Bug 1266987

Summary: Runtime dependency on python-nss is missing
Product: Red Hat Enterprise Linux 7 Reporter: Roshni <rpattath>
Component: pki-coreAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: high Docs Contact:
Priority: high    
Version: 7.2CC: arubin, nkinder
Target Milestone: rc   
Target Release: 7.3   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pki-core-10.3.1-1.el7 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
: 1267020 (view as bug list) Environment:
Last Closed: 2016-11-04 05:19:51 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 1267020    

Description Roshni 2015-09-28 18:21:33 UTC 
Description of problem:
Runtime dependency on python-nss is missing

Version-Release number of selected component (if applicable):
pki-ca-10.2.5-6.el7.noarch

How reproducible:
always

Steps to Reproduce:
1. pkispawn CA
2.[root@cisco-b22m3-01 ~]# pki-server subsystem-cert-find ca
Traceback (most recent call last):
  File "/usr/sbin/pki-server", line 28, in <module>
    import pki.server.cli.subsystem
  File "/usr/lib/python2.7/site-packages/pki/server/cli/subsystem.py", line 26, in <module>
    import nss.nss as nss
ImportError: No module named nss.nss
3.

Actual results:
yum install python-nss

[root@cisco-b22m3-01 ~]# pki-server
Usage: pki-server [OPTIONS]

  -v, --verbose                Run in verbose mode.
      --debug                  Show debug messages.
      --help                   Show help message.

Commands:
 ca                            CA management commands        
 instance                      Instance management commands  
 subsystem                     Subsystem management commands 
 migrate                       Migrate system                
 nuxwdog                       Nuxwdog related commands

Expected results:
pki-server command should be executable after CA packages are installed and pkispawn of CA

Additional info:
Comment 4 Matthew Harmsen 2016-01-07 01:22:01 UTC 
Per discussions in the RHEL 7.3 Triage meeting of 01/06/2016: priority high
Comment 5 Matthew Harmsen 2016-01-07 01:23:56 UTC 
Upstream ticket:
https://fedorahosted.org/pki/ticket/1720
Comment 6 Matthew Harmsen 2016-02-04 22:56:28 UTC 
Checked into DOGTAG_10_2_RHEL_BRANCH:
* 1c459dea5dafa15b467ea93ea160e4e960a4aa69

Checked into the following branches:

* master
  29801060fa86b6f196ef694c6672d909ea5336e4 

* DOGTAG_10_2_BRANCH
  58df7a061cd395cff29016e8d1efc3dafad91b4c 

* DOGTAG_10_2_6_BRANCH
  063944827690c47f1f1422e178b5b8729738ac3d
Comment 7 Mike McCune 2016-03-28 23:05:20 UTC 
This bug was accidentally moved from POST to MODIFIED via an error in automation, please see mmccune with any questions
Comment 9 Roshni 2016-08-09 15:01:52 UTC 
[root@auto-hv-02-guest02 ~]# rpm -qi pki-ca
Name        : pki-ca
Version     : 10.3.3
Release     : 5.el7
Architecture: noarch
Install Date: Tue 09 Aug 2016 09:19:45 AM EDT
Group       : System Environment/Daemons
Size        : 2430595
License     : GPLv2
Signature   : (none)
Source RPM  : pki-core-10.3.3-5.el7.src.rpm
Build Date  : Tue 09 Aug 2016 07:47:56 AM EDT
Build Host  : ppc-021.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : http://pki.fedoraproject.org/
Summary     : Certificate System - Certificate Authority

Verification steps

1. yum -y install pki-ca
2. pkispawn -s CA -f ca.cfg
3. [root@auto-hv-02-guest02 ~]# pki-server subsystem-cert-find ca -i topology-CA
-----------------
5 entries matched
-----------------
  Cert ID: signing
  Nickname: caSigningCert cert-topology-CA CA
  Token: Internal Key Storage Token

  Cert ID: ocsp_signing
  Nickname: ocspSigningCert cert-topology-CA CA
  Token: Internal Key Storage Token

  Cert ID: sslserver
  Nickname: Server-Cert cert-topology-CA
  Token: Internal Key Storage Token

  Cert ID: subsystem
  Nickname: subsystemCert cert-topology-CA
  Token: Internal Key Storage Token

  Cert ID: audit_signing
  Nickname: auditSigningCert cert-topology-CA CA
  Token: Internal Key Storage Token


[root@auto-hv-02-guest02 ~]# rpm -qi python-nss
Name        : python-nss
Version     : 0.16.0
Release     : 3.el7
Architecture: x86_64
Install Date: Tue 09 Aug 2016 09:07:58 AM EDT
Group       : Development/Languages
Size        : 924799
License     : MPLv2.0 or GPLv2+ or LGPLv2+
Signature   : RSA/SHA256, Wed 19 Aug 2015 05:15:19 AM EDT, Key ID 199e2f91fd431d51
Source RPM  : python-nss-0.16.0-3.el7.src.rpm
Build Date  : Mon 22 Jun 2015 10:25:23 AM EDT
Build Host  : x86-019.build.eng.bos.redhat.com
Relocations : (not relocatable)
Packager    : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla>
Vendor      : Red Hat, Inc.
URL         : ftp://ftp.mozilla.org/pub/mozilla.org/security/python-nss
Summary     : Python bindings for Network Security Services (NSS)
Comment 11 errata-xmlrpc 2016-11-04 05:19:51 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2016-2396.html