Bug 730438
| Summary: | SSL CA errors when reporting an installer bug to bugzilla | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Fedora] Fedora | Reporter: | Tim Flink <tflink> | ||||||
| Component: | lorax | Assignee: | Martin Gracik <mgracik> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | Fedora Extras Quality Assurance <extras-qa> | ||||||
| Severity: | urgent | Docs Contact: | |||||||
| Priority: | unspecified | ||||||||
| Version: | 16 | CC: | akozumpl, anaconda-maint-list, awilliam, bcl, dmach, dvlasenk, jmoskovc, kklic, mgracik, mlichvar, mtoman, npajkovs, robatino | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | Unspecified | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | AcceptedBlocker | ||||||||
| Fixed In Version: | lorax-16.4.2-1.fc16 | Doc Type: | Bug Fix | ||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2011-08-31 02:39:26 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 713560 | ||||||||
| Attachments: |
|
||||||||
|
Description
Tim Flink
2011-08-12 22:54:09 UTC
Proposed as Fedora 16 alpha blocker under the following criterion: The installer must be able to report failures to Bugzilla, with appropriate information included. Created attachment 518126 [details] Patch for lorax to prevent removal of ssl related directories The netinstall iso I've been using for testing is available at: - http://tflink.fedorapeople.org/iso/boot_730438.iso - http://tflink.fedorapeople.org/iso/boot_730438.iso.sha256sum This was built with F16 stable and the following packages: anaconda-16.14.4-4.fc16, lorax-16.4-3.fc16, libreport-2.0.5-5.fc16. dracut-011-41.git20110810, linux-firmware-20110731-2.fc16 and rpm-4.9.10-3.fc16 I patched lorax to not delete several ssl related directories and attached that patch. It is designed to be applied after the current libreport patch in fedora git. according to strace output we're missing also these files:
access("/etc/pki/nssdb/cert9.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert8.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert7.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert6.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert5.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert4.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert3.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert2.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/key3.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/key2.db", F_OK) = -1 ENOENT (No such file or directory)
I copied them manually to the iso and it seems to fix the certificates problem, now I'm hitting some problems with network, but that might be a problem with my virtual machine:
getpeername(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("209.132.183.69")}, [16]) = 0
close(12) = 0
clock_gettime(CLOCK_MONOTONIC, {648, 441956250}) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("209.132.183.69")}, [16]) = 0
time(NULL) = 1313229676
time(NULL) = 1313229676
socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 12
close(12) = 0
time(NULL) = 1313229676
send(3, "\26\3\1\0i\1\0\0e\3\1NFKl\333\361f\363p\242\313\250M\37\373\245\247\262\360\350\263"..., 110, 0) = 110
recv(3, 0x9675a0c, 5, 0) = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1313229676, 884601}, NULL) = 0
poll([{fd=3, events=POLLIN|POLLPRI}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLERR|POLLHUP}])
recv(3, 0x9675a0c, 5, 0) = -1 ECONNRESET (Connection reset by peer)
time(NULL) = 1313229677
close(3) = 0
gettimeofday({1313229677, 73714}, NULL) = 0
write(2, "fatal: XML-RPC(-504): libcurl fa"..., 106fatal: XML-RPC(-504): libcurl failed to execute the HTTP POST transaction, explaining: SSL connect error
After further investigation I can confirm that not removing /etc/pki/nssdb/* from anaconda image resolves the problem. The other SSL connect error is probably caused by bug in in VirtualBox, I was able to report bugs when I changed from bridged network to NAT. I'm building a new iso with what I'm understanding of your patch for lorax and will upload if it does fix the issue. When do you think we could get a new build of lorax with this fix? Created attachment 518153 [details]
Updated patch to lorax to fix the SSL issue
I can confirm that this does indeed fix the SSL issue and I was able to report an installer bug to bugzilla.
I attached the modification I made to lorax in order to make this work.
When doing update for this, please bundle it with: https://admin.fedoraproject.org/updates/libreport-2.0.5-5.fc16 so it goes together. I replaced the old boot.iso with a new one using my patch for lorax: - http://tflink.fedorapeople.org/iso/boot_x64.iso - http://tflink.fedorapeople.org/iso/boot_x64.iso.sha256 If someone could submit a new build for lorax with an equivalent patch, that would be great. This is also loosely related to bug 728562 (though that one should be fixed in any case). lorax-16.4.1-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/lorax-16.4.1-1.fc16 Discussed at the weekly QA meeting of 2011-08-15 (with anaconda team and releng in attendance). Accepted as a blocker under the criterion "the installer must be able to report failures to Bugzilla, with appropriate information included". Package lorax-16.4.1-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing lorax-16.4.1-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/lorax-16.4.1-1.fc16 then log in and leave karma (feedback). I believe we have confirmation this is okay in RC5, but please someone post in the bug before we set this VERIFIED, thanks! I just verified that this issue was fixed with Fedora 16 alpha RC5. lorax-16.4.2-1.fc16 has been submitted as an update for Fedora 16. https://admin.fedoraproject.org/updates/lorax-16.4.2-1.fc16 Package lorax-16.4.2-1.fc16: * should fix your issue, * was pushed to the Fedora 16 testing repository, * should be available at your local mirror within two days. Update it with: # su -c 'yum update --enablerepo=updates-testing lorax-16.4.2-1.fc16' as soon as you are able to. Please go to the following url: https://admin.fedoraproject.org/updates/lorax-16.4.2-1.fc16 then log in and leave karma (feedback). lorax-16.4.2-1.fc16 has been pushed to the Fedora 16 stable repository. If problems still persist, please make note of it in this bug report. |