Mandos on Fedora/RHEL

Nathanael Noblet nathanael at gnat.ca
Sat Oct 26 14:55:58 CEST 2013 

On 10/22/2013 09:38 AM, Nathanael D. Noblet wrote:
> ----------------------------------------
> Exception happened during processing of request from 
> ('::ffff:192.168.56.12', 49561, 0, 0)
> Traceback (most recent call last):
>   File "/sbin/mandos", line 1861, in sub_process_main
>     self.finish_request(request, address)
>   File "/usr/lib64/python2.7/SocketServer.py", line 334, in 
> finish_request
>     self.RequestHandlerClass(request, client_address, self)
>   File "/usr/lib64/python2.7/SocketServer.py", line 649, in __init__
>     self.handle()
>   File "/sbin/mandos", line 1696, in handle
>     (session))
>   File "/sbin/mandos", line 1825, in fingerprint
>     (gnutls.library.functions
> AttributeError: 'module' object has no attribute 
> 'gnutls_openpgp_crt_init'
> ----------------------------------------
>
> Which attempts over and over but never succeeds obviously. Any idea 
> what could cause that issue

More progress on this front. Applying the patch found here 
https://bugzilla.redhat.com/show_bug.cgi?id=1015332 allows the mandos 
server to run on an up to date Fedora 19 machine with gnutls-3.11 and 
python-gnutls-1.2.4.

Basically it removes the inclusion of gnutls-extra which doesn't exist 
and then modifies the test function for opengpg inclusion to a function 
that actually exists instead of one that has been permanently removed.

Now onto systemd service file creation and dracut integration.

One of the things I know we'll have problems with is your Makefile 
hardcodes the lib directory to /usr/lib, and in a multi-lib situation 
x86_64 arches for fedora are /usr/lib64, I'm sure we could pre-patch 
your Makefile prior to packaging locally however I'm wondering if you 
guys would be okay to somehow make that a detectable setting or an 
environment variable? If I made that change would you accept a patch 
like that?


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.recompile.se/pipermail/mandos-dev/attachments/20131026/9a44545d/attachment.html>

More information about the Mandos-Dev mailing list