo Neira Ayuso
2019-11-07 12:27 ` Phil Sutter
2019-11-12 11:10 ` Arturo Borrero Gonzalez
2019-11-18 18:43 ` Pablo Neira Ayuso
2019-11-12 11:15 ` [nft PATCH 1/2] files: Drop shebangs from config files Arturo Borrero Gonzalez
2019-11-12 11:36 ` Phil Sutter [this message]
2019-11-12 12:08 ` Arturo Borrero Gonzalez
2019-11-18 18:42 ` Pablo Neira Ayuso
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191112113641.GA11663@orbyte.nwl.cc \
--to=phil@nwl.cc \
--cc=arturo@netfilter.org \
--cc=netfilter-devel@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.