https doesn't work using apache-mod_nss. https works using apache-mod_ssl version: apache-mod_nss-1.0.8-15 upgrade apache-mod_nss-1.0.8-15.1 solves this problem
Status: NEW => ASSIGNED
Advisory: ========= I have updated apache-mod_nss-1.0.8-15 to rel 15.1 Updated packages are in core/updates_testing: ======================== apache-mod_nss-1.0.8-15.1 same src package I have updated this package on my own e-mail server. I have been using it during my last trip by checking e-mail from hotels using the kolab mailserver through Roundcubemail. In order to test it this way, one needs to change the following line in /etc/roundcubemail/main.inc.php $rcmail_config['force_https'] = false; to $rcmail_config['force_https'] = 8443; (to make roundcubemail using https instead of http)
CC: (none) => thomasAssignee: bugsquad => qa-bugs
my bad: Just test with https://localhost:8443/ in your browser
Whiteboard: (none) => has_procedure
Testing mga2 64 Before ------ # urpme apache-mod_ssl # netstat -pant | grep 443 # urpmi apache-mod_nss installing apache-mod_nss-1.0.8-15.mga3.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ########################## 1/1: apache-mod_nss ########################## apache-mod_nss certificate database generated. ---------------------------------------------------------------------- More information on package apache-mod_nss-1.0.8-15.mga3.x86_64 NOTE: You may need to convert your existing ssl certs These links provide a good how-to: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html http://directory.fedora.redhat.com/wiki/Mod_nss ---------------------------------------------------------------------- # netstat -pant | grep 443 # service httpd restart Redirecting to /bin/systemctl restart httpd.service # netstat -pant | grep 443 Netstat shows nothing listening. Browsing to https://localhost:8443 shows unable to connect. After ----- There is an error in the %post script installing apache-mod_nss-1.0.8-15.1.mga3.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ########################## 1/1: apache-mod_nss ########################## Failed to issue method call: Unit httpd-prefork.service failed to load: No such file or directory. See system logs and 'systemctl status httpd-prefork.service' for details. warning: %post(apache-mod_nss-1.0.8-15.1.mga3.x86_64) scriptlet failed, exit status 6 ERROR: 'script' failed for apache-mod_nss-1.0.8-15.1.mga3.x86_64: 1/1: removing apache-mod_nss-1.0.8-15.mga3.x86_64 ######################## ---------------------------------------------------------------------- More information on package apache-mod_nss-1.0.8-15.1.mga3.x86_64 NOTE: You may need to convert your existing ssl certs These links provide a good how-to: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html http://directory.fedora.redhat.com/wiki/Mod_nss ---------------------------------------------------------------------- It is now listening though and connects Ok in a browser. # netstat -pant | grep 443 tcp 0 0 :::8443 :::* LISTEN 19354/httpd So OK apart from the error in %post
Whiteboard: has_procedure => has_procedure feedback
Also a bad link in the readme.urpmi, should be.. http://directory.fedoraproject.org/wiki/Mod_nss
Testing was mga3 64 in comment 3, sorry, not mga2.
you are correct, the link is wrong. I will correct it. Must have been wrong for a long time.
(In reply to claire robinson from comment #3) > Testing mga2 64 > > Before > ------ > # urpme apache-mod_ssl > # netstat -pant | grep 443 > # urpmi apache-mod_nss > > installing apache-mod_nss-1.0.8-15.mga3.x86_64.rpm from > /var/cache/urpmi/rpms > > Preparing... ########################## > 1/1: apache-mod_nss ########################## > > apache-mod_nss certificate database generated. > > ---------------------------------------------------------------------- > More information on package apache-mod_nss-1.0.8-15.mga3.x86_64 > > NOTE: You may need to convert your existing ssl certs > These links provide a good how-to: > > http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html > http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html > http://directory.fedora.redhat.com/wiki/Mod_nss > > ---------------------------------------------------------------------- > > # netstat -pant | grep 443 > # service httpd restart > Redirecting to /bin/systemctl restart httpd.service > # netstat -pant | grep 443 > > Netstat shows nothing listening. Browsing to https://localhost:8443 shows > unable to connect. > > After > ----- > > There is an error in the %post script > > installing apache-mod_nss-1.0.8-15.1.mga3.x86_64.rpm from > /var/cache/urpmi/rpms > > Preparing... ########################## > 1/1: apache-mod_nss ########################## > Failed to issue method call: Unit httpd-prefork.service failed to load: No > such file or directory. See system logs and 'systemctl status > httpd-prefork.service' for details. > warning: %post(apache-mod_nss-1.0.8-15.1.mga3.x86_64) scriptlet failed, exit > status 6 > ERROR: 'script' failed for apache-mod_nss-1.0.8-15.1.mga3.x86_64: > 1/1: removing apache-mod_nss-1.0.8-15.mga3.x86_64 > ######################## > ---------------------------------------------------------------------- > More information on package apache-mod_nss-1.0.8-15.1.mga3.x86_64 > > NOTE: You may need to convert your existing ssl certs > These links provide a good how-to: > > http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html > http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html > http://directory.fedora.redhat.com/wiki/Mod_nss > > ---------------------------------------------------------------------- > > > It is now listening though and connects Ok in a browser. > > # netstat -pant | grep 443 > tcp 0 0 :::8443 :::* LISTEN 19354/httpd > > > So OK apart from the error in %post Thanks for catching this. I intended (and forgot) to put into the install text that a new certificate needs to be created or the old one to be moved to the new location which is now /etc/pki/nss/apache-mod_nss/ But I decided to change the %post script. This should be safe as nobody was able to use this package. The change log is self-explanatory. The package is now in upgrade-testing as 15.2
Thankyou Thomas
Whiteboard: has_procedure feedback => has_procedure
Testing mga3 64 Still issues in %post I'm afraid Thomas. The link doesn't appear to have been updated either. installing apache-mod_nss-1.0.8-15.2.mga3.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ########################## 1/1: apache-mod_nss ########################## Failed to issue method call: Unit httpd-prefork.service failed to load: No such file or directory. See system logs and 'systemctl status httpd-prefork.service' for details. warning: %post(apache-mod_nss-1.0.8-15.2.mga3.x86_64) scriptlet failed, exit status 6 ERROR: 'script' failed for apache-mod_nss-1.0.8-15.2.mga3.x86_64: 1/1: removing apache-mod_nss-1.0.8-15.mga3.x86_64 ########################## ---------------------------------------------------------------------- More information on package apache-mod_nss-1.0.8-15.2.mga3.x86_64 NOTE: You may need to convert your existing ssl certs These links provide a good how-to: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html http://directory.fedora.redhat.com/wiki/Mod_nss ----------------------------------------------------------------------
# urpme apache-mod_nss removing apache-mod_nss-1.0.8-15.2.mga3.x86_64 Failed to issue method call: Unit httpd-prefork.service not loaded. Failed to issue method call: No such file or directory removing package apache-mod_nss-1.0.8-15.2.mga3.x86_64 1/1: removing apache-mod_nss-1.0.8-15.2.mga3.x86_64 ###################################
Source RPM: (none) => apache-mod_nss
Assigning Thomas for now. Please reassign to QA when when you've had a chance to take a look. Thanks.
CC: (none) => qa-bugsAssignee: qa-bugs => thomas
Claire: I tested this on my VM and here is what I got: # urpmi apache-mod_nss http://mirrors.kernel.org/mageia/distrib/3/x86_64/media/core/updates_testing/apache-mod_nss-1.0.8-15.2.mga3.x86_64.rpm installing apache-mod_nss-1.0.8-15.2.mga3.x86_64.rpm from /var/cache/urpmi/rpms Preparing... ######################################################################################################### 1/1: apache-mod_nss ######################################################################################################### ---------------------------------------------------------------------- More information on package apache-mod_nss-1.0.8-15.2.mga3.x86_64 NOTE: You may need to convert your existing ssl certs These links provide a good how-to: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html http://directory.fedora.redhat.com/wiki/Mod_nss ---------------------------------------------------------------------- [root@vbox ~]# urpme apache-mod_nss removing apache-mod_nss-1.0.8-15.2.mga3.x86_64 removing package apache-mod_nss-1.0.8-15.2.mga3.x86_64 1/1: removing apache-mod_nss-1.0.8-15.2.mga3.x86_64 I wonder what the difference is? Thomas
Did you have some time to look at this?
assigning back to QA
Assignee: thomas => qa-bugs
Sorry Thomas, there is an issue with this package which needs to be corrected before assigning back to QA for tests. Its the same on i586. # urpmi apache-mod_nss installing apache-mod_nss-1.0.8-15.2.mga3.i586.rpm from /var/cache/urpmi/rpms Preparing... ############################################### 1/1: apache-mod_nss ############################################### apache-mod_nss certificate database generated. Failed to issue method call: No such file or directory ---------------------------------------------------------------------- More information on package apache-mod_nss-1.0.8-15.2.mga3.i586 NOTE: You may need to convert your existing ssl certs These links provide a good how-to: http://www.mozilla.org/projects/security/pki/nss/tools/certutil.html http://www.mozilla.org/projects/security/pki/nss/tools/pk12util.html http://directory.fedora.redhat.com/wiki/Mod_nss ---------------------------------------------------------------------- # urpme apache-mod_nss removing apache-mod_nss-1.0.8-15.2.mga3.i586 Failed to issue method call: Unit httpd-prefork.service not loaded. Failed to issue method call: No such file or directory removing package apache-mod_nss-1.0.8-15.2.mga3.i586 1/1: removing apache-mod_nss-1.0.8-15.2.mga3.i586 ############################################### writing /var/lib/rpm/installed-through-deps.list
Assignee: qa-bugs => thomas
It could be an external issue not related to this package but I can't verify that. The httpd service *IS* actually restarted. The journal shows lines like this.. dbus[1146]: [system] Activating service name='org.freedesktop.PackageKit' (using servicehelper) dbus-daemon[1146]: dbus[1146]: [system] Successfully activated service 'org.freedesktop.PackageKit' dbus[1146]: [system] Successfully activated service 'org.freedesktop.PackageKit' .. which may be the cause of the problem. Please make some further checks and if it is due to an external issue then we'll go ahead with this.
Adding David to CC in case he has any ideas about this.
CC: (none) => luigiwalser
actually, you shouldn't be able to install it after upgrading the NSS. I just rebuilt it to take care of the NSS upgrade.
(In reply to Thomas Spuhler from comment #18) > actually, you shouldn't be able to install it after upgrading the NSS. > I just rebuilt it to take care of the NSS upgrade. I don't see much point to even having this package unless it's fixed so that's not necessary.
I think the person who updated nss should have updated this package as well? :)
No, this package *should not* need to be updated when nss is updated, there's absolutely no reason for that. nss updates do not break the ABI, so if something still needs rebuilt, that's a packaging problem. The last thing we need is to have to re-test this package as well each time we update nss (which happens with almost every firefox update), especially when it's not strictly necessary.
you are right. Upstream doesn't require it either. It was coming over from Mandriva when I imported the package. I will make the change. (In cauldron too)
I can't reproduce the errors Claire is getting, and it looks to me like that could have been an issue that sometimes happened with the httpd service files in Mageia 2 that may have carried over into her installation when she upgraded it.
The package is now ready to test. (nss dep has been removed) reassigned to qa-bugs@ml.mageia.org Advisory: ========= I have updated apache-mod_nss-1.0.8-15 to rel 15.3 Updated packages are in core/updates_testing: ======================== apache-mod_nss-1.0.8-15.3 same src package I have updated this package on my own e-mail server. I have been using it during my last trip by checking e-mail from hotels using the kolab mailserver through Roundcubemail. In order to test it this way, one needs to change the following line in /etc/roundcubemail/main.inc.php $rcmail_config['force_https'] = false; to $rcmail_config['force_https'] = 8443; (to make roundcubemail using https instead of http)
Can we please push this?
(In reply to Thomas Spuhler from comment #25) > Can we please push this? Once it's tested. QA has been buried under a heap of updates because of the extended time that testing beta 1 took. They cleared the Mageia 2 updates last week but there are still a bunch for Mageia 3. If you want to help test packages to speed up the process, the current ones are here: http://mageia.madb.org/tools/updates
Advisory 11364.adv committed to svn.
CC: (none) => davidwhodginsWhiteboard: has_procedure => has_procedure advisory
Testing complete on Mageia 3 i586 and x86_64. Validating the update. Someone from the sysadmin team, please push 11364.adv to updates.
Keywords: (none) => validated_updateWhiteboard: has_procedure advisory => has_procedure advisory MGA3-64-OK MGA3-32-OKCC: (none) => sysadmin-bugs
Update pushed: http://advisories.mageia.org/MGAA-2013-0126.html
Status: ASSIGNED => RESOLVEDCC: (none) => tmbResolution: (none) => FIXED