Uploaded image for project: 'RHEL'
  1. RHEL
  2. RHEL-77156

[RHEL-10] parse-kickstart WARNING: Certificate file XYZ already exists, replacing.

    • Icon: Bug Bug
    • Resolution: Unresolved
    • Icon: Undefined Undefined
    • rhel-10.0
    • rhel-10.0
    • anaconda
    • None
    • anaconda-40.22.3.23-1.el10
    • No
    • Low
    • rhel-sst-installer
    • 25
    • None
    • False
    • Hide

      None

      Show
      None
    • No
    • None
    • Unspecified Release Note Type - Unknown
    • None

      Description:

      When running a kickstart installation with the %certificate section in the kickstart file, the installer show a warning when parsing the kickstart file after fetching it:

      ...
      [   10.701528] dracut-initqueue[1802]:                                  Dload  Upload   Total   Spent    Left  Speed
      100  1568  100  1568    0     0   6645      0 --:--:-- --:--:-- --:--:--  6672
      [   11.450932] dracut-initqueue[1830]: parse-kickstart WARNING: Certificate file /etc/pki/ca-trust/source/anchors/rtt1.pem already exists, replacing.
      [   11.451849] dracut-initqueue[1830]: parse-kickstart WARNING: Certificate file /run/install/certificates/path/etc/pki/ca-trust/source/anchors/rtt1.pem already exists, replacing.
      ...
      

      The %certificate section in the kickstart file:

      %certificate --filename=rtt1.pem --dir=/etc/pki/ca-trust/source/anchors
      -----BEGIN CERTIFICATE-----
      MIIDnTCCAoUCFAuEb/mjFz0xqY/PH6jjMo05f3gOMA0GCSqGSIb3DQEBCwUAMIGK
      ...
      Hytv4DxPghGTJMuQ26dQdd4xtwAO1Q7tiCTg9jdVzjFFy5ENBPvJD2y68q8RRVGX
      4JqvGfebg6xMI8EUFKtRKbM=
      -----END CERTIFICATE-----
      %end
      

      Description:

      Since there is nothing wrong with the kickstart file and I'm not replacing a certificate provided by the distribution (that's already part of the installation media), I do not see a reason to print any warning messages to the user. Could the WARNING message be dropped, logged to journal only or perhaps switched to INFO when replacing a certificate provided by the user himself?

      Tested on Rawhide 20250127.n.0 with anaconda-42.23-1.fc42.

      Reproducible:

      Always

      Steps to Reproduce:

      1. Run a kickstart file with a %certificate section in the kickstart file. Download the kickstart file from a network location (it is necessary to have at least one network interface active to reproduce the bug).

      Actual Results:

      The installer shows warning messages about replacing certificate files.

      Expected Results:

      The warning should be printed only when replacing a file with a certificate provided by the distribution and included on the installation media.

      Additional info:

      Originally reported in Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2342554

      Upstream PR: https://github.com/rhinstaller/anaconda/pull/6115

              rvykydal@redhat.com Radek Vykydal
              jstodola@redhat.com Jan Stodola
              anaconda-maint-list anaconda-maint-list
              Release Test Team Release Test Team
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated: