Ubuntu
unbound package

Package is missing a depends on openssl for unbound-control-setup

Bug #498359 reported by Simon Déziel
10
This bug affects 1 person
Affects Status Importance Assigned to Milestone
unbound (Debian)
Fix Released
Unknown
unbound (Ubuntu)
Fix Released
Undecided
Unassigned

Bug Description

Binary package hint: unbound

The script /usr/sbin/unbound-control-setup use the openssl command to generate a self-signed certificate but openssl package is not a dependency of unbound package.

Revision history for this message
Simon Déziel (sdeziel) wrote :

This bug affects unbound packages from Jaunty to Lucid.

Revision history for this message
Simon Déziel (sdeziel) wrote :

Here is a patch for the bug. I'm not sure about the version number to use so I put 1.3.4-1ubuntu2.1

Scott Kitterman (kitterman)
Changed in unbound (Ubuntu):
status: New → In Progress
Revision history for this message
Simon Déziel (sdeziel) wrote :

I was thinking that the script unbound-control-setup could be called by the postinst script. As unbound-control-setup generates a few certificate files required to use unbound-control it would simplify the setup procedure. That way to make unbound-control work the user would only need to add this to unbound.conf :

remote-control:
    control-enable: yes

The file generated by unbound-control-setup have those permissions :

-rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_control.key
-rw-r----- 1 root unbound 627 Dec 18 17:30 unbound_control.pem
-rw-r----- 1 root unbound 887 Dec 18 17:30 unbound_server.key
-rw-r----- 1 root unbound 619 Dec 18 17:30 unbound_server.pem

Revision history for this message
Scott Kitterman (kitterman) wrote :

Certificates generally need configuration information that would be complex to provide in a postinst.

Changed in unbound (Ubuntu):
status: In Progress → Confirmed
Revision history for this message
Simon Déziel (sdeziel) wrote :

Fortunately, the unbound-control-setup script is not interactive and produce all the 4 files needed. I've only add this to unbound.postinst :

/usr/sbin/unbound-control-setup >/dev/null 2>&1 && chown root:unbound /etc/unbound/unbound_{control,server}.{key,pem}

I've merge the 2 patches for convenience.

Revision history for this message
Simon Déziel (sdeziel) wrote :

Replace hardy by karmic in debian/changelog.

Revision history for this message
Scott Kitterman (kitterman) wrote : Re: [Bug 498359] Re: Package is missing a depends on openssl for unbound-control-setup

Please send the patch to Debian to review.

Revision history for this message
Nigel Babu (nigelbabu) wrote :

This patch has been reviewed as part of operation cleansweep. Simon, have you been able to send this patch to debian for review, if not please do so.

Revision history for this message
Simon Déziel (sdeziel) wrote :

I sent a slightly reworked patch to debian to avoid those lintian complains :

W: unbound: possible-bashism-in-maintainer-script postinst:7 '_{control,server}'
W: unbound: command-with-path-in-maintainer-script postinst:7 /usr/sbin/unbound-control-setup

Revision history for this message
Nigel Babu (nigelbabu) wrote :

Thank you for sending the bug and patch upstream

tags: added: patch-forwarded-debian
Changed in unbound (Ubuntu):
status: Confirmed → Triaged
Bug Watch Updater (bug-watch-updater)
Changed in unbound (Debian):
status: Unknown → New
Bug Watch Updater (bug-watch-updater)
Changed in unbound (Debian):
status: New → Fix Released
Revision history for this message
Felix Geyer (debfx) wrote :

Fixed in unbound 1.4.5-1.

Changed in unbound (Ubuntu):
status: Triaged → Fix Released
To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.