[NXP-24536] Make Tomcat ugrade scripts compatible with RHEL/CentOS OSes - Nuxeo Issue Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Resolved
Priority: Minor
Resolution: Fixed
Affects Version/s: 7.10, 8.10
Fix Version/s: 7.10-HF40, 8.10-HF29
Component/s: nuxeoctl start/stop/admin

Tags:
Sprint:
nxsupport 10.1.3
Story Points:
1

Description

The current script allowing to upgrade Tomcat 7 in Nuxeo 8.10 and 9.10 is not compatible with hardened CentOS/RHEL OSes.

https://github.com/nuxeo/nuxeo/blob/master/nuxeo-distribution/nuxeo-nxr-server/src/main/resources/templates/common-base/client/scripts/upgrade_tomcat7.sh

--show-progress option is not recognized by wget due to an old version:

Retrieving files...
wget: unrecognized option '--show-progress'
Usage: wget [OPTION]... [URL]...

And on some hardened systems MD5 is not allowed because not FIPS-compatible:

Checking archives...
Verifying apache-tomcat-7.0.81.tar.gz.md5...Error setting digest md5
139873283848096:error:060800A3:digital envelope routines:EVP_DigestInit_ex:disabled for fips:digest.c:256:

Possible solutions would be simply to remove the aforementioned processing since SHA1 is still available and the progress indicator is comestic.

Or test for RHEL and CentOS and then remove the progress option and the MD5

Attachments

Activity

People

Assignee:

Frantz Fischer

Reporter:

Frantz Fischer

Participants:

Frantz Fischer, Jenkins

Votes:

0 Vote for this issue

Watchers:

2 Start watching this issue

Dates

Created:

2018-03-05 08:21

Updated:

2018-05-07 14:30

Resolved:

2018-04-19 09:43

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: