[RHEL-77156] [RHEL-10] parse-kickstart WARNING: Certificate file XYZ already exists, replacing. - Red Hat Issue Tracker

Type: Bug
Resolution: Unresolved
Priority: Undefined
Fix Version/s: rhel-10.0
Affects Version/s: rhel-10.0
Component/s: anaconda
Labels:
None

Fixed in Build:
anaconda-40.22.3.23-1.el10
Regression:
No
Severity:
Low
Epic Link:
INSTALLER-4027

Pool Team:

rhel-sst-installer

Internal Target Milestone:
25
Story Points:
None
Blocked:
False
Blocked Reason:

Hide

None

Show
None
Product Documentation Required:
No
Sprint:
None

Git Pull Request:
https://github.com/rhinstaller/anaconda/pull/6145
Preliminary Testing:
Pass
Errata Link:
https://errata.engineering.redhat.com/advisory/139695
Test Coverage:
None

Release Note Type:
Unspecified Release Note Type - Unknown

Experience:

SFDC Cases Counter:
SFDC Cases Open:
SFDC Cases Links:

Planning:
None

Description:

When running a kickstart installation with the %certificate section in the kickstart file, the installer show a warning when parsing the kickstart file after fetching it:

...
[   10.701528] dracut-initqueue[1802]:                                  Dload  Upload   Total   Spent    Left  Speed
100  1568  100  1568    0     0   6645      0 --:--:-- --:--:-- --:--:--  6672
[   11.450932] dracut-initqueue[1830]: parse-kickstart WARNING: Certificate file /etc/pki/ca-trust/source/anchors/rtt1.pem already exists, replacing.
[   11.451849] dracut-initqueue[1830]: parse-kickstart WARNING: Certificate file /run/install/certificates/path/etc/pki/ca-trust/source/anchors/rtt1.pem already exists, replacing.
...

The %certificate section in the kickstart file:

%certificate --filename=rtt1.pem --dir=/etc/pki/ca-trust/source/anchors
-----BEGIN CERTIFICATE-----
MIIDnTCCAoUCFAuEb/mjFz0xqY/PH6jjMo05f3gOMA0GCSqGSIb3DQEBCwUAMIGK
...
Hytv4DxPghGTJMuQ26dQdd4xtwAO1Q7tiCTg9jdVzjFFy5ENBPvJD2y68q8RRVGX
4JqvGfebg6xMI8EUFKtRKbM=
-----END CERTIFICATE-----
%end

Description:

Since there is nothing wrong with the kickstart file and I'm not replacing a certificate provided by the distribution (that's already part of the installation media), I do not see a reason to print any warning messages to the user. Could the WARNING message be dropped, logged to journal only or perhaps switched to INFO when replacing a certificate provided by the user himself?

Tested on Rawhide 20250127.n.0 with anaconda-42.23-1.fc42.

Reproducible:

Always

Steps to Reproduce:

1. Run a kickstart file with a %certificate section in the kickstart file. Download the kickstart file from a network location (it is necessary to have at least one network interface active to reproduce the bug).

Actual Results:

The installer shows warning messages about replacing certificate files.

Expected Results:

The warning should be printed only when replacing a file with a certificate provided by the distribution and included on the installation media.

Additional info:

Originally reported in Bugzilla: https://bugzilla.redhat.com/show_bug.cgi?id=2342554

Upstream PR: https://github.com/rhinstaller/anaconda/pull/6115

clones

RHEL-77155 [RHEL-9] parse-kickstart WARNING: Certificate file XYZ already exists, replacing.

Release Pending

links to

RHBA-2024:139695 anaconda bug fix and enhancement update

Assignee:: Radek Vykydal

Reporter:: Jan Stodola

Developer:: anaconda-maint-list

QA Contact:: Release Test Team

Votes:: 0 Vote for this issue

Watchers:: 2 Start watching this issue

Created:: 2025/01/31 11:21 AM

Updated:: 2025/02/11 4:13 PM

Target end:: 2025/02/10

Next Planned Release Date:: 2025/05/13

Details

Description

Description:

Description:

Reproducible:

Steps to Reproduce:

Actual Results:

Expected Results:

Additional info:

Attachments

Issue Links

Easy Agile Planning Poker

Activity

People

Dates

Hide