root@aixbuildhost: /var/cfengine/bin # ./startup.sh
error: The public key RSA exponent is too small or not odd
error: The public key RSA exponent is too small or not odd
notice: Q: ".../cf-execd"": error: The public key RSA exponent is too small or not odd
Q: ".../cf-execd"": error: The public key RSA exponent is too small or not odd
notice: Q: "...f-serverd"": error: The public key RSA exponent is too small or not odd
Q: "...f-serverd"": error: The public key RSA exponent is too small or not odd
notice: Q: ".../cf-agent" -f /": error: The public key RSA exponent is too small or not odd
Q: ".../cf-agent" -f /": error: The public key RSA exponent is too small or not odd
Q: ".../cf-agent" -f /": notice: Q: "...-monitord"": error: The public key RSA exponent is too small or not odd
R: Bootstrapping from host '172.17.14.37' via built-in policy '/var/cfengine/inputs/failsafe.cf'
R: This host assumes the role of policy server
R: Updated local policy from policy server
R: Started the server
R: Started the scheduler
notice: Bootstrap to '172.17.14.37' completed successfully!
Enter code here...
Summary: A systems administration tool for networks
Name: cfengine
Version: 3.10.1
Release: itsv1
License: GPLv2+
Group: Applications/System
Source0: ftp://ftp.iu.hio.no/pub/cfengine/%{name}-%{version}.tar.gz
Source1: startup.sh
URL: http://www.cfengine.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: AIX-rpm >= 5.2.0.0
BuildRequires: bison, flex, m4
BuildRequires: curl-devel >= 7.51.0-1
BuildRequires: openssl-devel >= 1.0.2j-2
BuildRequires: pcre-devel >= 8.39-1
BuildRequires: libxml2-devel >= 2.9.4-1
BuildRequires: openldap-devel >= 2.4.45-0.1
Requires: AIX-rpm >= 5.2.0.0
Requires: curl >= 7.51.0-1
Requires: openssl >= 1.0.2j-2
Requires: pcre >= 8.39-1
Requires: libxml2 >= 2.9.4-1
Requires: openldap >= 2.4.45-0.1
%description
Cfengine, or the configuration engine is an agent/software robot and a
very high level language for building expert systems to administrate
and configure large computer networks. Cfengine uses the idea of
classes and a primitive form of intelligence to define and automate
the configuration and maintenance of system state, for small to huge
configurations. Cfengine is designed to be a part of a computer immune
system.
%prep
%setup -q
%build
export CONFIG_SHELL=/usr/bin/ksh
export CONFIG_ENV_ARGS=/usr/bin/ksh
export OBJECT_MODE=64
export CC="xlc_r -D_LARGE_FILES"
export CFLAGS="-q64 -qmaxmem=-1 -DNDEBUG -DSYSV -D_AIX -D_AIX64 -D_AIX41 -D_AIX43 -D_AIX51 -D_AIX52 -D_AIX53 -D_AIX61 -D_AIX71 -D_ALL_SOURCE -DFUNCPROTO=15 -I/opt/freeware/include"
export CXX="xlC_r"
export CXXFLAGS=$CFLAGS
export LDFLAGS="-L/opt/freeware/lib64 -Wl,-blibpath:/opt/freeware/lib64:/usr/lib:/lib -Wl,-bmaxdata:0x80000000 -Wl,-b64 -Wl,-bexpall -Wl,-bnoipath"
./configure \
--prefix=/var/cfengine \
--sbindir=/var/cfengine/bin \
--localstatedir=/var/cfengine \
--with-workdir=/var/cfengine \
--with-openssl \
--with-lmdb \
--with-pcre \
--with-libxml2
gmake %{?_smp_mflags}
%install
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
gmake install DESTDIR=${RPM_BUILD_ROOT}
#/usr/bin/strip ${RPM_BUILD_ROOT}/var/cfengine/bin/* || :
cp %{SOURCE1} ${RPM_BUILD_ROOT}/var/cfengine/bin/
%pre
%post
/var/cfengine/bin/cf-key >/dev/null || :
chmod 700 /var/cfengine/ppkeys
/var/cfengine/bin/startup.sh
/usr/sbin/lsitab cfengine 1>/dev/null 2>&1 || \
/usr/sbin/mkitab "cfengine:2:once:/var/cfengine/bin/startup.sh > /dev/console 2>&1"
%preun
ps -ef | grep cf-agent | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
ps -ef | grep cf-execd | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
ps -ef | grep cf-monitord | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
ps -ef | grep cf-serverd | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
%postun
%clean
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,system,-)
/var/cfengine/bin/*
/var/cfengine/inputs
/var/cfengine/lib/*
/var/cfengine/modules
/var/cfengine/outputs
/var/cfengine/plugins
/var/cfengine/ppkeys
/var/cfengine/share/*
%changelog
* Mon Jul 10 2017 .... ...... <...........@......> - 3.10.1-1-itsv
- first rpm version of itsv cfengine
Enter code here...
error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
notice: Q: ".../cf-execd"": error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
Q: ".../cf-execd"": error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
notice: Q: "...f-serverd"": error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
Q: "...f-serverd"": error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
notice: Q: ".../cf-agent" -f /": error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
Q: ".../cf-agent" -f /": error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
Q: ".../cf-agent" -f /": notice: Q: "...-monitord"": error: The public key RSA exponent is too small or not odd (num_bits=17 is_odd=0)
R: Bootstrapping from host '172.17.14.37' via built-in policy '/var/cfengine/inputs/failsafe.cf'
R: This host assumes the role of policy server
R: Updated local policy from policy server
R: Started the server
R: Started the scheduler
notice: Bootstrap to '172.17.14.37' completed successfully!
Enter code here...
root@aixbuildhost: /var/cfengine/ppkeys # cat localhost.priv
-----BEGIN RSA PRIVATE KEY-----
Proc-Type: 4,ENCRYPTED
DEK-Info: DES-EDE3-CBC,33929A397D085C83
2trjx8OrznOm6gXrNeXQm/nPyVBnY6PLCBQXRvru1SQ0y8enuoysQ7dfo53Nhtz8
tMgMxYZRTtxlT2ei6dKQNdIgF+iznREYyR9X7wWZwxxK1MkoW6tw1+Nxb+2YxKKB
6iD+Nknj1yxl8weHwImlZLa1gxhY+HfCGMWFQc5dMtmr47t3rrieJMOhfzmRtFeB
8qIwUr9othjYQezrbhljepDu7+1MKOt5keNykEfxlEwpvI8m500c7ONP+vqxB67e
kJyhBOmz7MQE8/8srLPVx1PXUUIuMEvR5AfpTXLZBpNzIGgDxNqBuDUjSspRP7QS
+/u8puSXbIHCeGWNu80IZRQ6vcSvxDtqiKbobLJa6j/N0bl9qahX+VEGWvXUIu8z
NTkQ8JkJj/ELS6wthQKXla75EwtOEpLwGlDoSFLzGvFpUHep1DGsHS2890vcY0aV
NV5+YFjYCsGUIU7npQkPedamDX9RoGnQIM6keO5TF0yFX7RDrZoWJY5gquPDDz48
IxF8TN448JNZEkwEneyhmVt/FHaKH3XrNqg9/88HxdsHciwMk8iFvrhY8AKmvNjG
UYIEgfLnPm7NSFE7PYxlmpFv1B+uZLOcqJir9Ja5oIf4PTinVrz8gLXUp9fA+Jrb
Ss0XBubuBGbpDLCGbnK+MoSkhUUIHSu5gLsOPUUqR6E9fQlx+3+PtIpU3p/qGmOa
rzalCzyr2lHxgIyIMJB3NpIkqJA6I7AqmIOKf5NibwHKIBqcgx7YjefCXRoFf+6g
+U5Hh0CYOFfqHzQzczggVF42sECCvctt5C1GnpGHZtVjOOmNVA+3Q4gXzTA2wlcO
5tFzCkfsJaxsCRCrUk6pBiiLTUsTiyHJ+UYsdBXZTn4dNnqCQuJH0W7soNnILDx6
aZhV2a+13QAfgc9+jERx2dHCuJjRSNnwHjY+LUM9DCqxg+reRpF9q28iH0On4/uR
RKHHDq3udhzx4KhedCLloa0JwBB7rId5/0M3rDZd/6Cm/Fm92+QsqZegjDdaI82G
+xV0lU4qLGUTNiSvbJVkezDGKUU4awUdACH1gwICsBIt/nynIHDRVf/EyMJda8S5
5aqpx1dSxqjiyObvOJnSYwSsteHmWidfOAxUZdcwF0o9XFKu5DY1OZOpjLYjquv9
Y1cmScOHoDUdsN4QYwSLFdh9cOcfZ0YMlWJEoUYRPKScaQgaeH1mjX/Kgn8tMHMi
cxppjzDf/ZoNpartTfYtSqdq0XYA7sTYa2gQAyYG9ljqZW9esEu5JiTN3qpOipUJ
EfKShzly5jiHlP92GoqG9IOR4zu78WZW6Zinx6QS5AhwM5l6fIp/t+nbhG8l4ERE
dwxtkHJRZ/q0d6AJAYXY2MITSH3wWkTbW57c01TGeWFOwfkFCcYltNvC5gaR4CQn
raJlhEvYBnd9OsPVqVXe8vQAKZtkMi1LrLkox8NMIN5dtlPQCCKAQ9UNDZRLSRoF
rsJvim+jIlMKbBLFoMT4ze6QudzIGUv+fUoow/D5rboujaj5mC+ge523729hJsWV
ZZ/zEw0g63I4NhqGfaq7qQmEMNcwpMJxbMpvCiukyhvaXiZT5MAsURF+3yVW4vth
-----END RSA PRIVATE KEY-----
Enter code here...
root@aixbuildhost: /var/cfengine/ppkeys # cat localhost.pub
-----BEGIN RSA PUBLIC KEY-----
MIIBCgKCAQEAnbL7DSpOOaold5HXW554Mw67O6rFiq8dJWLHgv789LQz2BuFrHxM
5W3QLx5jcX3y4htVgFAcy7FOsforCSnfH4v7ukuIT1WrWY1CeJxg7Xgu/BrK1ExF
+IDB+6vT41eOsNfT45YriTVknEW4JcuPBsmLgcPhXx1eWvcmljbqCRwxA70CKAqx
3p9J0n8jaiKzABAk7W0ofu+u0c7ghLrBfOTzIT/oZ4DbIYw7ol7kHV6OH55PsRz+
L0GsVURjS7FJyvA3tn5jBY2ayX9lffkVHxMf7VmikhIFa0Pp31gDnFTEe26YYXlR
yLGkGfbj24RQMUnkaY4hQef6XHl0SaFOlwIDAQAB
-----END RSA PUBLIC KEY-----
Enter code here...
root@aixbuildhost: /var/cfengine/ppkeys # /opt/freeware/bin/openssl rsa -in /tmp/localhost.pub -text -noout -RSAPublicKey_in
Public-Key: (2048 bit)
Modulus:
00:9d:b2:fb:0d:2a:4e:39:aa:25:77:91:d7:5b:9e:
78:33:0e:bb:3b:aa:c5:8a:af:1d:25:62:c7:82:fe:
fc:f4:b4:33:d8:1b:85:ac:7c:4c:e5:6d:d0:2f:1e:
63:71:7d:f2:e2:1b:55:80:50:1c:cb:b1:4e:b1:fa:
2b:09:29:df:1f:8b:fb:ba:4b:88:4f:55:ab:59:8d:
42:78:9c:60:ed:78:2e:fc:1a:ca:d4:4c:45:f8:80:
c1:fb:ab:d3:e3:57:8e:b0:d7:d3:e3:96:2b:89:35:
64:9c:45:b8:25:cb:8f:06:c9:8b:81:c3:e1:5f:1d:
5e:5a:f7:26:96:36:ea:09:1c:31:03:bd:02:28:0a:
b1:de:9f:49:d2:7f:23:6a:22:b3:00:10:24:ed:6d:
28:7e:ef:ae:d1:ce:e0:84:ba:c1:7c:e4:f3:21:3f:
e8:67:80:db:21:8c:3b:a2:5e:e4:1d:5e:8e:1f:9e:
4f:b1:1c:fe:2f:41:ac:55:44:63:4b:b1:49:ca:f0:
37:b6:7e:63:05:8d:9a:c9:7f:65:7d:f9:15:1f:13:
1f:ed:59:a2:92:12:05:6b:43:e9:df:58:03:9c:54:
c4:7b:6e:98:61:79:51:c8:b1:a4:19:f6:e3:db:84:
50:31:49:e4:69:8e:21:41:e7:fa:5c:79:74:49:a1:
4e:97
Exponent: 65537 (0x10001)
statx("/var/cfengine", 0x0FFFFFFFFFFF91E0, 176, 01) = 0
statx("/var", 0x0FFFFFFFFFFF91E0, 176, 0) = 0
statx("/var/cfengine", 0x0FFFFFFFFFFF91E0, 176, 0) = 0
statx("/var/cfengine/state", 0x0FFFFFFFFFFFB4A0, 176, 0) = 0
statx("/var/cfengine/modules", 0x0FFFFFFFFFFFB4A0, 176, 0) = 0
statx("/var/cfengine/ppkeys", 0x0FFFFFFFFFFFB4A0, 176, 0) = 0
getuidx(2) = 0
kopen("/var/cfengine/ppkeys/localhost.priv", O_RDONLY) = 3
kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
kread(3, " - - - - - B E G I N R".., 4096) = 1751
close(3) = 0
getuidx(2) = 0
kopen("/var/cfengine/ppkeys/localhost.pub", O_RDONLY) = 3
kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
kioctl(3, 22528, 0x0000000000000000, 0x0000000000000000) Err#25 ENOTTY
kread(3, " - - - - - B E G I N R".., 4096) = 426
close(3) = 0
statx("/usr/share/lib/zoneinfo//Europe/Vienna", 0x0FFFFFFFFFFFAE90, 176, 0) = 0
kopen("/usr/share/lib/zoneinfo//Europe/Vienna", O_RDONLY) = 3
kread(3, " T Z i f 2\0\0\0\0\0\0\0".., 41448) = 2211
close(3) = 0
__libc_sbrk(0x0000000000010020) = 0x0000000110087660
kopen("/usr/share/lib/zoneinfo//posixrules", O_RDONLY) Err#2 ENOENT
kwrite(1, " e r r o r : T h".., 85) = 85
socket(1, 2, 0) = 3
kfcntl(3, F_SETFD, 0x0000000000000001) = 0
connext(3, 0x09001000A0022A58, 16) = 0
statx("/usr/share/lib/zoneinfo//Europe/Vienna", 0x0FFFFFFFFFFFA530, 176, 0) = 0
_getpid() = 14614628
kopen("/dev/null", O_WRONLY|O_CREAT|O_TRUNC, S_IRUSR|S_IWUSR|S_IRGRP|S_IWGRP|S_IROTH|S_IWOTH) = 4
kioctl(4, 22528, 0x0000000000000000, 0x0000000000000000) Err#19 ENODEV
kioctl(4, 22528, 0x0000000000000000, 0x0000000000000000) Err#19 ENODEV
kwrite(4, " C F E n g i n e ( a g e".., 93) = 93
close(4) = 0
root@aixbuildhost: /var/cfengine/bin # ldd cf-agent
cf-agent needs:
/lib/libc.a(shr_64.o)
/lib/libpthread.a(shr_xpg5_64.o)
/var/cfengine/lib/libpromises.a(libpromises.so.3)
/opt/freeware/lib/libxml2.a(libxml2.so.2)
/opt/freeware/lib/libpcre.a(libpcre.so.1)
/lib/libpam.a(shr_64.o)
/unix
/lib/libcrypt.a(shr_64.o)
/lib/libpthreads.a(shr_xpg5_64.o)
/opt/freeware/lib/libyaml.a(libyaml-0.so.2)
/lib/libdl.a(shr_64.o)
/opt/freeware/lib/libcrypto.a(libcrypto.so.1.0.2)
/opt/freeware/lib/libssl.a(libssl.so.1.0.2)
/opt/freeware/lib/libcurl.a(libcurl.so.4)
/lib/libc.a(shr.o)
/opt/freeware/lib/libiconv.a(libiconv.so.2)
/opt/freeware/lib/libz.a(libz.so.1)
/opt/freeware/lib/liblzma.a(liblzma.so.5)
/lib/libpthread.a(shr_xpg5.o)
/lib/libpthreads.a(shr_xpg5.o)
/lib/libmls.a(shr_64.o)
/opt/freeware/lib/libssh2.a(libssh2.so.1)
/lib/libcrypt.a(shr.o)
/lib/libpthreads.a(shr_comm.o)
/lib/libmlsenc.a(shr_64.o)
/lib/libodm.a(shr_64.o)
root@aixbuildhost: /var/cfengine/bin # cd .
root@aixbuildhost: /var/cfengine/bin # cd .
root@aixbuildhost: /var/cfengine/bin # cd lib
-bash: cd: lib: No such file or directory
root@aixbuildhost: /var/cfengine/bin # cd ..
root@aixbuildhost: /var/cfengine # ls
bin cfagent.aixbuildhost.log lib outputs ppkeys reports
cf-execd.pid inputs masterfiles plugins promise_summary.log share
cf-serverd.pid lastseen modules policy_server.dat randseed state
root@aixbuildhost: /var/cfengine # cd lib
root@aixbuildhost: /var/cfengine/lib # ls
libpromises.a libpromises.la
root@aixbuildhost: /var/cfengine/lib # ar -Xany -tv libpromises.a
rwxr-xr-x 0/0 2369509 Jul 17 11:12 2017 libpromises.so.3
root@aixbuildhost: /var/cfengine/lib # ar -Xany x libpromises.a
root@aixbuildhost: /var/cfengine/lib # ls
libpromises.a libpromises.la libpromises.so.3
root@aixbuildhost: /var/cfengine/lib # ldd libpromises.so.3
libpromises.so.3 needs:
/usr/lib/libc.a(shr_64.o)
/usr/lib/libpthreads.a(shr_xpg5_64.o)
/usr/lib/libpcre.a(libpcre.so.1)
/usr/lib/libyaml.a(libyaml-0.so.2)
/usr/lib/libdl.a(shr_64.o)
/usr/lib/libcrypto.a(libcrypto.so.1.0.2)
ar: 0707-109 Member name libcrypto.so.1.0.2 does not exist.
dump: /tmp/tmpdir19792106/extract/libcrypto.so.1.0.2: 0654-106 Cannot open the specified file.
/usr/lib/libssl.a(libssl.so.1.0.2)
ar: 0707-109 Member name libssl.so.1.0.2 does not exist.
dump: /tmp/tmpdir19792106/extract/libssl.so.1.0.2: 0654-106 Cannot open the specified file.
/usr/lib/libcurl.a(libcurl.so.4)
/unix
/usr/lib/libcrypt.a(shr_64.o)
/usr/lib/libc.a(shr.o)
/usr/lib/libpthreads.a(shr_xpg5.o)
/usr/lib/libz.a(libz.so.1)
/usr/lib/libssh2.a(libssh2.so.1)
/usr/lib/libcrypt.a(shr.o)
/usr/lib/libpthreads.a(shr_comm.o)
root@aixbuildhost: /var/cfengine/lib # ldd libpromises.so.3
libpromises.so.3 needs:
/usr/lib/libc.a(shr_64.o)
/usr/lib/libpthreads.a(shr_xpg5_64.o)
/opt/freeware/lib/libpcre.a(libpcre.so.1)
/opt/freeware/lib/libyaml.a(libyaml-0.so.2)
/usr/lib/libdl.a(shr_64.o)
/opt/freeware/lib/libcrypto.a(libcrypto.so.1.0.2)
/opt/freeware/lib/liblmdb.a(liblmdb.so)
/opt/freeware/lib/libssl.a(libssl.so.1.0.2)
/opt/freeware/lib/libcurl.a(libcurl.so.4)
/unix
/usr/lib/libcrypt.a(shr_64.o)
/usr/lib/libc.a(shr.o)
/usr/lib/libpthreads.a(shr_xpg5.o)
/opt/freeware/lib/libz.a(libz.so.1)
/opt/freeware/lib/libssh2.a(libssh2.so.1)
/usr/lib/libcrypt.a(shr.o)
/usr/lib/libpthreads.a(shr_comm.o)
root@aixbuildhostng: /var/cfengine/bin # ./cf-agent -V
CFEngine Core 3.12.1
root@aixbuildhostng: /var/cfengine/bin # ./cf-agent -D SPARE_DAILY
error: The public key RSA exponent is too small or not
odd
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Unable to open template file '/var/cfengine/inputs/ntp.conf.tmpl' to make '/etc/ntp.conf'
error: Method 'b0005_itsv_config_ntp' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: RSA Exponent too small or not odd for key: /var/cfengine/ppkeys/root-MD5=ecafd01a913ec45ec5b9f6f940434bec.pub
error: TRUST FAILED, server presented untrusted key: MD5=ecafd01a913ec45ec5b9f6f940434bec
error: No suitable server found
error: Method 'cferoot_sync_filelist' failed in some repairs
error: Method 'nagios_user' failed in some repairs
error: Method 'b0037_nagios_user' failed in some repairs
error: Method 'itsv_autorun' failed in some repairs
root@aixbuildhostng: /var/cfengine/bin # ./cf-agent -V
CFEngine Core 3.13.0
packagebuilder@aixbuildhostng: /home/packagebuilder/rpmbuild/SOURCES # cat cfengine-3.12.1-itsv1.aix.patch
--- cfengine-3.12.1.ORIG/libpromises/crypto.c 2018-11-29 12:44:49 +0000
+++ cfengine-3.12.1.CHANGED/libpromises/crypto.c 2019-04-09 12:15:24 +0000
@@ -262,8 +262,9 @@ bool LoadSecretKeys(const char *const pr
RSA_get0_key(*pub_key, &n, &e, NULL);
if ((BN_num_bits(e) < 2) || (!BN_is_odd(e)))
{
- Log(LOG_LEVEL_ERR, "The public key RSA exponent is too small or not odd");
- return false;
+ /* changed for aix, this is an impossible situation. see "https://groups.google.com/forum/#!topic/help-cfengine/-hmnIz0fA4Q" */
+ Log(LOG_LEVEL_NOTICE, "The public key RSA exponent is too small or not odd, this is some AIX bullshit and can be ignored");
+ return true;
}
}
@@ -411,10 +412,11 @@ RSA *HavePublicKey(const char *username,
RSA_get0_key(newkey, &n, &e, NULL);
if ((BN_num_bits(e) < 2) || (!BN_is_odd(e)))
{
- Log(LOG_LEVEL_ERR, "RSA Exponent too small or not odd for key: %s",
+ Log(LOG_LEVEL_ERR, "RSA Exponent too small or not odd for key: %s",
newname);
RSA_free(newkey);
- return NULL;
+ return NULL;
+
}
}
root@aixbuildhostng: /root # cat /home/packagebuilder/rpmbuild/SOURCES/cfengine-3.12.1-itsv1.aix.patch
--- cfengine-3.12.1.ORIG/libpromises/crypto.c 2018-11-29 12:44:49 +0000
+++ cfengine-3.12.1.CHANGED/libpromises/crypto.c 2019-04-09 14:48:56 +0000
@@ -260,7 +260,7 @@ bool LoadSecretKeys(const char *const pr
{
const BIGNUM *n, *e;
RSA_get0_key(*pub_key, &n, &e, NULL);
- if ((BN_num_bits(e) < 2) || (!BN_is_odd(e)))
+ if ((BN_num_bits(e) < 2) || (BN_is_odd(e)))
{
Log(LOG_LEVEL_ERR, "The public key RSA exponent is too small or not odd");
return false;
@@ -409,7 +409,7 @@ RSA *HavePublicKey(const char *username,
{
const BIGNUM *n, *e;
RSA_get0_key(newkey, &n, &e, NULL);
- if ((BN_num_bits(e) < 2) || (!BN_is_odd(e)))
+ if ((BN_num_bits(e) < 2) || (BN_is_odd(e)))
{
Log(LOG_LEVEL_ERR, "RSA Exponent too small or not odd for key: %s",
newname);
@@ -504,7 +504,7 @@ RSA *LoadPublicKey(const char *filename)
RSA_get0_key(key, &n, &e, NULL);
- if (BN_num_bits(e) < 2 || !BN_is_odd(e))
+ if (BN_num_bits(e) < 2 || BN_is_odd(e))
{
Log(LOG_LEVEL_ERR, "Error while reading public key '%s' - RSA Exponent is too small or not odd. (BN_num_bits: %s)",
filename, GetErrorStr());
On Tuesday, April 9, 2019 at 8:00:08 AM UTC-5, Xander Cage wrote:some findings, i toyed around a little bit, and it seems openssl's "BN_is_odd" function is the bad guy. i reversed the logic in crypto.c and now the error is gone. i have not the slightest idea whats going on here, or why this function works inverse in aix.any enlightenments from your side?
~/src/openssl/test$ find | xargs grep -s BN_is_odd
./testutil/tests.c: if (a != NULL && BN_is_odd(a))
./testutil/tests.c: if (a != NULL && !BN_is_odd(a))
./bntest.c: && TEST_false((BN_is_odd(a) && BN_is_odd(c))
./bntest.c: || (!BN_is_odd(a) && !BN_is_odd(c)))))
./bntest.c: if (BN_is_odd(m)) {
./bntest.c: if (BN_is_odd(m)) {
starting big number library test, could take a while...
test BN_add
test BN_sub
test BN_lshift1
test BN_lshift (fixed)
test BN_lshift
test BN_rshift1
test BN_rshift
test BN_sqr
test BN_mul
test BN_div
test BN_div_word
test BN_div_recp
test BN_mod
test BN_mod_mul
test BN_mont
test BN_mod_exp
test BN_mod_exp_mont_consttime
test BN_exp
test BN_kronecker
....+++++
....................................................................................................
test BN_mod_sqrt
.....
.....
.....
.....
.....
.....
.....
.....
.......+++++++++++++++++++++++++++
.....
......................+++++++++++++++++++++++++++
.....
..+++++++++++++++++++++++++++
.....
........+++++++++++++++++++++++++++
.....
.+++++++++++++++++++++++++++
.....
.....................................+++++++++++++++++++++++++++
.....
.+++++++++++++++++++++++++++
.....
.+++++++++++++++++++++++++++
.....
test BN_GF2m_add
test BN_GF2m_mod
test BN_GF2m_mod_mul
test BN_GF2m_mod_sqr
test BN_GF2m_mod_inv
test BN_GF2m_mod_div
test BN_GF2m_mod_exp
test BN_GF2m_mod_sqrt
test BN_GF2m_mod_solve_quad
test BN_CTX_get BN_FLG_CONSTTIME
running bc
verify BN_add....................................................................................................
verify BN_sub......................................................................................................................................................
verify BN_lshift1....................................................................................................
verify BN_lshift (fixed)....................................................................................................
verify BN_lshift....................................................................................................
verify BN_rshift1....................................................................................................
verify BN_rshift....................................................................................................
verify BN_sqr......................................................................................................
verify BN_mul......................................................................................................................................................
verify BN_div............................................................................................................................................................................................................................................................................................................
verify BN_div_word........................................................................................................................................................................................................
verify BN_div_recp............................................................................................................................................................................................................................................................................................................
verify BN_mod....................................................................................................
verify BN_mod_mul............................................................................................................................................................................................................................................................................................................
verify BN_mont.....
verify BN_mod_exp.....
verify BN_mod_exp_mont_consttime.....
verify BN_exp.....
verify BN_kronecker
verify BN_mod_sqrt
verify BN_GF2m_add
verify BN_GF2m_mod
verify BN_GF2m_mod_mul
verify BN_GF2m_mod_sqr
verify BN_GF2m_mod_inv
verify BN_GF2m_mod_div
verify BN_GF2m_mod_exp
verify BN_GF2m_mod_sqrt
verify BN_GF2m_mod_solve_quad
verify BN_CTX_get BN_FLG_CONSTTIME
2222 tests passed
#include <stdio.h>
#include <openssl/pem.h>
#include <openssl/err.h> /* ERR_* */
#include <openssl/rand.h> /* RAND_* */
#include <openssl/bn.h> /* BN_* */
int get_key(const unsigned char *buf, int len) {
RSA *rsa = d2i_RSA_PUBKEY(NULL, &buf, len);
if (rsa != NULL) {
if (rsa->e != NULL) {
printf("BN : <%s> (hex) -- <%s> (dec)\n", BN_bn2hex(rsa->e), BN_bn2dec(rsa->e));
if (BN_is_odd(rsa->e) == 0) {
printf("Error : RSA public exponent is even\n");
} else {
printf("RSA public exponent is OK.\n");
return 0;
}
}
RSA_free(rsa);
} else {
printf("Error : RSA is NULL\n");
}
return 1;
}
int main() {
const unsigned char data[] = { 0x30, 0x81, 0x9f, 0x30, 0x0d, 0x06, 0x09, 0x2a, 0x86, 0x48, 0x86, 0xf7, 0x0d, 0x01, 0x01, 0x01, 0x05, 0x00, 0x03, 0x81, 0x8d, 0x00, 0x30, 0x81, 0x89, 0x02, 0x81, 0x81, 0x00, 0xd6, 0x70, 0x5d, 0x67, 0xf2, 0xe1, 0x34, 0x82, 0xd5, 0x2d, 0x79, 0xdd, 0x42, 0x55, 0x41, 0xaf, 0x0c, 0xc2, 0xb4, 0xb0, 0x94, 0xc6, 0xa0, 0x40, 0x54, 0x2e, 0x0f, 0xa5, 0x12, 0x3d, 0x43, 0x96, 0x13, 0x2d, 0x17, 0x50, 0xe5, 0x9a, 0x5a, 0x6e, 0x99, 0xc7, 0xd2, 0x63, 0x4c, 0xcd, 0x57, 0xcb, 0x57, 0x7e, 0x1e, 0x5f, 0x97, 0xaa, 0xbd, 0xe5, 0xc0, 0x98, 0xd9, 0x07, 0x52, 0xdc, 0x27, 0xa4, 0x19, 0xb2, 0x81, 0x5d, 0xd5, 0x03, 0x5c, 0xd2, 0xb3, 0xb8, 0x28, 0xaa, 0xd7, 0xaf, 0x02, 0x08, 0x1c, 0x6c, 0xc2, 0xa4, 0x6c, 0x41, 0xd3, 0xa6, 0xae, 0x51, 0x69, 0xb7, 0xd5, 0x79, 0xb8, 0x62, 0x68, 0x9e, 0xa9, 0x44, 0x8e, 0xbe, 0xb1, 0x2e, 0x1a, 0x3c, 0x4b, 0x21, 0x7b, 0x7d, 0x36, 0xf0, 0x97, 0x98, 0x81, 0x63, 0xa6, 0xfa, 0xf8, 0x28, 0x22, 0x72, 0xfe, 0x16, 0xa8, 0x16, 0x89, 0xbb, 0x02, 0x03, 0x01, 0x00, 0x01 }; /* A DER buffer, valid with openssl rsa -pubin -in <file> -inform DER */
return get_key(data, sizeof data);
}
packagebuilder@aixbuildhostng: /home/packagebuilder/test # ./openssl_odd_even
BN : <010001> (hex) -- <65537> (dec)
Error : RSA public exponent is even
root@lpgaixmgmtlx01:/root>./openssl_odd_even
BN : <010001> (hex) -- <65537> (dec)
RSA public exponent is OK.
packagebuilder@aixbuildhostng: /home/packagebuilder/test # gcc -maix32 -lcrypto -o openssl_odd_even openssl_odd_even.c
packagebuilder@aixbuildhostng: /home/packagebuilder/test # ./openssl_odd_even
BN : <010001> (hex) -- <65537> (dec)
RSA public exponent is OK.
packagebuilder@aixbuildhostng: /home/packagebuilder/test # file openssl_odd_even
openssl_odd_even: executable (RISC System/6000 V3.1) or obj module not stripped
Summary: A systems administration tool for networks
Name: cfengine
Version: 3.12.1
Release: itsv1
License: GPLv2+
Group: Applications/System
Source0: https://cfengine-package-repos.s3.amazonaws.com/tarballs/%{name}-%{version}.tar.gz
Source1: startup.sh
Patch0: cfengine-3.12.1-itsv1.aix.patch
URL: http://www.cfengine.org/
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root
BuildRequires: AIX-rpm >= 5.2.0.0
BuildRequires: bison, flex, m4, make, gcc
BuildRequires: curl-devel >= 7.51.0-1
BuildRequires: pcre-devel >= 8.39-1
BuildRequires: libxml2-devel >= 2.9.4-1
BuildRequires: liblmdb-devel >= 0.9.21-2
BuildRequires: libyaml-devel >= 0.1.4-2
BuildRequires: libssh2-devel
BuildRequires: cyrus-sasl-devel
BuildRequires: xz-devel
Requires: AIX-rpm >= 5.2.0.0
Requires: libgcc
Requires: libstdc++
Requires: curl >= 7.51.0-1
Requires: pcre >= 8.39-1
Requires: libxml2 >= 2.9.4-1
Requires: liblmdb >= 0.9.21-2
Requires: libyaml >= 0.1.4-2
Requires: openldap
Requires: xz-libs
Requires: libssh2
Requires: cyrus-sasl
Conflicts: cfengine
%description
Cfengine, or the configuration engine is an agent/software robot and a
very high level language for building expert systems to administrate
and configure large computer networks. Cfengine uses the idea of
classes and a primitive form of intelligence to define and automate
the configuration and maintenance of system state, for small to huge
configurations. Cfengine is designed to be a part of a computer immune
system.
%prep
%setup -q
%patch0 -p1
%build
export CONFIG_SHELL=/usr/bin/ksh
export CONFIG_ENV_ARGS=/usr/bin/ksh
export OBJECT_MODE=64
export AR="/usr/bin/ar -X64"
export RANLIB="/usr/bin/ranlib -X64"
export NM="/usr/bin/nm -X64"
export CC="gcc -maix64"
export CXX="g++ -maix64"
export CFLAGS="-DSYSV -D_AIX -D_ALL_SOURCE -DFUNCPROTO=15 -O -I/opt/freeware/include"
export CXXFLAGS=$CFLAGS
export LDFLAGS="-L/opt/freeware/lib64 -L/opt/freeware/lib -Wl,-blibpath:/opt/freeware/lib64:/opt/freeware/lib:/usr/lib:/lib"
./configure \
--prefix=/var/cfengine \
--sbindir=/var/cfengine/bin \
--localstatedir=/var/cfengine \
--with-workdir=/var/cfengine \
--without-postgresql \
--without-mysql \
--with-lmdb \
--with-openssl \
--with-pcre \
--with-libcurl \
--with-libyaml \
--with-libxml2
gmake %{?_smp_mflags}
%install
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
gmake install DESTDIR=${RPM_BUILD_ROOT}
/usr/bin/strip ${RPM_BUILD_ROOT}/var/cfengine/bin/* || :
cp %{SOURCE1} ${RPM_BUILD_ROOT}/var/cfengine/bin/
%pre
%post
/var/cfengine/bin/cf-key >/dev/null || :
chmod 700 /var/cfengine/ppkeys
/var/cfengine/bin/startup.sh
/usr/sbin/lsitab cfengine 1>/dev/null 2>&1 || \
/usr/sbin/mkitab "cfengine:2:once:/var/cfengine/bin/startup.sh > /dev/console 2>&1"
%preun
ps -ef | grep cf-agent | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
ps -ef | grep cf-execd | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
ps -ef | grep cf-monitord | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
ps -ef | grep cf-serverd | awk '{print $2}' | xargs kill -9 > /dev/null 2>&1
%postun
%clean
[ "${RPM_BUILD_ROOT}" != "/" ] && rm -rf ${RPM_BUILD_ROOT}
%files
%defattr(-,root,system,-)
/var/cfengine/bin/*
/var/cfengine/inputs
/var/cfengine/lib/*
/var/cfengine/modules
/var/cfengine/outputs
/var/cfengine/plugins
/var/cfengine/ppkeys
/var/cfengine/share/*
%changelog
* Mon Apr 8 2019 Christian Tremel <email removed> - 3.12.1-1-itsv
- update to 3.12.1, gcc build
* Mon Jul 10 2017 Christian Tremel <email removed> - 3.10.1-1-itsv
- first rpm version of itsv cfengine
i just wanted to let you guys know that ibm found the culprit and fixed their openssl package.
A. OpenSSL 1.0.2.1800 version contains the following fixes as part of this release :
- TS002131610: RSA keys not properly generated in 64-bit library
Xander Cage writes:
i just wanted to let you guys know that ibm found the culprit and fixed their openssl package. A. OpenSSL 1.0.2.1800 version contains the following fixes as part of this release : - TS002131610: RSA keys not properly generated in 64-bit library so nothing to do on your side ;-)
Thanks for the follow-up Xander!
– Nick Anderson | Doer of Things | (+1) 785-550-1767 | https://northern.tech