Bug 728651

Summary: CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA
Product: Red Hat Enterprise Linux 6 Reporter: Matthew Harmsen <mharmsen>
Component: pki-coreAssignee: Matthew Harmsen <mharmsen>
Status: CLOSED ERRATA QA Contact: Chandrasekar Kannan <ckannan>
Severity: unspecified Docs Contact:
Priority: high    
Version: 6.2CC: benl, cfu, dpal, kchamart, klamb, ksiddiqu, mharmsen
Target Milestone: rc   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 673508 Environment:
Last Closed: 2011-12-06 16:29:24 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On: 673508    
Bug Blocks:    
Attachments:
Description Flags
patch to fix jmagne: review+

Comment 1 Matthew Harmsen 2011-08-06 02:10:24 UTC 
This bug was cloned as this one line fix is required in order to successfully test out the following RHEL 6.2 bug:

    * https://bugzilla.redhat.com/show_bug.cgi?id=705947 - Cannot create system
      certs when using LunaSA HSM in FIPS Mode and ECC algorithms
Comment 2 Matthew Harmsen 2011-08-09 00:56:39 UTC 
Created attachment 517324 [details]
patch to fix

This attachment replicates the changes documented via attachment 482989 [details]
which has been applied and tested on the TIP.
Comment 3 Matthew Harmsen 2011-08-09 01:09:22 UTC 
IPA_v2_RHEL_6_ERRATA_BRANCH:

# cd pki

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M       base/setup/pkicreate

# svn commit
Sending        base/setup/pkicreate
Transmitting file data .
Committed revision 2126.
Comment 4 Matthew Harmsen 2011-08-09 01:22:45 UTC 
IPA_v2_RHEL_6_ERRATA_BRANCH:

# cd pki

# svn update

# svn info | grep Revision
Revision: 2126

Extrapolating from Bugzilla Bug #729126

    ./pki/scripts/pki_patch_maker 2125 2126 pki-core 9.0.3
        pki-core-9.0.3-r2126.patch
Comment 5 Matthew Harmsen 2011-08-09 18:45:18 UTC 
IPA_v2_RHEL_6_ERRATA_BRANCH:

# cd pki

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
A       patches/pki-core-9.0.3-r2126.patch
M       specs/pki-core.spec

# svn commit
Adding         patches/pki-core-9.0.3-r2126.patch
Sending        specs/pki-core.spec
Transmitting file data ..
Committed revision 2133.
Comment 7 Kashyap Chamarthy 2011-11-08 20:38:32 UTC 
VERIFIED

The script does look for the correct shared lib. file -- libCryptoki2_64.so. 


########################
.
.
.
debug]     Attempting to add hardware security modules to system if applicable ...
[debug]         module name: lunasa  lib: /usr/lunasa/lib/libCryptoki2_64.so DOES NOT EXIST!
########################
Name        : pki-ca                       Relocations: (not relocatable)
Version     : 9.0.3                             Vendor: Red Hat, Inc.
Release     : 20.el6                        Build Date: Mon 03 Oct 2011 08:08:55 PM EDT
Install Date: Tue 08 Nov 2011 01:05:46 AM EST      Build Host: x86-002.build.bos.redhat.com
########################

NOTE:  There's no current plan to support RHCS on rhel6 w/ hsm for now.
Comment 8 errata-xmlrpc 2011-12-06 16:29:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1655.html