Skip to content

Run cert refresh scripts after upgrade complete

Steve Traylen requested to merge post into master

Currently the cert refresh scriptlets are being run after package installation.

In the case of upgrade as always the new package is installed before the old package is removed so it was running the refresh with the to be removed files still in place.

Instead run:

  • Explicitly on initial installation only in the %post.
  • Run after package is removed during an upgrade in the %postun.

We can not run on removal since /usr/sbin/cern-import-certs-java is not available anyway.

Edited by Steve Traylen

Merge request reports