Yo Richard! On Fri, 8 Mar 2019 14:50:38 -0600 Richard Laager via devel <devel@ntpsec.org> wrote:
> On 3/8/19 1:42 PM, Gary E. Miller via devel wrote: > > Is /etc/ssl/certs somewhat standard? at least for the root certs? > > Somewhat, but I don't know to what extent the contents of it are > standard. We are making the standard. > Here's a proposal off the top of my head: > 1) server private key = SYSCONFDIR/ntp/nts.key > 2) server certificate = SYSCONFDIR/ntp/nts.crt > 3) cookie key file = LOCALSTATEDIR/lib/ntpkeys I'd like an extention on #3. Maybe .conf, but I'm not picky. Also, the standard never talks of a cookie key, only master key(s). > Where SYSCONFDIR would be /etc and LOCALSTATEDIR would be /var in a > distro-package on Linux. We are sort of in a bind. If the users is supposed to edit LOCALSTATEDIR/lib/ntpkeys then it is not supposed to be in the LOCALSTATEDIR. So that would be only if the initial master key(s) come from elsewhere. > LOCALSTATEDIR normally defaults (in GNU [0]) to PREFIX/var and thus > /usr/local/var. If you want to default it to /var/local for better FHS > compliance, that would work too. > > [0] > https://www.gnu.org/prep/standards/html_node/Directory-Variables.html Interesting, yet another conflict between GNU and FHS. It looks like autoconf, which we do not use, follows the GNU convention, not the FHS one. My general rule is to follow FHS over GNU if there is a conflict. But that inevitably leads to conflicts. RGDS GARY --------------------------------------------------------------------------- Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703 g...@rellim.com Tel:+1 541 382 8588 Veritas liberabit vos. -- Quid est veritas? "If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpFi6A8uRLTS.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
