[AG-DEV] Cert issues on Fedora 12

Jason Bell j.bell at cqu.edu.au
Thu Feb 25 05:49:25 CST 2010 

G'day Chris and Tom

Thanks for the quick feedback...

Okay, I am not sure what I have done, but nothing seems to be working...

So, not knowing how to "add the new CA certs" as provided in https://lists.mcs.anl.gov/mailman/htdig/ag-tech/2010-January/021336.html, I thought I would try using the CertificateManager or CertificateRequestTool programs, but I get the following error messages when executing these programs from a Terminal:

[ace at linux Desktop]$ CertificateManager 
/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ClientProfile.py:22: DeprecationWarning: the md5 module is deprecated; use hashlib instead
  import md5
/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/Security/ProxyGen.py:19: DeprecationWarning: The popen2 module is deprecated.  Use the subprocess module.
  import popen2
Traceback (most recent call last):
  File "/usr/bin/CertificateManager", line 64, in <module>
    main()
  File "/usr/bin/CertificateManager", line 52, in main
    certMgr = app.GetCertificateManager()


<SNIP>


  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/Security/CertificateRepository.py", line 1297, in GetMetadata
    return self.cert.GetMetadata(k)
  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/Security/CertificateRepository.py", line 1590, in GetMetadata
    hashkey = self._GetMetadataKey(key)
  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/Security/CertificateRepository.py", line 1579, in _GetMetadataKey
    self.GetIssuerSerialHash(),
  File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/Security/CertificateRepository.py", line 1504, in GetIssuerSerialHash
    serial = struct.pack("l", self.cert.get_serial_number())
struct.error: long too large to convert to int


So I thought I would copy the files to /etc/AccessGrid3/Config/CAcertificates, but neither the VenueClient nor the about cert programs mentioned above works.

I even tried doing a yum remove AccessGrid and then a yum install AccessGrid.

Maybe I am doing something wrong, any advice would be appreciated.

Should I completely remove the /etc/AccessGrid3 directory and start again?

Thanks in advance, 
Jason.


-----Original Message-----
From: Christoph Willing [mailto:c.willing at uq.edu.au] 
Sent: Thursday, 25 February 2010 3:07 PM
To: Jason Bell
Cc: ag-dev
Subject: Re: [AG-DEV] Cert issues on Fedora 12

On 25/02/2010, at 2:48 PM, Jason Bell wrote:

> G'day All
>
> Just wondering if any has installed Fedora 12 and the Access Grid  
> software recently.
>
> I have tried to install the AG software at home and got some error  
> messages which appears to relate to the certificate.
>
> Just wondering if anyone has seen this.
>
> Thanks,
> Jason.
>
> PS, this is the error message I get:
>
[snip]
> Traceback (most recent call last):
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> VenueClientUI.py", line 533, in __SetMenubar
>     mgr = app.GetCertificateManager()
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Toolkit.py", line 473, in GetCertificateManager
>     self._certificateManager.InitEnvironment()
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateManager.py", line 564, in InitEnvironment
>     self._InitializeCADir()
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateManager.py", line 645, in _InitializeCADir
>     for c in self.GetCACerts():
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateManager.py", line 768, in GetCACerts
>     caCerts = self.certRepo.FindCertificatesWithMetadata(mdkey, mdval)
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1201, in  
> FindCertificatesWithMetadata
>     return list(self.FindCertificates(lambda c: c.GetMetadata(mdkey)  
> == mdvalue))
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1191, in FindCertificates
>     if pred(cert):
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1201, in <lambda>
>     return list(self.FindCertificates(lambda c: c.GetMetadata(mdkey)  
> == mdvalue))
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1297, in GetMetadata
>     return self.cert.GetMetadata(k)
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1590, in GetMetadata
>     hashkey = self._GetMetadataKey(key)
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1579, in _GetMetadataKey
>     self.GetIssuerSerialHash(),
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> Security/CertificateRepository.py", line 1504, in GetIssuerSerialHash
>     serial = struct.pack("l", self.cert.get_serial_number())
> error: long too large to convert to int


Looks like a repeat of this one:
      https://lists.mcs.anl.gov/mailman/htdig/ag-tech/2010-January/021336.html

You need to add the new CA certs  attached there to /etc/AccessGrid3/ 
Config/CAcertificates/


chris



> Traceback (most recent call last):
>   File "/usr/bin/VenueClient", line 173, in <module>
>     main()
>   File "/usr/bin/VenueClient", line 150, in main
>     vcui = VenueClientUI(vc, vcc, app)
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> VenueClientUI.py", line 237, in __init__
>     self.__BuildUI(app)
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> VenueClientUI.py", line 980, in __BuildUI
>     self.__SetMenubar(app)
>   File "/usr/lib/python2.6/site-packages/AccessGrid3/AccessGrid/ 
> VenueClientUI.py", line 538, in __SetMenubar
>     self.cmui = CertificateManagerWXGUI.CertificateManagerWXGUI(mgr)
> UnboundLocalError: local variable 'mgr' referenced before assignment
>
>
> --------------------------------------------
> Jason Bell, B.I.T. (Honours)
>
> Research Systems Support Officer
> Information Technology Division
> CQ University Australia
>
> Australian Research Collaboration Service
> http://www.arcs.org.au/
>
> E-mail : j.bell at cqu.edu.au
>          jason.bell at arcs.org.au
> Work   : +61 7 4930 9229
> Mobile : 0409 630897
> Postal : Building 19
>          Central Queensland University
>          Bruce Highway
>          Rockhampton, Queensland, Australia, 4702
> --------------------------------------------
> Patience is a virtue.
>
> But if I wanted Patience,
> I would have become a Doctor.
> --------------------------------------------
>

Christoph Willing                       +61 7 3365 8316
QCIF Access Grid Manager
University of Queensland

More information about the ag-dev mailing list