Bug 57421 – Domain join abort at ssl certificates - bash: /usr/bin/rsync: The list of arguments is too long

Bug 57421 - Domain join abort at ssl certificates - bash: /usr/bin/rsync: The list of arguments is too long


Summary:	Domain join abort at ssl certificates - bash: /usr/bin/rsync: The list of arg...

Status:	CLOSED FIXED

Product:	UCS
Classification:	Unclassified
Component:	UMC - Domain join
Version:	UCS 5.0
Hardware:	Other Linux

Importance:	P5 normal (vote)
Target Milestone:	UCS 5.0-8-errata
Assigned To:	Marius Meschter
QA Contact:	Jürn Brodersen

URL:	https://git.knut.univention.de/univen...
Keywords:

Depends on:
Blocks:
	Show dependency tree / graph

Reported:	2024-07-02 11:45 CEST by Mirac Erdemiroglu
Modified:	2024-07-25 12:12 CEST (History)
CC List:	3 users (show)

See Also:
What kind of report is it?:	Bug Report
What type of bug is this?:	5: Major Usability: Impairs usability in key scenarios
Who will be affected by this bug?:	1: Will affect a very few installed domains
How will those affected feel about the bug?:	5: Blocking further progress on the daily work
User Pain:	0.143
Enterprise Customer affected?:
School Customer affected?:	Yes
ISV affected?:
Waiting Support:
Flags outvoted (downgraded) after PO Review:
Ticket number:	2024070121000106
Bug group (optional):	Usability
Max CVSS v3 score:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Mirac Erdemiroglu

2024-07-02 11:45:39 CEST

Customer want to join a DC-Backup into the domain, but the domain was unsuccessfully and stop at the part for the ssl certificates.

bash: /usr/bin/rsync: The list of arguments is too long
rsync: connection unexpectedly closed (0 bytes received so far) [Receiver]
rsync error: error in rsync protocol data stream (code 12) at io.c(235) [Receiver=3.1.3]
Clearing symlinks in /etc/ssl/certs...
done.
Updating certificates in /etc/ssl/certs...
137 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...
done.

The cause is apparently that we have more computer certificates than can be specified as parameters in the relevant "univention-ssh-rsync" command in "univention-join" via the shell expansion:

 

root@ucs5:~# ls -l /etc/univention/ssl | wc -l
45381

The customer quickly helped himself with this little patch:

 

--- /usr/share/univention-join/univention-join.orig 2023-08-01 11:54:07.000000000 +0200

+++ /usr/share/univention-join/univention-join 2024-07-01 09:42:48.786129681 +0200

@@ -848,7 +848,7 @@

                >>/var/log/univention/join.log 2>&1

 

        echo -n "Sync SSL directory: "

- univention-ssh-rsync "$DCPWD" -az "${DCACCOUNT}@${DCNAME}:/etc/univention/ssl/*" /etc/univention/ssl/ >>/var/log/univention/join.log 2>&1

+ univention-ssh-rsync "$DCPWD" -az "${DCACCOUNT}@${DCNAME}:/etc/univention/ssl/" /etc/univention/ssl >>/var/log/univention/join.log 2>&1

        echo -e "\033[60Gdone"

 

        setup_ssl

That without the shell expansion, the '/*' potentially also transfers hidden files, which should not exist in the folder anyway

You will find the the join.log as attachment at the ticket.

Comment 2 Marius Meschter

2024-07-11 10:13:16 CEST

univention-join.yaml
7cd048245986 | fix(join): remove shell glob from rsync command

univention-join (12.0.8-2)
7cd048245986 | fix(join): remove shell glob from rsync command

build 5.0-8:
Successful build
Package: univention-join
Version: 12.0.8-2
Branch: 5.0-0
Scope: errata5.0-8
User: mmeschter

build 5.2:
Successful build
Package: univention-join
Version: 14.0.5
Branch: 5.2-0
Scope: 
User: mmeschter

Comment 3 Jürn Brodersen

2024-07-12 11:55:32 CEST

Looks good to me -> Verified

Comment 4 Dirk Wiesenthal

2024-07-25 12:12:14 CEST

<https://errata.software-univention.de/#/?erratum=5.0x1088>