I suggest we enable bracketed paste mode by default in the /etc/inputrc on production hosts where shells are regularly used, particularly deployment.eqiad.wmnet and the mwmaint hosts. This should protect better against deployers running unwanted commands because they paste input that unexpectedly contains a line break.
Description
Description
Details
Details
| Subject | Repo | Branch | Lines +/- | |
|---|---|---|---|---|
| Manage /etc/inputrc using Puppet | operations/puppet | production | +82 -0 | |
| inputrc: enable bracketed-paste mode | operations/puppet | production | +3 -0 |
Related Objects
Related Objects
Event Timeline
Comment Actions
For example, compare the two log messages at T291118#7435634. For the first one, I wrote the beginning of the scap sync-file command, pasted the summary (generated by P8845), then went back into it and pasted the task ID into the () generated by that script (because the Gerrit change had no task ID attached). After this, I intended to go back to the end of the summary and add “(1/2)”, to indicate that this was the first of a two-part sync; however, the task ID I’d copied from Gerrit actually contained a trailing newline, and so the command was started immediately. In this case, I quickly decided that adding the “(1/2)” was not worth the risk of Ctrl+C’ing scap, and so I let the command finish and log the deploy with the incomplete message; however, in general, I’d like to avoid this in the future.
I already added bracketed paste mode to my personal ~/.inputrc on deploy1002:
~lucaswerkmeister-wmde/.inputrc
$include /etc/inputrc set enable-bracketed-paste on
And it seems to work fine, even through the layers of Gnome Shell, tmux, and ssh.
Comment Actions
Tentatively tagging Puppet since I assume that’s how such a change would be deployed. I’m not sure which other tasks to add, though.
Comment Actions
Change 819016 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):
[operations/puppet@production] Manage /etc/inputrc using Puppet
Comment Actions
Change 819017 had a related patch set uploaded (by Lucas Werkmeister (WMDE); author: Lucas Werkmeister (WMDE)):
[operations/puppet@production] inputrc: enable bracketed-paste mode
Comment Actions
enable-bracketed-paste is on by default starting with Bash 5.1, which is the version in bullseye.
I don't think you want to manage the entire file because it'll stop receiving updates from the distro this way.
You can add a modules/admin/files/home/lucaswerkmeister-wmde/.inputrc to the Puppet repo to set it as the default for your account on all hosts.
Comment Actions
That’s great, thanks! In that case I’m happy to close this task and live with my personal ~/.inputrc on deploy1002 (doesn’t need to be puppetized imho) until we’re mostly on Bullseye (T291916) – unless anyone is especially keen on enabling bracketed-paste-mode for everyone on Buster.
I don't think you want to manage the entire file because it'll stop receiving updates from the distro this way.
I tried to find a better way / see how others puppetize inputrc changes but couldn’t find much. (In theory it would be nice if the distro file included something like $include /etc/inputrc.d/* but apparently libreadline doesn’t even support that, $include has to refer to a single file.)
Comment Actions
I guess backporting bracketed paste mode to Buster's bash wouldn't be too hard, but for such a core package we only deviate from the Debian defaults in exceptional cases. Let's set the task to Stalled until the deployment servers are on Bullseye, ok?