Please read this before reporting a bug:
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
https://wiki.archlinux.org/title/Bug_reporting_guidelines
Do NOT report bugs when a package is just outdated, or it is in the AUR. Use the 'flag out of date' link on the package page, or the Mailing List.
REPEAT: Do NOT report bugs for outdated packages!
FS#80309 - [cockpit] should require sscg, the webGUI lags for 5-10 seconds without a self-signed cert present
Attached to Project:
Arch Linux
Opened by Brandon Golway (brando56894) - Monday, 20 November 2023, 23:24 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 21 November 2023, 20:58 GMT
Opened by Brandon Golway (brando56894) - Monday, 20 November 2023, 23:24 GMT
Last edited by Toolybird (Toolybird) - Tuesday, 21 November 2023, 20:58 GMT
|
DetailsDescription:
Cockpit should require sscg instead of making it optional, otherwise the webGUI hangs for 10+ seconds upon login (and other modules, in my case that's the ZFS module created by poolsman.com) and spits out a bunch of errors about failed TLS handshakes. Sometimes it silently refuses logins even when using the correct credentials. I've been struggling with this issue for a while (I want to say a year or longer) and my only resolution was to disable TLS since I didn't need the security on my home network, this seems to be getting more and more difficult to do though. After switching back to Arch after a few months and having cockpit work perfectly before, I was stuck with this issue once again. I tried multiple ways to disable TLS but the units kept on re-enabling it no matter what I tried. I just installed a fresh copy of Arch and was hit with the issue again, but this time I noticed an error about the command sscg missing, I have never heard of this before, even after using cockpit for years. I looked up what it was, installed it, reloaded the cockpit units, and boom, Cockpit was working perfectly once again! Additional info: * package version(s): all * config and/or log files etc. [from 'journalctl -u cockpit'] cockpit-certificate-ensure[11844]: /usr/lib/cockpit/cockpit-certificate-helper: line 25: sscg: command not found cockpit-tls[11852]: cockpit-tls: gnutls_handshake failed: A TLS fatal alert has been received. (repeated nine more times, this happens during each login) Steps to reproduce: * Install the (base) cockpit package, start the unit file, then attempt to login to the webGUI over HTTPS. The journal will show the above errors. |
This task depends upon
Closed by Toolybird (Toolybird)
Tuesday, 21 November 2023, 20:58 GMT
Reason for closing: Not a bug
Additional comments about closing: Refer to PM's comments
Tuesday, 21 November 2023, 20:58 GMT
Reason for closing: Not a bug
Additional comments about closing: Refer to PM's comments
Works fine here i.e. cannot repro. I just installed it according to the Wiki and all good, no delays. If you're going to fiddle with the TLS config then the consequences are your responsibility. But maybe the PM might see it differently..
FS#73597) and it seems to me like nothing has changed since then.The cockpit-certificate-helper script generates a self-signed certificate with this call:
```
# If sscg fails, try openssl
selfsign_sscg || selfsign_openssl
```
Which clearly makes it fallback to using openssl and does not strictly require sscg.
Fedora's package also lists sscg as a "Recommends" dependency [1].
If not having sscg installed causes problems it should probably be reported upstream because I don't see this as a packaging issue.
[1] https://src.fedoraproject.org/rpms/cockpit/blob/rawhide/f/cockpit.spec#_525