[bug-notifications] [openssl_rt 0004807]: Migration of SSL certs fails on upgrade
Mantis Bug Tracker
noreply at opencsw.org
Fri Jul 22 12:22:26 CEST 2011
A NOTE has been added to this issue.
======================================================================
https://www.opencsw.org/mantis/view.php?id=4807
======================================================================
Reported By: domcleal
Assigned To: yann
======================================================================
Project: openssl_rt
Issue ID: 4807
Category: upgrade
Reproducibility: always
Severity: major
Priority: normal
Status: feedback
======================================================================
Date Submitted: 2011-07-19 15:16 CEST
Last Modified: 2011-07-22 12:22 CEST
======================================================================
Summary: Migration of SSL certs fails on upgrade
Description:
When upgrading with pkgutil from
openssl_rt-0.9.8,REV=2007.12.26_rev=g-SunOS5.8-sparc-CSW to
openssl_rt-0.9.8r,REV=2011.02.12-SunOS5.9-sparc-CSW, the package preinstall
performs a migration of SSL certs from /opt/csw/ssl/certs to
/opt/csw/etc/ssl/certs.
This causes the pkgadd to fail, as it also removes the /opt/csw/ssl/certs
directory:
Custom certificates have been installed in /opt/csw/ssl/certs/.
They will be moved under /opt/csw/etc/ssl/certs.
see /opt/csw/share/doc/openssl_rt/README.CSW for more information
about CA.
WARNING: /opt/csw/ssl/certs <no longer a directory>
mv: cannot rename /opt/csw/ssl/certs/demo to /opt/csw/etc/ssl/certs/demo:
File exists
mv: cannot rename /opt/csw/ssl/certs/expired to
/opt/csw/etc/ssl/certs/expired: File exists
rmdir: directory "/opt/csw/ssl/certs": Directory not empty
WARNING: /opt/csw/ssl/certs may not overwrite a populated directory.
pkgadd: ERROR: /opt/csw/ssl/certs could not be installed.
Updating certificates in /opt/csw/etc/ssl/certs...done.
Installation of <CSWosslrt> partially failed.
Removing the "rmdir /opt/csw/ssl/certs" from the preinstall lets the
upgrade go through, indicating perhaps that the directory should be left in
place?
======================================================================
----------------------------------------------------------------------
(0009210) domcleal (reporter) - 2011-07-22 12:22
https://www.opencsw.org/mantis/view.php?id=4807#c9210
----------------------------------------------------------------------
I don't think that it's a particular local configuration, but to do with
the method. I'm using the pkgutil -u method to upgrade the package
in-place.
Looking under the covers at pkgutil, the pkgrm is failing as the admin
file has rdepend=quit and other packages (CSWwget etc) are installed and
depend on it. pkgutil continues and does the pkgadd (using
instance=overwrite) while the old package remains on the system.
Therefore the issue occurs if you perform a pkgadd over the existing
package, using instance=overwrite.
The pkgutil admin file looks like this:
# cat /var/opt/csw/pkgutil/admin
mail=
instance=overwrite
partial=quit
runlevel=quit
idepend=quit
rdepend=quit
space=quit
setuid=nocheck
conflict=nocheck
action=nocheck
basedir=default
First install the old package:
# ls -ld /opt/csw/etc/ssl/certs /opt/csw/ssl/certs
/opt/csw/etc/ssl/certs: No such file or directory
/opt/csw/ssl/certs: No such file or directory
# pkgadd -n -a /var/opt/csw/pkgutil/admin -d
openssl_rt-0.9.8\,REV\=2007.12.26_rev\=g-SunOS5.8-sparc-CSW.pkg CSWosslrt
[snip]
Installation of <CSWosslrt> was successful.
# pkginfo -x CSWosslrt
CSWosslrt openssl_rt - Openssl runtime libraries
(sparc) 0.9.8,REV=2007.12.26_rev=g
# ls -ld /opt/csw/etc/ssl/certs /opt/csw/ssl/certs
/opt/csw/etc/ssl/certs: No such file or directory
drwxr-xr-x 4 root bin 34 Jul 22 11:11 /opt/csw/ssl/certs
And then install the new package:
# pkgadd -v -n -a /var/opt/csw/pkgutil/admin -d
openssl_rt-0.9.8r\,REV\=2011.07.21-SunOS5.9-sparc-CSW.pkg CSWosslrt
[snip]
+ rmdir /opt/csw/ssl/certs
+ true
pkgadd: ERROR: unable to remove existing directory at
</opt/csw/ssl/certs>
Installation of <CSWosslrt> failed (internal error) - package
# ls -ld /opt/csw/etc/ssl/certs /opt/csw/ssl/certs
/opt/csw/ssl/certs: No such file or directory
drwxr-xr-x 4 root other 34 Jul 22 11:11
/opt/csw/etc/ssl/certs
More information about the bug-notifications
mailing list