Description of problem: When trying to create your own spacewalk entitlement certificate, the gen-oss-sat-cert.pl script produces an error which I cannot get around which results in not being able to create your own certificate. Users may want to replace the "Spacewalk Public Cert" organization within spacewalk with their actualy organization name. I believe the entitlement certificate is where "Spacewalk Public Cert" originates from. Version-Release number of selected component (if applicable): .6 How reproducible: Steps to Reproduce: 1. yum install spacewalk 2. wget https://fedorahosted.org/spacewalk/attachment/wiki/CertCreation/gen-oss-3. sat-cert.pl?format=raw 4. wget https://fedorahosted.org/spacewalk/attachment/wiki/CertCreation/template-eval.cert?format=raw 5. mv gen-oss-sat-cert.pl\?format\=raw gen-oss-sat-cert.pl 6. mv template-eval.cert\?format\=raw template-eval.cert 7. wget "https://fedorahosted.org/spacewalk/browser/web/modules/rhn/RHN/CertUtils.pm?rev=c43c7764d22ca8a78fd6f 446b0892b6dec5e78a8&format=txt" 8. mv CertUtils.pm\?rev\=c43c7764d22ca8a78fd6f446b0892b6dec5e78a8\&format\=txt CertUtils.pm 9. mv CertUtils.pm /usr/lib/perl5/vendor_perl/5.8.8/RHN/ 10. perl gen-oss-sat-cert.pl --dsn spacewalk/password@xe --signer 7F4AEFA4 ./template-eval.cert Actual results: [root@spacewalk-prod-testing ~]# perl gen-oss-sat-cert.pl --dsn spacewalk/password@xe --signer 7F4AEFA4 --resign template-eval.cert Passphrase: RHN::Exception: Attempt to set invalid mode 'all_rh_channel_families_insecure' for datasource 'RHN::DataSource::Channel' RHN::DataSource /usr/lib/perl5/vendor_perl/5.8.8/RHN/DataSource.pm 68 RHN::Exception::throw RHN::DataSource /usr/lib/perl5/vendor_perl/5.8.8/RHN/DataSource.pm 39 RHN::DataSource::mode main ./gen-oss-sat-cert.pl 79 RHN::DataSource::new [root@spacewalk-prod-testing ~]# Expected results: I expected to have the script sign the new certificate with the gpg key specified but it doesn't and instead produces the error message. Additional info: Same error also happens if I try to resign the default certificate that spacewalk comes with at: /usr/share/spacewalk/setup/spacewalk-public.cert
I do have the same problem. I got one step further with putting back the mode description for "all_rh_channels_insecure" in xml/Channel_queries.xml but now the DB connect always fails. It seems that the code is incompatible now since RHN::DB supports postgres now. I tried all kind of different dsn-string but i can't get it to connect: RHN::Exception: RHN::DB connect('sid=XE','spacewalk',...) failed: ORA-12154: TNS:could not resolve the connect identifier specified (DBD ERROR: OCIServerAttach) RHN::DB /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB.pm 234 RHN::Exception::DB::throw DBI /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/DBI.pm 636 RHN::DB::handle_error DBI /usr/lib64/perl5/vendor_perl/5.8.8/x86_64-linux-thread-multi/DBI.pm 689 DBI::__ANON__ RHN::DB /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB.pm 225 DBI::connect RHN::DB /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB.pm 192 RHN::DB::direct_connect RHN::DB::DataSource /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB/DataSource.pm 70 RHN::DB::connect RHN::DataSource /usr/lib/perl5/vendor_perl/5.8.8/RHN/DataSource.pm 133 RHN::DB::DataSource::run_query main gen-oss-sat-cert.pl 83 RHN::DataSource::execute_query
Got a similiar problem after adding: <mode name="all_rh_channel_families_insecure"> <query params=""> SELECT 1 FROM DUAL <!-- dummy --> </query> </mode> to: /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB/DataSource/xml/Channel_queries.xml Can't connect to data source ..., no database driver specified and DBI_DSN env var not set at /usr/lib/perl5/vendor_perl/5.8.8/RHN/DB/DataSource.pm line 70 Best Regards Marcus
Updated steps to reproduce: 1. install spacewalk 2. wget 'http://git.fedoraproject.org/git/?p=spacewalk.git;a=blob_plain;f=scripts/gen-oss-sat-cert.pl' -O gen-oss-sat-cert.pl 3. wget https://fedorahosted.org/spacewalk/attachment/wiki/CertCreation/template-eval.cert?format=raw -O template-eval.cert 4. create gpg key - see https://fedorahosted.org/spacewalk/wiki/CertCreation 4. perl gen-oss-sat-cert.pl --signer <your gpg key id> --resign ./template-eval.cert
Fixed in spacewalk wiki and git: commit 79078f2f5585592ab71b0b83d6951ce210133954 Automatic commit of package [spacewalk-web] release [0.9.3-1]. commit 966b45f46721161718a21dd6e79805c1e1d014e5 529371 - close and unlink detafile after signing commit 38548d978ee788ecfc51cdb4094aa493b9c0abd6 529371 - don't unlink tempfiles otherwise gpg won't see them commit 0b082c62b98cad9f8d109a254be2b5cdf7fac45d 529371 - don't ask for dsn, use default commit d1969feb31ac2e481c69e2933c77153bf62d1209 529371 - added missing all_rh_channel_families_insecure commit 4ce1ae0ac385824358f346f78b45a66af8eca67f 529371 - made verification work again commit d8664485e542d1d7a6ee30b730d9d730c98cd4b4 529371 - reimplemented compute_signature() commit 40e703b49b07cef6b5d6c80edcb2c1953241b99f 529371 - use Date::Parse commit 86b0ba9881e6a2d7ab0d37c3b3f5ecf0bc38a57f 529371 - moving the only function from dead RHN::CertUtils module inplace
Package spacewalk-web-0.9.3-1 has been pushed to build. Wiki has been modified to point to gen-oss-sat-cert.pl from spacewalk.git.
*** Bug 574393 has been marked as a duplicate of this bug. ***
This bug has been fixed in Spacewalk 1.0. Closing.