commit be665e77eb7cd88a3d15676945bec7def3eb73d5
Author: Frank Ch. Eigler <fche@redhat.com>
Date:   Wed Jun 15 10:58:01 2016 -0400

    RHBZ1346112: let stap-server create ssl-cert  on first run rather than install
    
    This way different container-images get different certs.

diff --git a/stap-server b/stap-server
index 939c503..c39ae49 100644
--- a/stap-server
+++ b/stap-server
@@ -500,6 +500,19 @@ prepare_stat_dir () {
   return 0
 }
 
+prepare_certs () {
+    if [ "$USER" != "`id -un`" ]; then
+        if ! runuser -s /bin/bash - $USER -c 'test -f $HOME/.systemtap/ssl/server/stap.cert'; then
+            runuser -s /bin/bash - $USER -c %{_libexecdir}/systemtap/stap-gen-cert >/dev/null
+        fi
+    else
+        if ! test -f $HOME/.systemtap/ssl/server/stap.cert; then
+            ${PKGLIBEXECDIR}stap-gen-cert
+        fi
+    fi
+}
+
+
 prepare_log_dir () {
   local log_path=`dirname "$1"`
   if [ ! -d "$log_path" ]; then
@@ -859,6 +872,13 @@ start_server () {
 	fi
     fi
 
+    # Create certificates for this server
+    prepare_certs
+    if [ $? -ne 0 ]; then
+	echo $"Failed to make certificates ($USER .systemtap/ssl/server/stap.cert)" >&2
+	exit 1
+    fi
+
     # Create the log directory for this server
     prepare_log_dir "$LOG"
     if [ $? -ne 0 ]; then
diff --git a/systemtap.spec b/systemtap.spec
index 1630fba..84bf041 100644
--- a/systemtap.spec
+++ b/systemtap.spec
@@ -658,11 +658,6 @@ test -e %{_localstatedir}/log/stap-server/log || {
      chmod 644 %{_localstatedir}/log/stap-server/log
      chown stap-server:stap-server %{_localstatedir}/log/stap-server/log
 }
-# If it does not already exist, as stap-server, generate the certificate
-# used for signing and for ssl.
-if test ! -e ~stap-server/.systemtap/ssl/server/stap.cert; then
-   runuser -s /bin/sh - stap-server -c %{_libexecdir}/systemtap/stap-gen-cert >/dev/null
-fi
 # Prepare the service
 %if %{with_systemd}
      # Note, Fedora policy doesn't allow network services enabled by default