Note: This is a beta release of Red Hat Bugzilla 5.0. The data contained within is a snapshot of the live data so any changes you make will not be reflected in the production Bugzilla. Also email is disabled so feel free to test any aspect of the site that you want. File any problems you find or give feedback here.
Bug 454565 - Broken Installation Wizard for TPS and RA with latest modutil
Summary: Broken Installation Wizard for TPS and RA with latest modutil
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Dogtag Certificate System
Classification: Retired
Component: Installation Wizard
Version: 1.0
Hardware: All
OS: Linux
low
low
Target Milestone: ---
Assignee: Ade Lee
QA Contact:
URL:
Whiteboard:
Depends On:
Blocks: 443788
TreeView+ depends on / blocked
 
Reported: 2008-07-09 01:30 UTC by Jack Magne
Modified: 2009-07-22 23:29 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2009-07-22 23:29:20 UTC


Attachments (Terms of Use)
patch to fix (deleted)
2008-07-22 22:00 UTC, Ade Lee
no flags Details | Diff
patch including spec file changes (deleted)
2008-08-05 19:36 UTC, Ade Lee
no flags Details | Diff

Description Jack Magne 2008-07-09 01:30:27 UTC
Description of problem:

The Module Selection panel on the TPS installation wizard does not play well
with the latest modutil. Note: This problem should also exist with the RA since
both subsystems use the same perl based installation framework.

There is some code in the file Modutil.pm which calls the modutil function  that
gives a detailed list of attributes relating to a security module. The code
takes this information and creates a variable that contains all the properties
for convenient use later on.

The problem is that the latest version of modutil no longer prints out an
informative line like the following:

modutil -dbdir ./ -list "ModuleName"

Using database directory .....

This missing line was actually being accounted for in the code by having the
block containing this text thrown away. The end result is that a bunch of really
important attributes get thrown away like the Name of the module and the Library
path of the file implementing the module. The end result is that the wizard
always tells the user that NO security modules are available. 

The offending block of code is the following:


my $moduledetail = `modutil -force -dbdir '$self->{dir}' -nocertdb -list
"$m->{modulename}" 2> /dev/null`;


                my @details= split "\n\n", $moduledetail;

                shift @details;

                $m->{detail} = makehash(shift @details);


Note how modutil is called to get the info. The line:

shift @details is the one that causes problems using the latest version of modutil.

The fix is to change this code so it does not automatically throw away stuff at
the top of the string.


Version-Release number of selected component (if applicable):

Dogtag 1.0.0


How reproducible:

Always

Steps to Reproduce:
1. Install a CA
2. Install a TKS
3.  Proceed through the TPS wizard until reaching the Security Modules screen. 
  
Actual results:

The screen tells the user that no modules are available when this is not true.


Expected results:

At least the internal NSS PKCS#11 module should be listed as available.

Additional info:

The version of nss-tools which contains "modutil" on F8 is:
nss-tools-3.12.0.3-0.8.2.fc8

Comment 1 Ade Lee 2008-07-22 22:00:14 UTC
Created attachment 312400 [details]
patch to fix 

Patch to fix the problem Jack diagnosed.  Now allows TPS and RA installations
to proceed as expected for both old and new modutil.

jmagne, mharmsen - please ack.

Comment 2 Jack Magne 2008-08-05 17:33:56 UTC
Ade:

Patch looks good, but Matt likes us to include the diffs of the changed spec files. For instance you would have to go into the spec file and bump the release and add to the comments list. You've probably done this already but didn't include it in the patch.

Comment 3 Ade Lee 2008-08-05 19:36:52 UTC
Created attachment 313485 [details]
patch including spec file changes

Comment 4 Jack Magne 2008-08-05 20:37:39 UTC
Attachment (id=331485) jmagne+

Comment 5 Ade Lee 2008-08-05 21:01:56 UTC
Commit data:

Sending        pki/base/ra/lib/perl/PKI/RA/Modutil.pm
Sending        pki/base/tps/lib/perl/PKI/TPS/Modutil.pm
Sending        pki/linux/ra/pki-ra.spec
Sending        pki/linux/tps/pki-tps.spec
Transmitting file data ....
Committed revision 73.

Comment 6 Chandrasekar Kannan 2008-08-27 00:29:31 UTC
Bug already MODIFIED. setting target CS8.0 and marking screened+

Comment 7 Jenny Galipeau 2009-06-25 13:51:08 UTC
Verified:

[root@qe-blade-11]# cd /var/lib/pki-ra/alias/
[root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module"

-----------------------------------------------------------
Name: NSS Internal PKCS #11 Module
Library file: **Internal ONLY module**
Manufacturer: Mozilla Foundation              
Description: NSS Internal Crypto Services    
PKCS #11 Version 2.20
Library Version: 3.11
Cipher Enable Flags: None
Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES

  Slot: NSS Internal Cryptographic Services                            
  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Generic Crypto Services     
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 4.0
  Token Firmware Version: 0.0
  Access: Write Protected
  Login Type: Public (no login required)
  User Pin: NOT Initialized

  Slot: NSS User Private Key and Certificate Services                  
  Slot Mechanism Flags: None
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Certificate DB              
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 8.3
  Token Firmware Version: 0.0
  Access: NOT Write Protected
  Login Type: Login required
  User Pin: Initialized

-----------------------------------------------------------

/var/lib/pki-tks/alias/
[root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module"

-----------------------------------------------------------
Name: NSS Internal PKCS #11 Module
Library file: **Internal ONLY module**
Manufacturer: Mozilla Foundation              
Description: NSS Internal Crypto Services    
PKCS #11 Version 2.20
Library Version: 3.11
Cipher Enable Flags: None
Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES

  Slot: NSS Internal Cryptographic Services                            
  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Generic Crypto Services     
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 4.0
  Token Firmware Version: 0.0
  Access: Write Protected
  Login Type: Public (no login required)
  User Pin: NOT Initialized

  Slot: NSS User Private Key and Certificate Services                  
  Slot Mechanism Flags: None
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Certificate DB              
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 8.3
  Token Firmware Version: 0.0
  Access: NOT Write Protected
  Login Type: Login required
  User Pin: Initialized

-----------------------------------------------------------
[root@qe-blade-11 alias]# cd ../../pki-tks/alias/
[root@qe-blade-11 alias]# modutil -dbdir ./ -list "NSS Internal PKCS #11 Module"

-----------------------------------------------------------
Name: NSS Internal PKCS #11 Module
Library file: **Internal ONLY module**
Manufacturer: Mozilla Foundation              
Description: NSS Internal Crypto Services    
PKCS #11 Version 2.20
Library Version: 3.11
Cipher Enable Flags: None
Default Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES

  Slot: NSS Internal Cryptographic Services                            
  Slot Mechanism Flags: RSA:RC2:RC4:DES:DH:SHA1:MD5:MD2:SSL:TLS:AES
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Generic Crypto Services     
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 4.0
  Token Firmware Version: 0.0
  Access: Write Protected
  Login Type: Public (no login required)
  User Pin: NOT Initialized

  Slot: NSS User Private Key and Certificate Services                  
  Slot Mechanism Flags: None
  Manufacturer: Mozilla Foundation              
  Type: Software
  Version Number: 3.11
  Firmware Version: 0.0
  Status: Enabled
  Token Name: NSS Certificate DB              
  Token Manufacturer: Mozilla Foundation              
  Token Model: NSS 3           
  Token Serial Number: 0000000000000000
  Token Version: 8.3
  Token Firmware Version: 0.0
  Access: NOT Write Protected
  Login Type: Login required
  User Pin: Initialized

-----------------------------------------------------------


Note You need to log in before you can comment on or make changes to this bug.