[Firewall] On dash and plugins

Philip A. Prindeville philipp_subx at redfish-solutions.com
Mon Mar 8 00:35:18 CET 2010

I understand that it's a goal to have AIF (the core package) run on a
broad number of Linux platforms...

However, not every plugin will run everywhere.  Not everyone builds
their system with nf_conntrack_sip, for instance, so the sip-voip plugin
might not work everywhere.

We've mandated that the scripts run with "dash", and I wonder if we
shouldn't treat the question of what shell is being used the same way
that we handle the question of whether "tail", "logger", "dig", or
anything else is present.

Indeed, the argument made has been that "not all systems come with
bash", and making them rely on bash is unjustified "bloat".

Well, maybe.

Maybe not.  There are things I can do in Bash with:


that I would need awk, cut, sed, and tr to accomplish the equivalent! 
And even then, there's the question of, "which version of awk"?  Do I
have to work about it being Posix Awk, gawk, or nawk?

And for 'tr', do I have to worry about how LC_LOCALE and LANG or CHARSET
might affect the script running?  Is it a Posix compliant version of
'tr' that understands [:alpha:] for instance, or do I have to write

So the requirement of being dash over bash compliant is a false economy,
and in the end introduces a lot more dependencies and ambiguities than
allowing plugins to be Bash compliant.

Indeed, no dependencies are eliminated be making plugins be Dash
compliant: those dependencies are merely pushed on other utilities (like
awk, cut, sed, and tr, for instance).

Just food for thought.

I'd suggest adding a way that plugins can flag themselves as being
"bash" only, and having the installer not install them on dash-only systems.

For all we know, for instance, the persons running Dash might not even
need the functionality of the plugins that require Bash.

Food for thought.


More information about the Firewall mailing list