Automatically generated configuration files

Adam Jackson ajax at
Thu Apr 24 14:10:15 UTC 2014

On Thu, 2014-04-24 at 15:47 +0200, Florian Weimer wrote:
> I'm working on advice on automated X.509 certificate generation during 
> package installation.
> One aspect is that these files obviously have to be generated on the 
> system during installation (or first service start) and cannot be 
> shipped in the package.  Some existing RPMs just drop files into 
> /etc/pki/certs and /etc/pki/tls/private, without marking them as ghost 
> files or configuration files.  (I'm not even sure if you can mark 
> something for which no content is provided in the RPM as a configuration 
> file.)
> I wonder what an ideal RPM package would do in this case?

If you know what service is going to require the cert, you might copy
the pattern from openssh, where sshd-keygen.service runs as a prereq for
sshd itself.

- ajax

More information about the devel mailing list