WIRED: Critical Code in Millions of Macs Isn’t Getting Apple’s Updates

Critical Code in Millions of Macs Isn’t Getting Apple’s Updates
WIRED

Researchers dug into the deep-seated, arcane code in Apple machines known as EFI, and found it’s often dangerously neglected. Read the full story

Shared from Apple News

GreenRush General Stores Worldwide Net

2 thoughts on “WIRED: Critical Code in Millions of Macs Isn’t Getting Apple’s Updates”

  1. ?Custom made facts walkthrough
    Personalized facts
    Increase Facter by producing your have personalized facts to offer material to Puppet.
    Adding customized facts to Facter
    Now and then you must have to be able to put in writing conditional expressions determined by site-specific facts that just isn’t presented by means of Facter, or perhaps you’d like to include it within a template.
    Since you can’t include arbitrary Ruby code into your manifests, the top remedy is to include a new fact to Facter. These increased facts can then be distributed to Puppet clients and are accessible for use in manifests and templates, just like any other fact would be.
    Note: Facter 3.0 removed the Ruby implementations of some capabilities and replaced them that has a personalized facts API. Any personalized fact that requires 1 in the Ruby information previously stored in lib/facter/util will fail by having an error. For even more knowledge, see the Facter 3.0 release notes .
    The concept
    You’ll insert new facts by creating snippets of Ruby code around the Puppet master. Puppet then works by using Plugins in Modules to distribute the facts to the client.
    Loading custom made facts
    Facter presents two or three methods of loading facts:
    $LOAD\_PATH. or the Ruby library load path
    The –custom-dir command line option.
    The environment variable ‘FACTERLIB’
    You can easlily use these methods of loading facts to do things like examination information locally before distributing them, or else you can arrange to have a targeted list of facts offered on certain machines.
    Making use of the Ruby load path
    Facter searches all directories on the Ruby $LOAD_PATH variable for subdirectories named ‘facter’, and loads all Ruby documents in those directories. As soon as you had some directory with your $LOAD_PATH like
    /lib/ruby. established like this:
    Facter would try to load ‘facter/system_load.rb’, ‘facter/users.rb’, and ‘facter/rackspace.rb’.
    By means of the –custom-dir command line option
    Facter can take a wide range of –custom-dir methods within the command line that specifies only one directory to search for tailor made facts. Facter attempts to load all Ruby documents inside specified directories. This makes it possible for you to definitely do something like this:
    Making use of the FACTERLIB environment variable
    Facter also checks the environment variable FACTERLIB for a delimited (semicolon for Windows and colon for all other platforms) list of directories, and tries to load all Ruby data files in those directories. This will allow for you to definitely do something like this:
    Note: Changes in built-in pluginsync guidance in Facter 3
    Facter two.four deprecated Facter’s service for loading facts by means of Puppet’s pluginsync (the -p option), and Facter 3.0.0 removed the -p option. However, we reversed this decision in Facter 3.0.two and re-enabled the -p option. For details about up-to-date and upcoming assist for this option, see the Facter 3.0.two release notes .
    Two parts of every fact
    Setting aside external facts for now, most facts have at least two aspects:
    A call to Facter.include(‘fact_name’). which determines the name within the fact
    A setcode statement for painless resolutions, which is evaluated to determine the fact’s value.
    Facts can get a lot significantly more complicated than that, but those two together are just about the most frequent implementation of the personalized fact.
    Executing shell commands in facts
    Puppet gets data about a platform from Facter, and also the most widespread way for Facter to get that guidance is by executing shell commands. You possibly can then parse and manipulate the output from those commands by means of standard Ruby code. The Facter API gives you a number of ways to execute shell commands:
    If all you must do is run the command and make use of the output, verbatim, as your fact’s value, you’ll be able to pass the command into setcode directly. For example: setcode ‘uname –hardware-platform’
    If your fact is further complicated than that, you’re able to call Facter::Core::Execution.exec(‘uname –hardware-platform’) from in just the setcode do … conclude block. As always, whatever the setcode statement returns is put into use given that the fact’s value.
    In any case, remember that your shell command is additionally a Ruby string, so you’ll have to have to escape special characters if you should plan to pass them through.
    It is important to note that not everything that will work inside terminal will show results within a fact . You might make use of the pipe ( | ) and similar operators as you normally would, but Bash-specific syntax like if statements will not give good results. The easiest way to handle this limitation is to jot down your conditional logic in Ruby.
    Example
    Let’s say you want to get the output of uname –hardware-platform to one out a specified type of workstation. To do this, you would design a new tailor made fact. Commence by giving the fact a name, within this case, hardware_platform. and make your new fact inside a file, hardware_platform.rb. over the Puppet master server:
    You can still then utilize the instructions within the Plugins in Modules website page to copy the new fact to your module and distribute it. During your next Puppet run, the value from the new fact will be to choose from to employ inside your manifests and templates.
    Employing other facts
    You are able to compose a fact that takes advantage of other facts by accessing Facter.value(:somefact). If the fact fails to resolve or will not be existing, Facter returns nil .
    Configuring facts
    Facts have one or two properties which you can use to customize how facts are evaluated.
    Confining facts
    One particular in the additional commonly chosen properties is the confine statement, which restricts the fact to only run on units that matches another given fact.
    An example on the confine statement would be something like the following:
    This fact works by using sysfs on linux to get a list on the power states that are around for the given procedure. Since this is only obtainable on Linux devices, we utilize the confine statement to ensure that this fact isn’t needlessly run on programs that do not help this type of enumeration.
    Fact precedence
    Only one fact can have many resolutions . every single of which is actually a different way of ascertaining what the value on the fact should be. It is very commonplace to have different resolutions for different operating methods, for example. It is really easy to confuse facts and resolutions mainly because they are superficially identical – to insert a new resolution into a fact, you simply include the fact again, only having a different setcode statement.
    When a fact has a lot more than a person resolution, the initial resolution that returns a value other than nil will established the fact’s value. The way that Facter decides the issue of resolution precedence is the weight property. Once Facter rules out any resolutions that are excluded seeing that of confine statements, the resolution with the highest weight is evaluated first of all. If that resolution returns nil. Facter moves on to the next resolution (by descending weight) until it gets a value for your fact.
    By default, the weight of the fact is the variety of confines for that resolution, so that greater particular resolutions takes priority over less specified resolutions.
    Execution timeouts
    Facter two.x supported a :timeout option to Facter#add. Facter no longer supports this option, and produces a warning if it is put into use.
    Although this version of Facter does not assistance overall timeouts on resolutions, it’s possible to pass a timeout to Facter::Core::Execution#execute :
    Structured facts
    At the same time the norm is for a fact to return just one string, Facter two.0 introduced structured facts . which take the variety of either a hash or an array. All you will want to do to produce a structured fact is return a hash or an array from the setcode statement. You will see some relevant examples from the crafting structured facts section from the Fact Overview .
    Aggregate resolutions
    If your fact brings together the output of an array of commands, it may make perception make use of aggregate resolutions . An aggregate resolution is split into “chunks”, every single a person responsible for resolving 1 piece for the fact. After all with the chunks have been resolved separately, they’re combined into an individual flat or structured fact and returned.
    Aggregate resolutions have several key differences compared to painless resolutions, beginning with the fact declaration. To introduce an aggregate resolution, you’ll require to include the :type => :aggregate parameter:
    Each individual step while in the resolution then gets its private named chunk statement:
    In the rather simple resolution, the code always contains a setcode statement that determines the fact’s value. Aggregate resolutions never have a setcode statement. Instead, they have an optional aggregate block that brings together the chunks. Whatever value the aggregate block returns will be the fact’s value. Here’s an example that just brings together the strings from the two chunks previously mentioned:
    If the chunk blocks either all return arrays or all return hashes, you possibly can omit the aggregate block. If you happen to do, Facter mechanically merges all of your info into 1 array or hash and use that because the fact’s value.
    For even more examples of aggregate resolutions, see the aggregate resolutions section belonging to the Fact Overview website page.
    Viewing fact values
    If your Puppet master(s) are configured make use of PuppetDB. you’ll see and search all with the facts for any node, such as custom made facts. See the PuppetDB docs for alot more info.
    External facts
    What are external facts?
    External facts produce a way to utilize arbitrary executables or scripts as facts, or established facts statically with structured information. If you’ve ever wanted to write down a custom made fact in Perl, C, or a one-line textual content file, this is how.
    Fact locations
    The ideal way to distribute external facts is with pluginsync, which additional assistance for them in Puppet 3.four /Facter two.0.1. To include external facts to your Puppet modules, just area them in <MODULEPATH>/<MODULE>/facts.d/ .
    If you’re not applying pluginsync, then external facts must go inside a standard directory. The location of this directory varies contingent upon your operating procedure, whether your deployment makes use of Puppet Organization or open source releases, and whether that you are operating as root/Administrator. When calling facter from the command line, one can specify the external facts directory with the –external-dir option.
    Note: These directories really do not necessarily exist by default; you may need to get to generate them. Those that develop the directory, make sure to restrict entry so that only Administrators can craft to the directory.
    In the module (recommended):
    On Unix/Linux/OS X, there are three directories:
    On Windows 2003:
    When jogging as a non-root / non-Administrator person:
    Executable facts – Unix
    Executable facts on Unix function by dropping an executable file into the standard external fact path previously mentioned. A shebang is always required for executable facts on Unix. If the shebang is missing, the execution belonging to the fact will fail.
    An example external fact written in Python:
    You must ensure that the script has its execute bit established:
    For Facter to parse the output, the script must return key/value pairs on STDOUT inside of the format:
    Working with this format, only one script can return a few different facts.
    Executable facts – Windows
    Executable facts on Windows do the trick by dropping an executable file into the external fact path for your personal version of Windows. Unlike with Unix, the external facts interface expects Windows scripts to finish by having a known extension. Line endings is either LF or CRLF. In the moment the following extensions are supported:
    .com and .exe. binary executables
    .bat and .cmd. batch scripts
    .ps1. PowerShell scripts
    As with Unix facts, each and every script must return key/value pairs on STDOUT inside the format:
    Utilising this format, only one script can return several facts in a single return.
    Batch scripts
    The file encoding for .bat/.cmd documents must be ANSI or UTF8 without BOM (Byte Order Mark), otherwise you may get strange output.
    Below really is a sample batch script which outputs facts by means of the required format:
    PowerShell scripts
    The encoding that should be utilized with .ps1 documents is pretty open. PowerShell determines the encoding in the file at run time.
    Below is really a sample PowerShell script which outputs facts implementing the required format:
    You should be able to save and execute this PowerShell script around the command line.
    Structured facts facts
    Facter can parse structured facts documents stored within the external facts directory and established facts influenced by their contents.
    Structured information documents must use one particular in the supported facts styles and must have the correct file extension. With the moment, Facter supports the following extensions and information forms:
    yaml. YAML knowledge, while in the following format:
    json. JSON info, inside the following format:
    txt. Key value pairs, around the following format:
    As with executable facts, structured knowledge data files can established a few different facts at once.
    Structured knowledge facts on Windows
    All for the over styles are supported on Windows with the following caveats:
    The line endings is either LF or CRLF .
    The file encoding must be either ANSI or UTF8 without BOM (Byte Order Mark).
    Troubleshooting
    If your external fact just isn’t appearing in Facter’s output, jogging Facter in debug mode should give you a meaningful reason and tell you which file is causing the problem:
    A person example of when this will probably happen is in cases where a fact returns invalid characters. Let say you employed a hyphen instead of an equals sign as part of your script exam.sh :
    Operating puppet facts –debug should yield a useful message:
    External facts and stdlib
    Those that realize that an external fact does not match what you have configured as part of your facts.d directory, make sure you haven’t defined the same fact choosing the external facts abilities found inside stdlib module.
    Disadvantages
    Even when external facts produce a mostly-equal way to make variables for Puppet, they have just a few negatives:
    An external fact cannot internally reference another fact. However, due to parse order, you can easlily reference an external fact from the Ruby fact.
    External executable facts are forked instead of executed inside of the same technique.
    Distributing executable facts through pluginsync requires Puppet 3.four.0 or greater.
    Facter 3.four

Leave a Reply

Your email address will not be published. Required fields are marked *