Bug 7410 - the config migration system tries to handle certificates
Summary: the config migration system tries to handle certificates
Status: CLOSED FIXED
Alias: None
Product: ThinLinc
Classification: Unclassified
Component: Server Installer (show other bugs)
Version: trunk
Hardware: PC Unknown
: P2 Normal
Target Milestone: 4.11.0
Assignee: Samuel Mannehed
URL:
Keywords: ossman_tester, prosaic
Depends on:
Blocks:
 
Reported: 2019-10-24 09:27 CEST by Pierre Ossman
Modified: 2019-11-07 15:36 CET (History)
1 user (show)

See Also:
Acceptance Criteria:


Attachments

Description Pierre Ossman cendio 2019-10-24 09:27:24 CEST
When running tl-setup after installing to the current build I get complaints about the following files in config migration step:

> /opt/thinlinc/etc/tlwebaccess/server.crt.rpmsave
> /opt/thinlinc/etc/tlwebaccess/server.key.rpmsave

Migrating things here quite obviously does not make sense

This is fallout from bug 5513, which is the first time we've changed the default files.
Comment 1 Samuel Mannehed cendio 2019-10-24 10:29:59 CEST
We have decided to limit the configuration migration step in tl-setup to only work on Hiveconf files (instead of all files that RPM/DEB considers to be 'configuration').

This means we should also make our documentation in the TAG more specific.
Comment 3 Samuel Mannehed cendio 2019-11-05 15:55:41 CET
This problem is twofold:

* Firstly, during the package upgrade we could get .rpmsave or .dpkgold files meaning the original certificate was replaced and renamed, and a basic self-signed certificate would be active instead. This was handled on bug 5773.

* Secondly, regular migration isn't a suitable approach for certificates. Our configuration migration step in tl-setup would highlight the certificates and ask the admin how he wanted them to be handled. The answer should always be to keep the old certificate, presenting a question is unnecessary.

This bug is about the second problem.
Comment 5 Samuel Mannehed cendio 2019-11-05 16:56:12 CET
Fixed. ThinLinc Setup no longer offers to migrate non-Hiveconf files, and the documentation has been clarified to reflect this change.
Comment 6 Pierre Ossman cendio 2019-11-06 10:48:52 CET
Looks mostly good. Tested on RHEL 8 by changing passwdaliases, homecreatefilter.conf and vsmserver.hconf.

I'm a bit concerned about this new addition though:

> Note that these choices only affect Hiveconf files that are
> marked as conflicting by the package upgrade. Conflicting files
> are files that are changed both in the saved configuration and in
> the new release. Conflicting files that aren't Hiveconf files are
> not affected by tl-setup.

The phrasing of this suggests some files are ignored and left broken rather than that they are fine as they are.

"changed in the saved configuration" is also unclear. Saved where and by whom? Cendio or the admin? "modified on this system" or some variation thereof like we have in ThinLinc Setup is much more clear.

(We should also refer to "ThinLinc Setup" rather than the name of the script)
Comment 9 Samuel Mannehed cendio 2019-11-06 12:07:27 CET
I have improved the documentation now, and it should hopefully be more clear as to what is happening regarding non-hiveconf files.

I also included a commit that adds consistency in the way we talk about "ThinLinc Setup".
Comment 12 Pierre Ossman cendio 2019-11-07 15:36:09 CET
After a few minor phrasing adjustments everything looks fine now. Closing.

Note You need to log in before you can comment on or make changes to this bug.