Project Moonshot

Install $(SYSCONFDIR)/gss/mech automatically with DEB/RPM package

Bug #1241481 reported by Stefan Paetow
14
This bug affects 2 people
Affects Status Importance Assigned to Milestone
Project Moonshot
Fix Released
Medium
Sam Hartman
Project Moonshot pilot6

Bug Description

To make things more 'automated' with less manual configuration, it would be nice to have the "mech" file automatically installed into the right location for the platform.

On RHEL/CentOS: /etc/gss
On Debian/Ubuntu: /usr/etc/gss

Just raising it in Launchpad so that we remember to do this at some point or another :-)

Optional: This *could* also include radsec.conf?

Revision history for this message
Sam Hartman (hartmans) wrote : Re: [Bug 1241481] [NEW] Install $(SYSCONFDIR)/gss/mech automatically with DEB/RPM package

It's generally a bad idea for a package to directly include a
configuration file of broader scope than itself.
/etc/gss/mech really belongs to the krb5-libs package on Centos.

It seems fine though for the %post action on moonshot-gss-eap to
add the appropriate lines to /etc/gss/mech if they are not already
there.

We can do a similar thing for Debian as an interim measure, but the
correct fix from Debian policy standpoint is to create /etc/gss/mech.d
and drop a file there.
That will require a patch to krb5.

Revision history for this message
Stefan Paetow (stefan-paetow) wrote :

Ok, If the %post action in moonshot-gss-eap were to add lines to the file if they don't exist, would it make sense to add the file with those lines in place if the file itself does not exist? Or do we remain stuck with the "the file is not moonshot-gss-eap's to create" situation?

Revision history for this message
Sam Hartman (hartmans) wrote :

This is fixed for Centos/RPM in 2707e7473b8b85fa46033a8ff7cfa126384ac8d9 which is 0.9-7 coming to a repo near you soon. Not yet fixed for deb .

Changed in moonshot:
status: New → In Progress
assignee: nobody → Sam Hartman (hartmans)
Revision history for this message
Sam Hartman (hartmans) wrote :

Recently (krb5 1.12.1+dfsg-2), the infrastructure in debian for dealing with this gracefully was added. That opens the way for fixing this in the moonshot debian package. We plan two approaches
1) if you have a new enough krb5 it will just drop a file in /etc/gss/mech.d
2) for older krb5, we'll handle /usr/etc/gss/mech

Trish Zagarella (trishzag)
Changed in moonshot:
importance: Undecided → Medium
milestone: none → pilot6
Revision history for this message
Sam Hartman (hartmans) wrote :

As mentioned, already fixed for rpm. The moonshot-gss-eap 0.9.2-1 Debian package checks the presence of /etc/gss/mech.d/README. Sufficiently new krb5 will create that file and will honor /etc/gss/mech.d/moonshot-gss-eap populated by this package. However if that's not present then we will manipulate /usr/etc/gss/mech

Changed in moonshot:
status: In Progress → Fix Committed
Sam Hartman (hartmans)
Changed in moonshot:
status: Fix Committed → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.