[Fedora-packaging] running openssl dhparam in %post
Orion Poplawski
orion at cora.nwra.com
Thu Sep 17 19:32:08 UTC 2015
On 09/17/2015 01:07 PM, Daniel Pocock wrote:
>
>
> For reSIProcate 1.10.0, we will support PFS on TLS connections, this
> requires a DH parameters file to be generated on each installation of
> the package. There is probably a similar requirement for other packages
> that have a TLS server and don't generate DH parameters at compile time.
>
> My current solution involves adding the following to %post
>
>
> if [ ! -e %{_sysconfdir}/repro/dh2048.pem ] ;
> then
> /usr/bin/openssl dhparam -outform PEM \
> -out %{_sysconfdir}/repro/dh2048.pem 2048
> chown root:repro %{_sysconfdir}/repro/dh2048.pem
> chmod 0640 %{_sysconfdir}/repro/dh2048.pem
> fi
>
>
> and then adding this to %files
>
>
> %config(missingok) %ghost %{_sysconfdir}/repro/dh2048.pem
>
>
> The dh2048.pem file is created correctly during package installation but
> it is not removed when the package is removed with "rpm -e"
You'll need to %ghost the file to have it removed.
> Is there a better way to do this or does it look OK?
Do look at the initital service setup stuff that Jason mentioned.
--
Orion Poplawski
Technical Manager 303-415-9701 x222
NWRA, Boulder/CoRA Office FAX: 303-415-9702
3380 Mitchell Lane orion at nwra.com
Boulder, CO 80301 http://www.nwra.com
More information about the packaging
mailing list