Updating <Rule> in shibboleth2.xml (was: Shibboleth 2.x packages updated in unstable)
Peter Schober
peter.schober at univie.ac.at
Wed Sep 16 14:06:40 UTC 2009
* Scott Cantor <cantor.2 at osu.edu> [2009-09-15 22:37]:
> > I suppose if people never changed the defaults, we could do
> > something simpler.
>
> No, they don't, but guaranteeing that isn't so easy.
Wouldn't conditionally applying a patch[1] in the postinst phase be
sufficient? Something along the lines of:
$ patch --dry-run -p0 -s < r2962.diff 1>/dev/null 2>&1 && patch -p0 -s 1>/dev/null 2>&1
Or a perl script with the exact bunch of lines to replace:
my $match = <<EOF
<SecurityPolicies>
...
</SecurityPolicies>
EOF
;
my $replace = <<EOF
# ditto
my $file = '/etc/shibboleth/shibboleth2.xml';
open( my $fh, $file ) or die "cannot open $file: $!";
my $conf = do { local( $/ ) ; <$fh> } ;
close $fh;
$conf =~ s/$match/$replace/;
then write $conf to a new file, check with xmlwf(1), xmllint(1) or
`shibd -t -c $file` and replace $file (or just open $file read-write
and replace its contents).
Doesn't need to be XML-aware, will only replace stuff if the old
default config was in place unmodified?
-peter
[1] The SecurityPolicy relevant part of:
svn diff -r2961:2962 configs/shibboleth2.xml > r2962.diff
More information about the Pkg-shibboleth-devel
mailing list