On 4/1/07, Thomas Bächler <thomas@archlinux.org> wrote:
Hi James,
I am not saying I don't appreciate your work, but I am posting here to point out a few things I don't like about our old and new network scripts (more for general discussion than related to your specific efforts):
A network "profile" is always only one interface. I'd expect a profile to be several interfaces that are activated all at once and are sort of tied together (I didn't read your latest version yet, did you already add such a thing?).
That leads me to the second: While configuration via bash-script is easy for the programmer (you can simply parse it via 'source'), it is unsafe and becomes rather complicated when features are added. Especially when we want more than one interface in a profile, it becomes messy. I would suggest a inifile-like configuration style where each section '[foo]' marks an interface. This is much more readable to the user and allows more flexibility but itis not as easy to work with.
Last but not least, invoking our netcfg tool from a GUI or any other external application is not optimal. netcfg is a shell script, but IMO should be a library. We could then have proper bindings to C/C++/python and so on. Also, when it becomes more complicated, writing bash becomes ugly very fast.
I actually started a little C++ implementation of the above ideas, but got lost in bison/flex soon (anyone wanna give me a crash course on how to do it right? I have a parser that works good enough so I can start experimenting, but nothing fool-proof). I may or may not continue this work soon. The current state is this: Nothing works, I have many ideas, a highly experimental framework and hopefully some free time soon.
Open for discussion :)
I think getting too complex with configuration tools is not the best idea. I do, however agree that the profile-to-interface mapping should be a one-to-many mapping. Regarding the "using bash is unsafe" thing, you could say that's true only if this person making it "unsafe" has root access - if it is the owner, it's their fault if they make something unsafe. If it is a third party, you have more problems than just network configuration being unsafe. Also, if bash is unsafe, we need to rewrite rc.conf, makepkg, and probably a hundred other utilities. Dan and I might be willing to accept patches for a binary makepkg, so feel free.