On Mon, Dec 22, 2008 at 12:44:28PM -0800, Dave Parker wrote: > > 3) those files expect to find a cert/key pair called spacewalk.* in the > /etc/pki/tls structure. The package that installs the zz-* files sets up a > pair > of symlinks in /etc/pki/tls that point to the cert/key pair spacewalk installs > in /etc/httpd/conf/ssl.* (it looked too treacherous to try to change the > latter > at this time). > > 4) adds to spacewalk-setup the ability to backup and generate a new > /etc/httpd/conf.d/ssl.conf. This was necessary as the default ssl.conf > provided > by the mod_ssl package defines the _default_:443 ssl server, and does so in a > way that's incompatible with spacewalk for lack of three directives. As it's > improper for a second rpm to alter %config files from a first, it's > implemented > instead as a question in spacewalk-setup.
Dave, Milan and I have been working on upgrade problems. It seems, the change you did to spacewalk-setup does not add the SSL configuration to /etc/httpd/conf.d/ssl.conf upon upgrade. So after upgrade, the config is not used. I addition to that, I really wonder why you've decided to put whole new content to that /etc/httpd/conf.d/ssl.conf instead of just changing the SSLCertificateFile and SSLCertificateKeyFile to /etc/pki/tls/private/spacewalk.* (while commenting out the original values), and adding those three mod_rewrite lines to _default_:443's VirtualHost section. That way, whatever setting the system administrator would have in that file would be preserved, plus the code would be usable for upgrades as well. Could we get the SSL-config-changing procedure improved for 0.5? -- Jan Pazdziora Satellite Engineering, Red Hat _______________________________________________ Spacewalk-devel mailing list [email protected] https://www.redhat.com/mailman/listinfo/spacewalk-devel
