GnuTLS -- certtool
Jonathan Steffan
jon at fedoraunity.org
Wed Mar 26 16:57:15 UTC 2008
Joe Orton wrote:
> On Tue, Mar 25, 2008 at 09:49:20PM -0600, Jonathan Steffan wrote:
>> Thanks Jeff. This seems to have helped some. What are we supposed to do
>> about a rpm package that needs to generate keys in %post? Just hope
>> users are patient enough?
>
> Use something which does not consume the /dev/random entropy pool; I
> can't see a way to make GnuTLS certtool do that, but /usr/bin/openssl
> can. The mod_ssl %post does:
>
> %{_bindir}/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > %{sslkey} 2> /dev/null
>
> I've been meaning to split this out into a script since the dummy
> keypair generation is copied and pasted into several places. The list
> of /proc files probably needs updating too.
>
> What package are you working on here?
mod_gnutls
http://jsteffan.fedorapeople.org/SRPMS/mod_gnutls-0.2.0-2.fc8.src.rpm
The SELinux stuff still remains, and I've come to find out that
mod_gnutls is not playing nice with mod_proxy, so I might not even end
up using mod_gnutls.
--
Jonathan Steffan
daMaestro
Fedora Unity - http://fedoraunity.org/
GPG Fingerprint: 93A2 3E2F DC26 5570 3472 5B16 AD12 6CE7 0D86 AF59
More information about the fedora-devel-list
mailing list