Bug 845942 - genkey should work without mod_ssl and mod_nss
genkey should work without mod_ssl and mod_nss
Status: CLOSED ERRATA
Product: Fedora
Classification: Fedora
Component: crypto-utils (Show other bugs)
19
All Linux
low Severity low
: ---
: ---
Assigned To: Elio Maldonado Batiz
Fedora Extras Quality Assurance
: Reopened
Depends On: 845940
Blocks:
  Show dependency treegraph
 
Reported: 2012-08-06 04:07 EDT by Kurt Seifried
Modified: 2014-02-25 02:53 EST (History)
3 users (show)

See Also:
Fixed In Version: crypto-utils-2.4.1-52.fc20
Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: 845940
Environment:
Last Closed: 2014-02-25 02:53:20 EST
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---


Attachments (Terms of Use)

  None (edit)
Description Kurt Seifried 2012-08-06 04:07:58 EDT
+++ This bug was initially created as a clone of Bug #845940 +++

Description of problem:

crypto-utils has a missing dependancy on mod_ssl and fails to run.

Version-Release number of selected component (if applicable):

crypto-utils-2.4.1-34.fc16.x86_64

How reproducible:

Always

Steps to Reproduce:
1. remove mod_ssl if already installed
2. install crypto-utils
3. run "genkey -days 1 localhost"
  
Actual results:

¦                  ¦ 
¦ package mod_ssl is not installed     ¦ 
¦                  ¦ 
¦ It is required to generate this type ¦ 
¦ of CSRs or certsfor this host:       ¦ 
¦                  ¦ 
¦ Press return to exit                 ¦ 
¦                  ¦ 
¦              +-------+               ¦ 
¦              ¦ Close ¦               ¦ 
¦              +-------+              

Expected results:

genkey creates a certificate

Additional info:

simply add mod_ssl as a dependency. This also affects Fedora 17
Comment 1 Fedora End Of Life 2013-01-16 17:04:40 EST
This message is a reminder that Fedora 16 is nearing its end of life.
Approximately 4 (four) weeks from now Fedora will stop maintaining
and issuing updates for Fedora 16. It is Fedora's policy to close all
bug reports from releases that are no longer maintained. At that time
this bug will be closed as WONTFIX if it remains open with a Fedora 
'version' of '16'.

Package Maintainer: If you wish for this bug to remain open because you
plan to fix it in a currently maintained version, simply change the 'version' 
to a later Fedora version prior to Fedora 16's end of life.

Bug Reporter: Thank you for reporting this issue and we are sorry that 
we may not be able to fix it before Fedora 16 is end of life. If you 
would still like to see this bug fixed and are able to reproduce it 
against a later version of Fedora, you are encouraged to click on 
"Clone This Bug" and open it against that version of Fedora.

Although we aim to fix as many bugs as possible during every release's 
lifetime, sometimes those efforts are overtaken by events. Often a 
more recent Fedora release includes newer upstream software that fixes 
bugs or makes them obsolete.

The process we are following is described here: 
http://fedoraproject.org/wiki/BugZappers/HouseKeeping
Comment 2 Elio Maldonado Batiz 2013-01-16 17:16:19 EST
Switching Version to Rawhide to prevent this bug from getting closed with F16 EOF.
Comment 3 Elio Maldonado Batiz 2013-02-23 14:15:43 EST
gen
Comment 4 Fedora End Of Life 2013-04-03 14:33:41 EDT
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 5 Aleksandra Fedorova 2013-07-14 10:39:37 EDT
The bug is still here in F19. It is not possible to use genkey tool from crypto-utils without installing Apache web-server. Which is rather common use case, since there are a lot of nginx installations which don't need httpd.
Comment 6 Elio Maldonado Batiz 2013-07-14 12:47:09 EDT
The "port" of crypto-utils to use NSS exclusively for its cryptography as part of the old crypto consolidation effort. Please see
https://fedoraproject.org/wiki/CryptoConsolidationScorecard
where you can see in the the entry for crypto-utils "openssl or nss selectable via command line option". The goal of using nss exclusively for the crypto services was accomplished but since it's meant to support both mod_nss and the mod_ssl, it consequently needs openssl.

Perhaps the tools should have been split into two, one for mod_ssl (openssl) and one for mod_nss (nss) instead of the rather complex perl script it has that tries to do it both ways. In addition to having two tools, creating two separate packages, each with it own requirements, would have made things a lot cleaner.

As implemented, one package/tool to support both use cases, crypto-utils.spec needs a Requires: openssl.
Comment 7 Elio Maldonado Batiz 2013-07-14 13:10:15 EDT
I think 'Requires: mod_ssl' is better than 'Requires: openssl'.
Comment 8 Joe Orton 2014-01-27 07:17:20 EST
There is actually no reason that the package should "Requires: mod_ssl", nor mod_nss.  The package should work correctly without either package installed.  Checking for presence of mod_nss in genkey *iff --nss is specified* is fine but there is no need to check for mod_ssl AFAICT.
Comment 9 Joe Orton 2014-01-27 08:07:51 EST
I will leave this bug open to the underlying issue, that genkey should work without mod_ssl installed.
Comment 10 Joe Orton 2014-01-27 08:08:14 EST
Duh.
Comment 12 Joe Orton 2014-02-13 18:29:17 EST
Fixed in updates.
Comment 13 Joe Orton 2014-02-13 18:31:28 EST
Closed in error.
Comment 14 Fedora Update System 2014-02-13 18:33:38 EST
crypto-utils-2.4.1-52.fc20 has been submitted as an update for Fedora 20.
https://admin.fedoraproject.org/updates/crypto-utils-2.4.1-52.fc20
Comment 15 Fedora Update System 2014-02-15 02:03:32 EST
Package crypto-utils-2.4.1-52.fc20:
* should fix your issue,
* was pushed to the Fedora 20 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing crypto-utils-2.4.1-52.fc20'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2014-2571/crypto-utils-2.4.1-52.fc20
then log in and leave karma (feedback).
Comment 16 Fedora Update System 2014-02-25 02:53:20 EST
crypto-utils-2.4.1-52.fc20 has been pushed to the Fedora 20 stable repository.  If problems still persist, please make note of it in this bug report.

Note You need to log in before you can comment on or make changes to this bug.