On Thu, 2014-04-24 at 15:47 +0200, Florian Weimer wrote: > I'm working on advice on automated X.509 certificate generation during > package installation. > > One aspect is that these files obviously have to be generated on the > system during installation (or first service start) and cannot be > shipped in the package. Some existing RPMs just drop files into > /etc/pki/certs and /etc/pki/tls/private, without marking them as ghost > files or configuration files. (I'm not even sure if you can mark > something for which no content is provided in the RPM as a configuration > file.) > > I wonder what an ideal RPM package would do in this case? If you know what service is going to require the cert, you might copy the pattern from openssh, where sshd-keygen.service runs as a prereq for sshd itself. - ajax -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
