Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 183971 - net-print/cups still fails to generate SSL keys
Summary: net-print/cups still fails to generate SSL keys
Status: VERIFIED NEEDINFO
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: [OLD] Printing (show other bugs)
Hardware: PPC Linux
: High major (vote)
Assignee: Printing Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2007-07-02 12:30 UTC by Romain Riviere
Modified: 2007-07-13 16:47 UTC (History)
1 user (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Romain Riviere 2007-07-02 12:30:08 UTC 
The bug had already been reported as #138275.
It is still present in v 1.2.10-r1 which should be stable on ppc.
After a default merge, cupsd will hang while trying to create SSL key/cert.
I had to manually generate them to get cups working.

Reproducible: Always

Steps to Reproduce:




Portage 2.1.2.7 (default-linux/ppc/ppc32/2006.1/G4, gcc-4.1.2, glibc-2.5-r3, 2.6.19-gentoo-r5 ppc)
=================================================================
System uname: 2.6.19-gentoo-r5 ppc 7447A, altivec supported
Gentoo Base System release 1.12.9
Timestamp of tree: Sat, 30 Jun 2007 08:50:01 +0000
dev-lang/python:     2.4.4-r4
dev-python/pycrypto: 2.0.1-r5
sys-apps/sandbox:    1.2.17
sys-devel/autoconf:  2.13, 2.61
sys-devel/automake:  1.4_p6, 1.5, 1.6.3, 1.7.9-r1, 1.8.5-r3, 1.9.6-r2, 1.10
sys-devel/binutils:  2.17
sys-devel/gcc-config: 1.3.16
sys-devel/libtool:   1.5.23b
virtual/os-headers:  2.6.17-r2
ACCEPT_KEYWORDS="ppc"
AUTOCLEAN="yes"
CBUILD="powerpc-unknown-linux-gnu"
CFLAGS="-O2 -mcpu=G4 -mtune=G4 -maltivec -mabi=altivec -fno-strict-aliasing -pipe"
CHOST="powerpc-unknown-linux-gnu"
CONFIG_PROTECT="/etc /var/bind"
CONFIG_PROTECT_MASK="/etc/env.d /etc/gconf /etc/php/apache2-php5/ext-active/ /etc/php/cgi-php5/ext-active/ /etc/php/cli-php5/ext-active/ /etc/revdep-rebuild /etc/terminfo"
CXXFLAGS="-O2 -mcpu=G4 -mtune=G4 -maltivec -mabi=altivec -fno-strict-aliasing -pipe"
DISTDIR="/usr/portage/distfiles"
FEATURES="ccache distlocks metadata-transfer parallel-fetch sandbox sfperms strict"
GENTOO_MIRRORS="http://mirror.ovh.net/gentoo-distfiles/ ftp://mirror.ovh.net/gentoo-distfiles/ http://gentoo.modulix.net/gentoo/ http://ftp.club-internet.fr/pub/mirrors/gentoo ftp://gentoo.imj.fr/pub/gentoo/ ftp://ftp.free.fr/mirrors/ftp.gentoo.org/ "LC_ALL="en_GB.ISO-8859-15"MAKEOPTS="-j2"PKGDIR="/usr/portage/packages"PORTAGE_RSYNC_EXTRA_OPTS="--exclude /etc/portage/rsync_excludes"PORTAGE_RSYNC_OPTS="--recursive --links --safe-links --perms --times --compress --force --whole-file --delete --delete-after --stats --timeout=180 --exclude=/distfiles --exclude=/local --exclude=/packages --filter=H_**/files/digest-*"PORTAGE_TMPDIR="/var/tmp"PORTDIR="/usr/portage"PORTDIR_OVERLAY="/usr/local/portage"SYNC="rsync://rsync.europe.gentoo.org/gentoo-portage"USE="acl alsa altivec apache2 bash-completion berkdb bitmap-fonts bzip2 cdr chroot cli cracklib crypt ctype cups curl dba dbm dovecot-sasl dvd dynamicplugin emacs foomaticdb ftp gd gdbm gif gpm iconv imap ipv6 ipv6arpa jpeg latin1 ldap libg++ libwww logrotate maildir mbox mime mudflap multiuser mysql mysqli ncurses net netboot nls nptl nptlonly openmp pam pcre pdf perl pg-hier php png pop pop3d posix postfix postgres ppc ppds python razor readline reflection ruby samba sasl sensord session sockets spamassassin spell spl ssl sysfs syslog tcpd threads tokenizer truetype truetype-fonts type1-fonts unicode unzip usb userlocales vhosts xml xmlreader xmlrpc xmlwriter xsl zip zlib" ALSA_CARDS="aoa aoa-fabric-layout aoa-onyx aoa-soundbus aoa-soundbus-i2s aoa-tas aoa-toonie powermac usb-audio via82xx" ALSA_PCM_PLUGINS="adpcm alaw asym copy dmix dshare dsnoop empty extplug file hooks iec958 ioplug ladspa lfloat linear meter mulaw multi null plug rate route share shm softvol" ELIBC="glibc" INPUT_DEVICES="keyboard mouse evdev" KERNEL="linux" LCD_DEVICES="bayrad cfontz cfontz633 glk hd44780 lb216 lcdm001 mtxorb ncurses text" USERLAND="GNU" VIDEO_CARDS="chips dummy fbdev glint imstt mach64 mga nv r128 radeon s3 s3virge savage sisusb tdfx trident v4l voodoo"Unset:  CTARGET, EMERGE_DEFAULT_OPTS, INSTALL_MASK, LANG, LDFLAGS, LINGUAS, PORTAGE_COMPRESS, PORTAGE_COMPRESS_FLAGS
Comment 1 Jakub Moc (RETIRED) gentoo-dev 2007-07-02 13:35:47 UTC 
Uhm? What will hang? Nothing hangs here without any certificates; if you need them, then create them.
Comment 2 Romain Riviere 2007-07-02 15:14:25 UTC 
After a fresh install, when accessing one of the "admin" pages, since the
Encryption Required is set as a default, cupsd tries to generate the SSL key &
cert. And never manages. The browser hangs, cupsd doesn't do anything, until
killed -9.
Comment 3 Stefan Schweizer (RETIRED) gentoo-dev 2007-07-13 10:05:18 UTC 
you just have to wait a bit:

I [13/Jul/2007:11:51:07 +0200] Listening to 127.0.0.1:631 on fd 2...
E [13/Jul/2007:11:51:07 +0200] Unable to open listen socket for address ::1:631 - Address family not supported by protocol.
I [13/Jul/2007:11:51:07 +0200] Listening to /var/run/cups/cups.sock on fd 3...
I [13/Jul/2007:11:51:41 +0200] Generating SSL server key...
I [13/Jul/2007:11:52:23 +0200] Created SSL server key file "/etc/cups/ssl/server.key"...
I [13/Jul/2007:11:52:23 +0200] Generating self-signed SSL certificate...
I [13/Jul/2007:11:52:23 +0200] Created SSL server certificate file "/etc/cups/ssl/server.crt"...

note that is 2 Ghz dualcore so it might take longer for you
works perfectly here :)

If it does not work for you I need more info on how long you waited and your log messages please.
Comment 4 Jakub Moc (RETIRED) gentoo-dev 2007-07-13 10:14:36 UTC 
(In reply to comment #3)
> note that is 2 Ghz dualcore so it might take longer for you
> works perfectly here :)

Well it's not that much about raw CPU power but pretty more likely limited by available entropy for most people.

cat /proc/sys/kernel/random/entropy_avail
Comment 5 Romain Riviere 2007-07-13 16:08:00 UTC 
(In reply to comment #3)
> you just have to wait a bit:
> 
> I [13/Jul/2007:11:51:07 +0200] Listening to 127.0.0.1:631 on fd 2...
> E [13/Jul/2007:11:51:07 +0200] Unable to open listen socket for address ::1:631
> - Address family not supported by protocol.
> I [13/Jul/2007:11:51:07 +0200] Listening to /var/run/cups/cups.sock on fd 3...
> I [13/Jul/2007:11:51:41 +0200] Generating SSL server key...
> I [13/Jul/2007:11:52:23 +0200] Created SSL server key file
> "/etc/cups/ssl/server.key"...
> I [13/Jul/2007:11:52:23 +0200] Generating self-signed SSL certificate...
> I [13/Jul/2007:11:52:23 +0200] Created SSL server certificate file
> "/etc/cups/ssl/server.crt"...
> 
> note that is 2 Ghz dualcore so it might take longer for you
> works perfectly here :)
> 
> If it does not work for you I need more info on how long you waited and your
> log messages please.



The thing is, if *something* was trying to generate SSL certificates, I would have seen it somewhere in the ps list using CPU resources, right ? But there was no such thing that I could see.

layla samba # cat /proc/sys/kernel/random/entropy_avail 
2233
Comment 6 Romain Riviere 2007-07-13 16:47:22 UTC 
I [13/Jul/2007:18:26:10 +0200] Generating SSL server key...
I [13/Jul/2007:18:43:29 +0200] Created SSL server key file "/etc/cups/ssl/server.key"...

Geez ... I had no idea it would be *that* long.
This is on a 1.4GHz PPC ... Perhaps cups could log something about this when creating the SSL certificate ? Like "Generating SSL server key : this could take a long time ..."
Or display a page in the meantime ...

Thanks for your help :-)