Skip to main content

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

  • From: Xiaobo Shen < >
  • To:
  • Subject: [pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e
  • Date: Wed, 23 Oct 2013 17:12:11 -0700

On 10/23/13 03:52 PM, Yiteng Zhang wrote:
On 10/21/13 04:53 PM, Erik Trauschke wrote:


On 10/21/13 04:05 PM, Erik Trauschke wrote:
Have you played around with alternate ways to print that message to make
it more readable? I'm thinking it might be better to print them in a
more structured way:

--
# pkg -R /var/tmp/test_image refresh
pkg: One or more certificates have expired. Please replace with a valid
certificate.

PUBLISHER      CERTIFICATE LOCATION
pkg5-nightly /var/.../ssl/ddeb91e801b8be53ddd87db354ad5c7173564d97
solaris /var/.../ssl/cd98ea9966fb673235725ba169b2119e0d787fd2
--


Shawn and I played around with some ideas and this is what we came up with. In your initial proposal you removed the origin URL, however, since you can have multiple origins for one publisher it is important to print it.
For the first lines make sure they get broken into two new lines whenever they reach 80 characters. This prevents you from having ugly lines breaks for static text. For the dynamic text this isn't possible but the scheme below should minimize line breaks.

---
# pkg -R /var/tmp/test_image refresh
pkg: One or more client key and certificate files have expired. Please
update the configuration for the publishers or origins listed below:

Publisher: pkg5-nightly
   Repository: https://pkg.oracle.com/pkg5-nightly
  Certificate: /var/pkg/ssl/cd98ea9966fb673235725ba169b2119e0d787fd5
          Key: /var/pkg/ssl/ab98ea9966fb673235725ba169b2119e0d787fd6

   Repository: https://my.local.repo/pkg5-nightly
  Certificate: /var/pkg/ssl/cd98ea9966fb673235725ba169b2119e0d787fd7
          Key: /var/pkg/ssl/ab98ea9966fb673235725ba169b2119e0d787fd8

Publisher: my-other-pub
   Repository: https://pkg.oracle.com/my-other-pub
  Certificate: /var/pkg/ssl/cd98ea9966fb673235725ba169b2119e0d787fd1
          Key: /var/pkg/ssl/ab98ea9966fb673235725ba169b2119e0d787fd2

   Repository: https://my.local.repo/my-other-pub
  Certificate: /var/pkg/ssl/cd98ea9966fb673235725ba169b2119e0d787fd3
          Key: /var/pkg/ssl/ab98ea9966fb673235725ba169b2119e0d787fd4

Thanks
Erik
Hi,

I modify the code and the output now looks like:

# pkg -R /var/tmp/test_image/ refresh
pkg: One or more client key and certificate files have expired. Please
update the configuration for the publishers or origins listed below:

Publisher: pkg5-nightly
   Origin URI: https://supreme.us.oracle.com/repo2/
Certificate: /var/tmp/test_image/.org.opensolaris,pkg/ssl/ddeb91e801b8be53ddd87db354ad5c7173564d97
Key : /var/tmp/test_image/.org.opensolaris,pkg/ssl/58cfdbb1450f8a7b922a2ab98b065848077c830d

Publisher: solaris
   Origin URI: https://supreme.us.oracle.com/repo1/
Certificate: /var/tmp/test_image/.org.opensolaris,pkg/ssl/826d2ae4d07e3c2c209069a36159a7c8129dfbbf
Key : /var/tmp/test_image/.org.opensolaris,pkg/ssl/50f6b5d0206d8b6ff7bce6dc166906ae494b78da

   Origin URI: https://supreme.us.oracle.com/repo3/
Certificate: /var/tmp/test_image/.org.opensolaris,pkg/ssl/826d2ae4d07e3c2c209069a36159a7c8129dfbbf
Key : /var/tmp/test_image/.org.opensolaris,pkg/ssl/50f6b5d0206d8b6ff7bce6dc166906ae494b78da

The webrev can be seen at:
https://ips.java.net/webrev/yitezhan/15507548_3/

One thing to mention is that when I create two pairs of valid certificates and keys for two repositories of the same publisher, it seems that the pkg system can only use one pair of certificate and key (seen from the [authority_solaris] section of pkg5.image file). Is that true?

Please let me know your comments.
Thanks,

Yiteng

src/modules/client/api_errors.py:
2363: typo,should be "all the expired"

src/modules/misc.py:
1082, 1083, 1088: probably need to modify the comment reflecting the new 
return type


xiaobo



[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/21/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/23/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Xiaobo Shen 10/24/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/24/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/25/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Erik Trauschke 10/29/2013

[pkg-discuss] Re: Review request 15507548 cert validation needs to validate all certificates before raising e

Yiteng Zhang 10/30/2013
 
 
Close
loading
Please Confirm
Close