GnuTLS -- certtool
Joe Orton
jorton at redhat.com
Wed Mar 26 09:06:50 UTC 2008
On Tue, Mar 25, 2008 at 09:49:20PM -0600, Jonathan Steffan wrote:
> Thanks Jeff. This seems to have helped some. What are we supposed to do
> about a rpm package that needs to generate keys in %post? Just hope
> users are patient enough?
Use something which does not consume the /dev/random entropy pool; I
can't see a way to make GnuTLS certtool do that, but /usr/bin/openssl
can. The mod_ssl %post does:
%{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > %{sslkey} 2> /dev/null
I've been meaning to split this out into a script since the dummy
keypair generation is copied and pasted into several places. The list
of /proc files probably needs updating too.
What package are you working on here?
joe
More information about the fedora-devel-list
mailing list