Bug 995022

Summary:	certmonger coredumps when certificates cannot be created due to permissions
Product:	[Fedora] Fedora	Reporter:	Jan Pazdziora (Red Hat) <jpazdziora>
Component:	certmonger	Assignee:	Nalin Dahyabhai <nalin>
Status:	CLOSED ERRATA	QA Contact:	Fedora Extras Quality Assurance <extras-qa>
Severity:	unspecified	Docs Contact:
Priority:	unspecified
Version:	19	CC:	jpazdziora, mharmsen, nalin
Target Milestone:	---
Target Release:	---
Hardware:	Unspecified
OS:	Unspecified
Whiteboard:
Fixed In Version:	certmonger-0.71.2-1.fc19	Doc Type:	Bug Fix
Doc Text:		Story Points:	---
Clone Of:		Environment:
Last Closed:	2014-01-03 08:39:30 UTC	Type:	Bug
Regression:	---	Mount Type:	---
Documentation:	---	CRM:
Verified Versions:		Category:	---
oVirt Team:	---	RHEL 7.3 requirements from Atomic Host:
Cloudforms Team:	---	Target Upstream Version:
Embargoed:

Description Jan Pazdziora (Red Hat) 2013-08-08 12:25:05 UTC

Description of problem:

While reproducing SELinux permission problem on Fedora 19, I managed to see certmonger abort with coredump.

Version-Release number of selected component (if applicable):

certmonger-0.67-1.fc19.x86_64

How reproducible:

On two different Fedora 19 machines, I was able to see certmonger dying. I do not know what the exact series of steps is to claim it is deterministic but I certainly had good luck trying.

Steps to Reproduce:
1. ipa-getcert request -k /etc/the.key -f /etc/the.crt
2. ipa-getcert request -k /etc/pki/tls/private/the.key -f /etc/the1.crt
3. ipa-getcert request -k /etc/pki/tls/private/the2.key -f /etc/pki/tls/certs/the2.crt

Actual results:

New signing request "20130808110311" added.
New signing request "20130808110525" added.
Please verify that the certmonger service has been started.

Expected results:

New signing request "20130808110311" added.
New signing request "20130808110525" added.
New signing request "20130808110702" added.

Additional info:

Aug  8 07:05:56 qe-blade-13 certmonger: Certificate in file "/etc/the1.crt" issued by CA but not saved.
Aug  8 07:06:26 qe-blade-13 abrt[11585]: Saved core dump of pid 8664 (/usr/sbin/certmonger) to /var/tmp/abrt/ccpp-2013-08-08-07:06:26-8664 (1196032 bytes)
Aug  8 07:06:26 qe-blade-13 systemd[1]: certmonger.service: main process exited, code=dumped, status=6/ABRT
Aug  8 07:06:26 qe-blade-13 systemd[1]: Unit certmonger.service entered failed state.

Comment 1 Nalin Dahyabhai 2013-12-13 22:26:17 UTC

I think this is fixed by commit c91d84044b2e311331f5e5aa34c16d964e39f66a, which is part of 0.69.  I'm prepping a test update.

Comment 2 Fedora Update System 2013-12-13 22:26:59 UTC

certmonger-0.69-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/certmonger-0.69-1.fc19

Comment 3 Fedora Update System 2013-12-13 22:27:13 UTC

certmonger-0.69-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/certmonger-0.69-1.fc20

Comment 4 Fedora Update System 2013-12-13 22:27:30 UTC

certmonger-0.69-1.fc18 has been submitted as an update for Fedora 18.
https://admin.fedoraproject.org/updates/certmonger-0.69-1.fc18

Comment 5 Fedora Update System 2013-12-14 02:46:30 UTC

Package certmonger-0.69-1.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing certmonger-0.69-1.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2013-23360/certmonger-0.69-1.fc20
then log in and leave karma (feedback).

Comment 6 Jan Pazdziora (Red Hat) 2013-12-18 03:16:31 UTC

I can do 20 ipa-getcert requests in a row with 0.69 while with 0.67 I got crash after five max.  VERIFIED, thanks.

Comment 7 Fedora Update System 2014-01-03 08:39:30 UTC

certmonger-0.70-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 8 Fedora Update System 2014-01-28 15:46:42 UTC

certmonger-0.71.2-1.fc19 has been submitted as an update for Fedora 19.
https://admin.fedoraproject.org/updates/certmonger-0.71.2-1.fc19

Comment 9 Fedora Update System 2014-01-28 15:47:06 UTC

certmonger-0.71.2-1.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/certmonger-0.71.2-1.fc20

Comment 10 Fedora Update System 2014-06-19 22:50:18 UTC

certmonger-0.71.2-1.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Comment 11 Fedora Update System 2014-06-19 22:50:50 UTC

certmonger-0.71.2-1.fc19 has been pushed to the Fedora 19 stable repository.  If problems still persist, please make note of it in this bug report.