Bug 1125342 - Support remove_known_ca dbus call
Summary: Support remove_known_ca dbus call
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: certmonger
Version: 6.6
Hardware: Unspecified
OS: Linux
Target Milestone: rc
: ---
Assignee: Nalin Dahyabhai
QA Contact: Kaleem
Depends On:
TreeView+ depends on / blocked
Reported: 2014-07-31 15:31 UTC by Keenan Brock
Modified: 2015-04-07 09:25 UTC (History)
3 users (show)

Fixed In Version: certmonger-0.75.9-1.el6
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2014-10-14 07:12:49 UTC
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2014:1512 0 normal SHIPPED_LIVE certmonger bug fix and enhancement update 2014-10-14 01:22:25 UTC

Description Keenan Brock 2014-07-31 15:31:54 UTC
Description of problem:

When I issue a remove_known_ca over dbus. certmonger throws an error.

Version-Release number of selected component (if applicable):


How reproducible:


Steps to Reproduce:

First Register a helper

dbus-send --print-reply --system --dest=org.fedorahosted.certmonger \
    /org/fedorahosted/certmonger org.fedorahosted.certmonger.add_known_ca \
    string:sneakernet string:/usr/libexec/certmonger/sneakernet

Unregister that helper (bug is in here)

caname=`dbus-send --print-reply=literal --system \
  --dest=org.fedorahosted.certmonger \
  /org/fedorahosted/certmonger org.fedorahosted.certmonger.find_ca_by_nickname \

if [ -n "${caname}" ] ; then
  echo "oops didnt register the helper yet"
  # throws error:
  dbus-send --print-reply --system --dest=org.fedorahosted.certmonger \
  /org/fedorahosted/certmonger org.fedorahosted.certmonger.remove_known_ca \

Actual results:

Error org.freedesktop.DBus.Error.Disconnected: Connection was disconnected
before a reply was received

Expected results:


Comment 2 Kaleem 2014-08-04 07:47:25 UTC
Still observing the error message with latest build.

[root@rhel66-master ~]# rpm -q certmonger
[root@rhel66-master ~]# 

[root@rhel66-master certmonger]# dbus-send --print-reply --system --dest=org.fedorahosted.certmonger     /org/fedorahosted/certmonger org.fedorahosted.certmonger.add_known_ca     string:sample-helper.rb string:/usr/libexec/certmonger/sample-helper.rb
method return sender=:1.13 -> dest=:1.14 reply_serial=2
   boolean true
   object path "/org/fedorahosted/certmonger/cas/CA8"
[root@rhel66-master certmonger]#

[root@rhel66-master certmonger]# caname=`dbus-send --print-reply=literal --system \
>   --dest=org.fedorahosted.certmonger \
>   /org/fedorahosted/certmonger org.fedorahosted.certmonger.find_ca_by_nickname \
>   string:sample-helper.rb`
[root@rhel66-master certmonger]# echo $caname
[root@rhel66-master certmonger]#

[root@rhel66-master certmonger]# dbus-send --print-reply --system --dest=org.fedorahosted.certmonger \
>   /org/fedorahosted/certmonger org.fedorahosted.certmonger.remove_known_ca \
>   "objpath:${caname}"
Error org.freedesktop.DBus.Error.Disconnected: Connection was disconnected before a reply was received
[root@rhel66-master certmonger]#

Comment 3 Nalin Dahyabhai 2014-08-04 15:16:51 UTC
Hmm.  Keenan noted that the CA path you get back from the find_ca_by_nickname request has a literal tab at the start of it, which is stripped out by the command line if you don't quote it when passing it to the echo command.

An intermediate
  caname=`echo $caname`
should clear that out.

On my development box, attempting to pass in a path name with a tab as its first character triggers an assertion in dbus-send, but on EL6 it instead appears to cause the bus daemon to hang up on dbus-send.  On my boxes the certmonger daemon keeps running without issue either way.  Can you confirm that this is what you're seeing?

Comment 4 Kaleem 2014-08-05 07:16:57 UTC
Yes workaround suggested for literal tab removal worked. Turning this to verified status.

certmonger version:
[root@rhel66-master ~]# rpm -q certmonger
[root@rhel66-master ~]# 

console output:
[root@rhel66-master ~]# dbus-send --print-reply --system --dest=org.fedorahosted.certmonger     /org/fedorahosted/certmonger org.fedorahosted.certmonger.add_known_ca     string:sample-helper.rb string:/usr/libexec/certmonger/sample-helper.rb
method return sender=:1.72 -> dest=:1.73 reply_serial=2
   boolean true
   object path "/org/fedorahosted/certmonger/cas/CA6"
[root@rhel66-master ~]#  caname=`dbus-send --print-reply=literal --system --dest=org.fedorahosted.certmonger /org/fedorahosted/certmonger org.fedorahosted.certmonger.find_ca_by_nickname string:sample-helper.rb`
[root@rhel66-master ~]# echo $caname
[root@rhel66-master ~]# caname=`echo $caname`
[root@rhel66-master ~]# echo $caname
[root@rhel66-master ~]# dbus-send --print-reply --system --dest=org.fedorahosted.certmonger /org/fedorahosted/certmonger org.fedorahosted.certmonger.remove_known_ca "objpath:${caname}"
method return sender=:1.72 -> dest=:1.76 reply_serial=2
   boolean true
[root@rhel66-master ~]#

Comment 5 errata-xmlrpc 2014-10-14 07:12:49 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.