Uploaded image for project: 'CFEngine Community'
  1. CFEngine Community
  2. CFE-786

cf-key --trust-key (or cf-agent trust) is broken

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Done
    • Priority: Medium
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 3.6.x
    • Component/s: cf-key
    • Labels:
      None
    • Platform:
      Other (details)

      Description

      This pull request was supposed to create a simple way to add a trusted key.
      https://github.com/cfengine/core/pull/65

      What I expect to happen:
      cf-key --trust-key server.pub creates a trust relationship between the host and the server which uses server.pub.
      cf-agent runs normally, trusting the server

      What actually happens:
      cf-key --trust-key server.pub copies the file correctly to ppkeys/root-MD5=correct.pub
      cf-agent runs and complains that the server is not trusted.

      Workaround:
      You still have to trust the key the old way with `cf-runagent -i`.

      `cf-runagent -i` apparently adds the key to cf_lastseen.tcdb, which actually makes the key trusted.

      Perhaps cf-key needs to touch cf_lastseen.tcdb as well?
      Or maybe cf-agent is not checking for trusted keys in ppkeys/ when it should?

      I'm not sure what the ideal search path is for trusted key in cf-agent.

      To reproduce the problem on a functional (not-new) system:
      1. Delete cf_lastseen.tcdb*
      2. Run cf-agent

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                a10038 jimis (Dimitrios Apostolou)
                Reporter:
                chrishiestand Chris Hiestand
              • Votes:
                0 Vote for this issue
                Watchers:
                4 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved:

                  Summary Panel