netbsd-bugs: Re: bin/35188: pf(4) configuration issues in default install

Subject: Re: bin/35188: pf(4) configuration issues in default install
To: None <gnats-admin@netbsd.org, netbsd-bugs@netbsd.org, lukem@NetBSD.org>
From: Peter Postma <peter@pointless.nl>
List: netbsd-bugs
Date: 12/17/2006 14:45:03

The following reply was made to PR bin/35188; it has been noted by GNATS.

From: Peter Postma <peter@pointless.nl>
To: gnats-bugs@NetBSD.org
Cc: lukem@NetBSD.org
Subject: Re: bin/35188: pf(4) configuration issues in default install
Date: Sun, 17 Dec 2006 15:43:29 +0100

 On Tue, Dec 05, 2006 at 10:45:01AM +0000, lukem@NetBSD.org wrote:
 > >Number:         35188
 > >Category:       bin
 > >Synopsis:       pf(4) configuration file issues in default install
 > >Confidential:   no
 > >Severity:       non-critical
 > >Priority:       low
 > >Responsible:    bin-bug-people
 > >State:          open
 > >Class:          change-request
 > >Submitter-Id:   net
 > >Arrival-Date:   Tue Dec 05 10:45:00 +0000 2006
 > >Originator:     Luke Mewburn
 > >Release:        -current as at 20061205
 > >Organization:
 > >Environment:
 > >Description:
 > 
 >     1. /etc/pf.conf is an optional file.
 > 
 > 	A fresh install of NetBSD has /etc/pf.conf.
 > 	This is not necessary to use NetBSD out of the box.
 > 
 > 	As a sample file, it should be in /usr/share/examples/pf/.
 > 
 > 	postinstall(8) should not be copying in this file
 > 	if it does not exist.
 > 
 
 It's indeed optional, like many other files in /etc.  I'm not sure if
 it's a good idea to move it now, since we've shipped 3.0 with /etc/pf.conf.
 
 > 
 >     2. /etc/pf.os could have 444 permissions ?
 > 
 > 	pf.os appears to be a static configuration file that (generally)
 > 	doesn't get updated by the end-user.
 > 	Should it be installed 444 instead of 644?
 > 
 > 	If so, usr.sbin/pf/etc/Makefile and postinstall(8) will need 
 > 	to be updated.
 > 
 
 Yes, it's usually not updated by the end-user, so I concur with this
 proposol.
 
 > 
 >     3.	If /etc/pf.os is a vendor file, postinstall(8) should always upgrade
 > 
 > 	Should we be treating /etc/pf.os as a "static" vendor-provided
 > 	configuration file?
 > 	I.e., one that the vendor updates, similar to a /etc/rc.d/,
 > 	/etc/defaults/, and the like.
 > 
 > 	If so, postinstall(8) should use compare_dir() instead of
 > 	populate_dir() for this file.
 > 
 
 Ok.
 
 > 
 >     4. /etc/mtree/special should monitor /etc/pf*
 > 
 > 	/etc/mtree/special should have entries for pf.conf and pf.os.
 > 
 > 	In light of (1.) above, pf.conf would be tagged "optional".
 > 
 
 Yes, it should be added.
 
 -- 
 Peter Postma