Ben Aveling via FreeIPA-users wrote: > The man page for ipa-client-install has a list of files that are > replaced/created/updated. > > It's not completely up to date. > > I'm sure if it's worth the effort of keeping it up to date or not. > > On the one hand, it's probably a bit of work to get it up to date and keep it > up to date. > > On the other hand, If it were up to date, it could be useful for people who > want to be able to do a selective backup, prior to installing, or just want > to see what changes. > > If we don't want to keep it up to date, we should probably explain what the > criteria for including files in the list is, while being clear that this > isn't the full list. > > If we do want to bring it up to date, it should possibly also include : > > Files always created (replacing existing content): > > - /etc/pki/ca-trust/source/ipa.p11-kit > > Files updated, existing content is maintained: > > - /etc/pki/ca-trust/extracted/java/cacerts > > Does IPA depend on the entries that it adds to cacerts? Or does it just put > them there in case some other application needs them?
Both are related to configuring system-wide trust. The first file is created by IPA and should be included in the list. The second is a side-effect of running update-ca-trust and it's arguable whether it should be or not (as re-running the command will generate it). I opened https://pagure.io/freeipa/issue/8424 thanks for the report rob _______________________________________________ FreeIPA-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedorahosted.org/archives/list/[email protected]
