Jonathan Steffan wrote:
Has certtool stopped working for anyone else?
To create a private key, run:
$ certtool --generate-privkey --outfile key.pem
With some more looking the only package that has been updated on all the
machines is the krb5-libs package, but I'm not sure how that is related
to gnutls.
After setting permissive, getting a generation to work and then setting
back enforcing certtool continues to work. Which I find odd.
To prevent any FS contexts from causing the issue I have changed the
command I'm using to test:
$ certtool -p
Which now on my f8 x86_64 desktop (after a setenforce 0, success and
then a reboot) actually generates a key:
[jon@damaestro ~]$ time certtool -p
Generating a private key...
Generating a 1024 bit RSA private key...
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
real 0m38.281s
user 0m0.045s
sys 0m0.003s
So, even now the original command works, generating the expected key.pem:
[jon@damaestro ~]$ time certtool --generate-privkey --outfile key.pem
Generating a private key...
Generating a 1024 bit RSA private key...
real 0m49.547s
user 0m0.069s
sys 0m0.004s
[jon@damaestro ~]$ cat key.pem
-----BEGIN RSA PRIVATE KEY-----
[...]
-----END RSA PRIVATE KEY-----
On f8 i386 SELinux enforcing, I've given the generation 9min15.455s to
complete, user is at 0m0.0009s and sys is at 0m0.004s and I get no key
from 'certtool -p'.
Now, after setting SELinux to permissive it still seems to fail.
An strace reveals a lot of:
select(5, [4], NULL, NULL, {3, 0}) = 0 (Timeout)
Any other tests I can run?
--
Jonathan Steffan
daMaestro
Fedora Unity -
http://fedoraunity.org/
GPG Fingerprint: 93A2 3E2F DC26 5570 3472 5B16 AD12 6CE7 0D86 AF59