Bug#503037: ssl-cert snakeoil generation completely broken in hurd

Tue, 21 Oct 2008 17:30:07 -0700 

Package: ssl-cert
Version: 1.0.23
Severity: grave
Tags: patch
Justification: renders package unusable

When installing ssl-cert on GNU/Hurd i386, the package fails the
postinst.  Upon further inspection, I found that the bash script never
actually queries debconf for the hostname parameter it needs to config
the package.
When that function is added to the script, it still doesn't work because
the ssleay.cnf file is set up to use /dev/urandom to get random input.
Because Hurd doesn't have /dev/urandom, the hurd version of this package
needs to depend on a package called random-egd, which adds /dev/random.
Then the ssleay.cnf needs to change urandom to random.  Provided that
random-egd is installed, the attached patch adds in the necessary lines
to fix the issues.


-- System Information:
Debian Release: lenny/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: hurd-i386 (i386-AT386)

Kernel: GNU-Mach 1.3.99/Hurd-0.3
Locale: LANG=C, LC_CTYPE=C (charmap=ANSI_X3.4-1968)
Shell: /bin/sh linked to /bin/bash

Versions of packages ssl-cert depends on:
ii  adduser                      3.110       add and remove users and groups
ii  debconf [debconf-2.0]        1.5.24      Debian configuration management sy
ii  openssl                      0.9.8g-10.1 Secure Socket Layer (SSL) binary a
ii  openssl-blacklist            0.4.2       list of blacklisted OpenSSL RSA ke

ssl-cert recommends no packages.

ssl-cert suggests no packages.

-- debconf information:
  make-ssl-cert/vulnerable_prng:
  make-ssl-cert/title:
  make-ssl-cert/hostname: bearclaw

diff -Naur old/usr/sbin/make-ssl-cert new/usr/sbin/make-ssl-cert
--- old/usr/sbin/make-ssl-cert	2008-09-24 08:09:04.000000000 -0700
+++ new/usr/sbin/make-ssl-cert	2008-10-21 10:18:17.320000000 -0700
@@ -64,6 +64,7 @@
              exit 0
         fi
     fi
+    ask_via_debconf
     make_snakeoil
 fi
				   
diff -Naur old/usr/share/ssl-cert/ssleay.cnf new/usr/share/ssl-cert/ssleay.cnf
--- old/usr/share/ssl-cert/ssleay.cnf 2008-10-21 10:29:06.550000000 -0700
+++ new/usr/share/ssl-cert/ssleay.cnf 2008-10-21 01:57:13.000000000 -0700
@@ -2,7 +2,7 @@
 # SSLeay example configuration file.
 #
				      
-RANDFILE                = /dev/urandom
+RANDFILE                = /dev/random
			       
 [ req ]
 default_bits            = 1024

Reply via email to