Bug 1520277

Summary: PR_FILE_NOT_FOUND_ERROR during pkispawn
Product: Red Hat Enterprise Linux 7 Reporter: Geetika Kapoor <gkapoor>
Component: pki-coreAssignee: Ade Lee <alee>
Status: CLOSED ERRATA QA Contact: Asha Akkiangady <aakkiang>
Severity: low Docs Contact: Marc Muehlfeld <mmuehlfe>
Priority: low    
Version: 7.4CC: alee, lmiksik, mharmsen
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: pki-core-10.5.1-6.el7 Doc Type: Bug Fix
Doc Text:
The *pkispawn* utility no longer displays incorrect errors Previously, during a successful installation of Certificate System, the *pkispawn* utility incorrectly displayed errors related to deleting temporary certificates. The problem has been fixed, and the error messages no longer display if the installation succeeds.
 Story Points: ---
Clone Of: Environment:
Last Closed: 2018-04-10 17:02:54 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Geetika Kapoor 2017-12-04 07:49:53 UTC 
Description of problem:

During pkispawn, we see below message in stderr:

certutil: Could not find cert: Server-Cert cert-topology-02-CA
: PR_FILE_NOT_FOUND_ERROR: File not found

Installation is successful. Looks like cosmetic fix but this might confuse any user.

Installation logs:
==================

Log file: /var/log/pki/pki-ca-spawn.20171121154949.log
Installing CA into /var/lib/pki/pki-tomcat.
Storing deployment configuration into /etc/sysconfig/pki/tomcat/pki-tomcat/ca/deployment.cfg.
certutil: Could not find cert: Server-Cert cert-pki-tomcat
: PR_FILE_NOT_FOUND_ERROR: File not found
Notice: Trust flag u is set automatically if the private key is present.

    ==========================================================================
                                INSTALLATION SUMMARY
    ==========================================================================

      Administrator's username:             caadmin
      Administrator's PKCS #12 file:
            /root/.dogtag/pki-tomcat/ca_admin_cert.p12

      To check the status of the subsystem:
            systemctl status pki-tomcatd

      To restart the subsystem:
            systemctl restart pki-tomcatd

      The URL for the subsystem is:
            https://pki1.example.com:8443/ca

      PKI instances will be enabled upon system boot

    ==========================================================================


Version-Release number of selected component (if applicable):

10.5

How reproducible:

always during pkispawn installation 
Steps to Reproduce:
1.Do pkispawn and check installation logs.
2.
3.

Actual results:


Expected results:


Additional info:
Comment 3 Ade Lee 2018-01-12 18:49:43 UTC 
10.5:

Commit 2e5f4408a09819242de0b1b0eb023e5ddf074acd (HEAD -> fix_spurious_messages_10.5)
Author: Ade Lee <alee>
Date:   Thu Jan 11 15:16:02 2018 -0500

    Modify get_cert to get rid of spurious certutil error messages
    
    Also shortened some lines to comply with PEP8
    rhbz# 1520277
    
    Change-Id: I71d5ecb24c979c1be642a0c3529aebfae6e98aa7
Comment 5 Ade Lee 2018-01-26 16:12:15 UTC 
QE Verification:

Pretty obvious.  Run pkispawn , no messages seen.
Comment 6 Geetika Kapoor 2018-01-30 19:44:52 UTC 
Test bits:
==========

rpm -qa pki-*
pki-tools-10.5.1-6.el7.x86_64
pki-ocsp-10.5.1-6.el7pki.noarch
pki-javadoc-10.5.1-5.1.el7.noarch
pki-base-10.5.1-6.el7.noarch
pki-symkey-10.5.1-6.el7.x86_64
pki-server-10.5.1-6.el7.noarch
pki-kra-10.5.1-6.el7.noarch
pki-tks-10.5.1-6.el7pki.noarch
pki-console-10.4.1-7.el7pki.noarch
pki-core-debuginfo-10.5.1-5.1.el7pki.x86_64
pki-base-java-10.5.1-6.el7.noarch
pki-ca-10.5.1-6.el7.noarch
pki-tps-10.5.1-6.el7pki.x86_64

# rpm -qa jss*
jss-4.4.0-11.el7.x86_64

# rpm -qa nss*
nss-softokn-devel-3.34.0-2.el7.x86_64
nss-softokn-3.34.0-2.el7.x86_64
nss-3.34.0-4.el7.x86_64
nss-pem-1.0.3-4.el7.x86_64
nss-sysinit-3.34.0-4.el7.x86_64
nss-util-devel-3.34.0-2.el7.x86_64
nss-softokn-freebl-devel-3.34.0-2.el7.x86_64
nss-devel-3.34.0-4.el7.x86_64
nss-softokn-freebl-3.34.0-2.el7.x86_64
nss-util-3.34.0-2.el7.x86_64
nss-tools-3.34.0-4.el7.x86_64

Pkispawn installation with ExternalCA and CA doesn't show PR_FILE_NOT_FOUND_ERROR in above mentioned build.

Moving to verified
Comment 10 errata-xmlrpc 2018-04-10 17:02:54 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2018:0925