Bug 730438 - SSL CA errors when reporting an installer bug to bugzilla
SSL CA errors when reporting an installer bug to bugzilla
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: lorax (Show other bugs)
16
Unspecified Linux
unspecified Severity urgent
: ---
: ---
Assigned To: Martin Gracik
Fedora Extras Quality Assurance
AcceptedBlocker
:
Depends On:
Blocks: F16Alpha/F16AlphaBlocker
  Show dependency treegraph
 
Reported: 2011-08-12 18:54 EDT by Tim Flink
Modified: 2013-07-04 08:58 EDT (History)
13 users (show)

See Also:
Fixed In Version: lorax-16.4.2-1.fc16
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of:
Environment:
Last Closed: 2011-08-30 22:39:26 EDT
Type: ---
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:


Attachments (Terms of Use)
Patch for lorax to prevent removal of ssl related directories (905 bytes, text/plain)
2011-08-12 20:51 EDT, Tim Flink
no flags Details
Updated patch to lorax to fix the SSL issue (1.19 KB, text/plain)
2011-08-13 12:06 EDT, Tim Flink
no flags Details

  None (edit)
Description Tim Flink 2011-08-12 18:54:09 EDT
Description of problem:

Reporting installer bugs to bugzilla fail with RPC errors

Version-Release number of selected component (if applicable):

Fedora 16 netinstall built with anaconda-16.14.4-4.fc16, lorax-16.4-3.fc16, libreport-2.0.5-5.fc16

How reproducible:

I can reproduce this every time.

Steps to Reproduce:
1. Boot with ks=http://rhe.fedorapeople.org/install/partition.cfg
2. Select 'Create Custom layout' and click 'next'
3. Report to bugzilla
  
Actual results:

fatal: XML-RPC(-504): libcurl failed to execute the HTTP POST transaction,
explaining: Problem with the SSL CA cert (path? access rights?)
(exited with 1)

Expected results:

Successful report to bugzilla

Additional info:

I found this when working on bug 729537 and the now duped bug 729528
Comment 1 Tim Flink 2011-08-12 18:55:13 EDT
Proposed as Fedora 16 alpha blocker under the following criterion:

The installer must be able to report failures to Bugzilla, with appropriate information included.
Comment 2 Tim Flink 2011-08-12 20:51:22 EDT
Created attachment 518126 [details]
Patch for lorax to prevent removal of ssl related directories

The netinstall iso I've been using for testing is available at:
 - http://tflink.fedorapeople.org/iso/boot_730438.iso
 - http://tflink.fedorapeople.org/iso/boot_730438.iso.sha256sum

This was built with F16 stable and the following packages:
anaconda-16.14.4-4.fc16, lorax-16.4-3.fc16, libreport-2.0.5-5.fc16. dracut-011-41.git20110810, linux-firmware-20110731-2.fc16 and rpm-4.9.10-3.fc16

I patched lorax to not delete several ssl related directories and attached that patch. It is designed to be applied after the current libreport patch in fedora git.
Comment 3 Jiri Moskovcak 2011-08-13 06:21:31 EDT
according to strace output we're missing also these files:

access("/etc/pki/nssdb/cert9.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert8.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert7.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert6.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert5.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert4.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert3.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/cert2.db", F_OK) = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/key3.db", F_OK)  = -1 ENOENT (No such file or directory)
access("/etc/pki/nssdb/key2.db", F_OK)  = -1 ENOENT (No such file or directory)

I copied them manually to the iso and it seems to fix the certificates problem, now I'm hitting some problems with network, but that might be a problem with my virtual machine:

getpeername(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("209.132.183.69")}, [16]) = 0
close(12)                               = 0
clock_gettime(CLOCK_MONOTONIC, {648, 441956250}) = 0
getpeername(3, {sa_family=AF_INET, sin_port=htons(443), sin_addr=inet_addr("209.132.183.69")}, [16]) = 0
time(NULL)                              = 1313229676
time(NULL)                              = 1313229676
socket(PF_INET6, SOCK_STREAM, IPPROTO_IP) = 12
close(12)                               = 0
time(NULL)                              = 1313229676
send(3, "\26\3\1\0i\1\0\0e\3\1NFKl\333\361f\363p\242\313\250M\37\373\245\247\262\360\350\263"..., 110, 0) = 110
recv(3, 0x9675a0c, 5, 0)                = -1 EAGAIN (Resource temporarily unavailable)
gettimeofday({1313229676, 884601}, NULL) = 0
poll([{fd=3, events=POLLIN|POLLPRI}], 1, 5000) = 1 ([{fd=3, revents=POLLIN|POLLERR|POLLHUP}])
recv(3, 0x9675a0c, 5, 0)                = -1 ECONNRESET (Connection reset by peer)
time(NULL)                              = 1313229677
close(3)                                = 0
gettimeofday({1313229677, 73714}, NULL) = 0
write(2, "fatal: XML-RPC(-504): libcurl fa"..., 106fatal: XML-RPC(-504): libcurl failed to execute the HTTP POST transaction, explaining:  SSL connect error
Comment 4 Jiri Moskovcak 2011-08-13 11:09:34 EDT
After further investigation I can confirm that not removing /etc/pki/nssdb/* from anaconda image resolves the problem. The other SSL connect error is probably caused by bug in in VirtualBox, I was able to report bugs when I changed from bridged network to NAT.
Comment 5 Tim Flink 2011-08-13 11:37:12 EDT
I'm building a new iso with what I'm understanding of your patch for lorax and will upload if it does fix the issue.

When do you think we could get a new build of lorax with this fix?
Comment 6 Tim Flink 2011-08-13 12:06:30 EDT
Created attachment 518153 [details]
Updated patch to lorax to fix the SSL issue

I can confirm that this does indeed fix the SSL issue and I was able to report an installer bug to bugzilla.

I attached the modification I made to lorax in order to make this work.
Comment 7 Jiri Moskovcak 2011-08-13 13:08:06 EDT
When doing update for this, please bundle it with: https://admin.fedoraproject.org/updates/libreport-2.0.5-5.fc16 so it goes together.
Comment 8 Tim Flink 2011-08-13 23:13:13 EDT
I replaced the old boot.iso with a new one using my patch for lorax:
 - http://tflink.fedorapeople.org/iso/boot_x64.iso
 - http://tflink.fedorapeople.org/iso/boot_x64.iso.sha256

If someone could submit a new build for lorax with an equivalent patch, that would be great.
Comment 9 Ales Kozumplik 2011-08-15 02:22:28 EDT
This is also loosely related to bug 728562 (though that one should be fixed in any case).
Comment 10 Fedora Update System 2011-08-15 04:39:09 EDT
lorax-16.4.1-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/lorax-16.4.1-1.fc16
Comment 11 Adam Williamson 2011-08-15 13:09:58 EDT
Discussed at the weekly QA meeting of 2011-08-15 (with anaconda team and releng in attendance). Accepted as a blocker under the criterion "the installer must be able to report failures to Bugzilla, with appropriate information included".
Comment 12 Fedora Update System 2011-08-15 16:24:29 EDT
Package lorax-16.4.1-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing lorax-16.4.1-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/lorax-16.4.1-1.fc16
then log in and leave karma (feedback).
Comment 13 Adam Williamson 2011-08-17 01:39:22 EDT
I believe we have confirmation this is okay in RC5, but please someone post in the bug before we set this VERIFIED, thanks!
Comment 14 Tim Flink 2011-08-17 09:51:48 EDT
I just verified that this issue was fixed with Fedora 16 alpha RC5.
Comment 15 Fedora Update System 2011-08-25 05:38:15 EDT
lorax-16.4.2-1.fc16 has been submitted as an update for Fedora 16.
https://admin.fedoraproject.org/updates/lorax-16.4.2-1.fc16
Comment 16 Fedora Update System 2011-08-26 10:19:15 EDT
Package lorax-16.4.2-1.fc16:
* should fix your issue,
* was pushed to the Fedora 16 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing lorax-16.4.2-1.fc16'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/lorax-16.4.2-1.fc16
then log in and leave karma (feedback).
Comment 17 Fedora Update System 2011-08-30 22:39:08 EDT
lorax-16.4.2-1.fc16 has been pushed to the Fedora 16 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.