Hello, Am 05.01.2011 um 14:40 schrieb Miika Komu: > Built-in defaults sound nice but we don't have that luxury in HIP (there > shouldn't be any default private keys, right?). So refusing to run is > the only option but this sucks from the view point of usability. Nobody > wants to copy files based on templates or whatever, and this is why hipd > currently creates all necessary configuration files on first run. > Another reason why hipd creates them is because we have currently four > different ways to use hipd (directly from sources, make install, .deb > and .rpm) and the current method just worked with all of them. > Looking at SSH, a good solution may lie somewhere n the middle. AFAIK, SSH has a sane set of default rules but creates some configuration files (most notably the host keys) on first run. Wouldn't that be a model that suits HIP as well? Tobias > "make install" should probably create the necessary configuration files > but not all people want to install (before trying out). So at least > there should be "hipconf createconfigs" at the very least (*). > Hipd/hipfw failing to start due to missing configs should instruct the > user to run the command. > > (*) It shouldn't be too difficult to move this functionality from > hipd/init.c to hipconf. > > -- > You received this bug notification because you are a member of HIPL core > team, which is subscribed to HIPL. > https://bugs.launchpad.net/bugs/693834 > > Title: > maintain configuration files as separate files > > Status in Host Identity Protocol for Linux: > Confirmed > > Bug description: > The configuration files of hipd, hipfw and related HIPL programs are > currently maintained in-source at hipd/init.c. > > Examples are: > - HIPL_CONFIG_FILE_EX > - HIPL_HOSTS_FILE_EX > - HIPL_NSUPDATE_CONF_FILE_EX > - hip_init_certs() > > This is ugly and leads to the side-effect that hipd needs to be run for the > first time before hipfw can be started, as it needs to generate > firewall_config. Furthermore, as the configuration files are not explicitly > shipped in the distribution packages, they will not be removed on purge. > > We need to maintain configuration in separate files, add them to configure.ac > and ensure that the configuration files can also be found in case of running > hipd from source without prior make install. > > >