Re: [RFC][PATCH] NSE Version Numbering

[Djalal Harouni <tixxdz () opendz org>]

On 2010-12-14 09:31:06 -0500, Patrick Donnelly wrote:
> On Tue, Dec 14, 2010 at 9:10 AM, Djalal Harouni <tixxdz () gmail com> wrote:
> > The proposed interface (a patch is attached):
> > o Add a new descriptive field to scripts: "require_nse = $VER"
> >  This field is a Lua number [2] and it is optional.
> >  If this field is specified, and if it's greater than the version
> >  of the current NSE, then a warnning will be printed and the script
> >  will be dropped, which means that users must update their Nmap/NSE
> >  version.
> >  If this field is absent then its default value will be the current
> >  NSE version, this way scripts can run even if they do not specify this
> >  field.
>
> This seems reasonable. I'd like a one word field though instead of
> "require_nse". I can't think of a better one right now though...
Perhaps "nse" :)

> > o Add a new environment variable to scripts "NSE_VERSION", which
> >  contains the current NSE version. This way scripts can run normally
> >  and check this variable before requesting an unsupported function or
> >  a behaviour.
>
> This should just be a value in stdnse I think. There's no need to make
> it an environment variable since it is constant for all scripts.
Ok, and what about returning the Nmap version ?

> > The version numbering is very simple e.g: 0.01 (Lua number) this value
> > will be incremented if there are some new NSE features that will have
> > a direct impact on NSE scripts/libraries and will *modify* their
> > behaviour, or a change on the NSE *core* functionalities, anything
> > related to the NSE core. As an example modifying/adding nse_*.cc
> > interfaces must be documented in the luadoc files:
> > file nmap.luadoc:
>
> I've given this some thought and my take is that version numbers
> should probably be the revision number in the repository. So long as
> Nmap remains on subversion, this makes sense and is automatic. It
> should be trivial to make adding (updating) this field automatic in
> the build process.
The MPlayer [1] also do this, there is a simple shell script 'version.sh'
which is responsible of retrieving the current svn revision using svn
commands or from the 'snapshot_version' file (which I *think* is 
updated by some external programs). The svn revision will be saved into
the 'version.h' file, this way the revision is included in every build.

> There's a strong desire for automatic updating of scripts too. That
> is, it'd be great if scripts could update (so long as Nmap itself
> doesn't also need to update) whenever Nmap is run to correct simple
> bugs in the scripts. Unfortunately, "upgrading" the scripts is
> difficult if Nmap is installed on the system.
This is an important point, some rsync and diff magic should be
considered, I've found the lua-rdiff project [2].

I'll wait for more comments before making a new patch, thanks.

[1] http://www.mplayerhq.hu/
[2] http://lua-rdiff.luaforge.net/

-- 
tixxdz
_______________________________________________
Sent through the nmap-dev mailing list
http://cgi.insecure.org/mailman/listinfo/nmap-dev
Archived at http://seclists.org/nmap-dev/