Bug 169804 - CRM# 642274 -- rhn-applet-actions issue surrounding ssl cert configs
CRM# 642274 -- rhn-applet-actions issue surrounding ssl cert configs
Product: Red Hat Enterprise Linux 4
Classification: Red Hat
Component: rhn-applet (Show other bugs)
All Linux
medium Severity high
: ---
: ---
Assigned To: Shannon Hughes
Beth Nackashi
: 170300 (view as bug list)
Depends On: 180261
Blocks: 178198
  Show dependency treegraph
Reported: 2005-10-03 17:08 EDT by Matthew Davis
Modified: 2007-11-30 17:07 EST (History)
4 users (show)

See Also:
Fixed In Version: rhn406
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Last Closed: 2006-03-15 13:57:40 EST
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
pach to fix this bug (2.24 KB, patch)
2005-10-06 17:48 EDT, Adrian Likins
no flags Details | Diff

  None (edit)
Description Matthew Davis 2005-10-03 17:08:07 EDT
Description of problem:

When --sslCACert is used by rhnreg_ks, it adds a ; at the end of the value. 
Example usage:

[root@dhcp59-160 root]# rpm -qf `which rhnreg_ks`
[root@dhcp59-160 root]# grep sslCACert /etc/sysconfig/rhn/up2date
[root@dhcp59-160 root]# rhnreg_ks
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=key --force
[root@dhcp59-160 root]# grep sslCACert /etc/sysconfig/rhn/up2date

NOTE:  the semi colon.

RHEL4 (Same thing)
[root@dhcp59-244 ~]# rpm -qf `which rhnreg_ks`
[root@dhcp59-244 ~]# rhnreg_ks
--sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT --activationkey=key --force
[root@dhcp59-244 ~]# grep sslCACert /etc/sysconfig/rhn/up2date -i

This in itself is not a problem, as up2date will treat the ; properly.  But the
actual issue is when the applet is activated on the client.

[root@dhcp59-160 root]# PYTHONPATH=/usr/share/rhn/actions python -c "import
rhn_applet; rhn_applet.use_satellite ();"
[root@dhcp59-160 root]# cat /etc/sysconfig/rhn/rhn-applet
# Automatically generated Red Hat Update Agent config file, do not edit.
# Format: 1.0
server_url[comment]=The URL to connect to
server_url=https://testsat.gsslab. rdu.redhat.com/APPLET

uuid[comment]=Universally Unique ID for this server

[root@dhcp59-160 root]#

The value to note is 'use_ca_cert'.  The applet then gives errors trying to read
['/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT'].  The correct value in
/etc/sysconfig/rhn/rhn-applet should be

Version-Release number of selected component (if applicable):

RHEL3 - up2date-4.4.44-3
RHEL4 - up2date-
Comment 2 Adrian Likins 2005-10-06 17:44:54 EDT
This looks to actually be an applet issue, since it's saving it's config file
Comment 3 Adrian Likins 2005-10-06 17:48:16 EDT
Created attachment 119694 [details]
pach to fix this bug
Comment 4 Matthew Davis 2005-10-10 14:11:17 EDT
*** Bug 170300 has been marked as a duplicate of this bug. ***
Comment 8 Jason Connor 2005-10-21 15:06:06 EDT
reassigning to Shannon who has requested some client and backend work
Comment 9 Shannon Hughes 2005-10-27 11:39:44 EDT
checked into cvs 
Comment 12 Beth Nackashi 2005-12-16 15:24:41 EST
This requires client -> satellite, not client -> hosted.
Comment 13 Beth Nackashi 2005-12-16 17:17:59 EST
To verify the fix:
1- Install the latest up2date, rhn-applet and rhn-applet-actions on the client.
2- PYTHONPATH=/usr/share/rhn/actions python -c "import rhn_applet;
rhn_applet.use_satellite ();"
3- rhnreg_ks --username admin --password ********
4- verify /etc/sysconfig/rhn/rhn-applet shows
5- rhn-applet-gui&
6- right-click on the throbber, configure the applet, then click "check for updates"
7- verify the applet is able to connect to the satellite
Comment 14 Beth Nackashi 2005-12-16 17:20:55 EST
/etc/sysconfig/rhn/rhn-applet still says
use_ca_cert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT which is preventing the
applet from logging into the satellite.

I'm not sure if this is a problem with up2date-4.4.56-3 or rhn-applet-2.1.18-4
or rhn-applet-actions-2.0.13-2.
Comment 15 Beth Nackashi 2005-12-16 17:22:40 EST
I accidentally reversed the use_ca_cert in comments #13 and #14:

use_ca_cert SHOULD SAY /usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT

use_ca_cert IS CURRENTLY SAYING ['/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT']

Comment 16 Beth Nackashi 2006-01-16 16:25:14 EST
This bug has been moved to ON_QA with no explanation.  Is it fixed or not?
Comment 17 Shannon Hughes 2006-01-18 16:01:51 EST
looks like jconnor made a code change and then moved to on_qa. talked with beth
and she is going to test. moving back to on_qa. 
Comment 18 Beth Nackashi 2006-01-18 17:52:41 EST
I edited /etc/sysconfig/rhn/up2date to reflect the satellite URL and the correct
cert, then ran rhnreg_ks --force (which successfully registered the client to
the satellite).  But for some reason, /etc/sysconfig/rhn/rhn-applet does not say
anything about use_ca_cert, nor does it have the correct server_url.  The values
aren't getting set by up2date.
Comment 19 David Lehman 2006-01-18 18:01:50 EST
Beth, I think there's a test procedure in comment 13. Step two is needed to
propagate the up2date config into the applet config IIUC.
Comment 20 David Lehman 2006-01-18 18:57:17 EST
I see the code to fix this in rhn-applet-actions is in SVN, but it's not in
rhn-applet-actions-2.0.13-2. I also note there is no corresponding changelog
entry in rhn-applet-actions.spec, nor has the version file been updated. I
suspect this means a fixed package has not yet been built.

Here's the SVN log entry:

r73021 | shughes | 2005-10-27 10:34:48 -0500 (Thu, 27 Oct 2005) | 4 lines

bugzilla: 169804

changes to remove failover paths from applet config. picks 1st path in list.

Comment 21 Todd Warner 2006-01-20 16:15:27 EST
Off the RHEL tracking bug R3U7 and onto the rhn tracking bugs (probably ends up
on rhn406 tree). This was never an up2date bug, but an rhn-applet-actions bug
(tools channel).
Comment 22 Bret McMillan 2006-01-23 16:31:11 EST
rhn-applet-actions needs to be rebuilt, fix will most likely hit in a package >=
2.0.13-2 (mabye version bump this to 2.0.14-1?)

Over to correct applet owner for version management and rpm building.

Also editing summary to be more clear.

Comment 23 Mike McCune 2006-01-26 20:49:16 EST
moving to rhn406-must since it looks like it just needs the package rebuilt.
Comment 24 Beth Nackashi 2006-02-19 16:51:56 EST
satellite:  rlx-3-16 (4.0.6)
client:  test03.rhndev (rhel 4 u2) with @ Everything installation and latest
rhn-applet (rhn-applet-2.1.24-2) and rhn-applet-actions (2.0.13-2) packages

Comment 25 Todd Warner 2006-03-15 13:57:40 EST
Closing upon release of RHN 406

Note You need to log in before you can comment on or make changes to this bug.