Bug 1590942 - CMCResponse treats -d as optional
Summary: CMCResponse treats -d as optional
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: pki-core
Version: 8.3
Hardware: Unspecified
OS: Unspecified
Target Milestone: rc
: ---
Assignee: RHCS Maintainers
QA Contact: Asha Akkiangady
Depends On:
TreeView+ depends on / blocked
Reported: 2018-06-13 17:12 UTC by Geetika Kapoor
Modified: 2021-05-18 15:25 UTC (History)
5 users (show)

Fixed In Version: pki-core-10.6-8040020210114180044.d4d99205
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Last Closed: 2021-05-18 15:25:13 UTC
Type: Bug
Target Upstream Version:

Attachments (Terms of Use)

System ID Private Priority Status Summary Last Updated
Gitlab dogtagpki/pki/-/blob/master/tests/dogtag/pytest-ansible/pytest/ca/bugzilla/test_bug_1590942_1584550.py 0 None None None 2021-01-18 11:32:49 UTC

Description Geetika Kapoor 2018-06-13 17:12:55 UTC
Description of problem:

Man pages of CMCResponse says:

-d <path>
              Path of directory to the NSS database. This option is required.

But without specifying "-d" in cli , it shows the cert.So i think "-d" can be treated as optional.

# CMCResponse  -i cmc.sys_subca_pkcs10.resp
            Version:  v3
            Serial Number: 0x5D0C698
            Signature Algorithm: SHA384withEC - 1.2.840.10045.4.3.3
            Issuer: CN=CA Signing Certificate,OU=gkapoor_RHCS75_update2_ecc,O=Example-rhcs92-CA-ecc
                Not Before: Friday, May 25, 2018 6:33:27 AM EDT America/New_York
                Not  After: Tuesday, May 25, 2038 6:33:27 AM EDT America/New_York
            Subject: CN=CA Signing Certificate,OU=gkapoor_RHCS75_update2_ecc,O=Example-rhcs92-CA-ecc
            Subject Public Key Info: 
                Algorithm: EC - 1.2.840.10045.2.1

Not sure if we want -d as mandatory or optional.
If we want it as optional, need to change man pages else code change will be needed.

Version-Release number of selected component (if applicable):

10.5 update 2

How reproducible:

Steps to Reproduce:

Actual results:

Expected results:

Additional info:

Comment 2 Matthew Harmsen 2018-07-04 00:44:39 UTC
Moved to RHEL 7.7.

Comment 7 Alex Scheel 2021-01-07 16:39:00 UTC
Pull request upstream: https://github.com/dogtagpki/pki/pull/3423

Comment 8 Alex Scheel 2021-01-11 17:19:37 UTC
Checked in master:

commit 28a262c6c6b87b4111ff6c051ff6c5a4bf735b7f (upstream/master, origin/master, origin/HEAD, master)
Author: Alexander Scheel <ascheel@redhat.com>
Date:   Thu Jan 7 11:37:28 2021 -0500

    Fix usage for CMCResponse -d
    Signed-off-by: Alexander Scheel <ascheel@redhat.com>

Checked in v10.10:

commit 62ebb7025b95164cb8864fc2109165313446860a (HEAD -> v10.10, upstream/v10.10, origin/v10.10)
Author: Alexander Scheel <ascheel@redhat.com>
Date:   Thu Jan 7 11:37:28 2021 -0500

    Fix usage for CMCResponse -d
    Signed-off-by: Alexander Scheel <ascheel@redhat.com>

Comment 10 shalini 2021-01-20 08:08:17 UTC
BZ verified on latests bits from RHCS repo (We did pre-verification from rhcs repo because the bits were not there in development compose and we do not want to delay Verification):
 pki-ca                            noarch  10.10.3-1.module+el8pki+9457+b4dcf7f7         RHEL8.4-CERTSYS    1.0 M
 pki-kra                           noarch  10.10.3-1.module+el8pki+9457+b4dcf7f7         RHEL8.4-CERTSYS    201 k
 pki-server                        noarch  10.10.3-1.module+el8pki+9457+b4dcf7f7

Successful pipeline : https://gitlab.cee.redhat.com/skhandel/pki-pytest-ansible/-/jobs/2776695

Marking the BZ verified-tested

Comment 16 errata-xmlrpc 2021-05-18 15:25:13 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (Moderate: pki-core:10.6 and pki-deps:10.6 security, bug fix, and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.


Note You need to log in before you can comment on or make changes to this bug.