[bug-notifications] [openssl_rt 0004807]: Migration of SSL certs fails on upgrade

Thu Jul 21 18:10:52 CEST 2011

A NOTE has been added to this issue. 
====================================================================== 
https://www.opencsw.org/mantis/view.php?id=4807 
====================================================================== 
Reported By:                domcleal
Assigned To:                yann
====================================================================== 
Project:                    openssl_rt
Issue ID:                   4807
Category:                   upgrade
Reproducibility:            always
Severity:                   major
Priority:                   normal
Status:                     feedback
====================================================================== 
Date Submitted:             2011-07-19 15:16 CEST
Last Modified:              2011-07-21 18:10 CEST
====================================================================== 
Summary:                    Migration of SSL certs fails on upgrade
Description: 
When upgrading with pkgutil from
openssl_rt-0.9.8,REV=2007.12.26_rev=g-SunOS5.8-sparc-CSW to
openssl_rt-0.9.8r,REV=2011.02.12-SunOS5.9-sparc-CSW, the package preinstall
performs a migration of SSL certs from /opt/csw/ssl/certs to
/opt/csw/etc/ssl/certs.

This causes the pkgadd to fail, as it also removes the /opt/csw/ssl/certs
directory:

Custom certificates have been installed in /opt/csw/ssl/certs/.
They will be moved under /opt/csw/etc/ssl/certs.
see /opt/csw/share/doc/openssl_rt/README.CSW for more information
about CA.
WARNING: /opt/csw/ssl/certs <no longer a directory>
mv: cannot rename /opt/csw/ssl/certs/demo to /opt/csw/etc/ssl/certs/demo:
File exists
mv: cannot rename /opt/csw/ssl/certs/expired to
/opt/csw/etc/ssl/certs/expired: File exists
rmdir: directory "/opt/csw/ssl/certs": Directory not empty
WARNING: /opt/csw/ssl/certs may not overwrite a populated directory.
pkgadd: ERROR: /opt/csw/ssl/certs could not be installed.
Updating certificates in /opt/csw/etc/ssl/certs...done.
Installation of <CSWosslrt> partially failed.

Removing the "rmdir /opt/csw/ssl/certs" from the preinstall lets the
upgrade go through, indicating perhaps that the directory should be left in
place?
====================================================================== 

---------------------------------------------------------------------- 
 (0009208) domcleal (reporter) - 2011-07-21 18:10
 https://www.opencsw.org/mantis/view.php?id=4807#c9208 
---------------------------------------------------------------------- 
Thanks for the quick response Yann.

The issue's still there unfortunately.  I see the method of migrating the
certs has changed, but I think the issue might not be that.

The error goes away when the /opt/csw/ssl/certs directory is not removed
by the preinstall though, so should it not be doing this?

# pkgutil --trace -t
http://buildfarm.opencsw.org/opencsw/experimental/yann -y -u CSWosslrt
[ snip ]
+ read FILE
+ dirname ./vsign3.pem
+ mkdir -p -m 0755 /opt/csw/etc/ssl/certs/.
+ mv ./vsign3.pem /opt/csw/etc/ssl/certs/./vsign3.pem
+ read FILE
+ find . ! -name . -type d -exec rmdir {} ;
+ rmdir /opt/csw/ssl/certs
+ true
pkgadd: ERROR: unable to remove existing directory at
</opt/csw/ssl/certs>

Installation of <CSWosslrt> failed (internal error) - package
partially installed.

pkgadd failed with exit code: 1