Re: Automatically generated configuration files

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Thu, Apr 24, 2014 at 10:10:15AM -0400, Adam Jackson wrote:
> On Thu, 2014-04-24 at 15:47 +0200, Florian Weimer wrote:
> > I'm working on advice on automated X.509 certificate generation during 
> > package installation.
> > 
> > One aspect is that these files obviously have to be generated on the 
> > system during installation (or first service start) and cannot be 
> > shipped in the package.  Some existing RPMs just drop files into 
> > /etc/pki/certs and /etc/pki/tls/private, without marking them as ghost 
> > files or configuration files.  (I'm not even sure if you can mark 
> > something for which no content is provided in the RPM as a configuration 
> > file.)
> > 
> > I wonder what an ideal RPM package would do in this case?
> 
> If you know what service is going to require the cert, you might copy
> the pattern from openssh, where sshd-keygen.service runs as a prereq for
> sshd itself.

This, or first service start, are good ideas. Remember that your package
may not be getting installed on the system where it eventually runs --
livecd's, cloud images, etc. can be created in situations where the
build host is totally different from the final target. eg. creating an
image inside a mock running on a RHEL6 system.

-- 
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct





[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux