rpms/certmonger
7
0
Fork 0
Code Issues Pull Requests Releases Activity

update to 0.68

Browse Source 
- notice when the OpenSSL RNG isn't seeded
- notice when saving certificates or keys fails due to filesystem-related
  permission denial (#996581)
This commit is contained in:
Nalin Dahyabhai 2013-08-29 16:12:05 -04:00
parent b10c43033d
commit b3093eeb92
4 changed files with 11 additions and 206 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.gitignore vendored
View File

@ -52,3 +52,5 @@ certmonger-0.28.tar.gz
/certmonger-0.65.tar.gz.sig /certmonger-0.65.tar.gz.sig
/certmonger-0.67.tar.gz /certmonger-0.67.tar.gz
/certmonger-0.67.tar.gz.sig /certmonger-0.67.tar.gz.sig
/certmonger-0.68.tar.gz
/certmonger-0.68.tar.gz.sig

200
certmonger-certutil.patch
View File

@ -1,200 +0,0 @@
commit d8db04e88cc82272f6fba5102c38d4cac1c64517
Author: Nalin Dahyabhai <nalin@dahyabhai.net>
Date: Thu Aug 1 16:14:13 2013 -0400
Fixup tests for recent certutil changes
* Skip certutil's
certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
message, which is printed at a different point(?) now.
* If a certutil error message includes an error name, strip out the
name, because it didn't always used to be there.
diff --git a/tests/015-lockedkey-dbm/expected.out b/tests/015-lockedkey-dbm/expected.out
index e2ffc54..4378b91 100644
--- a/tests/015-lockedkey-dbm/expected.out
+++ b/tests/015-lockedkey-dbm/expected.out
@@ -36,40 +36,32 @@ OK (2048).
[Not pre-creating database.]
[Generating key (dbm) without PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Providing Unnecessary PIN.]
[Reading Key Info With Unnecessary PIN.]
Failed to read key "dbm:$tmpdir/dbmdb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Generating CSR With Unnecessary PIN.]
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Creating database, without PIN.]
[Generating key (dbm) without PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Providing Unnecessary PIN.]
[Reading Key Info With Unnecessary PIN.]
Failed to read key "dbm:$tmpdir/dbmdb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Generating CSR With Unnecessary PIN.]
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Not pre-creating database, with PIN.]
[Generating key (dbm) with PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Reading Key Info Without PIN.]
Failed to read key "dbm:$tmpdir/dbmdb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
[Reading Key Info With Bogus PIN Location.]
@@ -85,12 +77,10 @@ OK (2048).
[Creating database with PIN.]
[Generating key (dbm) with PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Reading Key Info Without PIN.]
Failed to read key "dbm:$tmpdir/dbmdb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
[Reading Key Info With Bogus PIN Location.]
diff --git a/tests/015-lockedkey-sql/expected.out b/tests/015-lockedkey-sql/expected.out
index 48a1a90..a739284 100644
--- a/tests/015-lockedkey-sql/expected.out
+++ b/tests/015-lockedkey-sql/expected.out
@@ -36,40 +36,32 @@ OK (2048).
[Not pre-creating database.]
[Generating key (sql) without PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Providing Unnecessary PIN.]
[Reading Key Info With Unnecessary PIN.]
Failed to read key "sql:$tmpdir/sqldb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Generating CSR With Unnecessary PIN.]
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Creating database, without PIN.]
[Generating key (sql) without PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Providing Unnecessary PIN.]
[Reading Key Info With Unnecessary PIN.]
Failed to read key "sql:$tmpdir/sqldb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Generating CSR With Unnecessary PIN.]
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Not pre-creating database, with PIN.]
[Generating key (sql) with PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Reading Key Info Without PIN.]
Failed to read key "sql:$tmpdir/sqldb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
[Reading Key Info With Bogus PIN Location.]
@@ -85,12 +77,10 @@ OK (2048).
[Creating database with PIN.]
[Generating key (sql) with PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Reading Key Info Without PIN.]
Failed to read key "sql:$tmpdir/sqldb":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
[Reading Key Info With Bogus PIN Location.]
diff --git a/tests/015-lockedkey/expected.out b/tests/015-lockedkey/expected.out
index 779308e..eae75dc 100644
--- a/tests/015-lockedkey/expected.out
+++ b/tests/015-lockedkey/expected.out
@@ -36,40 +36,32 @@ OK (2048).
[Not pre-creating database.]
[Generating key without PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Providing Unnecessary PIN.]
[Reading Key Info With Unnecessary PIN.]
Failed to read key "$tmpdir/db":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Generating CSR With Unnecessary PIN.]
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Creating database, without PIN.]
[Generating key without PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Providing Unnecessary PIN.]
[Reading Key Info With Unnecessary PIN.]
Failed to read key "$tmpdir/db":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Generating CSR With Unnecessary PIN.]
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Not pre-creating database, with PIN.]
[Generating key with PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Reading Key Info Without PIN.]
Failed to read key "$tmpdir/db":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
[Reading Key Info With Bogus PIN Location.]
@@ -85,12 +77,10 @@ OK (2048).
[Creating database with PIN.]
[Generating key with PIN.]
OK.
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
< 0> rsa PRIVATE-KEY Test
[Reading Key Info Without PIN.]
Failed to read key "$tmpdir/db":"Test".
(Need PIN.)
-certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"
Incorrect password/PIN entered.
certutil: could not authenticate to token NSS Certificate DB.: The security password entered is incorrect.
[Reading Key Info With Bogus PIN Location.]
diff --git a/tests/015-lockedkey/run.sh b/tests/015-lockedkey/run.sh
index 7f1d973..1f6340d 100755
--- a/tests/015-lockedkey/run.sh
+++ b/tests/015-lockedkey/run.sh
@@ -10,7 +10,8 @@ echo $pin > pin.txt
echo "" > empty.txt
clean() {
- sed 's|'"$tmpdir"'|$tmpdir|g'
+ sed -r -e 's|'"$tmpdir"'|$tmpdir|g' -e 's,: SEC_ERROR_[^:]+: ,: ,g' |\
+ grep -vF 'certutil: Checking token "NSS Certificate DB" in slot "NSS User Private Key and Certificate Services"'
}
echo '['Generate Key Without PIN.']'

11
certmonger.spec
View File

@ -19,8 +19,8 @@
%endif %endif
Name: certmonger Name: certmonger
Version: 0.67 Version: 0.68
Release: 3%{?dist} Release: 1%{?dist}
Summary: Certificate status monitor and PKI enrollment client Summary: Certificate status monitor and PKI enrollment client
Group: System Environment/Daemons Group: System Environment/Daemons
@ -29,7 +29,6 @@ URL: http://certmonger.fedorahosted.org
Source0: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz Source0: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz
Source1: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig Source1: http://fedorahosted.org/released/certmonger/certmonger-%{version}.tar.gz.sig
BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX) BuildRoot: %(mktemp -ud %{_tmppath}/%{name}-%{version}-%{release}-XXXXXX)
Patch0: certmonger-certutil.patch
BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel BuildRequires: dbus-devel, nspr-devel, nss-devel, openssl-devel
%if 0%{?fedora} >= 12 || 0%{?rhel} >= 6 %if 0%{?fedora} >= 12 || 0%{?rhel} >= 6
@ -88,7 +87,6 @@ system enrolled with a certificate authority (CA) and keeping it enrolled.
%prep %prep
%setup -q %setup -q
%patch0 -p1 -b .certutil
%if 0%{?rhel} > 0 %if 0%{?rhel} > 0
# Enabled by default for RHEL for bug #765600, still disabled by default for # Enabled by default for RHEL for bug #765600, still disabled by default for
# Fedora pending a similar bug report there. # Fedora pending a similar bug report there.
@ -203,6 +201,11 @@ exit 0
%endif %endif
%changelog %changelog
* Thu Aug 29 2013 Nalin Dahyabhai <nalin@redhat.com> 0.68-1
- notice when the OpenSSL RNG isn't seeded
- notice when saving certificates or keys fails due to filesystem-related
permission denial (#996581)
* Tue Aug 6 2013 Nalin Dahyabhai <nalin@redhat.com> 0.67-3 * Tue Aug 6 2013 Nalin Dahyabhai <nalin@redhat.com> 0.67-3
- pull up a patch from master to adapt self-tests to certutil's diagnostic - pull up a patch from master to adapt self-tests to certutil's diagnostic
output having changed (#992050) output having changed (#992050)

4
sources
View File

@ -1,2 +1,2 @@
173c3e1d0ab81a0045abbb147e3e2251 certmonger-0.67.tar.gz 8f9be1b71d32065ee3ce6a0fc623abd6 certmonger-0.68.tar.gz
ecc205036d8fb3562fd1d6c89286730e certmonger-0.67.tar.gz.sig b91df4987b5c865bc3a369765d0fb57d certmonger-0.68.tar.gz.sig