FOG client certificates removed on mono update

mstabrin

@Sebastian-Roth So I gave it a try and things appear to be working in some way!

Installation looks like that

----------------------------------Information---------------------------------

Version.................................................................0.12.1
OS.......................................................................Linux
Current Path....................................................../home/cadmin
Install Location............................................../opt/fog-service
Systemd...................................................................True
Initd.....................................................................True

-----------------------------------Configure----------------------------------

FOG Server address [default: fogserver]: FOG-PXE-SRV.mpi-dortmund.mpg.de
Webroot [default: /fog]:                 
Enable tray icon? [Y/n]:                 
Start FOG Service when done? [Y/n]:      

----------------------------------Installing----------------------------------

Getting things ready....................................................[Pass]
Installing files........................................................[Pass]
Saving Configuration.................................................... 03/22/2021 08:08:15 Installer Settings successfully saved in /opt/fog-service/settings.json
[Pass]
Applying Configuration..................................................[Pass]
Pinning FOG Project..................................................... 03/22/2021 08:08:15 Installer FOG Project CA successfully installed
[Pass]
Pinning Server.......................................................... 03/22/2021 08:08:15 Data::RSA Unable to use CA cert from /home/cadmin/ca.cert.der, trying cert store now.
 03/22/2021 08:08:15 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
 03/22/2021 08:08:15 Middleware::Communication Download: http://FOG-PXE-SRV.mpi-dortmund.mpg.de/fog/management/other/ca.cert.der
 03/22/2021 08:08:16 Installer Successfully pinned server CA cert to CN=FOG Server CA
[Pass]

Starting FOG Service....................................................[Pass]

-----------------------------------Finished-----------------------------------

See /home/cadmin/SmartInstaller.log for more information.

However, this line is huge and red in my terminal and can be a disturbing factor for some people I suppose:
03/22/2021 08:08:15 Data::RSA ERROR: FOG Server CA NOT found in keystore - needs to be installed
Additionally it also does not go away when you install the program a second time on top of the first, so I assume that the keystore is still searched even though it is no longer used

This line is also confusing: See /home/cadmin/SmartInstaller.log for more information.
Because there is no log file created by the installer in the first place (I checked the previous installer 1.12.0 and there also no log file was created).

Prior installation I deleted all the mono certificates that contained FOG, but after the installation I checked the mono certificates and it appears that the tbp file found its way back:

root@pcf-server2021:/home/cadmin# grep FOG /usr/share/.mono/certs/Trust/* Binary file /usr/share/.mono/certs/Trust/tbp-090753F074AB4FB3C022CCC655B02AD21436BAD5E1191CF8870273478E46438D.cer matches

After a encrypten reset, thinks appear to be working though.
I will keep you updated!

Sebastian Roth

@mstabrin Thanks for testing and letting me know. I will look into this the next days again.

Sebastian Roth

@mstabrin I did not find enough time to further work on this topic, I am sorry. Will try to next week, though I can’t promise I will get to it.

mstabrin

@Sebastian-Roth No worries, take your time Right now, most mono updates happen during a snapin deployment and as a workaround I copy the needed certificates back to the mono directory at the end of the snapin.
While this is not ideal, it should not happen too often within the next weeks and therefore is not a too pressing issue right now

Sebastian Roth

@mstabrin Finally found the time to work on this again. Find an updated SmartInstaller for testing on github: https://github.com/FOGProject/fog-client/releases/download/0.12.0/SmartInstaller_use-cert-from-local-file.exe

Please let me know if this works as expected and all the things mentioned are fixed now.

mstabrin

@Sebastian-Roth Hello, so I tested the installer and did not receive any errors.

mstabrin

@Sebastian-Roth It even worked with my custom FOGMontior wrapper script and I did not receive any errors

Best,
Markus

Sebastian Roth

@mstabrin Thanks for testing and reporting back so quickly!

I would hope you don’t see anything in the certificate store anymore, right?

mstabrin

@Sebastian-Roth i checked the mono certificates and I did not see any fog ones anymore

I also checked the other issues, but I could only see beautiful green PASS messages

Sebastian Roth

@mstabrin Did it create the mentioned log file as well?

mstabrin

@Sebastian-Roth It did containing

 04/13/2021 11:58:30 Installer Settings successfully saved in /opt/fog-service/settings.json
 04/13/2021 11:58:30 Middleware::Communication Download: http://fog-pxe-srv.XXX.de/fog/management/other/ca.cert.der

FOG client certificates removed on mono update

260

12.0k

17.3k

155.2k