[MacPorts] #41532: igtf-bundle @1.55: new submission

MacPorts noreply at macports.org
Thu Nov 28 07:35:53 PST 2013


#41532: igtf-bundle @1.55: new submission
------------------------------+----------------------
  Reporter:  Peter.Danecek@…  |      Owner:  ram@…
      Type:  submission       |     Status:  assigned
  Priority:  Normal           |  Milestone:
 Component:  ports            |    Version:
Resolution:                   |   Keywords:
      Port:  igtf-bundle      |
------------------------------+----------------------

Comment (by dennisvd@…):

 Replying to [comment:19 Peter.Danecek@…]:
 > Replying to [comment:18 ram@…]:
 > > Replying to [comment:15 dennisvd@…]:
 > > > There is some software (such as VOMS) that defaults to /etc/grid-
 security/certificates. It's been common practice with the European grid
 projects. Usually the location can be overridden with an environment
 variable, but are there any profound objections against having the
 certificates in that place?
 > >
 > > That path is outside of the MacPorts prefix, so it makes me
 uncomfortable installing files to there.
 >
 > I do not think the intention here is to install anything outside
 ${prefix}, i.e. we will **not** install in `/etc/grid-
 security/certificates`, but in the analogues location in Macports, which
 would translate to `${perfix}/etc/grid-security/certificates. This is what
 Dennis is arguing for, right?

 Actually I ''was'' aiming at /etc/ but I understand why this is frowned
 upon. Most software can probably be made to work with other paths using
 config files or environment variables.
 >
 > And there is this other point: In ${what-ever-location}/certificates/
 there will go other files, i.e. CRLs which are fetched by `fetch-crl` in
 some way and are not registered with MP (I am just revising the relation
 igtf-bundle and fetch-crl). So the content is changing slightly over time,
 and Dennis (and me as well) is wondering if ${prefix}/share/certificates
 is really the right place to have changing content. Ideally, varying
 content would go in `${prefix}/var`, but than again this is not what is
 done usually.

 I've never encountered a system where the certificates live in one place,
 and the CRLs live in another. It seems highly unlikely that this is going
 to work.
 >
 > So in the end it may perfectly make sense to put the certificates along
 with (changing / unregistered) CRLs into ${prefix}/etc/grid-
 security/certificate. I would argue, it is more acceptable to have
 changing and above all, not registered content under `${prefix}/etc`, than
 having it somewhere under `${prefix}/share`.

 Indeed, and users can make the conscious choice to make /etc/grid-security
 a symlink to ${prefix}/etc/grid-security.

-- 
Ticket URL: <https://trac.macports.org/ticket/41532#comment:20>
MacPorts <http://www.macports.org/>
Ports system for OS X


More information about the macports-tickets mailing list