euca2ools in precise (probably also quanta) breaks openssl when installed first

Bug #1007533 reported by Stéphane Graber
22
This bug affects 2 people
Affects Status Importance Assigned to Milestone
euca2ools (Ubuntu)
Fix Released
High
Stéphane Graber
Precise
Fix Released
High
Stéphane Graber
Quantal
Fix Released
High
Stéphane Graber

Bug Description

euca2ools is shipping a symlink to an ec2 certificate, it's trying to put it in /etc/ssl/certs using a debian/links file entry.
There are currently two problems with that:
1) The target is set to /etc/ssl/certs and not /etc/ssl/certs/cert-ec2.pem, making the package create a "/etc/ssl/certs" symlink when openssl isn't installed, which is completely wrong, doesn't work and breaks openssl
2) Even if dh_link was doing the right thing, nothing actually creates /etc/ssl/certs, so package build would fail.

This bug needs to be fixed in quantal and SRUed to precise.

[rational]
Installating euca2ools before openssl, will prevent any subsequent openssl installation and will fail to setup the ec2 certificate.
This currently prevents lxc from installing and likely breaks quite a few other scenarios.

[test case]
1) apt-get install euca2ools
2) apt-get install openssl

If 2) doesn't fail and /etc/ssl/certs is a directory and /etc/ssl/certs/cert-ec2.pem is a symlink, then the package now works properly.

[regression potential]
I can't see any potential regression as the current state is a broken ssl certs directory on the system and a missing ec2 certificate.

Changed in euca2ools (Ubuntu Precise):
status: New → In Progress
Changed in euca2ools (Ubuntu Quantal):
status: New → In Progress
Changed in euca2ools (Ubuntu Precise):
importance: Undecided → High
Changed in euca2ools (Ubuntu Quantal):
importance: Undecided → High
Changed in euca2ools (Ubuntu Precise):
assignee: nobody → Stéphane Graber (stgraber)
Changed in euca2ools (Ubuntu Quantal):
assignee: nobody → Stéphane Graber (stgraber)
Revision history for this message
Stéphane Graber (stgraber) wrote :

Fix tested locally and uploaded to both quantal and precise-proposed.

Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package euca2ools - 2.0.2-0ubuntu2

---------------
euca2ools (2.0.2-0ubuntu2) quantal; urgency=low

  * Properly create the /etc/ssl/certs/cert-ec2.pem symlink, creating
    /etc/ssl/certs if it doesn't exist already. (LP: #1007533)
 -- Stephane Graber <email address hidden> Fri, 01 Jun 2012 13:31:17 -0400

Changed in euca2ools (Ubuntu Quantal):
status: In Progress → Fix Released
Revision history for this message
Brian Murray (brian-murray) wrote : Please test proposed package

Hello Stéphane, or anyone else affected,

Accepted euca2ools into precise-proposed. The package will build now and be available in a few hours. Please test and give feedback here. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Thank you in advance!

Changed in euca2ools (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed
Revision history for this message
Dimitri John Ledkov (xnox) wrote :

Steps performec to verify:
1) login into clean precise chroot with proposed disabled
2) install euca2ools
3) attempted installing openssl, which failed (bug reproduced). Verified that the symlink is wrong.
4) enabled proposed
5) upgraded euca2ools
6) installed openssl successfully (bug resolved)
7) verified that the /etc/ssl/ has coorrect layout and that the euca2ools symlink is correct - /etc/ssl/certs/cert-ec2.pem

Additional tests:
1) with proposed enabled, tested that installing euca2ools and openssl in either order works correctly.

James Page (james-page)
Changed in euca2ools (Ubuntu Precise):
milestone: none → ubuntu-12.04.1
Revision history for this message
Stéphane Graber (stgraber) wrote :

Marking verification-done

tags: added: verification-done
removed: verification-needed
Revision history for this message
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package euca2ools - 2.0.0~bzr516-0ubuntu3.1

---------------
euca2ools (2.0.0~bzr516-0ubuntu3.1) precise-proposed; urgency=low

  * Properly create the /etc/ssl/certs/cert-ec2.pem symlink, creating
    /etc/ssl/certs if it doesn't exist already. (LP: #1007533)
 -- Stephane Graber <email address hidden> Fri, 01 Jun 2012 13:24:46 -0400

Changed in euca2ools (Ubuntu Precise):
status: Fix Committed → Fix Released
Revision history for this message
Scott Moser (smoser) wrote :

This seems to not have been properly fixed, resulting in bug 1085537.

Revision history for this message
Loïc Minier (lool) wrote :

The change uncovered that the certificate wasn't being installed in quantal and raring anymore; the dangling symlinks breaks postfix startup in some configurations (as it tries to cpio /etc/ssl/certs into a chroot).

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.

Duplicates of this bug

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.