On 3/8/19 3:03 PM, Gary E. Miller via devel wrote: >> Here's a proposal off the top of my head: >> 1) server private key = SYSCONFDIR/ntp/nts.key >> 2) server certificate = SYSCONFDIR/ntp/nts.crt >> 3) cookie key file = LOCALSTATEDIR/lib/ntpkeys > > I'd like an extention on #3. Maybe .conf, but I'm not picky.
It doesn't really feel like a .conf to me. It's not something the user edits. I like "ntp.keys", but unfortunately that has a meaning and man page already. So maybe master.keys? > Also, the standard never talks of a cookie key, only master key(s). I don't really care whether we call it a "cookie key file" or "master key file" or something else. I was trying to draw a distinction between NTS key/cert and NTP (master/cookie) key. >> Where SYSCONFDIR would be /etc and LOCALSTATEDIR would be /var in a >> distro-package on Linux. > > We are sort of in a bind. If the users is supposed to edit > LOCALSTATEDIR/lib/ntpkeys then it is not supposed to be in the > LOCALSTATEDIR. The user surely is not (manually) editing the master/cookie keys file. The keys will be created by ntpd, so LOCALSTATEDIR is correct. >> LOCALSTATEDIR normally defaults (in GNU [0]) to PREFIX/var and thus >> /usr/local/var. If you want to default it to /var/local for better FHS >> compliance, that would work too. ... > My general rule is to follow FHS over GNU if there is a conflict. Sure, that's reasonable. We should (and do) use the GNU/autoconf names for the variables (PREFIX, SYSCONFDIR, etc.) absent a good reason. NTPsec practice is to all caps them (PREFIX vs prefix). So that's why I used LOCALSTATEDIR. -- Richard
signature.asc
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
