Automatically generated configuration files
Brian C. Lane
bcl at redhat.com
Fri Apr 25 02:43:17 UTC 2014
On Thu, Apr 24, 2014 at 10:10:15AM -0400, Adam Jackson wrote:
> On Thu, 2014-04-24 at 15:47 +0200, Florian Weimer wrote:
> > I'm working on advice on automated X.509 certificate generation during
> > package installation.
> >
> > One aspect is that these files obviously have to be generated on the
> > system during installation (or first service start) and cannot be
> > shipped in the package. Some existing RPMs just drop files into
> > /etc/pki/certs and /etc/pki/tls/private, without marking them as ghost
> > files or configuration files. (I'm not even sure if you can mark
> > something for which no content is provided in the RPM as a configuration
> > file.)
> >
> > I wonder what an ideal RPM package would do in this case?
>
> If you know what service is going to require the cert, you might copy
> the pattern from openssh, where sshd-keygen.service runs as a prereq for
> sshd itself.
This, or first service start, are good ideas. Remember that your package
may not be getting installed on the system where it eventually runs --
livecd's, cloud images, etc. can be created in situations where the
build host is totally different from the final target. eg. creating an
image inside a mock running on a RHEL6 system.
--
Brian C. Lane | Anaconda Team | IRC: bcl #anaconda | Port Orchard, WA (PST8PDT)
More information about the devel
mailing list