|
Bugzilla – Full Text Bug Listing |
| Summary: | yast2 ca-mgm module have mangled capasswd option | ||
|---|---|---|---|
| Product: | [openSUSE] openSUSE 11.2 | Reporter: | Thidney Thidney <tthidney> |
| Component: | YaST2 | Assignee: | J. Daniel Schmidt <jdsn> |
| Status: | RESOLVED FIXED | QA Contact: | Jiri Srain <jsrain> |
| Severity: | Normal | ||
| Priority: | P4 - Low | CC: | igor.podgorski |
| Version: | Final | ||
| Target Milestone: | --- | ||
| Hardware: | Other | ||
| OS: | Other | ||
| Whiteboard: | |||
| Found By: | --- | Services Priority: | |
| Business Priority: | Blocker: | --- | |
| Marketing QA Status: | --- | IT Deployment: | --- |
| Attachments: | y2logs after running | ||
Please attach YaST logs. It's actually helpful to attach them to (almost) every bug report for YaST. See http://en.opensuse.org/Bugs/YaST (In reply to comment #0) > however using capasswd="password" is ignored, > obviously caPassword option is readed. According to the code the parameter is indeed "capasswd" in lowercase. The error message you saw came from internal processing - internally the password is saved with the camelCase name "caPassword. The error bwt. occurs if the password is missing or if it is shorter than 4 characters. Unfortunately this error message does not report such an error. -> Bug #1 > So Window asking me to pass ca password appear (which is problem in batch) -> Bug #2 > And of course passing caPasswd will fail: > Unknown option for command 'createCertificate': caPasswd As already said, the parameter is "capasswd". > when I do not pass capasswd at all command complain about ca creation: > > Invalid password. > Use of uninitialized value in sprintf at > /usr/share/YaST2/modules/YaST/caUtils.pm line 1848 (#1) > Invalid value '' for parameter 'caPasswd'. -> Bug #1.1 (or #3 if you like) Please provide YaST the logs in any case, thank you. Created attachment 367919 [details] y2logs after running I had to change computer (I am on vacation and I can`t access former computer). Exact command: yast2 ca_mgm createCertificate caname="testCAName" type="server" days="3" cn="testServerCert" email="tthidney@seznam.cz" capasswd="test" keyPasswd="test" verbose After that Dialog with request for CA password appear. And after that it fail again with: linux-dde3:/# LANG=us yast2 ca_mgm createCertificate caname="testCAName" type="server" days="3" cn="testServerCert" email="tthidney@seznam.cz" capasswd="test" keyPasswd="test" verbose (process:23293): Gtk-WARNING **: Locale not supported by C library. Using the fallback 'C' locale. Modifying RequestGenerationData failed. I have come across the same issue when creating a server certificate in OpenSUSE 11.4 and SLES 11 SP1.
There problem is in /usr/share/YaST2/include/ca-management/commandline.ycp in cmdCreateCertificate (starts at line 59). The problem occurs because new_cert_init ("Server Certificate") on line 69 is called before the CA password was read from the command line which happens further down starting at line 96: if (haskey (options, "capasswd"))....
So, I moved the block (lines 96-103) taking in the capasswd from the command line and put it above the block calling for new cert (lines 63-75).
Diff below:
--- commandline.ycp-orig 2012-05-21 11:57:52.000000000 +0100
+++ commandline.ycp 2012-05-21 11:58:57.000000000 +0100
@@ -60,6 +60,15 @@
CaMgm::CAName = options["caname"]:"";
CaMgm::currentCA = options["caname"]:"";
+ if (haskey (options, "capasswd"))
+ {
+ CaMgm::passwdMap[CaMgm::CAName] = options["capasswd"]:"";
+ }
+ else
+ {
+ CaMgm::passwdMap[CaMgm::CAName] = strip(getenv("capasswd"));
+ }
+
if (options["type"]:"" == "client")
{
new_cert_init ("Client Certificate");
@@ -93,15 +102,6 @@
CaMgm::password = strip(getenv("keyPasswd"));
}
- if (haskey (options, "capasswd"))
- {
- CaMgm::passwdMap[CaMgm::CAName] = options["capasswd"]:"";
- }
- else
- {
- CaMgm::passwdMap[CaMgm::CAName] = strip(getenv("capasswd"));
- }
-
boolean ret = true;
if (options["kind"]:"" == "client")
{
I can confirm that after making this change I can create a new certificate using the CA password supplied on the command line.
Igor
This issue is also present in OpenSUSE 12.1 so I assume 12.2 is affected too. Thank you for your patch. I will apply and test it once we have finished our SVN to GIT migration (unfortunately the import broke some history and we will redo it). Fixed the issue in YaST's master branch, so it will be in next openSUSE. Please reopen this bug if you need this fix also as an update for 12.3. This is an autogenerated message for OBS integration: This bug (609449) was mentioned in https://build.opensuse.org/request/show/182152 Factory / yast2-ca-management |
User-Agent: Mozilla/5.0 (compatible; Konqueror/4.4) KHTML/4.4.2 (like Gecko) SUSE I am trying to create certificate from cmdline using yast ca-mgm module. As I need to pass CA password I tried one from documentation: capasswd [string] CA password (Security: This should be given by an environment variable) however using capasswd="password" is ignored, obviously caPassword option is readed. So Window asking me to pass ca password appear (which is problem in batch) And of course passing caPasswd will fail: Unknown option for command 'createCertificate': caPasswd And at the end when I do not pass capasswd at all command complain about ca creation: Invalid password. Use of uninitialized value in sprintf at /usr/share/YaST2/modules/YaST/caUtils.pm line 1848 (#1) (W uninitialized) An undefined value was used as if it were already defined. It was interpreted as a "" or a 0, but maybe it was a mistake. To suppress this warning assign a defined value to your variables. To help you figure out what was undefined, perl will try to tell you the name of the variable (if any) that was undefined. In some cases it cannot do this, so it also tells you what operation you used the undefined value in. Note, however, that perl optimizes your program and the operation displayed in the warning may not necessarily appear literally in your program. For example, "that $foo" is usually optimized into "that " . $foo, and the warning will refer to the concatenation (.) operator, even though there is no . in your program. Invalid value '' for parameter 'caPasswd'. Invalid value '' for parameter 'caPasswd'. Command look like: LANG=us yast2 ca_mgm createCertificate caname="CANAME" type="server" days="3" cn="testauto" keyPasswd="test" email="mymail" verbose Reproducible: Always Steps to Reproduce: 1. 2. 3.