On Mon, 2006-09-04 at 09:44 -0400, Jesse Keating wrote:
On Mon, 2006-09-04 at 14:40 +0100, Joe Orton wrote:
> With httpd we auto-generate a unique SSL certificate in %post
> (/etc/pki/tls/localhost.crt et al; some other packages are similar
> IIRC). I don't think it would be correct to have those generated
> files
> %files-owned by the package in any way.
Shouldn't this be done the first time the service is started? The same
install could be cloned many times over (xen) and your unique identifier
will be invalid. This is why ssh generates its keys the first time the
service is started.
Actually, the reason sshd generates its keys the first time is because
it made a significant difference on 31-bit s390 install time with Red
Hat Linux 7.1 on zSeries.
Jeremy