[MacPorts] #41532: igtf-bundle @1.55: new submission
MacPorts
noreply at macports.org
Thu Nov 28 08:01:02 PST 2013
#41532: igtf-bundle @1.55: new submission
------------------------------+----------------------
Reporter: Peter.Danecek@… | Owner: ram@…
Type: submission | Status: assigned
Priority: Normal | Milestone:
Component: ports | Version:
Resolution: | Keywords:
Port: igtf-bundle |
------------------------------+----------------------
Comment (by Peter.Danecek@…):
Replying to [comment:20 dennisvd@…]:
> Replying to [comment:19 Peter.Danecek@…]:
> > Replying to [comment:18 ram@…]:
> > > Replying to [comment:15 dennisvd@…]:
> > > > There is some software (such as VOMS) that defaults to /etc/grid-
security/certificates. It's been common practice with the European grid
projects. Usually the location can be overridden with an environment
variable, but are there any profound objections against having the
certificates in that place?
> > >
> > > That path is outside of the MacPorts prefix, so it makes me
uncomfortable installing files to there.
> >
> > I do not think the intention here is to install anything outside
${prefix}, i.e. we will **not** install in `/etc/grid-
security/certificates`, but in the analogues location in Macports, which
would translate to `${perfix}/etc/grid-security/certificates. This is what
Dennis is arguing for, right?
>
> Actually I ''was'' aiming at /etc/ but I understand why this is frowned
upon. Most software can probably be made to work with other paths using
config files or environment variables.
Okay, I understood you wrong. The port as I found it already avoided
installing outside ${prefix}, i.e. installed in `/opt/local/etc/`. I
guess, if is really convinced he needs to have certificates in `/etc/grid-
security`, he still could create a symlink from `/etc/grid-security` to
the ${the-location-we-decide}, but manually so not interfere.
> > And there is this other point: In ${what-ever-location}/certificates/
there will go other files, i.e. CRLs which are fetched by `fetch-crl` in
some way and are not registered with MP (I am just revising the relation
igtf-bundle and fetch-crl). So the content is changing slightly over time,
and Dennis (and me as well) is wondering if ${prefix}/share/certificates
is really the right place to have changing content. Ideally, varying
content would go in `${prefix}/var`, but than again this is not what is
done usually.
>
> I've never encountered a system where the certificates live in one
place, and the CRLs live in another. It seems highly unlikely that this is
going to work.
Agreed! I am **not** arguing for putting it into `var`. One might think of
putting stuff into something like `${prefix}/var/certificates`, but I do
not see why such a solution would be preferable. So, no do not like!
> > So in the end it may perfectly make sense to put the certificates
along with (changing / unregistered) CRLs into ${prefix}/etc/grid-
security/certificate. I would argue, it is more acceptable to have
changing and above all, not registered content under `${prefix}/etc`, than
having it somewhere under `${prefix}/share`.
>
> Indeed, and users can make the conscious choice to make /etc/grid-
security a symlink to ${prefix}/etc/grid-security.
Yes! ;-) Same idea above (Sorry, have no read all immediately)
--
Ticket URL: <https://trac.macports.org/ticket/41532#comment:21>
MacPorts <http://www.macports.org/>
Ports system for OS X
More information about the macports-tickets
mailing list