Ben Aveling via FreeIPA-users wrote:
The man page for ipa-client-install has a list of files that are
replaced/created/updated.
It's not completely up to date.
I'm sure if it's worth the effort of keeping it up to date or not.
On the one hand, it's probably a bit of work to get it up to date and keep it up to
date.
On the other hand, If it were up to date, it could be useful for people who want to be
able to do a selective backup, prior to installing, or just want to see what changes.
If we don't want to keep it up to date, we should probably explain what the criteria
for including files in the list is, while being clear that this isn't the full list.
If we do want to bring it up to date, it should possibly also include :
Files always created (replacing existing content):
- /etc/pki/ca-trust/source/ipa.p11-kit
Files updated, existing content is maintained:
- /etc/pki/ca-trust/extracted/java/cacerts
Does IPA depend on the entries that it adds to cacerts? Or does it just put them there in
case some other application needs them?
Both are related to configuring system-wide trust. The first file is
created by IPA and should be included in the list. The second is a
side-effect of running update-ca-trust and it's arguable whether it
should be or not (as re-running the command will generate it).
I opened
https://pagure.io/freeipa/issue/8424
thanks for the report
rob