Use `rm -f`

[jlduran]

It will avoid prompting the user for confirmation, as many times users alias rm -i to rm. It will also not fail if the files do not exist.

[jlduran]

Are we sure we want the following behaviour in the case of error:

  If the file does not exist, do not display a diagnostic
  message or modify the exit status to reflect an error.

If someone uses these instructions in a script, yes.

[koobs]

I'm fine with this if it doesn't change the indempotent nature of the step and doesn't introduce new cases that we havent considered, or cant/dont handle

[jlduran]

Well, this step is not idempotent. It will remove the keys, and if the server is not restarted (i.e. the keys are not regenerated) they won't/can't be removed again because they don't exist.

The script will however not fail if the file(s) doesn't(don't) exist with rm -f, I guess that's why Debian and RedHat guides rm -f (although, I believe the root account on those systems alias rm -i to rm, this way it won't prompt for confirmation).

Again, I thought this was going to be an easy "ship it", if you're having doubts, I don't mind leaving it just rm, and maybe add a warning that if you plan on using these instructions in a scripted installation/provisioning/configuration orchestration, use rm -f.

[koobs]

Not having doubts. Just wanted to make sure I understood the changed behaviour expectations.

By indempotent i just mean same resulting state (no keys) even with multiple invocations, not that there's no side effect in the first case.

I think the rm-f is fine