Bug#225487: apache-ssl: Postinstall fails with a sed error
Hi Fabio- On Mon, Jan 12, 2004 at 09:18:04PM +0100, Fabio Massimo Di Nitto wrote: I am just going trough the bug again and i noticed that there is stuff missing from the information required to generate the certificate like Locality Name. All the fields are required to generate the certificate. Can you kindly try again removing /etc/apache-ssl/apache.pem, create a certificate with all the fields filled up? I tried this, and it now seems to work fine. The cert is generated without error, and apache-ssl starts as normal. This was definitely unexpected behavior, though. I have generated self-signed certificates before and have not had to fill in all the fields. Did this change recently? Would a warning in debconf be appropriate, or perhasps some logic to refuse to generate the cert if any fields are left blank? Thanks for your time, it is much appreciated. Regards, Doug
Bug#225487: apache-ssl: Postinstall fails with a sed error
On Mon, 12 Jan 2004, Douglas Maxwell wrote: Hi Fabio- On Mon, Jan 12, 2004 at 09:18:04PM +0100, Fabio Massimo Di Nitto wrote: I am just going trough the bug again and i noticed that there is stuff missing from the information required to generate the certificate like Locality Name. All the fields are required to generate the certificate. Can you kindly try again removing /etc/apache-ssl/apache.pem, create a certificate with all the fields filled up? I tried this, and it now seems to work fine. The cert is generated without error, and apache-ssl starts as normal. This was definitely unexpected behavior, though. I have generated self-signed certificates before and have not had to fill in all the fields. It is unexpected for me as well. From my experience i can tell that i have been always providing all the data (also in the past) to be sure that everything was ok. Did this change recently? I have no idea. Would a warning in debconf be appropriate, or perhasps some logic to refuse to generate the cert if any fields are left blank? I was thinking about the second option. The first one would not prevent users from messing around ;) In any case it is all still a ssl-cert problem (but no9 worry... we are still the same maintainers ;)) Thanks for your time, it is much appreciated. No problem at all. Thanks to you for helping us Fabio -- Our mission: make IPv6 the default IP protocol We are on a mission from God - Elwood Blues http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html
Bug#225487: apache-ssl: Postinstall fails with a sed error
reassign 225487 ssl-cert stop quit Hi Douglas, I am just going trough the bug again and i noticed that there is stuff missing from the information required to generate the certificate like Locality Name. All the fields are required to generate the certificate. Can you kindly try again removing /etc/apache-ssl/apache.pem, create a certificate with all the fields filled up? This would explain the error you get that some strings are empty and the minimum size is 1. In any case i am reassining the bug to ssl-cert regarding the sed stuff. Thanks Fabio On Fri, 2 Jan 2004, Douglas Maxwell wrote: Hi Fabio- (forgot to CC debian-bugs, sorry for the dup) Sorry I need to ask you to do the last test. What happens if you create the certificate with default values?? just for testing of course. If this work there might be something wrong in the data you pass to make-ssl-cert via debconf or a bug in it that make the certificate wrong. The thought had occurred to me, too. I don't recall what the original defaults were - debconf seems to remember my answers to the cert questions from one invocation to the next (normally a great feature...;-)). I did try to generate a new cert with very generic information - only localhost for hostname and [EMAIL PROTECTED] for email, with the other settings left blank (I think that was the default...). I also tried with some generic settings for country/state/organization. Same results. I attached a script output where you can see my responses to debconf's questions, also with the output of set -x in the postinst shell script. This error doesn't seem to matter (/etc/apache-ssl/conf.d is empty): Starting web server: apache-ssl Processing config directory: /etc/apache-ssl/conf.d failed Just as a test, I commented out the include directive in /etc/apache-ssl/httpd.conf that included /etc/apache-ssl/conf.d/, and just got this, generic error: hades:/home/doug# apt-get -f install Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 8 not upgraded. 1 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up apache-ssl (1.3.29.0.1-3) ... Starting web server: apache-ssl failed invoke-rc.d: initscript apache-ssl, action start failed. dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: apache-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) hades:/home/doug# Thanks, Doug -- Our mission: make IPv6 the default IP protocol We are on a mission from God - Elwood Blues http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html
Bug#225487: apache-ssl: Postinstall fails with a sed error
Hi Fabio- This was in the apache-ssl error log, one occurrence for every time I've tried to start the binary: [Fri Jan 2 12:56:47 2004] [crit] Error reading server certificate file /etc/apache-ssl/apache.pem [Fri Jan 2 12:56:47 2004] [crit] error:0906D06C:PEM routines:PEM_read_bio:no start line Regards, Doug
Bug#225487: apache-ssl: Postinstall fails with a sed error
Hi Doug, can you be so kind to add set -x to /var/lib/dpkg/info/apache-ssl.postinst and send me the output? thanks Fabio On Mon, 29 Dec 2003, Doug Maxwell wrote: Package: apache-ssl Version: 1.3.29.0.1-3 Severity: grave Tags: sid Justification: renders package unusable Error occurs immediately after entering information needed for creation of self-signed certificate: [EMAIL PROTECTED]:~$ sudo apt-get -f install Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. 1 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up apache-ssl (1.3.29.0.1-3) ... sed: -e expression #4, char 42: Unknown option to `s' dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: apache-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) [EMAIL PROTECTED]:~$ -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux hades 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages apache-ssl depends on: ii apache-common 1.3.29.0.1-3 Support files for all Apache webse ii debconf 1.3.22 Debian configuration management sy ii dpkg1.10.18 Package maintenance system for Deb ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an ii libdb4.14.1.25-10Berkeley v4.1 Database Libraries [ ii libexpat1 1.95.6-6 XML parsing C library - runtime li ii libkeynote0 2.3-10 Decentralized Trust-Management sys ii libmagic1 4.06-2 File type determination library us ii libpam0g0.76-14 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7c-5 SSL shared libraries ii logrotate 3.6.5-2 Log rotation utility ii mime-support3.23-1 MIME files 'mime.types' 'mailcap ii openssl 0.9.7c-5 Secure Socket Layer (SSL) binary a ii perl [perl5]5.8.2-2 Larry Wall's Practical Extraction ii ssl-cert1.0-6Simple debconf wrapper for openssl -- debconf information: apache-ssl/server-admin: [EMAIL PROTECTED] * apache-ssl/enable-suexec: false apache-ssl/init: true apache-ssl/server-name: localhost apache-ssl/document-root: /var/www My version of sed: ii sed 4.0.7-3 -- Our mission: make IPv6 the default IP protocol We are on a mission from God - Elwood Blues http://www.itojun.org/paper/itojun-nanog-200210-ipv6isp/mgp4.html
Bug#225487: apache-ssl: Postinstall fails with a sed error
Hi Fabio- On Wed, Dec 31, 2003 at 08:10:09AM +0100, Fabio Massimo Di Nitto wrote: Hi Doug, can you be so kind to add set -x to /var/lib/dpkg/info/apache-ssl.postinst and send me the output? hades:/home/doug# vi /var/lib/dpkg/info/apache-ssl.postinst hades:/home/doug# apt-get -f install Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. 1 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up apache-ssl (1.3.29.0.1-3) ... + make_selfsigned_cert + '[' '!' -f /etc/apache-ssl/apache.pem ']' + /usr/sbin/make-ssl-cert /usr/share/ssl-cert/ssleay.cnf /etc/apache-ssl/apache.pem sed: -e expression #4, char 42: Unknown option to `s' dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: apache-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) hades:/home/doug#
Bug#225487: apache-ssl: Postinstall fails with a sed error
Package: apache-ssl Version: 1.3.29.0.1-3 Severity: grave Tags: sid Justification: renders package unusable Error occurs immediately after entering information needed for creation of self-signed certificate: [EMAIL PROTECTED]:~$ sudo apt-get -f install Reading Package Lists... Done Building Dependency Tree... Done 0 upgraded, 0 newly installed, 0 to remove and 7 not upgraded. 1 not fully installed or removed. Need to get 0B of archives. After unpacking 0B of additional disk space will be used. Setting up apache-ssl (1.3.29.0.1-3) ... sed: -e expression #4, char 42: Unknown option to `s' dpkg: error processing apache-ssl (--configure): subprocess post-installation script returned error exit status 1 Errors were encountered while processing: apache-ssl E: Sub-process /usr/bin/dpkg returned an error code (1) [EMAIL PROTECTED]:~$ -- System Information: Debian Release: testing/unstable Architecture: i386 Kernel: Linux hades 2.4.18-bf2.4 #1 Son Apr 14 09:53:28 CEST 2002 i686 Locale: LANG=C, LC_CTYPE=C Versions of packages apache-ssl depends on: ii apache-common 1.3.29.0.1-3 Support files for all Apache webse ii debconf 1.3.22 Debian configuration management sy ii dpkg1.10.18 Package maintenance system for Deb ii libc6 2.3.2.ds1-10 GNU C Library: Shared libraries an ii libdb4.14.1.25-10Berkeley v4.1 Database Libraries [ ii libexpat1 1.95.6-6 XML parsing C library - runtime li ii libkeynote0 2.3-10 Decentralized Trust-Management sys ii libmagic1 4.06-2 File type determination library us ii libpam0g0.76-14 Pluggable Authentication Modules l ii libssl0.9.7 0.9.7c-5 SSL shared libraries ii logrotate 3.6.5-2 Log rotation utility ii mime-support3.23-1 MIME files 'mime.types' 'mailcap ii openssl 0.9.7c-5 Secure Socket Layer (SSL) binary a ii perl [perl5]5.8.2-2 Larry Wall's Practical Extraction ii ssl-cert1.0-6Simple debconf wrapper for openssl -- debconf information: apache-ssl/server-admin: [EMAIL PROTECTED] * apache-ssl/enable-suexec: false apache-ssl/init: true apache-ssl/server-name: localhost apache-ssl/document-root: /var/www My version of sed: ii sed 4.0.7-3