Bug 2342245

Summary:	pyanaconda.modules.common.errors.installation.SecurityInstallationError: Certificate destination is missing
Product:	[Fedora] Fedora	Reporter:	Jan Stodola <jstodola>
Component:	anaconda	Assignee:	Radek Vykydal <rvykydal>
Status:	POST ---	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	medium	Docs Contact:
Priority:	unspecified
Version:	42	CC:	anaconda-maint, kkoukiou, rvykydal, w
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Linux
Whiteboard:
Fixed In Version:		Doc Type:	If docs needed, set a value
Doc Text:		Story Points:	---
Clone Of:
Clones:	2342762 (view as bug list)		Environment:
Last Closed:		Type:	---
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jan Stodola 2025-01-27 13:16:14 UTC

Anaconda fails with a traceback if the %certificate section is used without the `--dir` option specified, for example:

%certificate --filename=rtt1.pem
-----BEGIN CERTIFICATE-----
MIIDnTCCAoUCFAuEb/mjFz0xqY/PH6jjMo05f3gOMA0GCSqGSIb3DQEBCwUAMIGK
...
Hytv4DxPghGTJMuQ26dQdd4xtwAO1Q7tiCTg9jdVzjFFy5ENBPvJD2y68q8RRVGX
4JqvGfebg6xMI8EUFKtRKbM=
-----END CERTIFICATE-----
%end

Anaconda traceback:

ERROR:anaconda.modules.common.task.task:Thread AnaTaskThread-ImportCertificatesTask-1 has failed: Traceback (most recent call last):
  File "/usr/lib64/python3.13/site-packages/pyanaconda/core/threads.py", line 281, in run
    threading.Thread.run(self)
    ~~~~~~~~~~~~~~~~~~~~^^^^^^
  File "/usr/lib64/python3.13/threading.py", line 992, in run
    self._target(*self._args, **self._kwargs)
    ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/common/task/task.py", line 97, in _thread_run_callback
    self._task_run_callback()
    ~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/common/task/task.py", line 110, in _task_run_callback
    self._set_result(self.run())
                     ~~~~~~~~^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/security/certificates/installation.py", line 85, in run
    self._dump_certificate(cert, self._sysroot)
    ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/security/certificates/installation.py", line 53, in _dump_certificate
    raise SecurityInstallationError(
        "Certificate destination is missing for {}".format(cert.filename)
    )
pyanaconda.modules.common.errors.installation.SecurityInstallationError: Certificate destination is missing for rtt1.pem
INFO:anaconda.core.threads:Thread Done: AnaTaskThread-ImportCertificatesTask-1 (139917387634368)
WARNING:dasbus.server.handler:The call org.fedoraproject.Anaconda.Task.Finish has failed with an exception:
Traceback (most recent call last):
  File "/usr/lib/python3.13/site-packages/dasbus/server/handler.py", line 455, in _method_callback
    result = self._handle_call(
        interface_name,
    ...<2 lines>...
        **additional_args
    )
  File "/usr/lib/python3.13/site-packages/dasbus/server/handler.py", line 265, in _handle_call
    return handler(*parameters, **additional_args)
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/common/task/task_interface.py", line 115, in Finish
    self.implementation.finish()
    ~~~~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/common/task/task.py", line 176, in finish
    thread_manager.raise_if_error(self._thread_name)
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/core/threads.py", line 172, in raise_if_error
    raise exc_info[1]
  File "/usr/lib64/python3.13/site-packages/pyanaconda/core/threads.py", line 281, in run
    threading.Thread.run(self)
    ~~~~~~~~~~~~~~~~~~~~^^^^^^
  File "/usr/lib64/python3.13/threading.py", line 992, in run
    self._target(*self._args, **self._kwargs)
    ~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/common/task/task.py", line 97, in _thread_run_callback
    self._task_run_callback()
    ~~~~~~~~~~~~~~~~~~~~~~~^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/common/task/task.py", line 110, in _task_run_callback
    self._set_result(self.run())
                     ~~~~~~~~^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/security/certificates/installation.py", line 85, in run
    self._dump_certificate(cert, self._sysroot)
    ~~~~~~~~~~~~~~~~~~~~~~^^^^^^^^^^^^^^^^^^^^^
  File "/usr/lib64/python3.13/site-packages/pyanaconda/modules/security/certificates/installation.py", line 53, in _dump_certificate
    raise SecurityInstallationError(
        "Certificate destination is missing for {}".format(cert.filename)
    )
pyanaconda.modules.common.errors.installation.SecurityInstallationError: Certificate destination is missing for rtt1.pem

Reproducible: Always

Tested on Rawhide 20250127.n.0 with anaconda-42.23-1.fc42.

Steps to Reproduce:
1.Create a kickstart file with the %certificate section, use the `--filename` option, but do not specify the `--dir` option.
2. Run the kickstart installation
Actual Results:  
Anaconda traceback.

Expected Results:  
Either no error and anaconda use a default directory location (which needs to be documented), or anaconda shows a human readable error message.

Comment 3 Radek Vykydal 2025-01-28 07:17:04 UTC

(In reply to Jan Stodola from comment #0)

Thank you for the report.

> Expected Results:  
> Either no error and anaconda use a default directory location (which needs
> to be documented), or anaconda shows a human readable error message.

I'll update Anaconda to show the message.

Also, I'd like to consider making the --dir option required in pykickstart. (When/if we add --category option it will be --dir or --category required).

Comment 4 Radek Vykydal 2025-01-28 11:53:15 UTC

PR for the error message: https://github.com/rhinstaller/anaconda/pull/6114

Comment 5 Radek Vykydal 2025-01-30 12:30:51 UTC

We will certainly go with the pykickstart solution so this fix may become very low priority / redundant.

Comment 6 Aoife Moloney 2025-02-26 13:49:03 UTC

This bug appears to have been reported against 'rawhide' during the Fedora Linux 42 development cycle.
Changing version to 42.