First Last Prev Next    This bug is not in your last search results.
Bug 34106 - Create relative ssl links, code cleanup
Create relative ssl links, code cleanup
Status: RESOLVED FIXED
Product: UCS
Classification: Unclassified
Component: UMC - Basic settings
UCS 5.0
Other Linux
: P5 minor (vote)
: UCS 5.0-6
Assigned To: Philipp Hahn
https://git.knut.univention.de/univen...
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2014-02-12 09:59 CET by Philipp Hahn
Modified: 2024-02-26 16:24 CET (History)
3 users (show)

See Also:
What kind of report is it?: Development Internal
What type of bug is this?: ---
Who will be affected by this bug?: ---
How will those affected feel about the bug?: ---
User Pain:
Enterprise Customer affected?:
School Customer affected?:
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:
Bug group (optional): Cleanup
Max CVSS v3 score:
klaeser: Patch_Available+

Attachments
SSL related code cleanup (15.18 KB, patch)
2014-02-12 09:59 CET, Philipp Hahn 		Details | Diff
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Philipp Hahn univentionstaff 2014-02-12 09:59:39 CET 
Created attachment 5791 [details]
SSL related code cleanup

When changing the SSL settings in UMC basic settings module, the certificates in /etc/univention/ssl/ are re-created. This is done by iterating over the old certificates and generating new ones.
While investigating Bug #34105 I noticed that the script assumes, that the directory only contains hosts in one domain and sometimes generates broken links.

It also generates absolute symbolic links, which break when the certificate hierarchy needs to be generated and the previous incarnation is moved to /etc/univention/ssl.org.

Also add some more debugging, which was useful for Bug #34105.
Also code simplification to improve readability.
Also quoting fixes.
Comment 1 Florian Best univentionstaff 2017-04-25 10:29:55 CEST 
Philipp, you adjusted meanwhile a lot in univention-ssl. Is this still relevant?
Comment 2 Philipp Hahn univentionstaff 2017-04-25 10:52:46 CEST 
Still relevant, but some things are already fixed.

$ patch -p4 -i ~/BUG/34106_uss-ssl.diff --dry
checking file base/univention-system-setup/umc/python/setup/util.py
Hunk #1 FAILED at 358.
Hunk #2 FAILED at 367.
2 out of 2 hunks FAILED
checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl
Hunk #2 FAILED at 69.
Hunk #3 FAILED at 90.
Hunk #4 FAILED at 126.
3 out of 4 hunks FAILED
checking file base/univention-server/debian/univention-server-master.preinst
Hunk #1 FAILED at 47.
1 out of 1 hunk FAILED
checking file base/univention-ssl/debian/univention-ssl.postinst
Hunk #1 succeeded at 72 (offset -5 lines).
Hunk #2 FAILED at 91.
1 out of 2 hunks FAILED
checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname
Hunk #1 succeeded at 254 (offset -4 lines).
Hunk #2 succeeded at 264 (offset -4 lines).
checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname
Hunk #1 succeeded at 202 (offset -5 lines).
Hunk #2 succeeded at 227 (offset -5 lines).
checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh
Hunk #1 FAILED at 151.
1 out of 1 hunk FAILED
checking file packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst
checking file packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst
checking file packaging/ucslint/testframework/0013-2/debian/postinst
checking file packaging/ucslint/testframework/0015-2/debian/postinst
Comment 3 Florian Best univentionstaff 2019-12-13 10:47:14 CET 
You can rebase your branch, as Bug #49036 has been fixed.
Comment 4 Philipp Hahn univentionstaff 2019-12-17 17:05:31 CET 
(In reply to Florian Best from comment #3)
> You can rebase your branch, as Bug #49036 has been fixed.

git:phahn/34106_ucs-ssl
Comment 5 Philipp Hahn univentionstaff 2023-11-09 12:48:39 CET 
(In reply to Philipp Hahn from comment #4)
> (In reply to Florian Best from comment #3)
> > You can rebase your branch, as Bug #49036 has been fixed.
> 
> git:phahn/34106_ucs-ssl

Now part of https://git.knut.univention.de/univention/ucs/-/merge_requests/763
Comment 6 Philipp Hahn univentionstaff 2023-12-12 11:37:27 CET 
[5.0-6] 0de41fb16b fix(ssl): Use only configures attributes
 base/univention-ssl/make-certificates.sh | 22 +++++++++++++---------
 1 file changed, 13 insertions(+), 9 deletions(-)

[5.0-6] fd0d5307f1 fix(ssl): Handles IDs as string
 base/univention-ssl/debian/changelog     | 1 +
 base/univention-ssl/make-certificates.sh | 4 ++--
 2 files changed, 3 insertions(+), 2 deletions(-)

[5.0-6] 8c3e0144d5 style(ssl): shell code
 base/univention-ssl/debian/univention-ssl.postinst | 12 +++++-------
 1 file changed, 5 insertions(+), 7 deletions(-)

[5.0-6] 7e8b618cdf fix(ssl): Depend on ca-certificates
 base/univention-ssl/debian/changelog | 5 +++--
 base/univention-ssl/debian/control   | 1 +
 2 files changed, 4 insertions(+), 2 deletions(-)

[5.0-6] 42d0f14a70 Bug #56832: UCS 5.0-6 version bump
 base/univention-ssl/debian/changelog | 6 ++++++
 1 file changed, 6 insertions(+)

Package: univention-ssl
Version: 14.0.5-1
Branch: ucs_5.0-0
Scope: ucs5.0-6
Comment 7 Stefan Gohmann univentionstaff 2024-02-23 15:57:29 CET 
I am currently checking feedback on the performance of our OpenStack environment in relation to the installation / configuration of UCS.  

I have now seen that UCS hangs for 5 minutes at the end of the installation in 5.0-6. The wizard shows the last join script. However, the join has already been completed.

I see this in the process list:

root      1142  0.4  9.9 669988 202452 ?       Sl   15:03   0:04  \_ /usr/bin/python3 /usr/sbin/univention-management-console-module -m setup -s /run/univention-management-console/588-setup-1708697040012-8b1c3931-1391-4994-b587-67.socket -d 2 -l en_US.UTF-8
root      1637  0.0  0.1   7624  3372 ?        S    15:05   0:00      \_ /bin/bash /usr/lib/univention-system-setup/scripts/setup-join.sh --run_cleanup_as_atjob
root      2492  0.0  0.1   7624  2332 ?        S    15:11   0:00          \_ /bin/bash /usr/lib/univention-system-setup/scripts/setup-join.sh --run_cleanup_as_atjob
root      2500  0.0  0.0   5960   748 ?        S    15:11   0:00          |   \_ tee -a /var/log/univention/join.log
root      2493  0.0  0.1   7624  2980 ?        S    15:11   0:00          \_ /bin/bash /usr/lib/univention-system-setup/scripts/setup-join.sh --run_cleanup_as_atjob

The actual join script is missing.

I've seen that 61d5c8cf147cb452341380c5aea6f7472e08e0dc changed something in this area. But I don't know if it is the cause.

The bug here is not closed and I can't really tell if this was checked in QA.
Comment 8 Philipp Hahn univentionstaff 2024-02-26 16:24:12 CET 
(In reply to Stefan Gohmann from comment #7)
> I am currently checking feedback on the performance of our OpenStack
> environment in relation to the installation / configuration of UCS.  
...
> I've seen that 61d5c8cf147cb452341380c5aea6f7472e08e0dc changed something in
> this area. But I don't know if it is the cause.
> 
> The bug here is not closed and I can't really tell if this was checked in QA.

There in an issue, but it is not caused by this change; I cloned the new Bug #57089 for you.
First Last Prev Next    This bug is not in your last search results.