George Sweetnam wrote:
You could always just use the "setenforce 0" in the script to turn if off, but that should really be a user option. Maybe just prompt to turn it off at the start (and don't allow a batch answer for it). I just sent a "setenforce 9" and it said it was enabled (any number other than 0 or 1 will give you the status of it)... what i get for testing on a stock installation though.I got all the way to generating the ssl certs before it failed this time. It's looking for /dev/random and not finding it now. I can manually install it... sounds like it can't reach it in the sandbox.This is the error: random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand #here is what it needs crw-rw-rw- 1 root root 1, 8 Aug 25 21:15 /dev/random cr--r--r-- 1 root root 1, 9 Aug 25 21:15 /dev/urandom #do the following 2 lines to make them in the sandbox: mknod -m 644 /opt/qmt-sandbox/dev/random c 1 8 mknod -m 444 /opt/qmt-sandbox/dev/urandom c 1 9 George
Thanks, George. Done.I'm curious about this though. Did you get a warning, or did it outright fail? I'm wondering why it didn't fail on upgrades. Warning shouldn't matter, because keys will be regenerated when it's installed in the root branch (outside of the sandbox, for real). I dislike even warnings though, and am glad to get them eliminated.
=================================== STEP 2: Generating X.509 certificate signing request for CA You are about to be asked to enter information that will be incorporated into your certificate request. What you are about to enter is what is called a Distinguished Name or a DN. There are quite a few fields but you can leave some blank For some fields there will be a default value, If you enter '.', the field will be left blank. -----1. Country Name (2 letter code) []:2. State or Province Name (full name) []:3. Locality Name (eg, city) []:4. Organization Name (eg, company) [Qmail Toaster Server]:5. Organizational Unit Name (eg, section) [For testing purposes only]:6. Common Name (eg, CA name) [www.qmailtoaster.com]:7. Email Address (eg, [EMAIL PROTECTED]) []:28664:error:24064064:random number generator:SSLEAY_RAND_BYTES:PRNG not seeded:md_rand.c:503:You need to read the OpenSSL FAQ, http://www.openssl.org/support/faq.html28664:error:04088003:rsa routines:RSA_setup_blinding:BN lib:rsa_lib.c:407:28664:error:04066044:rsa routines:RSA_EAY_PRIVATE_ENCRYPT:internal error:rsa_eay.c:364: 28664:error:0D0C3006:asn1 encoding routines:ASN1_item_sign:EVP lib:a_sign.c:276:cca:Error: Failed to generate certificate signing request error: Bad exit status from /var/tmp/rpm-tmp.51382 (%install) RPM build errors:Bad exit status from /var/tmp/rpm-tmp.51382 (%install)
Do you have openssl and openssl-devel installed?
--
-Eric 'shubes'
---------------------------------------------------------------------
QmailToaster hosted by: VR Hosted <http://www.vr.org>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
