[Bug 546041] New: freeradius-server: package update corrupts certificates
http://bugzilla.novell.com/show_bug.cgi?id=546041 Summary: freeradius-server: package update corrupts certificates Classification: openSUSE Product: openSUSE 11.2 Version: Milestone 8 Platform: Other OS/Version: Other Status: NEW Severity: Critical Priority: P5 - None Component: Network AssignedTo: puzel@novell.com ReportedBy: lnussel@novell.com QAContact: qa@suse.de Found By: --- /etc/raddb/certs/bootstrap runs make in that directory on new package installation *and* update. However, if the package is already installed 'make' tries to create new certificates and fails for whatever reason. 'bootstrap' then re-creates the ca therefore breaking everything. IMO - bootstrap should not be run on update at least. Even on package install it's undesirable as creating the dh params takes a *really* long time where you see nothing on screen when using yast or zypper. radiusd is supposed to call bootstrap itself on first start. - The commands in the Makefile need to be fixed to not fail nor produce corrupt files when called if certificates already exist. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=546041
Stephan Kulow
http://bugzilla.novell.com/show_bug.cgi?id=546041
Petr Uzel
http://bugzilla.novell.com/show_bug.cgi?id=546041
User puzel@novell.com added comment
http://bugzilla.novell.com/show_bug.cgi?id=546041#c1
--- Comment #1 from Petr Uzel
- bootstrap should not be run on update at least. Agreed - done.
Even on package install it's undesirable as creating the dh params takes a *really* long time where you see nothing on screen when using yast or zypper. radiusd is supposed to call bootstrap itself on first start. No, radiusd won't call bootstrap (unless called with -X) and the README states that bootstrap script should be ran automatically. However, I've raised this issue on freeradius mailing list and I'm waiting for reply.
- The commands in the Makefile need to be fixed to not fail nor produce corrupt files when called if certificates already exist. Done
Submitted to Factory. -- Configure bugmail: http://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=546041
Swamp Workflow Management
https://bugzilla.novell.com/show_bug.cgi?id=546041
https://bugzilla.novell.com/show_bug.cgi?id=546041#c
Swamp Workflow Management
http://bugzilla.novell.com/show_bug.cgi?id=546041
http://bugzilla.novell.com/show_bug.cgi?id=546041#c7
--- Comment #7 from Bernhard Wiedemann
participants (1)
-
bugzilla_noreply@novell.com