[Bug 1945774] Re: openssl: breaks ssl-cert installation: 8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom

Sergio Durigan Junior 1945774 at bugs.launchpad.net
Mon Apr 15 17:29:44 UTC 2024 

This is not a bug in ssl-cert.  It's a bug in libapache2-mod-auth-
mellon, more specifically in the way it configures openssl to generate
its certificate.  From /usr/sbin/mellon_create_metadata:

cat >"$TEMPLATEFILE" <<EOF
RANDFILE           = /dev/urandom
[req]
default_bits       = 3072
default_keyfile    = privkey.pem
distinguished_name = req_distinguished_name
prompt             = no
policy             = policy_anything
[req_distinguished_name]
commonName         = $HOST
EOF

The fix is simple: just remove the RANDFILE entry from the snippet
above.  This looks like SRU material, so I'm adding a task for the
package and setting its status accordingly.

** Also affects: libapache2-mod-auth-mellon (Ubuntu)
   Importance: Undecided
       Status: New

** Changed in: libapache2-mod-auth-mellon (Ubuntu Jammy)
       Status: New => Triaged

** Changed in: ssl-cert (Ubuntu Jammy)
       Status: Confirmed => Fix Released

** Changed in: hplip (Ubuntu Jammy)
       Status: Confirmed => Fix Released

-- 
You received this bug notification because you are a member of Ubuntu
OpenStack, which is subscribed to libapache2-mod-auth-mellon in Ubuntu.
https://bugs.launchpad.net/bugs/1945774

Title:
  openssl: breaks ssl-cert installation:
  8022CB35777F0000:error:1200007A:random number
  generator:RAND_write_file:Not a regular
  file:../crypto/rand/randfile.c:190:Filename=/dev/urandom

Status in mod_auth_mellon:
  Unknown
Status in hplip package in Ubuntu:
  Fix Released
Status in libapache2-mod-auth-mellon package in Ubuntu:
  New
Status in ssl-cert package in Ubuntu:
  Fix Released
Status in hplip source package in Jammy:
  Fix Released
Status in libapache2-mod-auth-mellon source package in Jammy:
  Triaged
Status in ssl-cert source package in Jammy:
  Fix Released
Status in ssl-cert package in Debian:
  Fix Released

Bug description:
  Imported from Debian bug http://bugs.debian.org/990228:

  Package: openssl
  Version: 3.0.0~~alpha16-1
  Severity: serious
  User: debian-qa at lists.debian.org
  Usertags: piuparts

  Hi,

  during a test with piuparts I noticed your package causes other package
  to fail installation/upgrading.

  From the attached log (scroll to the bottom...):

  ...
    Setting up openssl (3.0.0~~alpha16-1) ...
    Setting up libbsd0:amd64 (0.11.3-1) ...
    Setting up readline-common (8.1-2) ...
    Setting up libxml2:amd64 (2.9.10+dfsg-6.7) ...
    Setting up libgdbm6:amd64 (1.19-2) ...
    Setting up postgresql-client-common (226) ...
    Setting up libedit2:amd64 (3.1-20210522-1~exp1) ...
    Setting up libreadline8:amd64 (8.1-2) ...
    Setting up libldap-2.4-2:amd64 (2.4.57+dfsg-3) ...
    Setting up libllvm11:amd64 (1:11.0.1-2) ...
    Setting up ssl-cert (1.1.0+nmu1) ...
    Could not create certificate. Openssl output was:
    Generating a RSA private key
    ..+..+......+.......+.....+...+.........+.......+...+..+...+.+..+...+.........+.......+...+..+.........+.+...........+...+.+......+........+......+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*..+..........+........+.......+.........+..+...+....+..+.+............+..+................+...+............+..+.............+...+..+.......+...+.....+..................+.......+.........+........+.+........................+............+.........+..+.........+.+..+......+.+...........+.........+.+.....+....+.........+.....+.+....................+....+............+...+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    ..+.+........+...+...+.......+..................+..+.........+...+.+............+...+.....+......................+..+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*........+...+....+......+...+..+...+..........+.....+......+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++*....+......+...+....+..+....+..+....+.........+..+...+....+.....+.+......+.....+.+..+.............+..+..........+..+.+........+............+.........+....+..+.......+.....+...+.......+...+...+..+....+...+..+.+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
    Writing new private key to '/etc/ssl/private/ssl-cert-snakeoil.key'
    -----
    Warning: No -copy_extensions given; ignoring any extensions in the request
    Cannot write random bytes:
    8022CB35777F0000:error:1200007A:random number generator:RAND_write_file:Not a regular file:../crypto/rand/randfile.c:190:Filename=/dev/urandom
    dpkg: error processing package ssl-cert (--configure):
     installed ssl-cert package post-installation script subprocess returned error exit status 1
    dpkg: dependency problems prevent configuration of postgresql-common:
     postgresql-common depends on ssl-cert (>= 1.0.11); however:
      Package ssl-cert is not configured yet.
  ...

  Hmm, well, yes, /dev/urandom is not a regular file. It's a character
  device node.

  
  cheers,

  Andreas

To manage notifications about this bug go to:
https://bugs.launchpad.net/mod-auth-mellon/+bug/1945774/+subscriptions

More information about the Ubuntu-openstack-bugs mailing list