Bug 1227164 - viostor/vioscsi is not digital signed by Redhat
Summary: viostor/vioscsi is not digital signed by Redhat
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: virtio-win
Version: 7.2
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Vadim Rozenfeld
QA Contact: Virtualization Bugs
URL:
Whiteboard:
: 1202642 (view as bug list)
Depends On: 1226928
Blocks:
TreeView+ depends on / blocked
 
Reported: 2015-06-02 03:25 UTC by Mike Cao
Modified: 2015-11-24 08:51 UTC (History)
12 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
NO_DOCS
Clone Of: 1226928
Environment:
Last Closed: 2015-11-24 08:51:38 UTC
Target Upstream Version:


Attachments (Terms of Use)


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2015:2513 normal SHIPPED_LIVE virtio-win bug fix and enhancement update 2015-11-24 13:38:38 UTC

Description Mike Cao 2015-06-02 03:25:36 UTC
+++ This bug was initially created as a clone of Bug #1226928 +++

Description of problem:
Installing the VirtIO drivers for Windows 2k12 afterwards fails.
The drivers are rejected due to an invalid catalog file.
Force-installing the drivers leads to a BSOD.


Version-Release number of selected component (if applicable):
 https://fedorapeople.org/groups/virt/virtio-win/direct-downloads/archive-virtio/virtio-win-0.1.104-1/virtio-win-0.1.104.iso
but also "virtio-win-0.1.103.iso" and "virtio-win-0.1-81.iso

How reproducible:
Every time


Steps to Reproduce:
1. Install Windows 2k12 without VirtIO
2. Add VirtIO HD afterwards
3. Mount ISO and try to install viostor.sys

Actual results:

Processing inf :            vioscsi.inf
Adding the driver package failed : The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering.

Processing inf :            viostor.inf
Adding the driver package failed : The hash for the file is not present in the specified catalog file. The file is likely corrupt or the victim of tampering.


Expected results:
Working VirtIO-HD.


Additional info:
Using the same ISO during the initial install and installing the VirtIO drivers from the beginning works without problems. The Windows installer seems to ignore the signature mismatch that early.

Running the following command on 0.1.104 prints (among others) the
following sha1hash:
> "C:\Program Files (x86)\Windows Kits\8.1\bin\x86\signtool.exe" /verify
/v /kp E:\NetKVM\2k12\amd64\netkvm.sys
...
> Hash of file (sha1): 135E3AA23217610AEE8046F68550B0BA86F4EAE6

> "C:\Program Files (x86)\Windows Kits\8.1\bin\x86\signtool.exe" /verify
/v /kp E:\viostor\2k12\amd64\viostor.sys
...
> Hash of file (sha1): EF11F5E539EEE0A9DB6DF3710A0DAA35066C5607

Looking into the corresponding .cat "Security Catalog File"
- netkvm.cat contains the above given hash for netkvm.sys,
- viostor.cat contains 55FC4DA2EE96ECC3FD4865680436DCDA6B8C6BDD instead!

Running "sha1sum" on Linux print some completely different hashes, so I
don't know what the Microsoft tool actually hash:

> # sha1sum /cdrom/NetKVM/2k12/amd64/netkvm.sys /cdrom/viostor/2k12/amd64/viostor.sys 
> 1aa91c8e1d7680457d92c1875810a79f68af536d  /cdrom/NetKVM/2k12/amd64/netkvm.sys
> f39bc2b561091addfcac30e370227c91700d2698  /cdrom/viostor/2k12/amd64/viostor.sys


See Bug #1117055 for a similar bug.

--- Additional comment from Philipp Hahn on 2015-06-01 21:01:02 CST ---



--- Additional comment from Philipp Hahn on 2015-06-01 21:01:30 CST ---



--- Additional comment from Mike Cao on 2015-06-02 11:23:52 CST ---

I can install the driver successfully but I think the root cause for reporter is the driver is not digital signed by Redhat ( I can reproduce this)

Cloning this bug on RHEL as well

Comment 2 Vadim Rozenfeld 2015-06-03 11:57:19 UTC
Please re-check with the drivers from build 105 available from
http://download.devel.redhat.com/brewroot/packages/virtio-win-prewhql/0.1/105/win/virtio-win-prewhql-0.1.zip

Comment 3 Mike Cao 2015-06-04 06:18:16 UTC
Verified this issue on  build 105

Steps same as comment #0.

Actual Results:

The driver can be installed smoothly ,driver is digital signed by Redhat.

Based on above ,this issue has been fixed ald.

Comment 4 lijin 2015-06-05 03:13:34 UTC
change status to verified according to comment#3

Comment 5 Vadim Rozenfeld 2015-06-19 11:17:45 UTC
*** Bug 1202642 has been marked as a duplicate of this bug. ***

Comment 6 Matthias Seuchter 2015-09-17 14:00:39 UTC
after some researches, I have noticed, that Version 1.105 is correct signed, and can be installed correct, 1.102 not and latest version 1.109 again not.

please be in mind, that the signing certificate runs out of date 2015-11-29 too, so there is a very high need to update this certificate also!

Comment 7 Cole Robinson 2015-09-17 14:51:56 UTC
(In reply to Matthias Seuchter from comment #6)
> after some researches, I have noticed, that Version 1.105 is correct signed,
> and can be installed correct, 1.102 not and latest version 1.109 again not.
> 
> please be in mind, that the signing certificate runs out of date 2015-11-29
> too, so there is a very high need to update this certificate also!

This seems like it's referencing the public fedora builds, but this bug is about the RHEL version. Please file a separate bug at https://bugzilla.redhat.com/enter_bug.cgi?product=Virtualization%20Tools&component=virtio-win

Comment 10 errata-xmlrpc 2015-11-24 08:51:38 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://rhn.redhat.com/errata/RHBA-2015-2513.html


Note You need to log in before you can comment on or make changes to this bug.