--- Begin Message ---
- To: submit@bugs.debian.org
- Subject: ssl-cert snakeoil generation completely broken in hurd
- From: Will <will.orr@mail.rit.edu>
- Date: Tue, 21 Oct 2008 20:09:31 -0400
- Message-id: <49c5bb4a0810211709j332d056am5e0439f3e435942c@mail.gmail.com>
Package: ssl-cert
Version: 1.0.23
Severity: grave
Tags: patch
Justification: renders package unusable
When installing ssl-cert on GNU/Hurd i386, the package fails the
postinst. Upon further inspection, I found that the bash script never
actually queries debconf for the hostname parameter it needs to config
the package.
When that function is added to the script, it still doesn't work because
the ssleay.cnf file is set up to use /dev/urandom to get random input.
Because Hurd doesn't have /dev/urandom, the hurd version of this package
needs to depend on a package called random-egd, which adds /dev/random.
Then the ssleay.cnf needs to change urandom to random. Provided that
random-egd is installed, the attached patch adds in the necessary lines
to fix the issues.
-- System Information:
Debian Release: lenny/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: hurd-i386 (i386-AT386)
Kernel: GNU-Mach 1.3.99/Hurd-0.3
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash
Versions of packages ssl-cert depends on:
ii adduser 3.110 add and remove users and groups
ii debconf [debconf-2.0] 1.5.24 Debian configuration management sy
ii openssl 0.9.8g-10.1 Secure Socket Layer (SSL) binary a
ii openssl-blacklist 0.4.2 list of blacklisted OpenSSL RSA ke
ssl-cert recommends no packages.
ssl-cert suggests no packages.
-- debconf information:
make-ssl-cert/vulnerable_prng:
make-ssl-cert/title:
make-ssl-cert/hostname: bearclaw
diff -Naur old/usr/sbin/make-ssl-cert new/usr/sbin/make-ssl-cert
--- old/usr/sbin/make-ssl-cert 2008-09-24 08:09:04.000000000 -0700
+++ new/usr/sbin/make-ssl-cert 2008-10-21 10:18:17.320000000 -0700
@@ -64,6 +64,7 @@
exit 0
fi
fi
+ ask_via_debconf
make_snakeoil
fi
diff -Naur old/usr/share/ssl-cert/ssleay.cnf new/usr/share/ssl-cert/ssleay.cnf
--- old/usr/share/ssl-cert/ssleay.cnf 2008-10-21 10:29:06.550000000 -0700
+++ new/usr/share/ssl-cert/ssleay.cnf 2008-10-21 01:57:13.000000000 -0700
@@ -2,7 +2,7 @@
# SSLeay example configuration file.
#
-RANDFILE = /dev/urandom
+RANDFILE = /dev/random
[ req ]
default_bits = 1024
--- End Message ---
--- Begin Message ---
- To: "Will" <will.orr@mail.rit.edu>
- Cc: 503037-done@bugs.debian.org
- Subject: Re: Bug#503037: ssl-cert snakeoil generation completely broken in hurd
- From: "Stefan Fritsch" <sf@sfritsch.de>
- Date: Thu, 30 Jul 2009 16:38:00 +0200 (CEST)
- Message-id: <36909.194.224.98.149.1248964680.squirrel@www.sfritsch.de>
- In-reply-to: <200810262228.51311.sf@sfritsch.de>
- References: <49c5bb4a0810211709j332d056am5e0439f3e435942c@mail.gmail.com> <200810262228.51311.sf@sfritsch.de>
Hi,
> When that function is added to the script, it still doesn't work
>> because the ssleay.cnf file is set up to use /dev/urandom to get
>> random input. Because Hurd doesn't have /dev/urandom, the hurd
>> version of this package needs to depend on a package called
>> random-egd, which adds /dev/random. Then the ssleay.cnf needs to
>> change urandom to random. Provided that random-egd is installed,
>> the attached patch adds in the necessary lines to fix the issues.
>
> There is no package called random-egd, according to
> packages.debian.org.
When random-egd is installed, ssl-cert installs fine even without your
patch. And we can't set a dependency on random-egd because it is not in
the Debian main archive.
Closing the bug.
--- End Message ---