Bug 728651 - CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA
Summary: CS8 64 bit pkicreate script uses wrong library name for SafeNet LunaSA
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 6
Classification: Red Hat
Component: pki-core
Version: 6.2
Hardware: Unspecified
OS: Unspecified
high
unspecified
Target Milestone: rc
: ---
Assignee: Matthew Harmsen
QA Contact: Chandrasekar Kannan
URL:
Whiteboard:
Depends On: 673508
Blocks:
TreeView+ depends on / blocked
 
Reported: 2011-08-06 02:07 UTC by Matthew Harmsen
Modified: 2015-01-04 23:50 UTC (History)
7 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of: 673508
Environment:
Last Closed: 2011-12-06 16:29:24 UTC
Target Upstream Version:

Attachments (Terms of Use)
patch to fix (659 bytes, patch)
2011-08-09 00:56 UTC, Matthew Harmsen 		jmagne: review+
Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2011:1655 0 normal SHIPPED_LIVE pki-core bug fix and enhancement update 2011-12-06 00:50:24 UTC

Comment 1 Matthew Harmsen 2011-08-06 02:10:24 UTC 
This bug was cloned as this one line fix is required in order to successfully test out the following RHEL 6.2 bug:

    * https://bugzilla.redhat.com/show_bug.cgi?id=705947 - Cannot create system
      certs when using LunaSA HSM in FIPS Mode and ECC algorithms
Comment 2 Matthew Harmsen 2011-08-09 00:56:39 UTC 
Created attachment 517324 [details]
patch to fix

This attachment replicates the changes documented via attachment 482989 [details]
which has been applied and tested on the TIP.
Comment 3 Matthew Harmsen 2011-08-09 01:09:22 UTC 
IPA_v2_RHEL_6_ERRATA_BRANCH:

# cd pki

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
M       base/setup/pkicreate

# svn commit
Sending        base/setup/pkicreate
Transmitting file data .
Committed revision 2126.
Comment 4 Matthew Harmsen 2011-08-09 01:22:45 UTC 
IPA_v2_RHEL_6_ERRATA_BRANCH:

# cd pki

# svn update

# svn info | grep Revision
Revision: 2126

Extrapolating from Bugzilla Bug #729126

    ./pki/scripts/pki_patch_maker 2125 2126 pki-core 9.0.3
        pki-core-9.0.3-r2126.patch
Comment 5 Matthew Harmsen 2011-08-09 18:45:18 UTC 
IPA_v2_RHEL_6_ERRATA_BRANCH:

# cd pki

# svn status | grep -v ^$ | grep -v ^P | grep -v ^X | grep -v ^?
A       patches/pki-core-9.0.3-r2126.patch
M       specs/pki-core.spec

# svn commit
Adding         patches/pki-core-9.0.3-r2126.patch
Sending        specs/pki-core.spec
Transmitting file data ..
Committed revision 2133.
Comment 7 Kashyap Chamarthy 2011-11-08 20:38:32 UTC 
VERIFIED

The script does look for the correct shared lib. file -- libCryptoki2_64.so. 


########################
.
.
.
debug]     Attempting to add hardware security modules to system if applicable ...
[debug]         module name: lunasa  lib: /usr/lunasa/lib/libCryptoki2_64.so DOES NOT EXIST!
########################
Name        : pki-ca                       Relocations: (not relocatable)
Version     : 9.0.3                             Vendor: Red Hat, Inc.
Release     : 20.el6                        Build Date: Mon 03 Oct 2011 08:08:55 PM EDT
Install Date: Tue 08 Nov 2011 01:05:46 AM EST      Build Host: x86-002.build.bos.redhat.com
########################

NOTE:  There's no current plan to support RHCS on rhel6 w/ hsm for now.
Comment 8 errata-xmlrpc 2011-12-06 16:29:24 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

http://rhn.redhat.com/errata/RHBA-2011-1655.html
Note You need to log in before you can comment on or make changes to this bug.