This is not a bug in ssl-cert. It's a bug in libapache2-mod-auth-
mellon, more specifically in the way it configures openssl to generate
its certificate. From /usr/sbin/mellon_create_metadata:
cat >"$TEMPLATEFILE" <<EOF
RANDFILE = /dev/urandom
[req]
default_bits = 3072
default_keyfile = privkey.pem
distinguished_name = req_distinguished_name
prompt = no
policy = policy_anything
[req_distinguished_name]
commonName = $HOST
EOF
The fix is simple: just remove the RANDFILE entry from the snippet
above. This looks like SRU material, so I'm adding a task for the
package and setting its status accordingly.
** Also affects: libapache2-mod-auth-mellon (Ubuntu)
Importance: Undecided
Status: New
** Changed in: libapache2-mod-auth-mellon (Ubuntu Jammy)
Status: New => Triaged
** Changed in: ssl-cert (Ubuntu Jammy)
Status: Confirmed => Fix Released
** Changed in: hplip (Ubuntu Jammy)
Status: Confirmed => Fix Released
--
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to hplip in Ubuntu.
https://bugs.launchpad.net/bugs/1945774
Title:
openssl: breaks ssl-cert installation:
8022CB35777F0000:error:1200007A:random number
generator:RAND_write_file:Not a regular
file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
Status in mod_auth_mellon:
Unknown
Status in hplip package in Ubuntu:
Fix Released
Status in libapache2-mod-auth-mellon package in Ubuntu:
New
Status in ssl-cert package in Ubuntu:
Fix Released
Status in hplip source package in Jammy:
Fix Released
Status in libapache2-mod-auth-mellon source package in Jammy:
Triaged
Status in ssl-cert source package in Jammy:
Fix Released
Status in ssl-cert package in Debian:
Fix Released
Bug description:
Imported from Debian bug http://bugs.debian.org/990228:
Package: openssl
Version: 3.0.0~~alpha16-1
Severity: serious
User: debian...@lists.debian.org
Usertags: piuparts
Hi,
during a test with piuparts I noticed your package causes other package
to fail installation/upgrading.
From the attached log (scroll to the bottom...):
...
Setting up openssl (3.0.0~~alpha16-1) ...
Setting up libbsd0:amd64 (0.11.3-1) ...
Setting up readline-common (8.1-2) ...
Setting up libxml2:amd64 (2.9.10+dfsg-6.7) ...
Setting up libgdbm6:amd64 (1.19-2) ...
Setting up postgresql-client-common (226) ...
Setting up libedit2:amd64 (3.1-20210522-1~exp1) ...
Setting up libreadline8:amd64 (8.1-2) ...
Setting up libldap-2.4-2:amd64 (2.4.57+dfsg-3) ...
Setting up libllvm11:amd64 (1:11.0.1-2) ...
Setting up ssl-cert (1.1.0+nmu1) ...
Could not create certificate. Openssl output was:
Generating a RSA private key
..+..+......+.......+.....+...+.........+.......+...+..+...+.+..+...+.........+.......+...+..+.........+.+...........+...+.+......+........+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..........+........+.......+.........+..+...+....+..+.+............+..+................+...+............+..+.............+...+..+.......+...+.....+..................+.......+.........+........+.+........................+............+.........+..+.........+.+..+......+.+...........+.........+.+.....+....+.........+.....+.+....................+....+............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
..+.+........+...+...+.......+..................+..+.........+...+.+............+...+.....+......................+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+....+......+...+..+...+..........+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+...+....+..+....+..+....+.........+..+...+....+.....+.+......+.....+.+..+.............+..+..........+..+.+........+............+.........+....+..+.......+.....+...+.......+...+...+..+....+...+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key'
-----
Warning: No -copy_extensions given; ignoring any extensions in the request
Cannot write random bytes:
8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not
a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
dpkg: error processing package ssl-cert (--configure):
installed ssl-cert package post-installation script subprocess returned
error exit status 1
dpkg: dependency problems prevent configuration of postgresql-common:
postgresql-common depends on ssl-cert (>= 1.0.11); however:
Package ssl-cert is not configured yet.
...
Hmm, well, yes, /dev/urandom is not a regular file. It's a character
device node.
cheers,
Andreas
To manage notifications about this bug go to:
https://bugs.launchpad.net/mod-auth-mellon/+bug/1945774/+subscriptions
--
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help : https://help.launchpad.net/ListHelp
