Richard Laager via devel <devel@ntpsec.org>:
> Either /var/lib/ntp, or as suggested in a previous message, /var/NTP
> seems fine for the default. The important part is discussed below.
I concur. I think I'd prefer the former slightly, but that's a pure
matter of taste (I dislike caps in filenames) so Hal gets to make the
call.
> >> Can we and/or should we make the default file names OS dependent?
> >
> > I recommend trying to avoid that. Follow the Filesystem Hierarchy
> > Standard and let other OSes be their local packagers' problem.
>
> In any event, this should be a configurable location in waf, like other
> directories. Then, if you want to try to do platform default detection,
> write that in waf configure. That is the standard way to handle such things.
Dissenting mildly. For reasons I've explained before I'm trying to move us
away from config options. I will be resistant to adding more in the future.
Doesn't mean that we can never do it, but I'd want to see a demonstration of
need in each individual case.
> >> What should the system do if it can't read the file? Crash? Blunder on
> >> in
> >> no-NTS mode? Make one? ...
> >
> > I think blundering on in no-NTS mode would be wrong unless NTS has
> > been explicitly disabled in the config. An iron rule: Enabled
> > security measures should fail noisily, not quietly, so a human will
> > take action.
>
> Agreed. If you cannot continue, log an error and exit with a failure
> status. This would happen if the key file exists but cannot be read
> (e.g. open(..., O_RDONLY) fails with other than ENOENT), the file exists
> but its contents are missing or invalid, or if it doesn't exist and
> cannot be written.
Good analysis of the precondition. Endorsed.
> >> If it crashes, where do we get the first one?
> >
> > The fact that this question needs to be asked implies that the right
> > answer to the previous one is "Make one and log a warning".
>
> I think it should be "make one and log an info message". The key being
> missing isn't really a problem worthy of a warning, is it? It's going to
> happen on every first install/upgrade-to-NTS.
Friendly amendment accepted; I was being loose in my use of the term "warning".
This raises an interesting point. ntpd can now tell when its on first startup
(absence of this file). I'm not a fan of this kind of statefulness - worked
hard at avoiding it in GPSD - but since NTS's requirements stick us with it
there's
a question: what else should trigger on this event?
--
<a href="http://www.catb.org/~esr/";>Eric S. Raymond</a>
My work is funded by the Internet Civil Engineering Institute: https://icei.org
Please visit their site and donate: the civilization you save might be your own.
_______________________________________________
devel mailing list
devel@ntpsec.org
http://lists.ntpsec.org/mailman/listinfo/devel
