Dear openpkg maintainers, We have previously been using an older version of delegate (delegate-9.2.4-2.20061018) and due to some problems with getting it to log anything useful I decided to try the 'current' version (delegate-9.6.0-20070520).
This is on Solaris 10 SPARC machines. The problem is that the code builds and install fine, but when trying to execute we keep getting messages like: [EMAIL PROTECTED]: openpkg rc delegate start OpenPKG: start: delegate:FAILED openpkg:rc:WARNING: /secomon/openpkg-2.20061018:delegate:%start: failed with return code 255 openpkg:rc:NOTICE: output from stdout/stderr is following: +---------------------------------------------------------------------- | -- File MD5: cd7d3568b95ffc180580b2998002f7db | ** checking the integrity of /secomon/openpkg-2.20061018/sbin/delegated ... | -- ERROR: can't link the SSL/Crypto library. | -- Hint: use -vl option to trace the required library, | --- find it (ex. libssl.so.X.Y.Z) under /usr/lib or /lib, | --- then set the library version as DYLIB='+,lib*.so.X.Y.Z' | -- src Sign? 9.6.0:20070520161041+0900:6476b7d225eef1ec:[EMAIL PROTECTED] | -- bld Sign> 9.6.0 2007052213 d168f6191fe13291 ([EMAIL PROTECTED]) | ** NG, this executable is not built from the original code | -- exe Sign? 9.6.0 2007052213 a7d38977349a0802 ([EMAIL PROTECTED]) | ** NG, cannot verify this executable (RSA lib. unavailable) | FATAL: seems interpolated: /secomon/openpkg-2.20061018/sbin/delegated +---------------------------------------------------------------------- After a lot of messing around I finally worked out a workaround to get things to work. 1. Login as the 'managed' user (in our case laicmapp). 2. Run: [EMAIL PROTECTED]:~$ LDPATH=/usr/sfw/lib delegated -Fexesign -w -delegate[13084]- insufficient access right: DGROOT=/secomon/openpkg-2.20061018/var/delegate -delegate[13084]- bad DGROOT=/secomon/openpkg-2.20061018/var/delegate -- src Sign> 9.6.0 2007052016 6476b7d225eef1ec ([EMAIL PROTECTED]) -- bld Sign> 9.6.0 2007052213 d168f6191fe13291 ([EMAIL PROTECTED]) ** NG, this executable is not built from the original code -- exe Sign? 9.6.0 2007052213 a7d38977349a0802 ([EMAIL PROTECTED]) -- File MD5: cd7d3568b95ffc180580b2998002f7db old> 9.6.0 2007052213 a7d38977349a0802 ([EMAIL PROTECTED]) new> 9.6.0 2007060710 cd7d3568b95ffc18 ([EMAIL PROTECTED]) 9.6.0:20070607104245+1000:cd7d3568b95ffc18:[EMAIL PROTECTED] .au:-''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''''' '''''''''''''''''''''''''''''''''''''''' -rwxr-xr-x 1 laicmapp landicmg 2290576 Jun 7 10:42 /secomon/openpkg-2.20061018/sbin/delegated The LDPATH is so that it can find the run-time openssl libraries (which openpkg openssl does not have). Once this is done then the daemon will start successfully. Unfortunately this 'exesign' function actually modifies the executable so that a 'rpm verify' reports a mismatching MD5. This does not particularly worry me, but would be nice if it could be fixed. I presume that the 'build' process needs to be updated to re-sign the build (or something like that). Jason -- Jason Wilson Security Consultant, ICT Security Services Telephone: +61 7 389 63129 Facsimile: +61 7 389 63740 Email: mailto:[EMAIL PROTECTED] http://www.nrw.qld.gov.au Department of Natural Resources and Water Corner Main and Vulture Streets, Woolloongabba QLD 4102 Locked Bag 40, Coorparoo Delivery Centre QLD 4151 ************************************************************************ The information in this email together with any attachments is intended only for the person or entity to which it is addressed and may contain confidential and/or privileged material. Any form of review, disclosure, modification, distribution and/or publication of this email message is prohibited, unless as a necessary part of Departmental business. If you have received this message in error, you are asked to inform the sender as quickly as possible and delete this message and any copies of this message from your computer and/or your computer system network. ************************************************************************ ______________________________________________________________________ OpenPKG http://openpkg.org User Communication List openpkg-users@openpkg.org