YAST-CA not available anymore - very disappointing!

I finally got the hang of it how to use it and now it is not available anymore?

How difficult can it be to keep a tool in the distro that still works with openssl - even though there is no active development going on.
It will still work as long as there are no significant changes in openssl.

I’m very disappointed.

FYI The old YaST had one serious issue: it was writen in it’s own language which became unmaintainable, so a rewrite in Ruby started some years ago.

The question “How difficult can it be?” is one I hear often. Well, the best way to find out is to try and start. The openSUSE Project is open to all kinds of contributions providing all the tools one needs. In this specific case I think ( not sure ) that the appearance of tools like letsencrypt have changed a lot in the area of certificate management and generation.

The one other thing I can suggest is to subscribe to the YaST mailing list and ask there.

Well, thanks for your reply.

I do understand that tools get removed if they are not maintained anymore and become unusable.

However, if the existing code still works together with openssl - why remove it as it still can successfully do the job?

Isn’t the module not just a overlay to operate openssl?

Maybe I am mistaken. This isn’t meant as an offense to anybody who has put work/time into it.
Often all you read is ‘not maintained anymore’ with no further explanation, as in this case.

Just imagine,
I was about to set up this tool to do serious work with it after testing it in the previous Leap release.
And now have to find out it had been dropped altogether.

… as Knurpht tried to explain:

Yast was built (and is still being worked on) from the ground up in a completely different programming language than it was originally written in.

The existing code does not work, in the new version of Yast. Nobody has rewritten it in the new code with the new links and/or dependencies in order for it to work in the new Yast, AFAIK.

Also, as far as I understand, it was not rewritten partly because everyone already had a heavy workload, so nobody was available, and it was deemed not to be important enough to warrant the extra workload because it is no longer maintained.

You could, of course, take a stab at re-writing the code and offering it to the Yast team, or even take over maintenance of the original program, then additionally re-write code to adhere to the new Yast conditions.

But, unless someone steps up to do all that, it will not happen.

I take it that you mean:
YaST2 > Security and UsersSecurity and Users > CA Management
as described in:
<SUSE Documentation;
and provided by the yast2-ca-management package in Leap-42.3 and SUSE Linux?

I do not think that this has anything with the migration from YaST to the use of Ruby in YaST2. It seems to me that the problem is that this module uses perl-camgm and libcamgm which have not been packaged for Leap-15.0. You cannot just use the Leap-42.3 packages because they depend on the older version Perl.

It might not be too difficult to repackage yast2-ca-management. perl-camgm and libcamgm for the Leap-15.0 environment, which may well happen sometime. If you have a little time you could always read up on RPM and give it a shot yourself. At least it should not involve Ruby (of which I have a not entirely irrational dislike).

CA-mgnt is still proudly mentioned in the official docu :frowning:

https://doc.opensuse.org/documentation/leap/security/html/book.security/cha.security.vpnserver.html

I did some searching for an answer:

The documentation team has been notified:

“Sorry to say this. I simply have no time to work on this. My plan is to drop this module from openSUSE. openssl and yast is changing often and I do not have the time to adapt to all these changes.”

~ Michael Calmer - 910648 – yast ca-managment

FYI

https://forums.opensuse.org/showthread.php/530945-Yast-ca-module-in-15?highlight=yast

I recommend xca.
IMO the better ca management tools are pretty similar, so it shouldn’t be difficult to get the hang of xca if you’ve been using yast2-ca.

TSU