[Fedora-packaging] running openssl dhparam in %post
Daniel Pocock
daniel at pocock.pro
Thu Sep 17 19:32:25 UTC 2015
On 17/09/15 21:18, Jason L Tibbitts III wrote:
>>>>>> "DP" == Daniel Pocock <daniel at pocock.pro> writes:
>
> DP> For reSIProcate 1.10.0, we will support PFS on TLS connections, this
> DP> requires a DH parameters file to be generated on each installation
> DP> of the package.
>
> I do not know what that program is or does, but if it's a daemon then it
> is better to do such things as part of the daemon invocation. There is
> a whole guideline on doing that at
> https://fedoraproject.org/wiki/Packaging:Initial_Service_Setup
>
> On the other hand, if it's not a daemon it might be easier to create
> these things the first time the program is started, unless it's expected
> to be run by users in which case I guess the scriptlet is going to be
> your best bet.
>
Thanks for the feedback
Creating the DH parameters is slow (it takes several seconds) so it is
probably not something that can be done on every startup.
You can see what I mean by executing this command:
$ time openssl dhparam -outform PEM -out /tmp/dh2048.pem 2048
More information about the packaging
mailing list