prevent sscg writing /dhparams.pem

httpd-init.service

@@ -8,5 +8,6 @@ ConditionPathExists=|!/etc/pki/tls/private/localhost.key
 [Service]
 Type=oneshot
 RemainAfterExit=no
+PrivateTmp=true
 
 ExecStart=/usr/libexec/httpd-ssl-gencerts

httpd-ssl-gencerts

@@ -33,6 +33,7 @@ sscg -q                                                             \
      --cert-file           /etc/pki/tls/certs/localhost.crt         \
      --cert-key-file       /etc/pki/tls/private/localhost.key       \
      --ca-file             /etc/pki/tls/certs/localhost.crt         \
+     --dhparams-file       /tmp/dhparams.pem                        \
      --lifetime            365                                      \
      --hostname            $FQDN                                    \
      --email               root@$FQDN

httpd.spec

@@ -24,7 +24,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.54
-Release: 11%{?dist}
+Release: 12%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -194,7 +194,7 @@ Epoch: 1
 BuildRequires: openssl-devel
 Requires(pre): httpd-filesystem
 Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-Requires: sscg >= 2.2.0, /usr/bin/hostname
+Requires: sscg >= 3.0.0-7, /usr/bin/hostname
 # Require an OpenSSL which supports PROFILE=SYSTEM
 Conflicts: openssl-libs < 1:1.0.1h-4
 # mod_ssl/mod_nss cannot both be loaded simultaneously
@@ -854,6 +854,9 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.54-12
+- prevent sscg writing /dhparams.pem
+
 * Thu Jan 19 2023 Fedora Release Engineering <releng@fedoraproject.org> - 2.4.54-11
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_38_Mass_Rebuild