From 783bde11893ddbaa76982ed7ce847eb20b488373 Mon Sep 17 00:00:00 2001 From: Daniel Kahn Gillmor Date: Sat, 13 Sep 2008 14:35:32 -0400 Subject: adding new bug about clobbering system-specific gpg.conf files, with two different proposed solutions. --- .../bugs/postinst-clobbers-gpg.conf-settings.mdwn | 28 ++++++++++++++++++++++ 1 file changed, 28 insertions(+) create mode 100644 website/bugs/postinst-clobbers-gpg.conf-settings.mdwn (limited to 'website') diff --git a/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn new file mode 100644 index 0000000..8f518c1 --- /dev/null +++ b/website/bugs/postinst-clobbers-gpg.conf-settings.mdwn @@ -0,0 +1,28 @@ +[[ meta title="debian packaging postinst script clobbers gpg.conf settings in /var/lib/monkeysphere" ]] + +Do we want to allow the system administrator to make adjustments to +the `gpg.conf` config files found in `/var/lib/monkeysphere`? At the +moment, there are two such files: + + * `/var/lib/monkeysphere/gnupg-authentication/gpg.conf` + * `/var/lib/monkeysphere/gnupg-host/gpg.conf` + +In the debian postinst scripts (`debian/monkeysphere.postinst`), the +contents of those files are overwritten on every upgrade/reinstall, +effectively clobbering any changes made by the local admin. + +Maybe we *do* want to do this clobbering, though. Stuff in `/var` is +generally not expected to be modified by hand. I see two possible +resolutions to this: + + * when we clobber those files, include a comment along the lines of: + # do not make changes to this file! It is overwritten on each upgrade! + + * Avoid clobbering the files, and treat them as config files. + +the latter approach suggests that they should be more properly stored +in `/etc/`, though. This would give us all the conf-file tracking +apparatus, which is nice. If we do want to do that, I guess we'd +symlink to them from the monkeysphere-specific `$GNUPGHOME`s in +`/var/lib/monkeysphere`, since `gpg` does not seem to allow for +overriding the location of the `gpg.conf` independent of `$GNUPGHOME`. -- cgit v1.2.3