Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 1356180 - .postinstall checks for localhost.key on wrong location
Summary: .postinstall checks for localhost.key on wrong location
Keywords:
Status: VERIFIED
Alias: None
Product: JBoss Enterprise Web Server 2
Classification: JBoss
Component: openssl, httpd
Version: 2.1.1
Hardware: Unspecified
OS: Linux
unspecified
urgent
Target Milestone: CR01
: 2.1.1
Assignee: Weinan Li
QA Contact: Michal Karm Babacek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2016-07-13 15:06 UTC by fgoldefu
Modified: 2018-02-07 00:03 UTC (History)
1 user (show)

Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed:
Type: Bug


Attachments (Terms of Use)

Description fgoldefu 2016-07-13 15:06:28 UTC
Description of problem:
Postinstall script checks localhost.key on location /etc/pki/tls/private/localhost.key, but creates it on {install dir}/conf/openssl/pki/tls/private/localhost.key

Actual results:
Postinstall contains:
...
  5 if [ ! -f /etc/pki/tls/private/localhost.key ] ; then
  6 sbin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > conf/openssl/pki/tls/private/localhost.key 2> /dev/null
  7 fi
...

Expected results:
Postinstall should contain:
...
  5 if [ ! -f conf/openssl/pki/tls/private/localhost.key ] ; then
  6 sbin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/proc/pci:/proc/rtc:/proc/uptime 1024 > conf/openssl/pki/tls/private/localhost.key 2> /dev/null
  7 fi
...

Comment 1 fgoldefu 2016-07-13 15:20:28 UTC
And the env. variable with openssl configuration:
OPENSSL_CONF=conf/openssl/pki/tls/openssl.cnf
should be added.

Comment 2 Weinan Li 2016-07-14 13:20:06 UTC
the fix is included in https://bugzilla.redhat.com/show_bug.cgi?id=1354428#c1

next release of EWS 2.1.1 will include this(CR1)

Comment 3 Bogdan Sikora 2016-08-01 07:41:58 UTC
CR1-RHEL*

5 if [ ! -f conf/openssl/pki/tls/private/localhost.key ] ; then
  6 sbin/openssl genrsa -rand /proc/apm:/proc/cpuinfo:/proc/dma:/proc/filesystems:/proc/interrupts:/proc/ioports:/pro    c/pci:/proc/rtc:/proc/uptime 1024 > conf/openssl/pki/tls/private/localhost.key 2> /dev/null
  7 fi

14 if [ ! -f conf/openssl/pki/tls/certs/localhost.crt ] ; then
 15 cat << EOF | OPENSSL_CONF=conf/openssl/pki/tls/openssl.cnf sbin/openssl req -new -key conf/openssl/pki/tls/privat    e/localhost.key \
 16          -x509 -days 365 -set_serial $RANDOM \
 17          -out conf/openssl/pki/tls/certs/localhost.crt 2>/dev/null
 18 --

Comment 4 PnT Account Manager 2017-12-08 00:03:34 UTC
Employee 'fgoldefu@redhat.com' has left the company.


Note You need to log in before you can comment on or make changes to this bug.