This service will be undergoing maintenance at 00:00 UTC, 2016-08-01. It is expected to last about 1 hours
Bug 474720 - freenx-server should not generate or copy any keys in %post
freenx-server should not generate or copy any keys in %post
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: freenx-server (Show other bugs)
rawhide
All Linux
low Severity medium
: ---
: ---
Assigned To: Axel Thimm
Fedora Extras Quality Assurance
:
Depends On:
Blocks: K12LTSP
  Show dependency treegraph
 
Reported: 2008-12-04 18:48 EST by Warren Togami
Modified: 2009-08-10 17:52 EDT (History)
1 user (show)

See Also:
Fixed In Version: 0.7.3-15.fc10
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2009-08-10 17:40:30 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)

  None (edit)
Description Warren Togami 2008-12-04 18:48:22 EST
%post
if test ! -e /etc/nxserver/users.id_dsa; then
  %{_bindir}/ssh-keygen -q -t dsa -N "" -f /etc/nxserver/users.id_dsa
fi

if ! test -e /etc/nxserver/client.id_dsa.key -a -e /etc/nxserver/server.id_dsa.pub.key; then
  %{_bindir}/ssh-keygen -q -t dsa -N "" -f /etc/nxserver/local.id_dsa
  mv -f /etc/nxserver/local.id_dsa /etc/nxserver/client.id_dsa.key
  mv -f /etc/nxserver/local.id_dsa.pub /etc/nxserver/server.id_dsa.pub.key
fi

echo -n "127.0.0.1 " > /var/lib/nxserver/home/.ssh/known_hosts
# We do depend on openssh-server, but package installation != key
# creation time. See also Fedora bug #235592
cat /etc/ssh/ssh_host_rsa_key.pub >> /var/lib/nxserver/home/.ssh/known_hosts 2>/dev/null
chown nx:root /var/lib/nxserver/home/.ssh/known_hosts

This is related to Bug #235592, but goes even further.  None of this should happen during %post of freenx-server.  Why?  If you install freenx-server in a chroot to be included in an image, then you are packaging ssh keys that are no longer unique.

All of this should be moved to a shell script to be run once by the system administrator after the system has booted for real.  This would also solve Bug #235592.  There is no way around the necessity of this.
Comment 1 Warren Togami 2008-12-04 18:50:04 EST
Correction: None of the key generation or copying should happen during %post.  User creation and other things are OK.
Comment 2 Fedora Update System 2009-07-25 19:11:12 EDT
freenx-server-0.7.3-14.fc10 has been submitted as an update for Fedora 10.
http://admin.fedoraproject.org/updates/freenx-server-0.7.3-14.fc10
Comment 3 Fedora Update System 2009-07-25 19:11:54 EDT
freenx-server-0.7.3-14.fc11 has been submitted as an update for Fedora 11.
http://admin.fedoraproject.org/updates/freenx-server-0.7.3-14.fc11
Comment 4 Fedora Update System 2009-07-27 17:30:12 EDT
freenx-server-0.7.3-14.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update freenx-server'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8023
Comment 5 Fedora Update System 2009-07-27 17:31:07 EDT
freenx-server-0.7.3-14.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update freenx-server'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8022
Comment 6 Fedora Update System 2009-08-01 19:54:04 EDT
freenx-server-0.7.3-15.fc11 has been pushed to the Fedora 11 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update freenx-server'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F11/FEDORA-2009-8022
Comment 7 Fedora Update System 2009-08-01 19:57:56 EDT
freenx-server-0.7.3-15.fc10 has been pushed to the Fedora 10 testing repository.  If problems still persist, please make note of it in this bug report.
 If you want to test the update, you can install it with 
 su -c 'yum --enablerepo=updates-testing update freenx-server'.  You can provide feedback for this update here: http://admin.fedoraproject.org/updates/F10/FEDORA-2009-8023
Comment 8 Fedora Update System 2009-08-10 17:39:48 EDT
freenx-server-0.7.3-15.fc11 has been pushed to the Fedora 11 stable repository.  If problems still persist, please make note of it in this bug report.
Comment 9 Fedora Update System 2009-08-10 17:52:11 EDT
freenx-server-0.7.3-15.fc10 has been pushed to the Fedora 10 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.