Package: rhn-client-tools
Version: 1.8.26-4
Severity: important
Hi,
I want to report that the package does not really work out of the box, and I
suspect that it does not work at all. There are two problems related to the CA
certificate, the first one is that the default location for it does not match
the installed path:
Traceback (most recent call last):
File "/usr/sbin/rhnreg_ks", line 218, in <module>
cli.run()
File "/usr/share/rhn/up2date_client/rhncli.py", line 96, in run
sys.exit(self.main() or 0)
File "/usr/sbin/rhnreg_ks", line 90, in main
rhnreg.getCaps()
File "/usr/share/rhn/up2date_client/rhnreg.py", line 237, in getCaps
s = rhnserver.RhnServer()
File "/usr/share/rhn/up2date_client/rhnserver.py", line 165, in __init__
self._server = rpcServer.getServer(serverOverride=serverOverride)
File "/usr/share/rhn/up2date_client/rpcServer.py", line 171, in getServer
raise up2dateErrors.SSLCertificateFileNotFound(msg)
<class 'up2date_client.up2dateErrors.SSLCertificateFileNotFound'>:
This is easy to solve, just changing a parameter in the config file:
-sslCACert=/usr/share/rhn/RHN-ORG-TRUSTED-SSL-CERT
+sslCACert=/usr/share/rhn/RHNS-CA-CERT
But then, when that is fixed, I get this error:
Traceback (most recent call last):
File "/usr/sbin/rhnreg_ks", line 218, in <module>
cli.run()
File "/usr/share/rhn/up2date_client/rhncli.py", line 96, in run
sys.exit(self.main() or 0)
File "/usr/sbin/rhnreg_ks", line 90, in main
rhnreg.getCaps()
File "/usr/share/rhn/up2date_client/rhnreg.py", line 239, in getCaps
s.capabilities.validate()
File "/usr/share/rhn/up2date_client/rhnserver.py", line 172, in
__get_capabilities
self.registration.welcome_message()
File "/usr/share/rhn/up2date_client/rhnserver.py", line 63, in __call__
return rpcServer.doCall(method, *args, **kwargs)
File "/usr/share/rhn/up2date_client/rpcServer.py", line 203, in doCall
ret = method(*args, **kwargs)
File "/usr/lib/python2.7/xmlrpclib.py", line 1224, in __call__
return self.__send(self.__name, args)
File "/usr/share/rhn/up2date_client/rpcServer.py", line 38, in _request1
ret = self._request(methodname, params)
File "/usr/lib/python2.7/dist-packages/rhn/rpclib.py", line 381, in _request
self._handler, request, verbose=self._verbose)
File "/usr/lib/python2.7/dist-packages/rhn/transports.py", line 167, in
request
headers, fd = req.send_http(host, handler)
File "/usr/lib/python2.7/dist-packages/rhn/transports.py", line 698, in
send_http
self._connection.connect()
File "/usr/lib/python2.7/dist-packages/rhn/connections.py", line 183, in
connect
self.sock.init_ssl()
File "/usr/lib/python2.7/dist-packages/rhn/SSL.py", line 90, in init_ssl
self._ctx.load_verify_locations(f)
File "/usr/lib/python2.7/dist-packages/OpenSSL/SSL.py", line 303, in
load_verify_locations
raise TypeError("cafile must be None or a byte string")
<type 'exceptions.TypeError'>: cafile must be None or a byte string
Which seems to come from the fact that the configuration file is read as an
unicode string, and OpenSSL does not like that. I am going to manually cast
this parameter to str to make it work here, but I think this must affect anyone
using rhn-client-tools with a modern python, so that's why I am marking this as
important.
-- System Information:
Debian Release: 8.0
APT prefers testing
APT policy: (500, 'testing')
Architecture: amd64 (x86_64)
Kernel: Linux 3.16.0-4-amd64 (SMP w/4 CPU cores)
Locale: LANG=en_IE.UTF-8, LC_CTYPE=en_IE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages rhn-client-tools depends on:
ii debconf 1.5.55
ii gnupg 1.4.18-6
ii lsb-release 4.1+Debian13+nmu1
ii python-apt 0.9.3.11
ii python-dbus 1.2.0-2+b3
ii python-dmidecode 3.10.13-3
ii python-ethtool 0.11-2
ii python-gudev 147.2-3
ii python-newt 0.52.17-1+b1
ii python-openssl 0.14-1
ii python-rhn 2.5.55-2
pn python:any <none>
Versions of packages rhn-client-tools recommends:
pn apt-spacewalk <none>
Versions of packages rhn-client-tools suggests:
ii python-glade2 2.24.0-4
pn python-gnome2 <none>
ii python-gtk2 2.24.0-4
-- Configuration Files:
/etc/sysconfig/rhn/up2date changed [not included]
-- no debconf information
--
To UNSUBSCRIBE, email to [email protected]
with a subject of "unsubscribe". Trouble? Contact [email protected]
