Univention Bugzilla – Bug 37384
sysinfo/upload fails with specific hardware
Last modified: 2016-09-21 18:10:07 CEST
We received this very nice feedback from a customer: Beim Hochladen der nötigen Hardwareinformationen für die Zertifizierung bekam ich folgende Fehlermeldung: ----8<---- Die Ausführung des Kommandos sysinfo/upload ist fehlgeschlagen: Traceback (most recent call last): File "/usr/lib/pymodules/python2.7/univention/management/console/modules/__init__.py", line 176, in _decorated return function(self, request, *args, **kwargs) File "/usr/lib/pymodules/python2.7/univention/management/console/modules/sysinfo/__init__.py", line 151, in upload_archive fd = open(os.path.join(SYSINFO_PATH, request.options['archive']), 'r') IOError: [Errno 2] Datei oder Verzeichnis nicht gefunden: '/var/www/univention-management-console/system-info/# SMBIOS implementations newer than version 2.7 are not' ----8<---- """Zur Erstellung der Hardwarelogs habe ich mich an der UMC als Administrator angemeldet und habe über System den Punkt Hardwareinformationen ausgewählt. Auf der nächsten Seite stehen dann folgende Informationen: Hersteller: # SMBIOS implementations newer than version 2.7 are not# fully supported by this version of dmidecode.Supermicro Modell: # SMBIOS implementations newer than version 2.7 are not# fully supported by this version of dmidecode.X10DRi Ist hieran die neue CPU-Generation in Verbindung mit dem C610 Chipsatz vielleicht Schuld?"""
Another thing which is not really good are the following lines: 150 » » SYSINFO_PATH = '/var/www/univention-management-console/system-info/' 151 » » fd = open(os.path.join(SYSINFO_PATH, request.options['archive']), 'r') With the following command I am able to trigger that the /etc/shadow file is sent to forge. This is also information disclosure because users can now see which files exists in the file system: umc-command -U Administrator -P univention sysinfo/upload -o archive=../../../../etc/shadow
https://bugzilla.redhat.com/show_bug.cgi?id=1048207 https://bugs.launchpad.net/ocsinventory-unix-agent/+bug/882574
The output of dmidecode contains newlines and the command therefore fails: dmidecode -s system-uuid # SMBIOS implementations newer than version 2.7 are not # fully supported by this version of dmidecode ProLiant BL460c Gen8
tagged to erratum as it prevents hardware certification
Created attachment 6555 [details] univention-system-info_5.1.0-3_all.deb patched package univention-system-info_5.1.0-3_all.deb. @Alex: we want to provide this package to a partner/customer. Can you please have a look at it? Diff: diff --git a/ucs-4.0-0/management/univention-system-info/univention-system-info b/ucs-4.0-0/management/univention-system-info/univention-system-info index 12f62ed..e804892 100644 --- a/ucs-4.0-0/management/univention-system-info/univention-system-info +++ b/ucs-4.0-0/management/univention-system-info/univention-system-info @@ -172,11 +172,11 @@ echo " Comment : "$comment >> "$TEMPDIR/info" echo " Ticket No : "$support >> "$TEMPDIR/info" # find unique ID for the computer -uuid=$(dmidecode -s system-uuid) +uuid=$(dmidecode -s system-uuid | tr -cd '[:alnum:]') if [ -z "$uuid" ]; then # fallback 1 if [ -f /sys/hypervisor/uuid -a $(cat /sys/hypervisor/uuid) != "00000000-0000-0000-0000-000000000000" -a $(cat /sys/hypervisor/type) != "xen" ]; then - uuid=$(cat /sys/hypervisor/uuid) + uuid=$(cat /sys/hypervisor/uuid | tr -cd '[:alnum:]') else # fallback 2 uuid=$(ip -o -f link addr show up | grep -v lo: | head -n 1 | sed 's|.*link/ether \([0-9a-f:]*\) .*|\1|;s|:|-|g' | md5sum) I tested it by replacing /usr/sbin/dmidecode by the following script: #!/bin/bash echo '# SMBIOS implementations newer than version 2.7 are not' echo '# fully supported by this version of dmidecode' echo 'ProLiant BL460c Gen8'
(In reply to Florian Best from comment #5) > Created attachment 6555 [details] > univention-system-info_5.1.0-3_all.deb > > patched package univention-system-info_5.1.0-3_all.deb. > @Alex: we want to provide this package to a partner/customer. Can you please > have a look at it? This package worked fine in my tests. > Diff: > diff --git > a/ucs-4.0-0/management/univention-system-info/univention-system-info > b/ucs-4.0-0/management/univention-system-info/univention-system-info > index 12f62ed..e804892 100644 > --- a/ucs-4.0-0/management/univention-system-info/univention-system-info > +++ b/ucs-4.0-0/management/univention-system-info/univention-system-info > @@ -172,11 +172,11 @@ echo " Comment : "$comment >> "$TEMPDIR/info" > echo " Ticket No : "$support >> "$TEMPDIR/info" > > # find unique ID for the computer > -uuid=$(dmidecode -s system-uuid) > +uuid=$(dmidecode -s system-uuid | tr -cd '[:alnum:]') → tr will remove '-' from uuid, as well. > if [ -z "$uuid" ]; then > # fallback 1 > if [ -f /sys/hypervisor/uuid -a $(cat /sys/hypervisor/uuid) != > "00000000-0000-0000-0000-000000000000" -a $(cat /sys/hypervisor/type) != > "xen" ]; then > - uuid=$(cat /sys/hypervisor/uuid) > + uuid=$(cat /sys/hypervisor/uuid | tr -cd '[:alnum:]') → ditto > else > # fallback 2 > uuid=$(ip -o -f link addr show up | grep -v lo: | head -n 1 > | sed 's|.*link/ether \([0-9a-f:]*\) .*|\1|;s|:|-|g' | md5sum) On my VM, uuid will be in the format "63fddd69912a99f73e391476622e5c64 -", i.e., with " -" as suffix.
(In reply to Alexander Kläser from comment #6) > → tr will remove '-' from uuid, as well. yes, in the final patch it is not anymore stripped. Also the lines with '#' are stripped. > > if [ -z "$uuid" ]; then > > # fallback 1 > > if [ -f /sys/hypervisor/uuid -a $(cat /sys/hypervisor/uuid) != > > "00000000-0000-0000-0000-000000000000" -a $(cat /sys/hypervisor/type) != > > "xen" ]; then > > - uuid=$(cat /sys/hypervisor/uuid) > > + uuid=$(cat /sys/hypervisor/uuid | tr -cd '[:alnum:]') > > → ditto Also fixed. > > else > > # fallback 2 > > uuid=$(ip -o -f link addr show up | grep -v lo: | head -n 1 > > | sed 's|.*link/ether \([0-9a-f:]*\) .*|\1|;s|:|-|g' | md5sum) > > On my VM, uuid will be in the format "63fddd69912a99f73e391476622e5c64 -", > i.e., with " -" as suffix. Also stripped. Fix: svn r56970 YAML: 2014-12-18-univention-system-info.yaml
no traceback anymore, upload is working Values are displayed / stored correctly archive name is set corectly YAML ok
http://errata.univention.de/ucs/4.0/11.html
Ticket #2015010321000185 is a real life example.