SP packaging

[Ferenc Wágner]

"Cantor, Scott" <cantor.2 at osu.edu> writes:

> On 1/27/16, 7:47 AM, "Pkg-shibboleth-devel on behalf of Ferenc Wágner"
> <pkg-shibboleth-devel-bounces+cantor.2=osu.edu at lists.alioth.debian.org
> on behalf of wferi at niif.hu> wrote:
>
>> Fully agreed.  I kept the logcheck file partly to make it easy for
>> the admin to change logging configuration to syslog.
>
> I'm not a syslog fan for this kind of logging,

Could you elaborate a little?  What kind a logging do you mean, and what
are your reservations against syslog?

> but if there's some kind of "trick" to make it easier to switch to
> syslog that's not Debian only, I can certainly look at it.

The situation is not bad; maybe we could simply insert an alternative
(commented) native_log appender definition into native.logger.  Or do
the opposite, like we do now.  I can't see how you could help with this,
short of changing the upstream default to syslog. :)

>> I'm thrilled to remove this fallback from the init script.  But the
>> above mentioned problem is largely unrelated.  The issue is that the
>> admin can naturally issue shibd -t to check the config after some
>> modification, and if this test run creates new metadata files (for
>> example) in /var/cache/shibboleth, those will we owned by root.  Thus
>> the daemon running as _shibd can't update them later.  I can't see a way
>> to fix cleanly without putting the identity change into shibd.
>
> I think that's really a bug at this point, the -t option long predates
> use of an alternate user account.

SSPCPP-645 is closed, even though it has addressed the problem only
under SysV init, not under systemd.  Shell I open a new issue for this?
-- 
Regards,
Feri.