Bug#225487: apache-ssl: Postinstall fails with a "sed" error
Hi Fabio- On Mon, Jan 12, 2004 at 09:18:04PM +0100, Fabio Massimo Di Nitto wrote: > I am just going trough the bug again and i noticed that there is > stuff missing from the information required to generate the certificate > like Locality Name. > > All the fields are required to generate the certificate. Can you kindly > try again removing /etc/apache-ssl/apache.pem, create a certificate with > all the fields filled up? I tried this, and it now seems to work fine. The cert is generated without error, and apache-ssl starts as normal. This was definitely unexpected behavior, though. I have generated self-signed certificates before and have not had to fill in all the fields. Did this change recently? Would a warning in debconf be appropriate, or perhasps some logic to refuse to generate the cert if any fields are left blank? Thanks for your time, it is much appreciated. Regards, Doug
Bug#225487: apache-ssl: Postinstall fails with a "sed" error
Hi Fabio- This was in the apache-ssl error log, one occurrence for every time I've tried to start the binary: [Fri Jan 2 12:56:47 2004] [crit] Error reading server certificate file /etc/apache-ssl/apache.pem [Fri Jan 2 12:56:47 2004] [crit] error:0906D06C:PEM routines:PEM_read_bio:no start line Regards, Doug
Bug#225487: apache-ssl: Postinstall fails with a "sed" error
Hi Fabio- (forgot to CC debian-bugs, sorry for the dup) > Sorry I need to ask you to do the last test. What happens if you > create > the certificate with default values?? just for testing of course. If > this > work there might be something wrong in the data you pass to > make-ssl-cert > via debconf or a bug in it that make the certificate wrong. The thought had occurred to me, too. I don't recall what the original defaults were - debconf seems to remember my answers to the cert questions from one invocation to the next (normally a great feature...;-)). I did try to generate a new cert with very generic information - only "localhost" for hostname and "[EMAIL PROTECTED]" for email, with the other settings left blank (I think that was the default...). I also tried with some generic settings for country/state/organization. Same results. I attached a script output where you can see my responses to debconf's questions, also with the output of "set -x" in the postinst shell script. This error doesn't seem to matter (/etc/apache-ssl/conf.d is empty): "Starting web server: apache-ssl Processing config directory: /etc/apache-ssl/conf.d failed" Just as a test, I commented out the "include" directive in /etc/apache-ssl/httpd.conf that included /etc/apache-ssl/conf.d/, and just got this, generic error: hades:/home/doug# apt-get -f install Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 8 not upgraded. 1 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up apache-ssl (1.3.29.0.1-3) ... Starting web server: apache-ssl failed invoke-rc.d: initscript apache-ssl, action "start" failed. dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: apache-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) hades:/home/doug# Thanks, Doug Setting up apache-ssl (1.3.29.0.1-3) ... + make_selfsigned_cert + '[' '!' -f /etc/apache-ssl/apache.pem ']' + /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache-ssl/apache.pem Configuring The two letter code for your Country. (ie GB) (countryName) Country Name US Your state, county or province. (stateOrProvinceName) State or Province Name CT The name of the city or town that you live in. (localityName) Locality Name The name of the company or organisation the certificate is for. (organisationName) Organisation Name Snake Oil Co The Division or section of the organisation the certificate is for. (organisationalUnitName) Organisational Unit Name The host name of the server the certificate is for. This must be filled in. (commonName) Host Name localhost The email address that should be associated with the certificate. Email Address [EMAIL PROTECTED] Generating a 1024 bit RSA private key .++ ...++ writing new private key to '/etc/apache-ssl/apache.pem' - problems making Certificate Request 29412:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too short:a_mbstr.c:147:minsize=1 dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error
Bug#225487: apache-ssl: Postinstall fails with a "sed" error
On Thu, Jan 01, 2004 at 10:01:23AM +0100, Fabio Massimo Di Nitto wrote: > > Hi Douglas, > thanks for the information. I think that the fact that apache does > not start is related to the wrong certificate. Just to be sure 100% please > remove /etc/apache-ssl/apache.pem and try to reinstall apache-ssl with > your patch applied to make-ssl-cert. This should generate a new and clean > certificate and hopefully apache-ssl will start. No luck - I get the same error after removing the cert and regenerating it. I also tried a clean installation after purging the existing one - with the same results. Thanks, Doug
Bug#225487: apache-ssl: Postinstall fails with a "sed" error
Hi Fabio-
This patch fixes the problem and allows me to generate the cert.
[EMAIL PROTECTED]:~$ diff -ur make-ssl-cert.orig make-ssl-cert
--- make-ssl-cert.orig 2003-12-31 12:51:49.0 -0500
+++ make-ssl-cert 2003-12-31 12:52:18.0 -0500
@@ -97,13 +97,13 @@
Email="$RET"
db_fset make-ssl-cert/email seen false
-sed -e s,@CountryName@,"$CountryName", \
--e s,@StateName@,"$StateName", \
--e s,@LocalityName@,"$LocalityName", \
--e s,@OrganisationName@,"$OrganisationName", \
--e s,@OUName@,"$OUName", \
--e s,@HostName@,"$HostName", \
--e s,@Email@,"$Email", \
+sed -e s/@CountryName@/"$CountryName"/ \
+-e s/@StateName@/"$StateName"/ \
+-e s/@LocalityName@/"$LocalityName"/ \
+-e s/@OrganisationName@/"$OrganisationName"/ \
+-e s/@OUName@/"$OUName"/ \
+-e s/@HostName@/"$HostName"/ \
+-e s/@Email@/"$Email"/ \
$template > /tmp/$$.req
export RANDFILE=/dev/random
...but I now get an error regarding the cert request:
hades:/etc/apache-ssl# apt-get -f install
Reading Package Lists... Done
Building Dependency Tree... Done
0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
1 not fully installed or removed.
Need to get 0B of archives.
After unpacking 0B of additional disk space will be used.
Setting up apache-ssl (1.3.29.0.1-3) ...
+ make_selfsigned_cert
+ '[' '!' -f /etc/apache-ssl/apache.pem ']'
+ /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf
/etc/apache-ssl/apache.pem
Generating a 1024 bit RSA private key
.++
...++
writing new private key to '/etc/apache-ssl/apache.pem'
-
problems making Certificate Request
5332:error:0D07A098:asn1 encoding routines:ASN1_mbstring_copy:string too
short:a_mbstr.c:147:minsize=1
dpkg: error processing apache-ssl (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
apache-ssl
E: Sub-process /usr/bin/dpkg returned an error code (1)
...and when I run 'apt-get -f install' again:
Starting web server: apache-sslProcessing config directory:
/etc/apache-ssl/conf.d
failed
invoke-rc.d: initscript apache-ssl, action "start" failed.
dpkg: error processing apache-ssl (--configure):
subprocess post-installation script returned error exit status 1
Errors were encountered while processing:
apache-ssl
E: Sub-process /usr/bin/dpkg returned an error code (1)
hades:/etc/apache-ssl#
I attached the output with 'set -x' in the postinstall script, as it was
rather large - this is with the above patch applied.
Regards,
Doug
Script started on Wed Dec 31 12:59:03 2003
hades:/etc/apache-ssl# apt-get -f install
...
Setting up apache-ssl (1.3.29.0.1-3) ...
+ make_selfsigned_cert
+ '[' '!' -f /etc/apache-ssl/apache.pem ']'
+ . /usr/share/debconf/confmodule
++ '[' '!' '' ']'
++ exec /usr/share/debconf/frontend /var/lib/dpkg/info/apache-ssl.postinst
configure ''
+ make_selfsigned_cert
+ '[' '!' -f /etc/apache-ssl/apache.pem ']'
+ . /usr/share/debconf/confmodule
++ '[' '!' 1 ']'
++ '[' -z '' ']'
++ exec
++ DEBCONF_REDIR=1
++ export DEBCONF_REDIR
++ _old_opts=configure
++ set -- capb CAPB
++ eval 'db_capb () {
echo "CAPB $@" >&3
# Set to newline to get whole line.
local IFS='\''
'\''
local _LINE
read -r _LINE
# Disgusting, but it'\''s the only good way to split the line,
# preserving all other whitespace.
RET="${_LINE#[! ][ ]}"
return ${_LINE%%[ ]*}
}'
++ set -- set SET
++ eval 'db_set () {
echo "SET $@" >&3
# Set to newline to get whole line.
local IFS='\''
'\''
local _LINE
read -r _LINE
# Disgusting, but it'\''s the only good way to split the line,
# preserving all other whitespace.
RET="${_LINE#[! ][ ]}"
return ${_LINE%%[ ]*}
}'
++ set -- reset RESET
++ eval 'db_reset () {
echo "RESET $@" >&3
# Set to newline to get whole line.
local IFS='\''
'\''
local _LINE
read -r _LINE
# Disgusting, but it'\''s the only good way to split the line,
# preserving all other whitespace.
RET="${_LINE#[! ][ ]}"
return ${_LINE%%[ ]*}
}'
++ set -- title TITLE
++ eval 'db_title () {
echo "TITLE $@" >&3
# Set to newline to get whole line.
local IFS='\''
'\''
local _LINE
read -r _LINE
# Disgusting, but it'\''s the only good way to split the line,
# preserving all other whitespace.
RET="${_LINE#[! ][ ]}"
return ${_LINE%%[ ]*}
Bug#225487: apache-ssl: Postinstall fails with a "sed" error
Hi Fabio- On Wed, Dec 31, 2003 at 08:10:09AM +0100, Fabio Massimo Di Nitto wrote: > Hi Doug, > can you be so kind to add set -x to > /var/lib/dpkg/info/apache-ssl.postinst > and send me the output? > hades:/home/doug# vi /var/lib/dpkg/info/apache-ssl.postinst hades:/home/doug# apt-get -f install Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. 1 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up apache-ssl (1.3.29.0.1-3) ... + make_selfsigned_cert + '[' '!' -f /etc/apache-ssl/apache.pem ']' + /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache-ssl/apache.pem sed: -e expression #4, char 42: Unknown option to `s' dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: apache-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) hades:/home/doug#
