A NOTE has been added to this issue. ====================================================================== https://www.opencsw.org/mantis/view.php?id=4807 ====================================================================== Reported By: domcleal Assigned To: yann ====================================================================== Project: openssl_rt Issue ID: 4807 Category: upgrade Reproducibility: always Severity: major Priority: normal Status: feedback ====================================================================== Date Submitted: 2011-07-19 15:16 CEST Last Modified: 2011-07-22 00:37 CEST ====================================================================== Summary: Migration of SSL certs fails on upgrade Description: When upgrading with pkgutil from openssl_rt-0.9.8,REV=2007.12.26_rev=g-SunOS5.8-sparc-CSW to openssl_rt-0.9.8r,REV=2011.02.12-SunOS5.9-sparc-CSW, the package preinstall performs a migration of SSL certs from /opt/csw/ssl/certs to /opt/csw/etc/ssl/certs.
This causes the pkgadd to fail, as it also removes the /opt/csw/ssl/certs directory: Custom certificates have been installed in /opt/csw/ssl/certs/. They will be moved under /opt/csw/etc/ssl/certs. see /opt/csw/share/doc/openssl_rt/README.CSW for more information about CA. WARNING: /opt/csw/ssl/certs <no longer a directory> mv: cannot rename /opt/csw/ssl/certs/demo to /opt/csw/etc/ssl/certs/demo: File exists mv: cannot rename /opt/csw/ssl/certs/expired to /opt/csw/etc/ssl/certs/expired: File exists rmdir: directory "/opt/csw/ssl/certs": Directory not empty WARNING: /opt/csw/ssl/certs may not overwrite a populated directory. pkgadd: ERROR: /opt/csw/ssl/certs could not be installed. Updating certificates in /opt/csw/etc/ssl/certs...done. Installation of <CSWosslrt> partially failed. Removing the "rmdir /opt/csw/ssl/certs" from the preinstall lets the upgrade go through, indicating perhaps that the directory should be left in place? ====================================================================== ---------------------------------------------------------------------- (0009209) yann (manager) - 2011-07-22 00:37 https://www.opencsw.org/mantis/view.php?id=4807#c9209 ---------------------------------------------------------------------- Hi, The /opt/csw/ssl/certs should be removed so that pkgadd can create a symlink /opt/csw/ssl/certs -> /opt/csw/etc/ssl/certs It is perfectly normal that the /opt/csw/ssl/certs is removed. In fact, in there is no custom file installed in /opt/csw/ssl/certs, it should always be removed when the previous openssl_rt package is removed. See Demonstration 1. I am a bit surprised that removing the rmdir solves the problem. If I create custom files in /opt/csw/ssl/certs, I can't also reproduce your bug, see demonstration 2. So I suppose there is something specific in your configuration. The things that come to my mind are: - /opt/csw/ssl/certs is a mount point, - /opt/csw is zone shared. Could you give me more information about your setup so I understand the condition that trigger this bug ? Thanks in advance, Yann Demonstration 1: # pkginfo -l CSWosslrt | grep VERSION VERSION: 0.9.8,REV=2007.12.26_rev=g # ls -ld /opt/csw/ssl/certs drwxr-xr-x 4 root bin 1024 Jul 22 00:16 /opt/csw/ssl/certs # pkgrm CSWosslrt [...] # ls -ld /opt/csw/ssl/certs /opt/csw/ssl/certs: No such file or directory If the last openssl_rt is then installed, there is no problem: # pkgutil --trace -t http://buildfarm.opencsw.org/opencsw/experimental/yann -i openssl_rt [...] Installation of <CSWosslrt> was successful. Demonstration 2: # # Let's create some custom files # cd /opt/csw/ssl/certs # mkdir -p demo expired # touch test1.pem demo/test2.pem expired/test3.pem # I also create demo and expired directory at the new location to create a clash (triggered a problem with the previous package). # mkdir -p /opt/csw/etc/ssl/certs/demo /opt/csw/etc/ssl/certs/expired # pkgrm CSWosslrt Removal of <CSWosslrt> was successful. # ls -l /opt/csw/ssl/certs/ total 4 drwxr-xr-x 2 root bin 512 Jul 22 00:29 demo drwxr-xr-x 2 root bin 512 Jul 22 00:29 expired -rw-r--r-- 1 root root 0 Jul 22 00:27 test1.pem [...] ## Executing checkinstall script. + /usr/bin/uname -p PLATFORM=i386 + /usr/bin/uname -r VERSION=5.10 + [ 5.10 -eq 5.8 ] + [ ! -c /dev/random ] + [ ! -c /dev/urandom ] + [ = 1 ] + [ ! -h /opt/csw/ssl/certs ] + [ -d /opt/csw/ssl/certs ] + ls -1 /opt/csw/ssl/certs/ + [ -n demo expired test1.pem ] + echo Custom certificates have been installed in /opt/csw/ssl/certs/. Custom certificates have been installed in /opt/csw/ssl/certs/. + echo They will be moved under /opt/csw/etc/ssl/certs. They will be moved under /opt/csw/etc/ssl/certs. + echo see /opt/csw/share/doc/openssl_rt/README.CSW for more information see /opt/csw/share/doc/openssl_rt/README.CSW for more information + echo about CA. about CA. + cat MOVE_CERTS=Yes + exit 0 [...] ## Executing preinstall script. + [ Yes = Yes ] + cd /opt/csw/ssl/certs + [ 0 -eq 0 ] + pwd + [ /opt/csw/ssl/certs = /opt/csw/ssl/certs ] + find . -type f + read FILE + dirname ./demo/test2.pem + mkdir -p -m 0755 /opt/csw/etc/ssl/certs/./demo + mv ./demo/test2.pem /opt/csw/etc/ssl/certs/./demo/test2.pem + read FILE + dirname ./expired/test3.pem + mkdir -p -m 0755 /opt/csw/etc/ssl/certs/./expired + mv ./expired/test3.pem /opt/csw/etc/ssl/certs/./expired/test3.pem + read FILE + dirname ./test1.pem + mkdir -p -m 0755 /opt/csw/etc/ssl/certs/. + mv ./test1.pem /opt/csw/etc/ssl/certs/./test1.pem + read FILE + find . ! -name . -type d -exec rmdir {} ; + rmdir /opt/csw/ssl/certs + true [...] /opt/csw/ssl/certs <symbolic link> [...] Installation of <CSWosslrt> was successful. _______________________________________________ bug-notifications mailing list [email protected] https://lists.opencsw.org/mailman/listinfo/bug-notifications
