On Mon, Jan 14, 2019 at 01:31:28PM -0800, Diane Trout wrote: > I'm a little worried about just rm-ing previously invalid locations for > configuration files. Might you have suggestions about how to safely > clean up dnssec-triggers configuration file mess? (At the very least it > seems like it should check that a configuration file was actually > created by it before just deleting it)
Before thinking about cleanup, I'd start by making sure that fresh installs don't re-create problems. At the moment, purging dnssec-trigger leaves two keypairs in /etc; and when I rm them manually, and again install dnssec-trigger, they're back (in addition to the identically named pair in /etc/dnssec-trigger, which does get cleaned up on purge). Does that not happen for you? I think you can assume that files named /etc/dnssec_trigger_* belong to your package. However I don't understand dnssec-trigger enough to judge if these will always be autogenerated keys that are rendered obsolete by the keys in /etc/dnssec-trigger, or if some sysadmin might have replaced them with his own keys, for some reason. That is, if these are "configuration files" or just "data" that could equally have been put into /var/lib/dnssec-trigger for example... Florian
