Mark,
On the Ubuntu server I have OpenSSL 0.9.8g
On the Cygwin client I have OpenSSL 0.9.8k
And on the Fedora client, I have OpenSSL 0.9.8k-fips
So yes, it's more than likely that it is a OpenSSL issue since both
clients fails the same way,
Regards,
Nicolas
Mark Burgess a écrit :
> Nicholas,
>
> I have been trying hard to reproduce this error but I have not been able to.
> The problem is that encryption fails in the final transmission causing file
> data
> to be apparent garbage.
>
> I will try a few more things before giving up. May I ask what kind of systems
> are running this? Do they have the same versions of OpenSSL?
>
> M
>
>
> Nicolas Charles wrote:
>
>> Hi,
>>
>> I'm having a nasty behavior with the updating of promises when having a
>> subfolder.
>> Here is my update.cf :
>>
>>
>> #
>> # Define what an agent has to do when it updates
>> # its promises
>> #
>>
>> #simple copy method
>> body copy_from remote(server, path) {
>>
>> servers => {
>> "${server}"
>> };
>> encrypt => "true";
>> trustkey => "true";
>> source => "${path}";
>> compare => "digest";
>> preserve => "false"; #preserver permissions
>> verify => "true";
>> purge => "true";
>> owners => {"slave"};
>> }
>>
>> #simple recurse method
>>
>>
>> bundle agent update {
>> vars:
>> any::
>> "cfserved" string => "192.168.56.101"; #server IP
>> "policy_files" string => "/srv/cf-served"; #directory where to look for
>> promises in the server for that client
>> "server_inputs" string => "${policy_files}/inputs"; #actual directory
>> with promises, just to show the use of variables
>> "client_inputs" string => "${sys.workdir}/inputs"; #where to put the
>> files on the client when downloaded
>>
>> files:
>> any::
>> "${client_inputs}" #that's a loop on each files in client_inputs
>> copy_from => remote("${cfserved}","${server_inputs}"),
>> depth_search => recurse_visible("inf");
>> }
>>
>>
>>
>> On my server, I have
>> /srv/cf-served/inputs : the promises
>> /srv/cf-served/inputs/resources : variables, resources, etc
>> If resources folder is empty (or better, doesn't exist), it is great
>> If there is one empty file, it works great
>>
>> But if /srv/cf-served/inputs/resources contains a file (let's call it
>> simple_its.txt) containing "foo baz" (or whatever), here is the update
>> behavior :
>> cf3 =========================================================
>> cf3 files in bundle update (1)
>> cf3 =========================================================
>> cf3
>> cf3 Verifying SQL table promises is only available with Cfengine Nova or
>> above
>> cf3
>> cf3 .........................................................
>> cf3 Promise handle:
>> cf3 Promise made by: /var/cfengine/inputs
>> cf3 .........................................................
>> cf3
>> cf3 -> Handling file existence constraints on /var/cfengine/inputs
>> cf3 -> Copy file /var/cfengine/inputs from /srv/cf-served/inputs check
>> cf3 Found address (192.168.56.101) for host 192.168.56.101
>> cf3 Found address (192.168.56.101) for host 192.168.56.101
>> cf3 No existing connection to 192.168.56.101 is established...
>> cf3 Set cfengine port number to 5308 = 5308
>> cf3 Connect to 192.168.56.101 = 192.168.56.101, port = (5308=5308)
>> cf3 LastSaw host 192.168.56.101 now
>> cf3 Found address (192.168.56.101) for host 192.168.56.101
>> cf3 Loaded /var/cfengine/ppkeys/root-192.168.56.101.pub
>> cf3 .....................[.h.a.i.l.].................................
>> cf3 Strong authentication of server=192.168.56.101 connection confirmed
>> cf3 Found address (192.168.56.101) for host 192.168.56.101
>> cf3 !! (Destination purging enabled)
>> cf3 ->> Entering /srv/cf-served/inputs
>> (snip)
>> cf3 -> Destination file /var/cfengine/inputs/site.cf already exists
>> cf3 -> File permissions on /var/cfengine/inputs/site.cf as promised
>> cf3 -> File /var/cfengine/inputs/site.cf is an up to date copy of source
>> cf3 -> /var/cfengine/inputs/update.cf~ wasn't at destination (copying)
>> cf3 -> Copying from 192.168.56.101:/srv/cf-served/inputs/update.cf~
>> cf3 -> Copy of regular file succeeded /srv/cf-served/inputs/update.cf~
>> to /var/cfengine/inputs/update.cf~.cfnew
>> cf3 ?? Final verification of transmission ...
>> cf3 -> New file /var/cfengine/inputs/update.cf~.cfnew transmitted
>> correctly - verified
>> cf3 -> Group of /var/cfengine/inputs/update.cf~ was 513, setting to 0
>> cf3 -> File permissions on /var/cfengine/inputs/update.cf~ as promised
>> cf3 -> Updated file from 192.168.56.101:/srv/cf-served/inputs/update.cf~
>> cf3 ->> Entering /var/cfengine/inputs/resources
>> cf3 -> File permissions on /var/cfengine/inputs/resources as promised
>> cf3 -> Destination file /var/cfengine/inputs/resources/simple_ips.txt~
>> already exists
>> cf3 -> File permissions on
>> /var/cfengine/inputs/resources/simple_ips.txt~ as promised
>> cf3 -> File /var/cfengine/inputs/resources/simple_ips.txt~ is an up to
>> date copy of source
>> cf3 -> /var/cfengine/inputs/resources/simple_ips.txt wasn't at
>> destination (copying)
>> cf3 -> Copying from
>> 192.168.56.101:/srv/cf-served/inputs/resources/simple_ips.txt
>> cf3 !! Copy from
>> 192.168.56.101:/srv/cf-served/inputs/resources/simple_ips.txt failed
>> cf3 !! Purging /var/cfengine/inputs/resources/simple_ips.txt.cfnew in
>> copy dest directory
>> cf3 Transmission refused or failed statting
>> /srv/cf-served/inputs/ocsi-agent.cf
>> Got: ÉòÞ¡Íäí
>> cf3 !! (Can't stat /srv/cf-served/inputs/ocsi-agent.cf)
>> cf3 !!! System error for cf_stat: "Operation not permitted"
>> cf3 -> Destination file /var/cfengine/inputs/promises.cf already exists
>> cf3 !! Image file /var/cfengine/inputs/promises.cf has a wrong MD5
>> checksum (should be copy of /srv/cf-served/inputs/promises.cf)
>> cf3 -> Updated /var/cfengine/inputs/promises.cf from source
>> /srv/cf-served/inputs/promises.cf on 192.168.56.101
>> cf3 Was not able to copy /srv/cf-served/inputs/promises.cf to
>> /var/cfengine/inputs/promises.cf
>> cf3 I: Report relates to a promise with handle ""
>> cf3 I: Made in version 'not specified' of
>> '/var/cfengine/inputs/update.cf' near line 37
>> cf3 -> Destination file /var/cfengine/inputs/library.cf already exists
>> cf3 !! Image file /var/cfengine/inputs/library.cf has a wrong MD5
>> checksum (should be copy of /srv/cf-served/inputs/library.cf)
>> cf3 -> Updated /var/cfengine/inputs/library.cf from source
>> /srv/cf-served/inputs/library.cf on 192.168.56.101
>> cf3 -> Copy of regular file succeeded /srv/cf-served/inputs/library.cf
>> to /var/cfengine/inputs/library.cf.cfnew
>> cf3 !! New file /var/cfengine/inputs/library.cf.cfnew seems to have been
>> corrupted in transit (sizes 1304 and 0), aborting!
>> cf3 Was not able to copy /srv/cf-served/inputs/library.cf to
>> /var/cfengine/inputs/library.cf
>> cf3 I: Report relates to a promise with handle ""
>> cf3 I: Made in version 'not specified' of
>> '/var/cfengine/inputs/update.cf' near line 37
>> cf3 -> Destination file /var/cfengine/inputs/update.cf already exists
>> cf3 !! Image file /var/cfengine/inputs/update.cf has a wrong MD5
>> checksum (should be copy of /srv/cf-served/inputs/update.cf)
>> cf3 -> Updated /var/cfengine/inputs/update.cf from source
>> /srv/cf-served/inputs/update.cf on 192.168.56.101
>> cf3 -> Copy of regular file succeeded /srv/cf-served/inputs/update.cf to
>> /var/cfengine/inputs/update.cf.cfnew
>> cf3 ?? Final verification of transmission ...
>> cf3 -> New file /var/cfengine/inputs/update.cf.cfnew transmitted
>> correctly - verified
>> cf3 -> Group of /var/cfengine/inputs/update.cf was 513, setting to 0
>> cf3 -> Object /var/cfengine/inputs/update.cf had permission 600, changed
>> it to 644
>> cf3 -> Destination file /var/cfengine/inputs/failsafe.cf already exists
>> cf3 !! Image file /var/cfengine/inputs/failsafe.cf has a wrong MD5
>> checksum (should be copy of /srv/cf-served/inputs/failsafe.cf)
>> cf3 -> Updated /var/cfengine/inputs/failsafe.cf from source
>> /srv/cf-served/inputs/failsafe.cf on 192.168.56.101
>> cf3 Was not able to copy /srv/cf-served/inputs/failsafe.cf to
>> /var/cfengine/inputs/failsafe.cf
>> cf3 I: Report relates to a promise with handle ""
>> cf3 I: Made in version 'not specified' of
>> '/var/cfengine/inputs/update.cf' near line 37
>> cf3 Transmission refused or failed statting
>> /srv/cf-served/inputs/cf-served.cf
>> Got: CFD_TRUE
>> cf3 !! (Can't stat /srv/cf-served/inputs/cf-served.cf)
>> cf3 !!! System error for cf_stat: "Operation not permitted"
>> cf3 -> Destination file /var/cfengine/inputs/yum.cf already exists
>> cf3 -> File permissions on /var/cfengine/inputs/yum.cf as promised
>> cf3 -> File /var/cfengine/inputs/yum.cf is an up to date copy of source
>> cf3 Transmission refused or failed statting
>> /srv/cf-served/inputs/virtual-machines.cf
>> Got: ŒFÚðQCa
>> cf3 !! (Can't stat /srv/cf-served/inputs/virtual-machines.cf)
>> cf3 !!! System error for cf_stat: "Operation not permitted"
>> cf3 -> Destination file /var/cfengine/inputs/exim4.cf already exists
>> cf3 !! Image file /var/cfengine/inputs/exim4.cf has a wrong MD5 checksum
>> (should be copy of /srv/cf-served/inputs/exim4.cf)
>> cf3 -> Updated /var/cfengine/inputs/exim4.cf from source
>> /srv/cf-served/inputs/exim4.cf on 192.168.56.101
>> cf3 Was not able to copy /srv/cf-served/inputs/exim4.cf to
>> /var/cfengine/inputs/exim4.cf
>> cf3 I: Report relates to a promise with handle ""
>> cf3 I: Made in version 'not specified' of
>> '/var/cfengine/inputs/update.cf' near line 37
>> cf3 !! Purging /var/cfengine/inputs/exim4.cf.cfnew in copy dest directory
>> cf3 !! Purging /var/cfengine/inputs/failsafe.cf.cfnew in copy dest directory
>> cf3 !! Purging /var/cfengine/inputs/library.cf.cfnew in copy dest directory
>> cf3 !! Purging /var/cfengine/inputs/promises.cf.cfnew in copy dest directory
>> cf3 !! Purging /var/cfengine/inputs/update.cf.cfsaved in copy dest directory
>> cf3 Performance(Copy(192.168.56.101:/srv/cf-served/inputs >
>> /var/cfengine/inputs)): time=2.0000 secs, av=2.6912 +/- 0.8668
>> cf3 Existing connection just became free...
>>
>> Then files content are messed up (ending with content from one file in
>> another one)
>>
>> Both client and server are the 3.0.2 release
>>
>> Regards,
>> Nicolas
>>
>> _______________________________________________
>> Bug-cfengine mailing list
>> Bug-cfengine@cfengine.org
>> https://cfengine.org/mailman/listinfo/bug-cfengine
>>
>
>
_______________________________________________
Bug-cfengine mailing list
Bug-cfengine@cfengine.org
https://cfengine.org/mailman/listinfo/bug-cfengine
