Shibboleth Developers

[Chad La Joie <>]

I think the instructions are

1. Set the flag to install the conf files
2. Build
3. Deploy/Install
4. Change flag back
5. Hand edit file

The question here is upgrade path, I think.  As far I've heard the Shib 
upgrade path has always been to install in a new directory.  The 
assumption is that an upgrade will always include new configuration 
files/options and what not so copying files in to the old configuration 
directory(ies) would likely lead to the problem I outlined.

You can have the extension do the installation of baseline files, but 
after that I don't think you ever want the build script touching that 
directory again.  If I could get rid of the flag, by getting the build 
to auto-detect if it had already installed an extension, I would, and 
then I'd have the build just not copy stuff over again, ever.  This is 
probably to hard-line but I really think the issue of mixed versions of 
config files would prove to be a monumental mess.

To me, this feels like it's addressing your requirement.  Do you feel 
that it doesn't?

Tom Scavo wrote:
> > > If true, copy ${ext.name}/etc to ${idp.home}/etc and overwrite
> > > anything that's there.  If false (default), copy ${ext.name}/etc to
> > > ${idp.home}/etc but do not overwrite any existing files.  This
> > > precludes the need to modify the property after the initial install.
> >
> > No, I do not want to copy stuff but not overwrite.  I think this could
> > lead to bad things.  For example, in version 1.0 of an extension you
> > have foo.xml.  Then in version 1.1 you have foo.xml with new, and
> > required stuff, as well as bar.xml.  If you just copy bar.xml over you
> > might get all sorts of odd errors because you foo.xml wouldn't have the
> > new stuff in it.
>
>
> Well, again, I have to fall back on first principles.  I have a SAML2
> metadata file that the site administrator will maintain on a regular
> basis.  The installer should provide a starter metadata file (which
> may change from version to version) but it should never overwrite the
> file the sysadmin is maintaining.  The installation instructions could
> go like this:
>
> 1) Copy the starter metadata file to a user home directory.
> 2) Modify the IdP config file to point to this user metadata file.
> 3) ...
>
> As long as the user follows these directions, the metadata file is
> protected from subsequent uninstalls and re-installs.  Is this the
> correct approach?

--
Chad La Joie             315Q St. Mary's Hall
Project Sentinel         202.687.0124