Bug#503037: ssl-cert snakeoil generation completely broken in hurd
Package: ssl-cert
Version: 1.0.23
Severity: grave
Tags: patch
Justification: renders package unusable
When installing ssl-cert on GNU/Hurd i386, the package fails the
postinst. Upon further inspection, I found that the bash script never
actually queries debconf for the hostname parameter it needs to config
the package.
When that function is added to the script, it still doesn't work because
the ssleay.cnf file is set up to use /dev/urandom to get random input.
Because Hurd doesn't have /dev/urandom, the hurd version of this package
needs to depend on a package called random-egd, which adds /dev/random.
Then the ssleay.cnf needs to change urandom to random. Provided that
random-egd is installed, the attached patch adds in the necessary lines
to fix the issues.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: hurd-i386 (i386-AT386)
Kernel: GNU-Mach 1.3.99/Hurd-0.3
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages ssl-cert depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii openssl 0.9.8g-10.1 Secure Socket Layer (SSL) binary a
ii openssl-blacklist 0.4.2 list of blacklisted OpenSSL RSA ke
ssl-cert recommends no packages.
ssl-cert suggests no packages.
-- debconf information:
make-ssl-cert/vulnerable_prng:
make-ssl-cert/title:
make-ssl-cert/hostname: bearclaw
diff -Naur old/usr/sbin/make-ssl-cert new/usr/sbin/make-ssl-cert
--- old/usr/sbin/make-ssl-cert 2008-09-24 08:09:04.000000000 -0700
+++ new/usr/sbin/make-ssl-cert 2008-10-21 10:18:17.320000000 -0700
@@ -64,6 +64,7 @@
exit 0
fi
fi
+ ask_via_debconf
make_snakeoil
fi
diff -Naur old/usr/share/ssl-cert/ssleay.cnf new/usr/share/ssl-cert/ssleay.cnf
--- old/usr/share/ssl-cert/ssleay.cnf 2008-10-21 10:29:06.550000000 -0700
+++ new/usr/share/ssl-cert/ssleay.cnf 2008-10-21 01:57:13.000000000 -0700
@@ -2,7 +2,7 @@
# SSLeay example configuration file.
#
-RANDFILE = /dev/urandom
+RANDFILE = /dev/random
[ req ]
default_bits = 1024
Reply to: