Univention Bugzilla – Bug 34106
Create relative ssl links, code cleanup
Last modified: 2024-02-26 16:24:12 CET
Created attachment 5791 [details] SSL related code cleanup When changing the SSL settings in UMC basic settings module, the certificates in /etc/univention/ssl/ are re-created. This is done by iterating over the old certificates and generating new ones. While investigating Bug #34105 I noticed that the script assumes, that the directory only contains hosts in one domain and sometimes generates broken links. It also generates absolute symbolic links, which break when the certificate hierarchy needs to be generated and the previous incarnation is moved to /etc/univention/ssl.org. Also add some more debugging, which was useful for Bug #34105. Also code simplification to improve readability. Also quoting fixes.
Philipp, you adjusted meanwhile a lot in univention-ssl. Is this still relevant?
Still relevant, but some things are already fixed. $ patch -p4 -i ~/BUG/34106_uss-ssl.diff --dry checking file base/univention-system-setup/umc/python/setup/util.py Hunk #1 FAILED at 358. Hunk #2 FAILED at 367. 2 out of 2 hunks FAILED checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/40_ssl/10ssl Hunk #2 FAILED at 69. Hunk #3 FAILED at 90. Hunk #4 FAILED at 126. 3 out of 4 hunks FAILED checking file base/univention-server/debian/univention-server-master.preinst Hunk #1 FAILED at 47. 1 out of 1 hunk FAILED checking file base/univention-ssl/debian/univention-ssl.postinst Hunk #1 succeeded at 72 (offset -5 lines). Hunk #2 FAILED at 91. 1 out of 2 hunks FAILED checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/10hostname Hunk #1 succeeded at 254 (offset -4 lines). Hunk #2 succeeded at 264 (offset -4 lines). checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/10_basis/12domainname Hunk #1 succeeded at 202 (offset -5 lines). Hunk #2 succeeded at 227 (offset -5 lines). checking file base/univention-system-setup/usr/lib/univention-system-setup/scripts/setup-join.sh Hunk #1 FAILED at 151. 1 out of 1 hunk FAILED checking file packaging/ucslint/testframework/0010-2-3-4-5/debian/postinst checking file packaging/ucslint/testframework/0011-2-3-4-5-6-7-8/debian/postinst checking file packaging/ucslint/testframework/0013-2/debian/postinst checking file packaging/ucslint/testframework/0015-2/debian/postinst
You can rebase your branch, as Bug #49036 has been fixed.
(In reply to Florian Best from comment #3) > You can rebase your branch, as Bug #49036 has been fixed. git:phahn/34106_ucs-ssl
(In reply to Philipp Hahn from comment #4) > (In reply to Florian Best from comment #3) > > You can rebase your branch, as Bug #49036 has been fixed. > > git:phahn/34106_ucs-ssl Now part of https://git.knut.univention.de/univention/ucs/-/merge_requests/763
[5.0-6] 0de41fb16b fix(ssl): Use only configures attributes base/univention-ssl/make-certificates.sh | 22 +++++++++++++--------- 1 file changed, 13 insertions(+), 9 deletions(-) [5.0-6] fd0d5307f1 fix(ssl): Handles IDs as string base/univention-ssl/debian/changelog | 1 + base/univention-ssl/make-certificates.sh | 4 ++-- 2 files changed, 3 insertions(+), 2 deletions(-) [5.0-6] 8c3e0144d5 style(ssl): shell code base/univention-ssl/debian/univention-ssl.postinst | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) [5.0-6] 7e8b618cdf fix(ssl): Depend on ca-certificates base/univention-ssl/debian/changelog | 5 +++-- base/univention-ssl/debian/control | 1 + 2 files changed, 4 insertions(+), 2 deletions(-) [5.0-6] 42d0f14a70 Bug #56832: UCS 5.0-6 version bump base/univention-ssl/debian/changelog | 6 ++++++ 1 file changed, 6 insertions(+) Package: univention-ssl Version: 14.0.5-1 Branch: ucs_5.0-0 Scope: ucs5.0-6
I am currently checking feedback on the performance of our OpenStack environment in relation to the installation / configuration of UCS. I have now seen that UCS hangs for 5 minutes at the end of the installation in 5.0-6. The wizard shows the last join script. However, the join has already been completed. I see this in the process list: root 1142 0.4 9.9 669988 202452 ? Sl 15:03 0:04 \_ /usr/bin/python3 /usr/sbin/univention-management-console-module -m setup -s /run/univention-management-console/588-setup-1708697040012-8b1c3931-1391-4994-b587-67.socket -d 2 -l en_US.UTF-8 root 1637 0.0 0.1 7624 3372 ? S 15:05 0:00 \_ /bin/bash /usr/lib/univention-system-setup/scripts/setup-join.sh --run_cleanup_as_atjob root 2492 0.0 0.1 7624 2332 ? S 15:11 0:00 \_ /bin/bash /usr/lib/univention-system-setup/scripts/setup-join.sh --run_cleanup_as_atjob root 2500 0.0 0.0 5960 748 ? S 15:11 0:00 | \_ tee -a /var/log/univention/join.log root 2493 0.0 0.1 7624 2980 ? S 15:11 0:00 \_ /bin/bash /usr/lib/univention-system-setup/scripts/setup-join.sh --run_cleanup_as_atjob The actual join script is missing. I've seen that 61d5c8cf147cb452341380c5aea6f7472e08e0dc changed something in this area. But I don't know if it is the cause. The bug here is not closed and I can't really tell if this was checked in QA.
(In reply to Stefan Gohmann from comment #7) > I am currently checking feedback on the performance of our OpenStack > environment in relation to the installation / configuration of UCS. ... > I've seen that 61d5c8cf147cb452341380c5aea6f7472e08e0dc changed something in > this area. But I don't know if it is the cause. > > The bug here is not closed and I can't really tell if this was checked in QA. There in an issue, but it is not caused by this change; I cloned the new Bug #57089 for you.