Script can't create files it needs, process fails, can't use a very important function of system :(
ProgrammingThis forum is for all programming questions.
The question does not have to be directly related to Linux and any language is fair game.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Script can't create files it needs, process fails, can't use a very important function of system :(
Hey all! I am really frustrated with my system lately. I built the operating system from scratch, it's based on the Linux kernel, and I have been doing really well at maintaining, fixing, and upgrading it. However, I have noticed a new issue with my system, that I have never seen in previous versions of the OS. I can't seem to use SSL, and I think I have located the issue. I have installed (and reinstalled) NSS, OpenSSL, make-ca script, and p11-kit. Those packages should be enough to run everything, but, when I try using the command to update/generate certificates (make-ca), I am greeted with a strange, yet consistent error. Have a look:
Code:
250613 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250651 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250652 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250691 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250692 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250728 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250729 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250767 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250769 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250811 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250812 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250847 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250848 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250889 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250890 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250925 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250926 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250963 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250964 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 250995 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
250996 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 251040 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
251041 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 251074 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
251075 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 251117 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
251118 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 251160 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
251161 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 251203 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
251204 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 251237 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
251238 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
/usr/sbin/make-ca: line 650: 251269 Done printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' "${tempfile}")
251270 Segmentation fault (core dumped) | "${OPENSSL}" x509 -text -inform DER -fingerprint > tempfile.crt
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
Could not read certificate from tempfile.crt
Unable to load certificate
install: cannot stat '/tmp/tmp.2cZ4qEEz9Y/pki/anchors/*.pem': No such file or directory
I can see that the system complains about a "segmentation fault", which I understand the general meaning of, but I can't seem to fix the issue. The script should, if I understand correctly, create a directory, in the /tmp folder, and use said directory to generate/install these certificates. However, it appears to not have the ability to create said directory, thus borking the whole process.
The errors I included are repeated for every certificate in the file containing all the data being used (it is the Mozilla certdata.txt file), but I thought it would be pointless to include a bajillion (actual number; I counted!) lines of the same error. I will post a reply to this, with the code for the script that I am using, which generates the errors that I am talking about. Thanks for helping!
Here is the code for the script that I used. I apologize for the length of the post. I can't figure out how to create the code wrapper (I tried <code>, to no avail).
Code:
#!/bin/bash
# Begin /usr/sbin/make-ca
#
# Script to create p11-kit anchors, OpenSSL certs directory, GnuTLS certificate
# bundle, NSS shared DB, and Java cacerts from upstream certdata.txt and local
# sources
#
# Authors: DJ Lucas
# Bruce Dubbs
# Graham Weldon
VERSION="1.7"
MAKE_CA_CONF="/etc/make-ca.conf"
# Get/set defaults
if test -f "${MAKE_CA_CONF}"; then
. "${MAKE_CA_CONF}"
else
CERTDATA="certdata.txt"
PKIDIR="/etc/pki"
SSLDIR="/etc/ssl"
CERTUTIL="/usr/bin/certutil"
KEYTOOL="${JAVA_HOME}/bin/keytool"
MD5SUM="/usr/bin/md5sum"
OPENSSL="/usr/bin/openssl"
TRUST="/usr/bin/trust"
ANCHORDIR="${PKIDIR}/anchors"
ANCHORLIST="${PKIDIR}/anchors.md5sums"
BUNDLEDIR="${PKIDIR}/tls/certs"
CABUNDLE="${BUNDLEDIR}/ca-bundle.crt"
SMBUNDLE="${BUNDLEDIR}/email-ca-bundle.crt"
CSBUNDLE="${BUNDLEDIR}/objsign-ca-bundle.crt"
CERTDIR="${SSLDIR}/certs"
KEYSTORE="${PKIDIR}/tls/java"
NSSDB="${PKIDIR}/nssdb"
LOCALDIR="${SSLDIR}/local"
DESTDIR=""
URL="https://hg.mozilla.org/releases/mozilla-release/raw-file/default/security/nss/lib/ckfw/builtins/certdata.txt"
fi
# Some data in the certs have UTF-8 characters
# It doesn't really matter which locale, change if you like
export LANG=en_US.utf8
TEMPDIR=$(mktemp -d)
WORKDIR="${TEMPDIR}/work"
CERTDATAY=0
FORCE=0
GET=0
REBUILD=0
WITH_P12=0
WITH_NSS=0
function get_args(){
while test -n "${1}" ; do
case "${1}" in
-C | --certdata)
if test "${REBUILD}" == "0" -a "${GET}" == "0"; then
check_arg $1 $2
CERTDATA="${2}"
CERTDATAY="1"
shift 2
else
echo "Error: ${1} cannot be used with the -r/--rebuild or -g/--get switches."
exit 3
fi
if test ! -f "${CERTDATA}" -a "${GET}" == "0"; then
echo "Error: ${CERTDATA} not found!"
exit 3
fi
;;
-D | --destdir)
check_arg $1 $2
DESTDIR="${2}"
shift 2
;;
-P | --pkidir)
check_arg $1 $2
PKIDIR="${2}"
ANCHORDIR="${PKIDIR}/anchors"
NSSDB="${PKIDIR}/nssdb"
echo "${@}" | grep -e "-a " -e "--anchordir" \
-e "-n " -e "--nssdb" > /dev/null
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with the -a/--anchordir or -n/--nssdb switches."
echo ""
exit 3
fi
shift 2
;;
-S | --ssldir)
check_arg $1 $2
SSLDIR="${2}"
CERTDIR="${SSLDIR}/certs"
LOCALDIR="${SSLDIR}/local"
echo "${@}" | grep -e "-d " -e "--cadir" > /dev/null 2>&1
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with the -d/--cadir switch."
echo ""
exit 3
fi
shift 2
;;
-a | --anchordir)
check_arg $1 $2
ANCHORDIR="${2}"
echo "${@}" | grep -e "-P " -e "--pkidir" > /dev/null 2>&1
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with the -P/--pkidir switch."
echo ""
exit 3
fi
shift 2
;;
-b | --bundledir)
check_arg $1 $2
BUNDLEDIR="${2}"
shift 2
;;
-d | --cadir)
check_arg $1 $2
CERTDIR="${2}"
echo "$@" | grep -e "-S" -e "--ssldir" > /dev/null 2>&1
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with the -S/--ssldir switch."
echo ""
exit 3
fi
shift 2
;;
-g | --get)
if test "${REBUILD}" == "0" -a "${CERTDATAY}" == "0"; then
GET="1"
CERTDATA="${TEMPDIR}/certdatanew.txt"
shift 1
else
echo "Error: ${1} cannot be used with the -r/--rebuild or -C/--certdata switches."
exit 3
fi
;;
-j | --javacerts)
check_arg $1 $2
KEYSTORE="${2}"
shift 2
;;
-k | --keytool)
check_arg $1 $2
KEYTOOL="${2}"
shift 2
;;
-l | --localdir)
check_arg $1 $2
LOCALDIR="${2}"
shift 2
;;
-m | --java-p12)
WITH_P12="1"
shift 1
;;
-n | --nssdb)
echo "${2}" | grep -v "^-" > /dev/null
if [ "$?" -ne "0" -o ! -n "$2" ]; then
WITH_NSS="1"
shift 1
else
NSSDB="${2}"
WITH_NSS="1"
echo "${@}" | grep -e "-P " -e "--pkidir" > /dev/null
if test "${?}" == "0"; then
echo "Error! ${1} cannot be used with both an argument and the -P/--pkidir switch."
echo ""
exit 3
fi
shift 2
fi
;;
-p | --proxy)
check_arg $1 $2
PROXY="${2}"
shift 2
;;
-r | --rebuild)
if test "${CERTDATAY}" == "0" -a "${GET}" == "0"; then
REBUILD="1"
FORCE="1"
shift 1
else
echo "Error: ${1} cannot be used with the -C/--certdata or -g/--get switches."
exit 3
fi
;;
-s | --openssl)
check_arg $1 $2
OPENSSL="${2}"
shift 2
;;
-t | --certutil)
check_arg $1 $2
CERTUTIL="${2}"
WITH_NSS="1"
shift 2
;;
-u | --trust)
check_arg $1 $2
TRUST="${2}"
shift 2
;;
-f | --force)
FORCE="1"
shift 1
;;
-h | --help)
showhelp
exit 0
;;
-v | --version)
echo -e "$(basename ${0}) ${VERSION}\n"
exit 0
;;
*)
showhelp
exit 1
;;
esac
done
}
function check_arg(){
echo "${2}" | grep "^-" > /dev/null
if [ "$?" == "0" -o ! -n "$2" ]; then
echo "Error: $1 requires a valid argument."
exit 1
fi
}
function showhelp(){
echo ""
echo "`basename ${0}` is a utility to deliver and manage a complete PKI configuration"
echo "for workstaitons and servers using only standard GNU utilities, OpenSSL, and"
echo "P11-Kit. It will optionally generate keystores for NSS if already installed,"
echo "using a Mozilla cacerts.txt or like formatted file. It was originally developed"
echo "for use with Linux From Scratch to minimize dependencies for early system"
echo "build, but has been written to be generic enough for any Linux distribution."
echo ""
echo " -C, --certdata [certdata.txt]"
echo " The location of the certificates source"
echo ""
echo " -D, --destdir [/]"
echo " Change the output directory and use relative"
echo " paths for all other values"
echo ""
echo " -P, --pkidir [/etc/pki]"
echo " The output PKI directory - Cannot be used with"
echo " the -a / --anchordir or -n / --nssdb switches"
echo ""
echo " -S, --ssldir [/etc/ssl]"
echo " The output SSL root direcotry - Cannot be used"
echo " with the -d / --cadir switch"
echo ""
echo " -a, --anchordir [\$PKIDIR/anchors]"
echo " The output directory for OpenSSL trusted"
echo " CA certificates used as trust anchors"
echo ""
echo " -b, --bundledir [\$PKIDIR/certs]"
echo " The output direcotry for the PEM formated bundles"
echo ""
echo " -d, --cadir [\$SSLDIR/certs]"
echo " The output directory for the OpenSSL trusted"
echo " CA certificates"
echo ""
echo " -j, --javacerts [\$PKIDIR/java/cacerts]"
echo " The output directory for the Java cacerts file(s)"
echo ""
echo " -l, --localdir [\$SSLDIR/local]"
echo " The path to a local set of OpenSSL trusted"
echo " certificates, used to both override trust bits"
echo " from upstream sources and provide system local"
echo " certifiates"
echo ""
echo " -m, --java-p12"
echo " Export Java PKCS#12 store - will default to"
echo " \$PKIDIR/java/cacerts.p12 unless modified by"
echo " the '-j/--javacerts' switch"
echo ""
echo " -n, --nssdb {\$PKIDIR/nssdb}"
echo " The output path for the shared NSS DB"
echo ""
echo " -p, --proxy [URI:PORT]"
echo " Use proxy server for download"
echo ""
echo " -k, --keytool [\$JAVA_HOME/bin/keytool]"
echo " The path of the Java keytool utility"
echo ""
echo " -s, --openssl [/usr/bin/openssl]"
echo " The path of the openssl utility"
echo ""
echo " -t, --certutil [/usr/bin/certutil]"
echo " The path of the NSS certutil utility"
echo ""
echo " -u, --trust [/usr/bin/trust]"
echo " The path of the p11-kit trust utility"
echo ""
echo " -f, --force Force run, even if source is not newer"
echo ""
echo " -g, --get Download certdata.txt directly from Mozilla's"
echo " Mecurial server"
echo ""
echo " -h, --help Show this help message and exit"
echo ""
echo " -r, --rebuild Rebuild the enitre PKI tree using the previous"
echo " certdata.txt file"
echo ""
echo " -v. --version Show version information and exit"
echo ""
echo "Example: `basename ${0}` -f -C ~/certdata.txt"
echo ""
}
# Convert CKA_TRUST values to trust flags for certutil
function convert_trust(){
case $1 in
CKT_NSS_TRUSTED_DELEGATOR)
echo "C"
;;
CKT_NSS_NOT_TRUSTED)
echo "p"
;;
CKT_NSS_MUST_VERIFY_TRUST)
echo ""
;;
esac
}
function convert_trust_arg(){
case $1 in
C)
case $2 in
sa)
echo "-addtrust serverAuth"
;;
sm)
echo "-addtrust emailProtection"
;;
cs)
echo "-addtrust codeSigning"
;;
ca)
echo "-addtrust clientAuth"
;;
esac
;;
p)
case $2 in
sa)
echo "-addreject serverAuth"
;;
sm)
echo "-addreject emailProtection"
;;
cs)
echo "-addreject codeSigning"
;;
ca)
echo "-addreject clientAuth"
;;
esac
;;
*)
echo ""
;;
esac
}
# Define p11-kit ext value constants (see p11-kit API documentation)
function get-p11-val() {
case $1 in
p11sasmcs)
p11value="0%2a%06%03U%1d%25%01%01%ff%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
;;
p11sasm)
p11value="0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01"
;;
p11sacs)
p11value="0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
;;
p11sa)
p11value="0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%01"
;;
p11smcs)
p11value="0 %06%03U%1d%25%01%01%ff%04%160%14%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%03"
;;
p11sm)
p11value="0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%04"
;;
p11cs)
p11value="0%16%06%03U%1d%25%01%01%ff%04%0c0%0a%06%08%2b%06%01%05%05%07%03%03"
;;
p11)
p11value="0%18%06%03U%1d%25%01%01%ff%04%0e0%0c%06%0a%2b%06%01%04%01%99w%06%0a%10"
;;
esac
}
function get_p11_label() {
# $1 == individual nss certificate extracted from certdata.txt
# or x509 certificate with OpenSSL text values
p11label="$(grep -m1 "Issuer" ${1} | grep -o CN=.*$ | \
cut -d ',' -f 1 | sed 's@CN=@@')"
# Fallback to the OU value if CN does not exeist in Issuer string
if [ "${p11label}" == "" ]; then
p11label="$(grep -m1 "Issuer" ${1} | grep -o "OU=.*$" | \
cut -d ',' -f 1 | sed 's@OU=@@')"
# If still empty, fall back to Object value as a last resort
if [ "${p11label}" == "" ]; then
p11label="$(grep -m1 "Issuer" ${1} | grep -o "O=.*$" | \
cut -d ',' -f 1 | sed 's@O=@@')"
fi
fi
}
function get_trust_values() {
# $1 == indiviual certificate extracted from NSS certdata.txt
# Determine certificate trust values for SSL/TLS, S/MIME, and Code Signing
satrust="$(convert_trust `grep '^CKA_TRUST_SERVER_AUTH' ${1} | \
cut -d " " -f 3`)"
smtrust="$(convert_trust `grep '^CKA_TRUST_EMAIL_PROTECTION' ${1} | \
cut -d " " -f 3`)"
cstrust="$(convert_trust `grep '^CKA_TRUST_CODE_SIGNING' ${1} | \
cut -d " " -f 3`)"
# Not currently included in NSS certdata.txt
#catrust="$(convert_trust `grep '^CKA_TRUST_CLIENT_AUTH' ${1} | \
# cut -d " " -f 3`)"
}
function get_p11_trust() {
# if distrusted at all, x-distrusted
if test "${satrust}" == "p" -o "${smtrust}" == "p" -o "${cstrust}" == "p"
then
# if any distrusted, x-distrusted
p11trust="x-distrusted: true"
p11oid="1.3.6.1.4.1.3319.6.10.1"
p11value="0.%06%0a%2b%06%01%04%01%99w%06%0a%01%04 0%1e%06%08%2b%06%01%05%05%07%03%04%06%08%2b%06%01%05%05%07%03%01%06%08%2b%06%01%05%05%07%03%03"
else
p11trust="trusted: true"
p11oid="2.5.29.37"
trustp11="p11"
if test "${satrust}" == "C"; then
trustp11="${trustp11}sa"
fi
if test "${smtrust}" == "C"; then
trustp11="${trustp11}sm"
fi
if test "${cstrust}" == "C"; then
trustp11="${trustp11}cs"
fi
get-p11-val "${trustp11}"
fi
}
function write_anchor() {
echo "[p11-kit-object-v1]" >> "${anchorfile}"
echo "label: "${p11label}"" >> "${anchorfile}"
echo "class: x-certificate-extension" >> "${anchorfile}"
echo "object-id: ${p11oid}" >> "${anchorfile}"
echo "value: "${p11value}"" >> "${anchorfile}"
echo "modifiable: false" >> "${anchorfile}"
echo "${certkey}" >> "${anchorfile}"
echo "" >> "${anchorfile}"
echo "[p11-kit-object-v1]" >> "${anchorfile}"
echo "label: "${p11label}"" >> "${anchorfile}"
echo "${p11trust}" >> "${anchorfile}"
echo "nss-mozilla-ca-policy: ${moz_trust}" >> "${anchorfile}"
echo "modifiable: false" >> "${anchorfile}"
echo "${certcer}" >> "${anchorfile}"
echo "${certtxt}" | sed 's@^@#@' >> "${anchorfile}"
echo "Added to p11-kit anchor directory with trust '${satrust},${smtrust},${cstrust}'."
}
function write_nss_db() {
# $1 == NSS database
# $2 == x509 certificate in PEM format
"${CERTUTIL}" -d "sql:${1}" -A \
-t "${satrust},${smtrust},${cstrust}" \
-n "${certname}" -i "${2}"
echo "Added to NSS shared DB with trust '${satrust},${smtrust},${cstrust}'."
}
function write_java_p12() {
# $1 == cacerts.p12 file
# $2 == x509 certificate in PEM format
# Remove existing certificate
"${KEYTOOL}" -delete -noprompt -alias "${certname}" \
-keystore "${1}" \
-storepass 'changeit' > /dev/null 2>&1
# Determine ExtendedKeyUsage
EKU=""
EKUVAL=""
if test "${satrust}" == "C"; then EKU="serverAuth"; fi
if test "${smtrust}" == "C"; then
if test "${EKU}" == ""; then
EKU="clientAuth"
else
EKU="${EKU},clientAuth"
fi
fi
if test "${cstrust}" == "C"; then
if test "${EKU}" == ""; then
EKU="codeSigning"
else
EKU="${EKU},codeSigning"
fi
fi
if test "${EKU}" != ""; then
EKUVAL="-ext EKU=${EKU}"
"${KEYTOOL}" -importcert -file "${2}" -storetype PKCS12 \
-noprompt -alias "${certname}" -storepass 'changeit' \
-keystore "${1}" $EKUVAL \
> /dev/null 2>&1 | \
sed -e "s@Certificate was a@A@" \
-e 's@keystore@Java cacerts (PKCS#12) with trust '${satrust},${smtrust},${cstrust}'.@' \
| sed 's@p@@'
unset EKU
unset EKUVAL
fi
}
# Process command line arguments
get_args $@
test ! -x "${OPENSSL}" && \
echo "OpenSSL not found at ${OPENSSL}. Exiting..." && exit 1
mkdir -p "${TEMPDIR}"/{certs,pki/anchors,work}
if test "${WITH_P12}" -eq "1"; then
test ! -x "${KEYTOOL}" && \
echo "Java keytool not found at ${KEYTOOL}. Exiting..." && exit 1
else
mkdir -p "${TEMPDIR}/ssl/java"
fi
if test "${WITH_NSS}" -eq "1"; then
test ! -x "${CERTUTIL}" && \
echo "NSS certutil not found at ${CERTUTIL}. Exiting..." && exit 1
# Create a blank NSS DB
mkdir -p "${TEMPDIR}/pki/nssdb"
"${CERTUTIL}" -N --empty-password -d "sql:${TEMPDIR}/pki/nssdb"
fi
# Download certdata.txt if selected
if test "${GET}" == "1"; then
HOST=$(echo "${URL}" | /usr/bin/cut -d / -f 3)
_url=$(echo "${URL}" | sed 's@raw-file@log@')
SARGS="-ign_eof -connect ${HOST}:443"
if test "${PROXY}x" != "x"; then
SARGS="${SARGS} -proxy ${PROXY}"
fi
echo GET ${_url} | \
${OPENSSL} s_client ${SARGS} 2> /dev/null > "${TEMPDIR}/certdata.txt.log"
unset _url
# Error out here if we couldn't get the file
grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" > /dev/null 2>&1
if test "$?" -gt 0; then
echo "Unable to get revision from server! Exiting."
exit 1
fi
# See if we need to update before downloading the file
REVISION=$(grep -m1 "<i>" "${TEMPDIR}/certdata.txt.log" | cut -d "<" -f 1)
if test -e "${DESTDIR}${SSLDIR}/certdata.txt"; then
OLDVERSION=$(grep "^# Revision:" "${DESTDIR}${SSLDIR}/certdata.txt" | \
cut -d ":" -f 2)
if test "${OLDVERSION}x" == "${REVISION}x" -a "${FORCE}" == "0"; then
echo "No update required! Use --force to update anyway."
exit 0
fi
fi
# Download the new file
echo GET ${URL} | \
${OPENSSL} s_client ${SARGS} 2> /dev/null >> "${CERTDATA}"
_line=$(( $(grep -n "certdata.txt" "${CERTDATA}" | cut -d ":" -f 1) - 1))
sed -e "1,${_line}d" -i "${CERTDATA}"
sed "1i # Revision:${REVISION}" -i "${CERTDATA}"
fi
if test "${REBUILD}" == "1"; then
CERTDATA="${DESTDIR}${SSLDIR}/certdata.txt"
fi
if test ! -r "${CERTDATA}"; then
echo "${CERTDATA} was not found. The certdata.txt file must be in the local"
echo "directory, speficied with the -C/--certdata switch, or downloaded with"
echo "the -g/--get switch."
exit 1
fi
REVISION=$(grep "^# Revision" "${CERTDATA}" | cut -d ":" -f 2)
if test "${REVISION}x" == "x"; then
echo "WARNING! ${CERTDATA} has no 'Revision' value."
echo "Will run conversion unconditionally."
sleep 2
REVISION="$(date -u +%Y%m%d-%H%M)"
echo "# Revision:${REVISION}" > "${WORKDIR}/certdata.txt"
else
if test "${FORCE}" == "1"; then
echo "Output forced. Will run conversion unconditionally."
sleep 2
elif test "${DESTDIR}x" == "x"; then
test -f "${CABUNDLE}" &&
OLDVERSION=$(grep "^# Revision:" "${CABUNDLE}" | cut -d ":" -f 2)
if test "${OLDVERSION}x" == "${REVISION}x"; then
echo "No update required! Use --force to update anyway."
exit 0
fi
fi
fi
cat "${CERTDATA}" >> "${WORKDIR}/certdata.txt"
pushd "${WORKDIR}" > /dev/null
# Get a list of starting lines for each cert
CERTBEGINLIST=`grep -n "^# Certificate" "${WORKDIR}/certdata.txt" | \
cut -d ":" -f1`
# Dump individual certs to temp file
for certbegin in ${CERTBEGINLIST}; do
awk "NR==$certbegin,/^CKA_TRUST_STEP_UP_APPROVED/" "${WORKDIR}/certdata.txt" \
> "${TEMPDIR}/certs/${certbegin}.tmp"
done
unset CERTBEGINLIST certbegin
for tempfile in ${TEMPDIR}/certs/*.tmp; do
# Get a name for the cert
certname="$(grep "^# Certificate" "${tempfile}" | cut -d '"' -f 2)"
get_trust_values "${tempfile}"
# Convert to a PEM formated certificate
printf $(awk '/^CKA_VALUE/{flag=1;next}/^END/{flag=0}flag{printf $0}' \
"${tempfile}") | "${OPENSSL}" x509 -text -inform DER -fingerprint \
> tempfile.crt
# Get individual values for certificates
certkey="$(${OPENSSL} x509 -in tempfile.crt -noout -pubkey)"
certcer="$(${OPENSSL} x509 -in tempfile.crt)"
certtxt="$(${OPENSSL} x509 -in tempfile.crt -noout -text)"
# Get p11-kit label, oid, and values
get_p11_label "${tempfile}"
# Get p11 trust and OID values
get_p11_trust
# Get a hash for the cert
keyhash=$("${OPENSSL}" x509 -noout -in tempfile.crt -hash)
# Print information about cert
echo "Certificate: ${certname}"
echo "Keyhash: ${keyhash}"
# Place certificate into trust anchors dir
anchorfile="${TEMPDIR}/pki/anchors/${keyhash}.pem"
moz_trust="true"
write_anchor
# Import all certificates with trust args to the temporary NSS DB
if test "${WITH_NSS}" == "1"; then
write_nss_db ${TEMPDIR}/pki/nssdb tempfile.crt
fi
# Import all certificates with trust args to the java cacerts.p12 file
if test "${WITH_P12}" == "1"; then
write_java_p12 "${TEMPDIR}/ssl/java/cacerts.p12" tempfile.crt
fi
# Clean up the directory and environment as we go
rm -f tempfile.crt
unset keyhash subject count certname
unset trustlist rejectlist satrust smtrust cstrust catrust
unset p11trust p11oid p11value trustp11 p11label anchrorfile moz_trust
echo -e "\n"
done
unset tempfile
# Install anchors in $ANCHORDIR
test -d "${DESTDIR}${ANCHORDIR}" && rm -rf "${DESTDIR}${ANCHORDIR}"
install -dm755 "${DESTDIR}${ANCHORDIR}" > /dev/null 2>&1
install -m644 "${TEMPDIR}"/pki/anchors/*.pem "${DESTDIR}${ANCHORDIR}"
# Install NSS Shared DB
if test "${WITH_NSS}" == "1"; then
sed -e "s@${TEMPDIR}/pki/nssdb@${NSSDB}@" \
-e 's/library=/library=libnsssysinit.so/' \
-e 's/Flags=internal/Flags=internal,moduleDBOnly/' \
-i "${TEMPDIR}/pki/nssdb/pkcs11.txt"
test -d "${DESTDIR}${NSSDB}" && rm -rf "${DESTDIR}${NSSDB}"
install -dm755 "${DESTDIR}${NSSDB}" > /dev/null 2>&1
install -m644 "${TEMPDIR}"/pki/nssdb/{cert9.db,key4.db,pkcs11.txt} \
"${DESTDIR}${NSSDB}"
fi
# Install Java cacerts.p12 in ${KEYSTORE}
if test "${WITH_P12}" == "1"; then
test -f "${DESTDIR}${KEYSTORE}/cacerts.p12" &&
rm -f "${DESTDIR}${KEYSTORE}/cacerts.p12"
install -dm644 "${TEMPDIR}/ssl/java/cacerts.p12" \
"${DESTDIR}${KEYSTORE}/cacerts.p12"
fi
# Import any certs in $LOCALDIR
# Don't do any checking, just trust the admin
if test -d "${LOCALDIR}"; then
echo "Processing local certificates..."
for cert in `find "${LOCALDIR}" -name "*.pem"`; do
# Get some information about the certificate
keyhash=$("${OPENSSL}" x509 -noout -in "${cert}" -hash)
subject=$("${OPENSSL}" x509 -noout -in "${cert}" -subject)
# This will always be OpenSSL, values will be separated by spaces
certname=$( echo "${subject}" | grep -o "CN = .*" | sed 's@CN = @@' | cut -d "," -f 1)
echo "Certificate: ${certname}"
echo "Keyhash: ${keyhash}"
# Get trust information
trustlist=$("${OPENSSL}" x509 -in "${cert}" -text -trustout | \
grep -A1 "Trusted Uses")
satrust=""
smtrust=""
cstrust=""
catrust=""
satrust=$(echo "${trustlist}" | \
grep "TLS Web Server" > /dev/null 2>&1 && echo "C")
smtrust=$(echo "${trustlist}" | \
grep "E-mail Protection" > /dev/null 2>&1 && echo "C")
cstrust=$(echo "${trustlist}" | \
grep "Code Signing" > /dev/null 2>&1 && echo "C")
catrust=$(echo "${trustlist}" | \
grep "Client Auth" > /dev/null 2>&1 && echo "C")
# Get reject information
rejectlist=$("${OPENSSL}" x509 -in "${cert}" -text -trustout | \
grep -A1 "Rejected Uses")
if test "${satrust}" == ""; then satrust=$(echo "${rejectlist}" | \
grep "TLS Web Server" > /dev/null 2>&1 && echo "p"); fi
if test "${smtrust}" == ""; then smtrust=$(echo "${rejectlist}" | \
grep "E-mail Protection" > /dev/null 2>&1 && echo "p"); fi
if test "${cstrust}" == ""; then cstrust=$(echo "${rejectlist}" | \
grep "Code Signing" > /dev/null 2>&1 && echo "p"); fi
if test "${catrust}" == ""; then catrust=$(echo "${rejectlist}" | \
grep "Client Auth" > /dev/null 2>&1 && echo "p"); fi
# Get individual values for certificates
certkey="$(${OPENSSL} x509 -in ${cert} -noout -pubkey)"
certcer="$(${OPENSSL} x509 -in ${cert})"
certtxt="$(${OPENSSL} x509 -in ${cert} -noout -text)"
# Place certificate into trust anchors dir
get_p11_label "${cert}"
# Get p11 trust and OID values
get_p11_trust
# Place certificate into trust anchors dir
anchorfile="${DESTDIR}${ANCHORDIR}/${keyhash}.pem"
moz_trust="false"
write_anchor
# Generate working copy
"${OPENSSL}" x509 -in "${cert}" -text -fingerprint > tempfile.crt
# Add to Shared NSS DB
if test "${WITH_NSS}" == "1"; then
write_nss_db "${DESTDIR}${NSSDB}" tempfile.crt
fi
# Import certificate (with trust args) into the java cacerts.p12 file
if test "${WITH_P12}" == "1"; then
write_java_p12 "${DESTDIR}${KEYSTORE}/cacerts.p12" tempfile.crt
fi
unset keyhash subject count certname
unset trustlist rejectlist satrust smtrust cstrust catrust
unset p11trust p11oid p11value trustp11 p11label anchorfile moz_trust
echo ""
done
unset cert
fi
# Install certdata.txt
if test "${REBUILD}" == "0"; then
install -vdm755 "${DESTDIR}${SSLDIR}"
install -m644 "${WORKDIR}/certdata.txt" "${DESTDIR}${SSLDIR}/certdata.txt"
fi
# Clean up the mess
popd
rm -rf "${TEMPDIR}"
# Build ANCHORLIST
"${MD5SUM}" "${DESTDIR}${ANCHORDIR}"/*.pem > "${DESTDIR}${ANCHORLIST}"
# Build alternate formats using p11-kit trust
mkdir -p "${DESTDIR}${BUNDLEDIR}" "${DESTDIR}${KEYSTORE}"
echo -n "Extracting OpenSSL certificates to ${DESTDIR}${CERTDIR}..."
"${TRUST}" extract --filter=certificates --format=openssl-directory \
--overwrite --comment "${DESTDIR}${CERTDIR}" \
&& echo "Done!" || echo "Failed!!!"
echo -n "Extracting GNUTLS server auth certificates to ${DESTDIR}${CABUNDLE}..."
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose server-auth --overwrite --comment "${DESTDIR}${CABUNDLE}" \
&& echo "Done!" || echo "Failed!!!"
echo -n "Extracting GNUTLS S-Mime certificates to ${DESTDIR}${SMBUNDLE}..."
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose email --overwrite --comment "${DESTDIR}${SMBUNDLE}" \
&& echo "Done!" || echo "Failed!!!"
echo -n "Extracting GNUTLS code signing certificates to ${DESTDIR}${CSBUNDLE}..."
"${TRUST}" extract --filter=ca-anchors --format=pem-bundle \
--purpose code-signing --overwrite --comment \
"${DESTDIR}${CSBUNDLE}" && echo "Done!" || echo "Failed!!!"
echo -n "Extracting Java cacerts (JKS) to ${DESTDIR}${KEYSTORE}/cacerts..."
"${TRUST}" extract --filter=ca-anchors --format=java-cacerts \
--purpose server-auth --overwrite \
--comment "${DESTDIR}${KEYSTORE}/cacerts" \
&& echo "Done!" || echo "Failed!!!"
# End /usr/sbin/make-ca
Please place your code snippets inside [CODE]...[/CODE] tags for better readability. You may type those yourself or click the "#" button in the edit controls.
Also, please be respectful of the time of others by reducing the problem to a single minimal example which will reproduce the problem. Asking others to read through large blocks of code or repeated examples of the same error will not get your question much attention.
Please review the Site FAQ for guidance in posting your questions and general forum usage. Especially, read the link in that page, How To Ask Questions The Smart Way. The more effort you put into understanding your problem and framing your questions, the better others can help!
Please place your code snippets inside [CODE]...[/CODE] tags for better readability. You may type those yourself or click the "#" button in the edit controls.
Also, please be respectful of the time of others by reducing the problem to a single minimal example which will reproduce the problem. Asking others to read through large blocks of code or repeated examples of the same error will not get your question much attention.
Please review the Site FAQ for guidance in posting your questions and general forum usage. Especially, read the link in that page, How To Ask Questions The Smart Way. The more effort you put into understanding your problem and framing your questions, the better others can help!
Hey, thanks for your post. I am being as respectful as I can of time. To be totally honest, I am totally lost here. I have been stuck on this for weeks, and I need some help. This is, by far, the best forum for this type of issue, and I really don't have any alternative. I'm sorry.
As for the code, I have edited my posts. Thank you for telling me how to do it.
Thanks for fixing up those code tags, that helps a lot!
... but still not enough that I can make much sense of what the problem might be, so let's try to narrow it down a bit further.
Quote:
Originally Posted by dptzippy
Hey all! I am really frustrated with my system lately. I built the operating system from scratch, it's based on the Linux kernel, and I have been doing really well at maintaining, fixing, and upgrading it. However, I have noticed a new issue with my system, that I have never seen in previous versions of the OS. I can't seem to use SSL, and I think I have located the issue. I have installed (and reinstalled) NSS, OpenSSL, make-ca script, and p11-kit. Those packages should be enough to run everything, but, when I try using the command to update/generate certificates (make-ca), I am greeted with a strange, yet consistent error.
As it is your own system (LFS possibly?) it may be difficult for others to reproduce the problem on their own platforms. Telling us it is "based on the Linux kernel" is not very helpful, and will probably raise a great many other questions, so let's head off as many as we can.
Please tell us some basic stuff like kernel version (output of uname -a), what your OS is built on whether it be LFS or some other distro, the versions of the relevant packages (i.e. NSS, Open-SSL,p11-kit, etc.) and the mozilla cert bundle you are trying to load. Perhaps if you could provide the actual command you are using which results in the error and just the first error. And I would suggest creating a test bundle of one cert to quiet things down until you can identify the cause of the problem.
If you think it is permission related, please include the actual ownership and permission info for the relevant directory and its parents - we can't know what those may be unless you tell us.
A segmentation fault is not likely caused by directory permissions, and it is evidently occurring in a process called by your script, not the script itself... can you try to identify what process that is by narrowing down the exact lin in your script which results in the fault, please.
Last edited by astrogeek; 02-10-2021 at 11:09 PM.
Reason: tpoy, topy, typo
I'm away from my system, but I can answer those questions.
First, it is built off of the base of LFS, though the system is so far from what the LFS book finishes at. The kernel is 5.10.3.
As for the command, I use "make-ca -g -f", with the g being the command to generate, and the f being the command to force it. I run this command as root, and I have the ability to create/remove within the folder the script is trying to access.
NSS is version 3.61
p11-kit is version 0.23.22
make-ca is version 1.7
OpenSSL is version 1.1.1
I included a few of the error, in case there was any difference that a more experienced developer might find. I didn't mean to waste anybody's time. Is this information enough to help me? I can answer any other questions that you, or anybody else, might have. Thanks
Thanks for the info, but that does not narrow anything down in a useful way...
How far from LFS is it? Window$ and MacOS are pretty far from LFS too! Could you be a little more specific please?
And saying you have permission to create within the directory is somewhat at odds with it being a permissions issue - again we need to see the actual permissions. An experienced developer knows to not begin pursuit of any winged water fowl!
But seriously, with such a custom system you are really very much on your own trying to identify many problems, so there is little point getting started without you having access to the machine.
I would suggest that when you again have access, try to narrow it down to the specific command in the script that results in the segmentation fault, and make a minimal repeatable example to test with, one that does not involve running the whole bundle through your script. That is the starting point and no one is going to be able to do that without access to the keyboard attached to the machine - that means you!
Once you know the application producing the segmentation fault (NSS or Open-SSL for example), post that info here and we can begin to troubleshoot that specific problem, and take it from there.
Hey, man. I saw that the error pointed to a specific line in the script (650), and the error/code is given. I don't know how to fix the code, as my understanding of the language is not as good as it needs to be. I would think that the syntax is off or something, but IDK. Can you help me with that at all?
To be complete, I also saw the line 650 message, and stated that I do not think the segmentation fault is caused by that line, or the script itself - did you read that? If I thought that was the problem I would have said so.
Again, you need to identify the cause of the segmentation fault and that cannot be done without interaction with the system. I have suggested how you might go about that. Surely, if you have built and highly modified your OS based on a Linux kernel you have the basic skills required to troubleshoot a simple shell script, no? If not, that is OK too, but troubleshooting interactions must be based on facts, ground truth, not posturings and guesses.
I suspect the segmentation fault is caused by the line that is also printed with that message. You can begin to narrow that down by writing a line to echo a message before and after that line and by printing out the values of all those variables immediately before that line, so you know what state it is in going in.
My best guess - and only a guess: Your openssl install is probably broken. When you interact with the machine you can test that by issuing a few openssl commands. If unsure how to do that, post back - when you have access to the machine.
Note also that the seg fault produced a core dump, which will contain information about what happened and where. You can learn about how to use that to advantage by looking at man core and man gdb.
Last edited by astrogeek; 02-11-2021 at 01:54 AM.
Reason: Added core comments
Distribution: openSUSE, Raspbian, Slackware. Previous: MacOS, Red Hat, Coherent, Consensys SVR4.2, Tru64, Solaris
Posts: 2,818
Rep:
Quote:
Originally Posted by dptzippy
Hey, thanks for your post. I am being as respectful as I can of time. To be totally honest, I am totally lost here. I have been stuck on this for weeks, and I need some help. This is, by far, the best forum for this type of issue, and I really don't have any alternative. I'm sorry.
As for the code, I have edited my posts. Thank you for telling me how to do it.
Have you determined just binary what is encountering the segmentation fault? You can identify the binary that was running when it occurred by examining it using the debugger. Also, on Linux, the "file" command will identify the name of the program that created the core file.
Code:
$ gdb -c core.<PID>
or
$ file core.<PID>
In my experience, a segmentation fault usually means I've screwed up a pointer somewhere in my code.
The printf in its first argument expects a format string, and treats \ and % in a special way. Also it is not in quotes, so the shell teats many characters in a special way.
Try a fix
Thanks @shruggy to point that out.
Then I suggest to add a "%s" for awk's printf to ensure there is no backslash handling.
And, for the shell, wrap the $( ) in quotes.
The shell's built-in printf must handle the \NNN octal numbers, and must be robust enough to handle the null bytes (\000). If an older bash version or another shell is used, it is worth to try the external /usr/bin/printf
Last edited by MadeInGermany; 02-14-2021 at 10:13 AM.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
