Updating <Rule> in shibboleth2.xml (was: Shibboleth 2.x packages updated in unstable)

Peter Schober peter.schober at univie.ac.at
Wed Sep 16 14:06:40 UTC 2009


* Scott Cantor <cantor.2 at osu.edu> [2009-09-15 22:37]:
> > I suppose if people never changed the defaults, we could do
> > something simpler.
> 
> No, they don't, but guaranteeing that isn't so easy.

Wouldn't conditionally applying a patch[1] in the postinst phase be
sufficient? Something along the lines of:
$ patch --dry-run -p0 -s < r2962.diff 1>/dev/null 2>&1 && patch -p0 -s 1>/dev/null 2>&1

Or a perl script with the exact bunch of lines to replace:
my $match = <<EOF
    <SecurityPolicies>
    ...
    </SecurityPolicies>
EOF
;

my $replace = <<EOF
# ditto

my $file = '/etc/shibboleth/shibboleth2.xml';
open( my $fh, $file ) or die "cannot open $file: $!";
my $conf = do { local( $/ ) ; <$fh> } ;
close $fh;
$conf =~ s/$match/$replace/;

then write $conf to a new file, check with xmlwf(1), xmllint(1) or
`shibd -t -c $file` and replace $file (or just open $file read-write
and replace its contents).

Doesn't need to be XML-aware, will only replace stuff if the old
default config was in place unmodified?
-peter

[1] The SecurityPolicy relevant part of:
    svn diff -r2961:2962 configs/shibboleth2.xml > r2962.diff



More information about the Pkg-shibboleth-devel mailing list