From f38bb25abe0e69b4f8cf5587cfa460d8120f1884 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 24 Jan 2023 10:24:39 +0100
Subject: [PATCH] Resolves: #2160667 - prevent sscg creating /dhparams.pem

---
 httpd-init.service | 1 +
 httpd-ssl-gencerts | 1 +
 httpd.spec         | 7 +++++--
 3 files changed, 7 insertions(+), 2 deletions(-)

diff --git a/httpd-init.service b/httpd-init.service
index 3074778..704c314 100644
--- a/httpd-init.service
+++ b/httpd-init.service
@@ -8,5 +8,6 @@ ConditionPathExists=|!/etc/pki/tls/private/localhost.key
 [Service]
 Type=oneshot
 RemainAfterExit=no
+PrivateTmp=true
 
 ExecStart=/usr/libexec/httpd-ssl-gencerts
diff --git a/httpd-ssl-gencerts b/httpd-ssl-gencerts
index 350f5b5..5c271f7 100755
--- a/httpd-ssl-gencerts
+++ b/httpd-ssl-gencerts
@@ -33,6 +33,7 @@ sscg -q                                                             \
      --cert-file           /etc/pki/tls/certs/localhost.crt         \
      --cert-key-file       /etc/pki/tls/private/localhost.key       \
      --ca-file             /etc/pki/tls/certs/localhost.crt         \
+     --dhparams-file       /tmp/dhparams.pem                        \
      --lifetime            365                                      \
      --hostname            $FQDN                                    \
      --email               root@$FQDN
diff --git a/httpd.spec b/httpd.spec
index 5d05702..d15a524 100644
--- a/httpd.spec
+++ b/httpd.spec
@@ -13,7 +13,7 @@
 Summary: Apache HTTP Server
 Name: httpd
 Version: 2.4.53
-Release: 9%{?dist}
+Release: 10%{?dist}
 URL: https://httpd.apache.org/
 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
 Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@@ -215,7 +215,7 @@ Epoch: 1
 BuildRequires: openssl-devel
 Requires(pre): httpd-filesystem
 Requires: httpd-core = 0:%{version}-%{release}, httpd-mmn = %{mmnisa}
-Requires: sscg >= 2.2.0, /usr/bin/hostname
+Requires: sscg >= 3.0.0-7, /usr/bin/hostname
 # Require an OpenSSL which supports PROFILE=SYSTEM
 Conflicts: openssl-libs < 1:1.0.1h-4
 
@@ -867,6 +867,9 @@ exit $rv
 %{_rpmconfigdir}/macros.d/macros.httpd
 
 %changelog
+* Tue Jan 24 2023 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-10
+- Resolves: #2160667 - prevent sscg creating /dhparams.pem
+
 * Thu Dec 08 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.53-9
 - Resolves: #2143176 - Dependency from mod_http2 on httpd broken