Bug 454565 - Broken Installation Wizard for TPS and RA with latest modutil
Broken Installation Wizard for TPS and RA with latest modutil
Status: CLOSED ERRATA
Product: Dogtag Certificate System
Classification: Community
Component: Installation Wizard (Show other bugs)
1.0
All Linux
low Severity low
: ---
: ---
Assigned To: Ade Lee
:
Depends On:
Blocks: 443788
  Show dependency treegraph
 
Reported: 2008-07-08 21:30 EDT by Jack Magne
Modified: 2009-07-22 19:29 EDT (History)
6 users (show)

See Also:
Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-07-22 19:29:20 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)
patch to fix (1.39 KB, patch)
2008-07-22 18:00 EDT, Ade Lee
no flags Details | Diff
patch including spec file changes (3.32 KB, patch)
2008-08-05 15:36 EDT, Ade Lee
no flags Details | Diff

  None (edit)
Description Jack Magne 2008-07-08 21:30:27 EDT
Description of problem:

The Module Selection panel on the TPS installation wizard does not play well
with the latest modutil. Note: This problem should also exist with the RA since
both subsystems use the same perl based installation framework.

There is some code in the file Modutil.pm which calls the modutil function  that
gives a detailed list of attributes relating to a security module. The code
takes this information and creates a variable that contains all the properties
for convenient use later on.

The problem is that the latest version of modutil no longer prints out an
informative line like the following:

modutil -dbdir ./ -list "ModuleName"

Using database directory .....

This missing line was actually being accounted for in the code by having the
block containing this text thrown away. The end result is that a bunch of really
important attributes get thrown away like the Name of the module and the Library
path of the file implementing the module. The end result is that the wizard
always tells the user that NO security modules are available. 

The offending block of code is the following:


my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list
"$m->{modulename}" 2> /dev/null`;


                my @details= split "\n\n", $moduledetail;

                shift @details;

                $m->{detail} = makehash(shift @details);


Note how modutil is called to get the info. The line:

shift @details is the one that causes problems using the latest version of modutil.

The fix is to change this code so it does not automatically throw away stuff at
the top of the string.


Version-Release number of selected component (if applicable):

Dogtag 1.0.0


How reproducible:

Always

Steps to Reproduce:
1. Install a CA
2. Install a TKS
3.  Proceed through the TPS wizard until reaching the Security Modules screen. 
  
Actual results:

The screen tells the user that no modules are available when this is not true.


Expected results:

At least the internal NSS PKCS#11 module should be listed as available.

Additional info:

The version of nss-tools which contains "modutil" on F8 is:
nss-tools-3.12.0.3-0.8.2.fc8
Comment 1 Ade Lee 2008-07-22 18:00:14 EDT
Created attachment 312400 [details]
patch to fix 

Patch to fix the problem Jack diagnosed.  Now allows TPS and RA installations
to proceed as expected for both old and new modutil.

jmagne, mharmsen - please ack.
Comment 2 Jack Magne 2008-08-05 13:33:56 EDT
Ade:

Patch looks good, but Matt likes us to include the diffs of the changed spec files. For instance you would have to go into the spec file and bump the release and add to the comments list. You've probably done this already but didn't include it in the patch.
Comment 3 Ade Lee 2008-08-05 15:36:52 EDT
Created attachment 313485 [details]
patch including spec file changes
Comment 4 Jack Magne 2008-08-05 16:37:39 EDT
Attachment (id=331485) jmagne+
Comment 5 Ade Lee 2008-08-05 17:01:56 EDT
Commit data:

Sending        pki/base/ra/lib/perl/PKI/RA/Modutil.pm
Sending        pki/base/tps/lib/perl/PKI/TPS/Modutil.pm
Sending        pki/linux/ra/pki-ra.spec
Sending        pki/linux/tps/pki-tps.spec
Transmitting file data ....
Committed revision 73.
Comment 6 Chandrasekar Kannan 2008-08-26 20:29:31 EDT
Bug already MODIFIED. setting target CS8.0 and marking screened+
Comment 7 Jenny Galipeau 2009-06-25 09:51:08 EDT
Verified:

[root@qe-blade-11]# cd /var/lib/pki-ra/alias/
[root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module"

-----------------------------------------------------------
Name: NSS Internal PKCS #11 Module
Library file: **Internal ONLY module**
Manufacturer: Mozilla Foundation              
Description: NSS Internal Crypto Services    
PKCS #11 Version 2.20
Library Version: 3.11
Cipher Enable Flags: None
Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES

  Slot: NSS Internal Cryptographic Services                            
  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Generic Crypto Services     
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 4.0
  Token Firmware Version: 0.0
  Access: Write Protected
  Login Type: Public (no login required)
  User Pin: NOT Initialized

  Slot: NSS User Private Key and Certificate Services                  
  Slot Mechanism Flags: None
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Certificate DB              
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 8.3
  Token Firmware Version: 0.0
  Access: NOT Write Protected
  Login Type: Login required
  User Pin: Initialized

-----------------------------------------------------------

/var/lib/pki-tks/alias/
[root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module"

-----------------------------------------------------------
Name: NSS Internal PKCS #11 Module
Library file: **Internal ONLY module**
Manufacturer: Mozilla Foundation              
Description: NSS Internal Crypto Services    
PKCS #11 Version 2.20
Library Version: 3.11
Cipher Enable Flags: None
Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES

  Slot: NSS Internal Cryptographic Services                            
  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Generic Crypto Services     
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 4.0
  Token Firmware Version: 0.0
  Access: Write Protected
  Login Type: Public (no login required)
  User Pin: NOT Initialized

  Slot: NSS User Private Key and Certificate Services                  
  Slot Mechanism Flags: None
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Certificate DB              
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 8.3
  Token Firmware Version: 0.0
  Access: NOT Write Protected
  Login Type: Login required
  User Pin: Initialized

-----------------------------------------------------------
[root@qe-blade-11 alias]# cd ../../pki-tks/alias/
[root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module"

-----------------------------------------------------------
Name: NSS Internal PKCS #11 Module
Library file: **Internal ONLY module**
Manufacturer: Mozilla Foundation              
Description: NSS Internal Crypto Services    
PKCS #11 Version 2.20
Library Version: 3.11
Cipher Enable Flags: None
Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES

  Slot: NSS Internal Cryptographic Services                            
  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Generic Crypto Services     
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 4.0
  Token Firmware Version: 0.0
  Access: Write Protected
  Login Type: Public (no login required)
  User Pin: NOT Initialized

  Slot: NSS User Private Key and Certificate Services                  
  Slot Mechanism Flags: None
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Certificate DB              
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 8.3
  Token Firmware Version: 0.0
  Access: NOT Write Protected
  Login Type: Login required
  User Pin: Initialized

-----------------------------------------------------------

Note You need to log in before you can comment on or make changes to this bug.