/etc key location auto-migration
John Dennis
jdennis at redhat.com
Sun Apr 24 13:43:13 UTC 2005
On Sun, 2005-04-24 at 01:14 -1000, Warren Togami wrote:
> Now that we have moved a bunch of packages keys or certs from somewhere
> in /usr to somewhere in /etc, shouldn't we also modify those packages
> %post to conditionally auto-migrate those keys/certs? Without
> auto-migration there will undoubtedly be many complaints and bug reports
> from people who upgrade like "FC4 broke SSL foo!"
>
> Conditional auto-migration would need to be carefully implemented and
> tested because it can be complicated. For example in some cases it
> would need to perform string-replacement in config files to point at the
> new key/cert location.
>
> In other cases it would *copy* keys/certs to new locations, but only if
> old location contains custom (non-packaged) keys/certs, and the new
> location does NOT contain custom files (files deposited prior to %post
> by the package update). How the heck would this be implemented (you may
> NOT run rpm during %post)? Is there any simpler algorithm that does the
> right thing?
This is effectively what I implemented in the two packages (cyrus-imapd,
dovecot) I updated, albeit a bit simplier. The %post checks if a key
file exists in the old location but not the new location. If so it moves
the key file(s) to the new location. Then %post continues to do what it
always did, check for a key file in the cannonical location, if it does
not exist it generates a generic key.
This does not attempt to identify if the key was a custom key, however I
don't that matters, we only care if a key was in use in the old
location.
However, what can screw up, and I'm not really sure if there is a
solution to this or not, is the %config(noreplace) file attribute on the
the config file that has the key location in it. When the new rpm
installs it comes with a config file that has been updated with the new
location. However, if that file has been modified its not going to be
replaced and there is going to be a mismatch. If the file has not been
modified then everything works. I did test the key migration in the
packages I own and modulo prior editing of the config file by the user
it seems to do what you want.
Other than release notes or adding something to /usr/doc/<package> I'm
not sure how to handle the modified config file case. Suggestions? We
could edit the config file that was preserved but I think that might be
considered evil.
> After things are copied, it would need to check/correct file permissions
> to make sure things are safe.
>
> In any case I'm convinced that auto-migration needs to happen, it will
> just be painful to implement correctly. First step is listing which
> packages need to be modified in this way?
I believe:
cyrus-imapd
dovecot
httpd
postfix (maybe?)
--
John Dennis <jdennis at redhat.com>
More information about the Fedora-maintainers
mailing list