diff --git a/.github/workflows/build-using-buildscripts.yml b/.github/workflows/build-using-buildscripts.yml index 7226ad5e2..4a3cd9da6 100644 --- a/.github/workflows/build-using-buildscripts.yml +++ b/.github/workflows/build-using-buildscripts.yml @@ -128,7 +128,7 @@ jobs: - name: Save artifacts if: success() || failure() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: name: artifacts path: | diff --git a/.github/workflows/deployment-tests.yml b/.github/workflows/deployment-tests.yml index f6c56095e..ceeabc51b 100644 --- a/.github/workflows/deployment-tests.yml +++ b/.github/workflows/deployment-tests.yml @@ -134,9 +134,8 @@ jobs: - name: Save artifacts if: success() || failure() - uses: actions/upload-artifact@v3 + uses: actions/upload-artifact@v4 with: - name: artifacts + name: deployment-test-artifacts path: | artifacts - packages diff --git a/packaging/common/cfengine-hub/postinstall.sh b/packaging/common/cfengine-hub/postinstall.sh index 8ed070f4d..567946b4c 100644 --- a/packaging/common/cfengine-hub/postinstall.sh +++ b/packaging/common/cfengine-hub/postinstall.sh @@ -308,6 +308,11 @@ mkdir -p $CFENGINE_MP_DEFAULT_KEY_LOCATION mkdir -p $CFENGINE_MP_DEFAULT_CSR_LOCATION mkdir -p $CFENGINE_MP_DEFAULT_CERT_LINK_LOCATION mkdir -p $CFENGINE_MP_DEFAULT_SSLCONF_LOCATION +CFENGINE_SHORTNAME=$(hostname -s | tr '[:upper:]' '[:lower:]') +if [ $(echo -n "$CFENGINE_SHORTNAME" | wc -m) -gt 64 ]; then + cf_console echo "Short hostname, $CFENGINE_SHORTNAME, is longer than 64 bytes so cannot be used for a self-signed cert CN." + exit 1 +fi CFENGINE_LOCALHOST=$(hostname -f | tr '[:upper:]' '[:lower:]') CFENGINE_SSL_KEY_SIZE="4096" CFENGINE_SSL_DAYS_VALID="3650" @@ -327,7 +332,7 @@ if [ ! -f $CFENGINE_MP_CERT ]; then ${CFENGINE_OPENSSL} rsa -passin pass:x -in ${CFENGINE_MP_PASS_KEY} -out ${CFENGINE_MP_KEY} # Generate a CSR in ${CFENGINE_MP_CSR} with key ${CFENGINE_MP_KEY} - ${CFENGINE_OPENSSL} req -utf8 -sha256 -nodes -new -subj "/CN=$CFENGINE_LOCALHOST" -key ${CFENGINE_MP_KEY} -out ${CFENGINE_MP_CSR} ${OPENSSL_CNF} + ${CFENGINE_OPENSSL} req -utf8 -sha256 -nodes -new -subj "/CN=$CFENGINE_SHORTNAME" -key ${CFENGINE_MP_KEY} -out ${CFENGINE_MP_CSR} ${OPENSSL_CNF} # Build configuration with reasonable default subjectAltName entries rm -f "$CFENGINE_MP_SSLCONF" diff --git a/packaging/common/cfengine-hub/preinstall.sh b/packaging/common/cfengine-hub/preinstall.sh index a2ee761ac..dcb7bb175 100644 --- a/packaging/common/cfengine-hub/preinstall.sh +++ b/packaging/common/cfengine-hub/preinstall.sh @@ -105,9 +105,10 @@ if [ "`package_type`" = "rpm" ]; then fi # +# If an existing cert is not in place then: # Before starting the installation process we need to check that -# hostname -f returns a valid name. If that is not the case then -# we just abort the installation. +# hostname -f returns a valid name and hostname -s is shorter +# than 64 characters. If not we abort the installation. # NAME=$(hostname -f) || true if [ -z "$NAME" ]; @@ -119,6 +120,18 @@ then exit 1 fi +CFENGINE_MP_DEFAULT_CERT_LOCATION="$PREFIX/httpd/ssl/certs" +CFENGINE_LOCALHOST=$(hostname -f | tr '[:upper:]' '[:lower:]') +CFENGINE_MP_CERT=$CFENGINE_MP_DEFAULT_CERT_LOCATION/$CFENGINE_LOCALHOST.cert +if [ ! -f "$CFENGINE_MP_CERT" ]; then + CFENGINE_SHORTNAME=$(hostname -s | tr '[:upper:]' '[:lower:]') + if [ $(echo -n "$CFENGINE_SHORTNAME" | wc -m) -gt 64 ]; then + cf_console echo "hostname -s returned '$CFENGINE_SHORTNAME' which is longer than 64 characters and cannot be used to generate a self-signed cert common name (CN)." + cf_console echo "Please make sure that hostname -s returns a name less than 64 characters long." + exit 1 + fi +fi + #stop the remaining services on upgrade if is_upgrade; then cf_console platform_service cfengine3 stop