[Zeek-Dev] Re: Proposed change to lambda semantics - shallow copying rather than references

2020-12-09 Thread Jon Siwek 
On Wed, Dec 9, 2020 at 2:29 PM Vern Paxson  wrote:

> It already varies with type of variable for assignments and function
> call parameters.  Thus I’m puzzled at the desire for deep-copy over
> shallow-copy, given that Zeek is already primarily shallow-copy.

Same for me: wondering what's actually (in)consistent given the
behavior of assignment/call-params.

Otherwise, I don't have a strong opinion about what the lambda
semantics should be, but if a change does occur, the one thing that's
for sure on my wishlist is consideration for some deprecation-path,
differentiating-syntax (maybe event just temporary), or other
warning/notice that can help users along instead of potentially
breaking their code outright.

- Jon
___
zeek-dev mailing list -- zeek-dev@lists.zeek.org
To unsubscribe send an email to zeek-dev-le...@lists.zeek.org

[Zeek-Dev] Re: Documenting new Notice Types in Packages?

2020-10-19 Thread Jon Siwek 
On Mon, Oct 19, 2020 at 9:13 AM Vlad Grigorescu  wrote:

> >  =
> > :zeek:type:`Notice::Type`: :zeek:type:`enum`
> >  =
>
> (I'm also not sure why there's a space before the last = on those lines).

It's a table with one row, two columns.  The 2nd column is empty
because the `redef` itself has no associated commentary (and Zeekygen
does not currently document the extending fields/enums at that
location).

> Another example is visible here: 
> https://raw.githubusercontent.com/zeek/zeek-docs/master/scripts/policy/protocols/ssh/detect-bruteforcing.zeek.rst
>
> If we look at the documentation for Notice::Type, all the new types are 
> documented there: 
> https://raw.githubusercontent.com/zeek/zeek-docs/master/scripts/base/frameworks/notice/main.zeek.rst
>
> However this doesn't work when moving detections to packages.
>
> It seems like this is missing from Zeekygen, but I'm not sure of the right 
> fix.

Here's a patch that improves Zeekygen to include the extending
fields/enums in the "Redefinition" section:

https://github.com/zeek/zeek/pull/1237

Think that will work for this purpose; let me know if you try and find
otherwise.

- Jon
___
zeek-dev mailing list -- zeek-dev@lists.zeek.org
To unsubscribe send an email to zeek-dev-le...@lists.zeek.org

[Zeek-Dev] Re: Moving policy scripts into packages

2020-08-31 Thread Jon Siwek 
On Mon, Aug 31, 2020 at 2:14 AM Robin Sommer  wrote:

> - zkg:
> - Distinguish standard/recommended packages from others.

Not sure what's meant there, but names/listings would all use
`zeek/zeek-packages/` as a prefix and be a way of distinguishing.

If it's more about organizing meta-packages to have a secondary-level
of optional/recommended content, there's maybe already a `suggests`
metadata field that helps:

https://docs.zeek.org/projects/package-manager/en/stable/package.html#suggests-field

> - Could we add a way to "prime" zkg's package cache so that a Zeek
>   distribution could distribute a snapshot of "zeek-packages" for
>   direct use; but zkg would still pull in updates if online access
>   is available?

It's possible.  Needs more planning in terms of what's
desired/required for the distribution and integration with CMake
build/install logic.

* Will `zkg` now be a required dependency for installing `zeek` ?

* In any case, might assume CMake install logic can at least use `zkg`
if available.  Then, it may be convenient if the package distribution
format is already something `zkg` knows well.  Say, a "bundle".

* After a `zkg unbundle`, packages should be set up to track the
real/online git repo URLs such that `zkg refresh && zkg upgrade` could
be used to receive updates.

* In the case `zkg` isn't required/available when installing `zeek`,
I'm sure there's some duplication/re-implementation of install logic
we could add in the `zeek` CMake logic to install packages into usable
locations, but it may generally be tricky/fragile to allow `zkg` to
take over such an installation "after the fact".  If there were such a
change of mind in the person doing an install, it might be easiest to
"do the `zeek` install process again, this time with `zkg` available".

- Jon
___
zeek-dev mailing list -- zeek-dev@lists.zeek.org
To unsubscribe send an email to zeek-dev-le...@lists.zeek.org

[Zeek-Dev] Re: Moving policy scripts into packages

2020-08-24 Thread Jon Siwek 
On Mon, Aug 24, 2020 at 6:43 AM Robin Sommer  wrote:

> 1. Move each into a a separate repository on the zeek/ GitHub
>account.
>
> 2. Similar, but to avoid cluttering zeek/, create a new GitHub
>organization "zeek-packages".

I'm thinking (2).  Technically, either one can likely be made to work,
but (1) has a slight downside in terms of hurting a primitive
browsability use-case: I imagine people want to simply scroll through
a list of packages on GH, and the existing non-packages in zeek/ would
distract from that goal.

> 3. Put them all into a single mono-repository (e.g.,
>zeek/standard-packages), i.e., treat them a one package.

The shortcoming of that structure is the lack of customizability.  If
a user only wants a specific set of functionality, or wants to avoid a
set of scripts due to intrinsic overhead/conflict, it's better if
they're able to start from blank slate and add only the pieces they
want.

> 4. Do (1) or (2), and additionally create "zeek-standard-packages"
>that's full of submodules pointing to them (and also to
>community packages).
>
> 5. Do (1) or (2), and teach zkg to understand "collections" of
>packages that can be installed/managed as a group, defined
>through some meta data somewhere.

Between those, (5) may fit more naturally -- zkg may already be fit to
handle "meta packages" via simple package metadata dependency
configuration.  Plus, that's a similar pattern to other package
management environments AFAIK.

On Mon, Aug 24, 2020 at 11:49 AM Johanna Amann via zeek-dev
 wrote:

>   This, from my point of view, it would be neat to have a way to still
>   easily install a rather large set of packages (potentially nearly
>   everything that is in policy at the moment) and run test on them.

Agree that type of integration test is helpful -- may find conflicts /
bad-interactions / versioning-issues that way.

>   Sometimes we perform changes to Zeek
>   that change a lot of the test baselines - especially when we touch
>   something that affects connection-ID hashing, or the order of elements
>   in hashmaps. These cases might now require an update to the test-cases
>   in a large number of packages. It would be neat to have an easy way to
>   perform this.

Might be a chance to go another direction and revamp the test-writing
guidelines/patterns (or provide internal config options that help
produce "canonical" outputs) such that less test-cases are fragile to
these kinds of widespread, low-level changes in the first place.  E.g.
if the order of elements in hashmaps is not defined, it's the fault of
any given test-case that chose to rely on a specific order being
produced.  Or if an irrelevant change in UID breaks a test, the test
either needs to canonify or exclude UID from its pass/fail criteria.

>   I think if we want to do this, we need to have a better story for
>   versioning than we, at the moment, have with zkg. To expand on this - at
>   the moment the policy scripts just work with the version of Zeek that we
>   distribute them with.

I see the current story for versioning as this: package metadata
advertises Zeek version compatibility, zkg knows how to enforce that
dependency, and package authors are left in control of deciding their
compatibility requirements and implementing them (likely via @if or
#if directives).

Once scripts that used to get distributed along with Zeek become
independent packages, I agree they should start abiding by that story,
but I'm not sure if there were any further ideas to help minimize the
overall maintenance burden/friction associated with this new
requirement.

>   It would be nice if, afterwards, it would still be possible to install a
>   working set of a script for the running version of Zeek. Meaning that -
>   if someone happens to run a version of Zeek that is 12 months out of
>   date - they should probably get the version of the policy script that is
>   known to work with this version of Zeek and where the tests pass with
>   this version of Zeek.

Seems like a couple distinct questions:

* What's the LTS policy for packages?  It can be made different/longer
than LTS policy for Zeek-proper if that's desirable.  But if a
12-month LTS cycle is decided for packages, too, any extra effort
spect to support older Zeeks sends mixed messages.

* How to obtain an aggregate set of packages that were validated with
Zeek X.Y.Z: seems like a job for the (meta)package dependency metadata
to point directly to specific package versions (in the realm of git
tags/branches/commits, etc.).

- Jon
___
zeek-dev mailing list -- zeek-dev@lists.zeek.org
To unsubscribe send an email to zeek-dev-le...@lists.zeek.org