or the past couple months I’ve been working on a major revision of the Linux FHS (Filesystem Hierarchy Standard). Among other things, this revision aims to put store-based distributions like NixOS on an equal footing with the more traditional filesystem layout.
This revision is now to the point where it’s useful for me to get feedback, and I’d like your feedback in particular on the new language on store-based distributions, and on what should go in the placeholder section about “expectations for the runtime behavior of software” to encourage people to write code that works on store-based distributions with as little fuss as possible.
This is not NixOS-specific feedback but something that would be good for FHS to cover: paths for installation of certificates. In some enterprise environments, there is a requirement to install a custom certificate to allow for for TSL/SSL inspection. For example when the organization uses Zscaler Internet Access (ZIA). In such a case, the cybersec department will distribute a certificate bundle, which developers need to figure out where to install to make their development environments to work. And this will depend on OS, what Linux distro they are using (if in WSL and so on). Painful and no way to avoid dealing with it.
If FHS can help to clear up where certificates should be installed, it will be a huge help to IT staff within such organizations. It will make it easier to create common tools and documentation etc
I cheated a bit and asked ChatGPT to summarize the locations, just for illustration. Obviously would require more research to incorporate in a spec
Thanks! There’s already a request to standardize PKI certificate locations in the project’s issue tracker <https://gitlab.freedesktop.org/FHS/fhs-spec/-/issues/47>; we need to do a bunch more research and discussion before we can actually act on that. Would you mind reposting your notes to that issue?