1127762 – "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file

RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.

Bug 1127762 - "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file

Summary: "remote-viewer file.vv" tries to load $HOME/.spicec/truststore.pem file

Keywords:
Status:	CLOSED ERRATA
Alias:	None
Product:	Red Hat Enterprise Linux 7
Classification:	Red Hat
Component:	virt-viewer
Sub Component:
Version:	7.0
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	low
Target Milestone:	rc
Target Release:	7.1
Assignee:	Jonathon Jongsma
QA Contact:	Virtualization Bugs
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2014-08-07 13:52 UTC by David Jaša
Modified:	2015-03-05 13:39 UTC (History)
CC List:	11 users (show)
Fixed In Version:
Doc Type:	Bug Fix
Doc Text:	Cause: virt-viewer tried to load the cert-file based on "ca-file" property, even when launched with a .vv file. Consequence: An additional cert-file was being loaded wrongly. Fix: Set the "ca-file" property to NULL when lauching virt-viewer with a .vv file. Result: virt-viewer will use only the cert-file provided by the .vv file.
Clone Of:
Environment:
Last Closed:	2015-03-05 13:39:37 UTC
Target Upstream Version:
Embargoed:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Red Hat Product Errata	RHBA-2015:0295	0	normal	SHIPPED_LIVE	virt-viewer bug fix and enhancement update	2015-03-05 17:33:00 UTC

Description David Jaša 2014-08-07 13:52:34 UTC

Description of problem:
when launched with .vv file, spice-gtk should get temporary CA certificate only and only from .vv file, not from legacy temporary file of ~/.spicec/truststore.pm

Version-Release number of selected component (if applicable):
spice-gtk3-0.20-8.el7.x86_64

How reproducible:
always

Steps to Reproduce:
1. open connection to tls-enabled VM using .vv file with debug output
2.
3.

Actual results:
spice-gtk says among others:
(remote-viewer:5980): GSpice-DEBUG: spice-session.c:1708 connect ready
(remote-viewer:5980): GSpice-DEBUG: spice-channel.c:2187 main-1:0: Load CA, file: /home/brq/djasa/.spicec/spice_truststore.pem, data: 0x2657800

(remote-viewer:5980): GSpice-WARNING **: loading ca certs from /home/brq/djasa/.spicec/spice_truststore.pem failed

Expected results:
spice-gtk shouldn't touch truststore.pem by default when launched with .vv file

Additional info:

Comment 1 Jonathon Jongsma 2014-08-15 16:21:19 UTC

https://www.redhat.com/archives/virt-tools-list/2014-August/msg00083.html

Comment 2 Jonathon Jongsma 2014-09-12 16:11:01 UTC

Needs QA ack

Comment 4 CongDong 2014-10-09 09:09:23 UTC

Steps,
1. Prepare a spice guest on rhevm and download the .vv file
2. 
# remote-viewer console.vv --debug --spice-debug 
...
(remote-viewer:15755): GSpice-WARNING **: loading ca certs from /root/.spicec/spice_truststore.pem failed
...

VERIFY with virt-viewer-0.6.0-7.el7.x86_64
Result:
No log for touch CA in local dir.
...
(remote-viewer:16088): GSpice-DEBUG: spice-channel.c:2187 display-2:0: Load CA, file: (null), data: 0xe5ed70
...



As the result, set VERIFIED.

Comment 6 errata-xmlrpc 2015-03-05 13:39:37 UTC

Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-0295.html

Note You need to log in before you can comment on or make changes to this bug.