diff options
| author | Devin Teske <dteske@FreeBSD.org> | 2013-12-07 00:31:01 +0000 |
|---|---|---|
| committer | Devin Teske <dteske@FreeBSD.org> | 2013-12-07 00:31:01 +0000 |
| commit | d4ae33f0721c1b170fe37d97e395228ffcfb3f80 (patch) | |
| tree | 2bf3a34e8912087de92cb6b8e1a3cdfe286c7877 /usr.sbin/bsdconfig/security | |
| parent | 914afe13c2ceb9bc2f333c0e7c887c520c3c6cb5 (diff) | |
| download | src-d4ae33f0721c1b170fe37d97e395228ffcfb3f80.tar.gz src-d4ae33f0721c1b170fe37d97e395228ffcfb3f80.zip | |
Performance and debugging enhancements:
+ Remove UNAME_P=$(...) from startup/misc -- already supplied by common.subr
+ Use f_getvar instead of $(eval echo \$$var) -- f_getvar is sub-shell free
+ Add `-e' and `-k var' options to f_eval_catch -- increasing use-cases
+ Use f_eval_catch to display errors on failure -- reducing duplicated code
+ Use f_eval_catch when we need output from a command -- improving debugging
+ Optimize f_isinter of strings.subr for performance -- now sub-shell free
+ Improve error checking on pidfiles -- using f_eval_catch and f_isinteger
+ Use $var_to_set arg of f_ifconfig_{inet,netmask} -- eliminate sub-shells
+ Use f_sprintf instead of $(printf ...) -- consolidate sub-shells
+ Use $var_to_set arg of f_route_get_default -- eliminate sub-shells
+ Add f_count to replace $(set -- ...;echo $#) -- eliminate sub-shells
+ Add f_count_ifs to replace $(IFS=x;set -- ...;echo $#) -- no sub-shells
+ Replace var="$var${var:+ }..." in loops with var="$var ..." with a follow-
up var="${var# }" to trim leading whitespace -- optimize loops
+ Use $var_to_set arg of f_resolv_conf_nameservers -- eliminate sub-shells
+ Comments for the f_eval_catch function
+ Remove a duplicate `local ... desc ...' in f_device_get_all of device.subr
+ Use $var_to_set arg of f_device_capacity -- eliminate sub-shells
+ Whitespace fixes in f_dialog_init of dialog.subr
+ Optimize f_inet_atoi of media/tcpip.subr for performance -- sub-shell free
+ In several cases, send stderr to /dev/null -- clean up runtime execution
+ Change f_err of common.subr to go to program stderr not terminal stderr,
allowing redirection of output from functions that use f_err
+ Disable debugging when using f_getvar to get variable argument to
f_startup_rcconf_map_expand of startup/rcconf.subr
+ Use f_replace_all instead of $(echo ... | tr | sed) -- performance
+ Add a $var_to_set option to f_index_{file,menusel_{command,keyword}} of
common.subr -- centralize sub-shells
Notes
Notes:
svn path=/head/; revision=259054
Diffstat (limited to 'usr.sbin/bsdconfig/security')
| -rwxr-xr-x | usr.sbin/bsdconfig/security/kern_securelevel | 25 | ||||
| -rwxr-xr-x | usr.sbin/bsdconfig/security/security | 10 |
2 files changed, 22 insertions, 13 deletions
diff --git a/usr.sbin/bsdconfig/security/kern_securelevel b/usr.sbin/bsdconfig/security/kern_securelevel index cce2ef0cdf62..9aa79b7de8f7 100755 --- a/usr.sbin/bsdconfig/security/kern_securelevel +++ b/usr.sbin/bsdconfig/security/kern_securelevel @@ -40,8 +40,8 @@ f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr SECURELEVEL_HELPFILE=$BSDCFG_LIBE/$APP_DIR/include/securelevel.hlp -ipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ) -[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm" +f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm && + pgm="${ipgm:-$pgm}" ############################################################ FUNCTIONS @@ -143,19 +143,26 @@ done case "$mtag" in "$msg_disabled") - f_sysrc_set kern_securelevel_enable "NO" + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable NO' || f_die ;; "$msg_secure") - f_sysrc_set kern_securelevel_enable "YES" - f_sysrc_set kern_securelevel "1" + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable YES' || f_die + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel 1' || f_die ;; "$msg_highly_secure") - f_sysrc_set kern_securelevel_enable "YES" - f_sysrc_set kern_securelevel "2" + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable YES' || f_die + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel 2' || f_die ;; "$msg_network_secure") - f_sysrc_set kern_securelevel_enable "YES" - f_sysrc_set kern_securelevel "3" + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel_enable YES' || f_die + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set kern_securelevel 3' || f_die ;; *) f_die 1 "$msg_unknown_kern_securelevel_selection" diff --git a/usr.sbin/bsdconfig/security/security b/usr.sbin/bsdconfig/security/security index 72489827d187..e045ad8a2027 100755 --- a/usr.sbin/bsdconfig/security/security +++ b/usr.sbin/bsdconfig/security/security @@ -38,8 +38,8 @@ f_include $BSDCFG_SHARE/sysrc.subr BSDCFG_LIBE="/usr/libexec/bsdconfig" APP_DIR="130.security" f_include_lang $BSDCFG_LIBE/$APP_DIR/include/messages.subr -ipgm=$( f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ) -[ $? -eq $SUCCESS -a "$ipgm" ] && pgm="$ipgm" +f_index_menusel_keyword $BSDCFG_LIBE/$APP_DIR/INDEX "$pgm" ipgm && + pgm="${ipgm:-$pgm}" ############################################################ FUNCTIONS @@ -162,9 +162,11 @@ while :; do "2 ["?"] $msg_securelevel") # Configure securelevels for the system $BSDCFG_LIBE/$APP_DIR/kern_securelevel ${USE_XDIALOG:+-X} ;; "3 [X] $msg_nfs_port") # Require that NFS clients use reserved ports - f_sysrc_set nfs_reserved_port_only "NO" ;; + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set nfs_reserved_port_only NO' ;; "3 [ ] $msg_nfs_port") # Same; Toggle value - f_sysrc_set nfs_reserved_port_only "YES" ;; + f_eval_catch "$0" f_sysrc_set \ + 'f_sysrc_set nfs_reserved_port_only YES' ;; *) f_die 1 "$msg_unknown_security_menu_selection" esac |