[MacPorts] #41532: igtf-bundle @1.55: new submission
MacPorts
noreply at macports.org
Thu Nov 28 07:35:53 PST 2013
#41532: igtf-bundle @1.55: new submission
------------------------------+----------------------
Reporter: Peter.Danecek@… | Owner: ram@…
Type: submission | Status: assigned
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: igtf-bundle |
------------------------------+----------------------
Comment (by dennisvd@…):
Replying to [comment:19 Peter.Danecek@…]:
> Replying to [comment:18 ram@…]:
> > Replying to [comment:15 dennisvd@…]:
> > > There is some software (such as VOMS) that defaults to /etc/grid-
security/certificates. It's been common practice with the European grid
projects. Usually the location can be overridden with an environment
variable, but are there any profound objections against having the
certificates in that place?
> >
> > That path is outside of the MacPorts prefix, so it makes me
uncomfortable installing files to there.
>
> I do not think the intention here is to install anything outside
${prefix}, i.e. we will **not** install in `/etc/grid-
security/certificates`, but in the analogues location in Macports, which
would translate to `${perfix}/etc/grid-security/certificates. This is what
Dennis is arguing for, right?
Actually I ''was'' aiming at /etc/ but I understand why this is frowned
upon. Most software can probably be made to work with other paths using
config files or environment variables.
>
> And there is this other point: In ${what-ever-location}/certificates/
there will go other files, i.e. CRLs which are fetched by `fetch-crl` in
some way and are not registered with MP (I am just revising the relation
igtf-bundle and fetch-crl). So the content is changing slightly over time,
and Dennis (and me as well) is wondering if ${prefix}/share/certificates
is really the right place to have changing content. Ideally, varying
content would go in `${prefix}/var`, but than again this is not what is
done usually.
I've never encountered a system where the certificates live in one place,
and the CRLs live in another. It seems highly unlikely that this is going
to work.
>
> So in the end it may perfectly make sense to put the certificates along
with (changing / unregistered) CRLs into ${prefix}/etc/grid-
security/certificate. I would argue, it is more acceptable to have
changing and above all, not registered content under `${prefix}/etc`, than
having it somewhere under `${prefix}/share`.
Indeed, and users can make the conscious choice to make /etc/grid-security
a symlink to ${prefix}/etc/grid-security.
--
Ticket URL: <https://trac.macports.org/ticket/41532#comment:20>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list