Built-in defaults sound nice but we don't have that luxury in HIP (there shouldn't be any default private keys, right?). So refusing to run is the only option but this sucks from the view point of usability. Nobody wants to copy files based on templates or whatever, and this is why hipd currently creates all necessary configuration files on first run. Another reason why hipd creates them is because we have currently four different ways to use hipd (directly from sources, make install, .deb and .rpm) and the current method just worked with all of them. "make install" should probably create the necessary configuration files but not all people want to install (before trying out). So at least there should be "hipconf createconfigs" at the very least (*). Hipd/hipfw failing to start due to missing configs should instruct the user to run the command. (*) It shouldn't be too difficult to move this functionality from hipd/init.c to hipconf. -- You received this bug notification because you are a member of HIPL core team, which is subscribed to HIPL. https://bugs.launchpad.net/bugs/693834 Title: maintain configuration files as separate files Status in Host Identity Protocol for Linux: Confirmed Bug description: The configuration files of hipd, hipfw and related HIPL programs are currently maintained in-source at hipd/init.c. Examples are: - HIPL_CONFIG_FILE_EX - HIPL_HOSTS_FILE_EX - HIPL_NSUPDATE_CONF_FILE_EX - hip_init_certs() This is ugly and leads to the side-effect that hipd needs to be run for the first time before hipfw can be started, as it needs to generate firewall_config. Furthermore, as the configuration files are not explicitly shipped in the distribution packages, they will not be removed on purge. We need to maintain configuration in separate files, add them to configure.ac and ensure that the configuration files can also be found in case of running hipd from source without prior make install.