[MacPorts] #41532: igtf-bundle @1.55: new submission

Thu Nov 28 08:01:02 PST 2013

#41532: igtf-bundle @1.55: new submission
------------------------------+----------------------
  Reporter:  Peter.Danecek@…  |      Owner:  ram@…
      Type:  submission       |     Status:  assigned
  Priority:  Normal           |  Milestone:
 Component:  ports            |    Version:
Resolution:                   |   Keywords:
      Port:  igtf-bundle      |
------------------------------+----------------------

Comment (by Peter.Danecek@…):

 Replying to [comment:20 dennisvd@…]:
 > Replying to [comment:19 Peter.Danecek@…]:
 > > Replying to [comment:18 ram@…]:
 > > > Replying to [comment:15 dennisvd@…]:
 > > > > There is some software (such as VOMS) that defaults to /etc/grid-
 security/certificates. It's been common practice with the European grid
 projects. Usually the location can be overridden with an environment
 variable, but are there any profound objections against having the
 certificates in that place?
 > > >
 > > > That path is outside of the MacPorts prefix, so it makes me
 uncomfortable installing files to there.
 > >
 > > I do not think the intention here is to install anything outside
 ${prefix}, i.e. we will **not** install in `/etc/grid-
 security/certificates`, but in the analogues location in Macports, which
 would translate to `${perfix}/etc/grid-security/certificates. This is what
 Dennis is arguing for, right?
 >
 > Actually I ''was'' aiming at /etc/ but I understand why this is frowned
 upon. Most software can probably be made to work with other paths using
 config files or environment variables.

 Okay, I understood you wrong. The port as I found it already avoided
 installing outside ${prefix}, i.e. installed in `/opt/local/etc/`. I
 guess, if is really convinced he needs to have certificates in `/etc/grid-
 security`, he still could create a symlink from `/etc/grid-security` to
 the ${the-location-we-decide}, but manually so not interfere.

 > > And there is this other point: In ${what-ever-location}/certificates/
 there will go other files, i.e. CRLs which are fetched by `fetch-crl` in
 some way and are not registered with MP (I am just revising the relation
 igtf-bundle and fetch-crl). So the content is changing slightly over time,
 and Dennis (and me as well) is wondering if ${prefix}/share/certificates
 is really the right place to have changing content. Ideally, varying
 content would go in `${prefix}/var`, but than again this is not what is
 done usually.
 >
 > I've never encountered a system where the certificates live in one
 place, and the CRLs live in another. It seems highly unlikely that this is
 going to work.

 Agreed! I am **not** arguing for putting it into `var`. One might think of
 putting stuff into something like `${prefix}/var/certificates`, but I do
 not see why such a solution would be preferable. So, no do not like!

 > > So in the end it may perfectly make sense to put the certificates
 along with (changing / unregistered) CRLs into ${prefix}/etc/grid-
 security/certificate. I would argue, it is more acceptable to have
 changing and above all, not registered content under `${prefix}/etc`, than
 having it somewhere under `${prefix}/share`.
 >
 > Indeed, and users can make the conscious choice to make /etc/grid-
 security a symlink to ${prefix}/etc/grid-security.

 Yes! ;-) Same idea above (Sorry, have no read all immediately)

-- 
Ticket URL: <https://trac.macports.org/ticket/41532#comment:21>
MacPorts <http://www.macports.org/>
Ports system for OS X