search

indigo-dc / oidc-agent

oidc-agent for managing OpenID Connect tokens on the command line
MIT License
110 stars 30 forks source link

CentOS 7 NSS update broke oidc-token 5.0.1 #547

Closed maarten-litmaath closed 10 months ago

maarten-litmaath commented 10 months ago

Hi oidc-agent experts, I just discovered oidc-token 5.0.1 failures happening since Fri Oct 27 afternoon, printing this error:

ERROR: Error: error with ssl cert

Suspiciously, a few hours earlier there had been a yum auto-update of NSS libraries:

Oct 27 04:49:28 Updated: nss-util-3.90.0-1.el7_9.x86_64 [...] Oct 27 04:49:28 Updated: nss-util-devel-3.90.0-1.el7_9.x86_64 Oct 27 04:49:28 Updated: nss-softokn-freebl-3.90.0-6.el7_9.x86_64 Oct 27 04:49:28 Updated: nss-softokn-3.90.0-6.el7_9.x86_64 Oct 27 04:49:28 Updated: nss-sysinit-3.90.0-2.el7_9.x86_64 Oct 27 04:49:28 Updated: nss-3.90.0-2.el7_9.x86_64 [...] Oct 27 04:49:28 Updated: nss-softokn-freebl-devel-3.90.0-6.el7_9.x86_64 Oct 27 04:49:28 Updated: nss-softokn-devel-3.90.0-6.el7_9.x86_64 Oct 27 04:49:28 Updated: nss-devel-3.90.0-2.el7_9.x86_64 Oct 27 04:49:28 Updated: 32:bind-utils-9.11.4-26.P2.el7_9.15.x86_64 Oct 27 04:49:29 Updated: nss-tools-3.90.0-2.el7_9.x86_64

The command worked again after downgrading to these versions:

Oct 29 17:40:41 Installed: nss-util-3.79.0-1.el7_9.x86_64 Oct 29 17:40:41 Installed: nss-softokn-freebl-3.79.0-4.el7_9.x86_64 Oct 29 17:40:41 Installed: nss-softokn-3.79.0-4.el7_9.x86_64 Oct 29 17:40:41 Installed: nss-sysinit-3.79.0-5.el7_9.x86_64 Oct 29 17:40:42 Installed: nss-3.79.0-5.el7_9.x86_64 Oct 29 17:40:42 Installed: nss-util-devel-3.79.0-1.el7_9.x86_64 Oct 29 17:40:42 Installed: nss-softokn-freebl-devel-3.79.0-4.el7_9.x86_64 Oct 29 17:40:42 Installed: nss-softokn-devel-3.79.0-4.el7_9.x86_64 Oct 29 17:40:42 Installed: nss-devel-3.79.0-5.el7_9.x86_64 Oct 29 17:40:42 Installed: nss-tools-3.79.0-5.el7_9.x86_64

What might be done about this matter? Time to upgrade to EL9?

maarten-litmaath commented 10 months ago

FYI, on AL 9.2 the command still works with these versions:

nss-3.90.0-3.el9_2.x86_64 nss-softokn-3.90.0-3.el9_2.x86_64 nss-softokn-freebl-3.90.0-3.el9_2.x86_64 nss-sysinit-3.90.0-3.el9_2.x86_64 nss-util-3.90.0-3.el9_2.x86_64

maarten-litmaath commented 10 months ago

Hi all, apparently one needs to restart the oidc-agent process after those updates. Will give that a try and let you know.

maarten-litmaath commented 10 months ago

It works! Thanks to Petr Vokac for that solution to the problem.

maarten-litmaath commented 10 months ago

Fixed by oidc-agent restart.