[Freeipa-devel] Problem with ipa installation: certutil
Martin Nagy
mnagy at redhat.com
Thu Dec 3 09:53:26 UTC 2009
On Wed, 2009-12-02 at 09:38 -0500, Rob Crittenden wrote:
> Martin Nagy wrote:
> > Hi,
> > I'm trying to install ipa and am getting a python traceback (attached).
> > It seems that running certutil didn't succeed so I added a debugging
> > print before it's execution and tried to run it manually. This is what I
> > get:
> >
> > # /usr/bin/certutil -d /etc/httpd/alias -S -n 'CA certificate' -s
> > 'cn=IPA Test Certificate Authority' -x -t 'CT,,C' -1 -2 -5 -m 1056 -v
> > 120 -z /etc/httpd/alias/noise.txt -f /etc/httpd/alias/pwdfile.txt
> > certutil -o: unable to open "tempcertreq" for writing (-5950, 2)
> > Exit 255
> >
> > (The "Exit 255" is from my shell saying that certutil exited returning
> > 255). I did a git grep tempcertreq in freeipa git tree but didn't find
> > anything, so I'm assuming we weren't creating it or anything. Does
> > anyone know what might be causing this error?
> >
> > Martin
>
> This message comes directly from certutil itself. It tries to open the
> file "tempcertreq" in the cwd.
>
> Odd since you are installing this as root, right? Perhaps you are in a
> directory that no longer exists?
Correct. I was in my freeipa git directory when I executed
ipa-server-install but had to delete it and clone again in other
terminal.
> I seem to recall running into this in v1 as well and though we did a
> chdir(). Maybe we do that in some places and not others.
Should we make a patch to prevent any future problems like this (even if
they are rare)? Maybe at the beginning we could chdir() to our current
directory to make sure, and abort if that fails.
Martin
More information about the Freeipa-devel
mailing list