From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 4008 invoked by alias); 27 Aug 2009 02:32:22 -0000 Received: (qmail 4001 invoked by uid 22791); 27 Aug 2009 02:32:21 -0000 X-SWARE-Spam-Status: No, hits=-1.4 required=5.0 tests=AWL,BAYES_00,SARE_MSGID_LONG40,SPF_PASS X-Spam-Check-By: sourceware.org Received: from mail-yw0-f200.google.com (HELO mail-yw0-f200.google.com) (209.85.211.200) by sourceware.org (qpsmtpd/0.43rc1) with ESMTP; Thu, 27 Aug 2009 02:32:15 +0000 Received: by ywh38 with SMTP id 38so977364ywh.20 for ; Wed, 26 Aug 2009 19:32:13 -0700 (PDT) MIME-Version: 1.0 Received: by 10.101.49.19 with SMTP id b19mr8858190ank.146.1251340333014; Wed, 26 Aug 2009 19:32:13 -0700 (PDT) In-Reply-To: <4A92B639.7080001@redhat.com> References: <51419b2c0908222237o560830b2l57bcdccd044b33fa@mail.gmail.com> <4A92B639.7080001@redhat.com> Date: Thu, 27 Aug 2009 02:32:00 -0000 Message-ID: <51419b2c0908261932u296c8ebfo2820df5d1e78c3b8@mail.gmail.com> Subject: Re: First-time usage problem: "Enter new password for systemtap server certificate/key database" From: Elijah Newren To: Dave Brolley Cc: systemtap@sourceware.org Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 7bit Mailing-List: contact systemtap-help@sourceware.org; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Post: List-Help: , Sender: systemtap-owner@sourceware.org X-SW-Source: 2009-q3/txt/msg00460.txt.bz2 Hi, Was out for a few days, just now catching back up... On Mon, Aug 24, 2009 at 9:48 AM, Dave Brolley wrote: > This prompt error occurs when systemtap tries to sign the generated kernel > module for the first time but is unable to generate a password to protect > the private key for its signing certificate. This should not be happening > with the latest release (or the latest git) unless you have used the > --unprivileged option. However some previous systemtap releases did attempt > to sign all modules. What version of systemtap are you using? $ rpm -q systemtap systemtap-0.9.9-3.fc11.x86_64 > In order to sign the module, systemtap generates its own signing certificate > with a private key that is password protected. Normally the password is > self-generated and random, since only systemtap ever needs it. The following > two methods are tried > > mkpasswd -l 20 > > and > > apg -a 1 -n 1 -m 20 -x 20 > > If these fail, then systemtap prompts for a password. I'm interested in the > response to the above two commands on your system. Can you please try them > and post the responses? # mkpasswd -l 20 -bash: mkpasswd: command not found # apg -a 1 -n 1 -m 20 -x 20 -bash: apg: command not found (a quick yum search seems to suggest that mkpasswd comes from the 'expect' package, and that apg comes from the 'apg' package, neither of which do I have installed.) > If systemtap does prompt for a password, then any old psuedo random string > will do. You will never need to remember it (in fact, it's probably best if > you don't!). And I'm guessing that doesn't count as a pseudo-random string. :-) Okay, I'll try it out. > Let me know if you have any additional questions or concerns. > > Thanks, > Dave I'll do that. Thank you very much for making this software, and for taking the time to respond and explain. You guys run your project better than I have mine. Very cool. Thanks, Elijah