Bug 454565
| Summary: | Broken Installation Wizard for TPS and RA with latest modutil | ||||||||
|---|---|---|---|---|---|---|---|---|---|
| Product: | [Retired] Dogtag Certificate System | Reporter: | Jack Magne <jmagne> | ||||||
| Component: | Installation Wizard | Assignee: | Ade Lee <alee> | ||||||
| Status: | CLOSED ERRATA | QA Contact: | |||||||
| Severity: | low | Docs Contact: | |||||||
| Priority: | low | ||||||||
| Version: | 1.0 | CC: | bob.lord, cfu, david.k.stutzman2.ctr, jgalipea, jmagne, mharmsen | ||||||
| Target Milestone: | --- | ||||||||
| Target Release: | --- | ||||||||
| Hardware: | All | ||||||||
| OS: | Linux | ||||||||
| Whiteboard: | |||||||||
| Fixed In Version: | Doc Type: | Bug Fix | |||||||
| Doc Text: | Story Points: | --- | |||||||
| Clone Of: | Environment: | ||||||||
| Last Closed: | 2009-07-22 23:29:20 UTC | Type: | --- | ||||||
| Regression: | --- | Mount Type: | --- | ||||||
| Documentation: | --- | CRM: | |||||||
| Verified Versions: | Category: | --- | |||||||
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |||||||
| Cloudforms Team: | --- | Target Upstream Version: | |||||||
| Embargoed: | |||||||||
| Bug Depends On: | |||||||||
| Bug Blocks: | 443788 | ||||||||
| Attachments: |
|
||||||||
Created attachment 312400 [details]
patch to fix
Patch to fix the problem Jack diagnosed. Now allows TPS and RA installations
to proceed as expected for both old and new modutil.
jmagne, mharmsen - please ack.
Ade: Patch looks good, but Matt likes us to include the diffs of the changed spec files. For instance you would have to go into the spec file and bump the release and add to the comments list. You've probably done this already but didn't include it in the patch. Created attachment 313485 [details]
patch including spec file changes
Attachment (id=331485) jmagne+ Commit data: Sending pki/base/ra/lib/perl/PKI/RA/Modutil.pm Sending pki/base/tps/lib/perl/PKI/TPS/Modutil.pm Sending pki/linux/ra/pki-ra.spec Sending pki/linux/tps/pki-tps.spec Transmitting file data .... Committed revision 73. Bug already MODIFIED. setting target CS8.0 and marking screened+ Verified: [root@qe-blade-11]# cd /var/lib/pki-ra/alias/ [root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module" ----------------------------------------------------------- Name: NSS Internal PKCS #11 Module Library file: **Internal ONLY module** Manufacturer: Mozilla Foundation Description: NSS Internal Crypto Services PKCS #11 Version 2.20 Library Version: 3.11 Cipher Enable Flags: None Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES Slot: NSS Internal Cryptographic Services Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES Manufacturer: Mozilla Foundation Type: Software Version Number: 3.11 Firmware Version: 0.0 Status: Enabled Token Name: NSS Generic Crypto Services Token Manufacturer: Mozilla Foundation Token Model: NSS 3 Token Serial Number: 0000000000000000 Token Version: 4.0 Token Firmware Version: 0.0 Access: Write Protected Login Type: Public (no login required) User Pin: NOT Initialized Slot: NSS User Private Key and Certificate Services Slot Mechanism Flags: None Manufacturer: Mozilla Foundation Type: Software Version Number: 3.11 Firmware Version: 0.0 Status: Enabled Token Name: NSS Certificate DB Token Manufacturer: Mozilla Foundation Token Model: NSS 3 Token Serial Number: 0000000000000000 Token Version: 8.3 Token Firmware Version: 0.0 Access: NOT Write Protected Login Type: Login required User Pin: Initialized ----------------------------------------------------------- /var/lib/pki-tks/alias/ [root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module" ----------------------------------------------------------- Name: NSS Internal PKCS #11 Module Library file: **Internal ONLY module** Manufacturer: Mozilla Foundation Description: NSS Internal Crypto Services PKCS #11 Version 2.20 Library Version: 3.11 Cipher Enable Flags: None Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES Slot: NSS Internal Cryptographic Services Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES Manufacturer: Mozilla Foundation Type: Software Version Number: 3.11 Firmware Version: 0.0 Status: Enabled Token Name: NSS Generic Crypto Services Token Manufacturer: Mozilla Foundation Token Model: NSS 3 Token Serial Number: 0000000000000000 Token Version: 4.0 Token Firmware Version: 0.0 Access: Write Protected Login Type: Public (no login required) User Pin: NOT Initialized Slot: NSS User Private Key and Certificate Services Slot Mechanism Flags: None Manufacturer: Mozilla Foundation Type: Software Version Number: 3.11 Firmware Version: 0.0 Status: Enabled Token Name: NSS Certificate DB Token Manufacturer: Mozilla Foundation Token Model: NSS 3 Token Serial Number: 0000000000000000 Token Version: 8.3 Token Firmware Version: 0.0 Access: NOT Write Protected Login Type: Login required User Pin: Initialized ----------------------------------------------------------- [root@qe-blade-11 alias]# cd ../../pki-tks/alias/ [root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module" ----------------------------------------------------------- Name: NSS Internal PKCS #11 Module Library file: **Internal ONLY module** Manufacturer: Mozilla Foundation Description: NSS Internal Crypto Services PKCS #11 Version 2.20 Library Version: 3.11 Cipher Enable Flags: None Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES Slot: NSS Internal Cryptographic Services Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES Manufacturer: Mozilla Foundation Type: Software Version Number: 3.11 Firmware Version: 0.0 Status: Enabled Token Name: NSS Generic Crypto Services Token Manufacturer: Mozilla Foundation Token Model: NSS 3 Token Serial Number: 0000000000000000 Token Version: 4.0 Token Firmware Version: 0.0 Access: Write Protected Login Type: Public (no login required) User Pin: NOT Initialized Slot: NSS User Private Key and Certificate Services Slot Mechanism Flags: None Manufacturer: Mozilla Foundation Type: Software Version Number: 3.11 Firmware Version: 0.0 Status: Enabled Token Name: NSS Certificate DB Token Manufacturer: Mozilla Foundation Token Model: NSS 3 Token Serial Number: 0000000000000000 Token Version: 8.3 Token Firmware Version: 0.0 Access: NOT Write Protected Login Type: Login required User Pin: Initialized ----------------------------------------------------------- |
Description of problem: The Module Selection panel on the TPS installation wizard does not play well with the latest modutil. Note: This problem should also exist with the RA since both subsystems use the same perl based installation framework. There is some code in the file Modutil.pm which calls the modutil function that gives a detailed list of attributes relating to a security module. The code takes this information and creates a variable that contains all the properties for convenient use later on. The problem is that the latest version of modutil no longer prints out an informative line like the following: modutil -dbdir ./ -list "ModuleName" Using database directory ..... This missing line was actually being accounted for in the code by having the block containing this text thrown away. The end result is that a bunch of really important attributes get thrown away like the Name of the module and the Library path of the file implementing the module. The end result is that the wizard always tells the user that NO security modules are available. The offending block of code is the following: my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list "$m->{modulename}" 2> /dev/null`; my @details= split "\n\n", $moduledetail; shift @details; $m->{detail} = makehash(shift @details); Note how modutil is called to get the info. The line: shift @details is the one that causes problems using the latest version of modutil. The fix is to change this code so it does not automatically throw away stuff at the top of the string. Version-Release number of selected component (if applicable): Dogtag 1.0.0 How reproducible: Always Steps to Reproduce: 1. Install a CA 2. Install a TKS 3. Proceed through the TPS wizard until reaching the Security Modules screen. Actual results: The screen tells the user that no modules are available when this is not true. Expected results: At least the internal NSS PKCS#11 module should be listed as available. Additional info: The version of nss-tools which contains "modutil" on F8 is: nss-tools-3.12.0.3-0.8.2.fc8