Ubuntu
bareos package

support for pki missing

Bug #1611348 reported by ben thielsen
30
This bug affects 6 people
Affects Status Importance Assigned to Milestone
bareos (Ubuntu)
Confirmed
Undecided
Unassigned

Bug Description

please include support for pki:

09-Aug 08:04 server-fd JobId 0: Fatal error: PKI encryption/signing enabled but not compiled into Bareos.
09-Aug 08:04 server-fd: ERROR in filed.c:227 Please correct configuration file: bareos-fd.conf

1] >lsb_release -rd
Description: Ubuntu 16.04.1 LTS
Release: 16.04

2] >apt-cache policy bareos-filedaemon
bareos-filedaemon:
  Installed: 14.2.6-3
  Candidate: 14.2.6-3
  Version table:
 *** 14.2.6-3 500
        500 http://us.archive.ubuntu.com/ubuntu xenial/universe amd64 Packages
        100 /var/lib/dpkg/status

3] i expected pki to work
4] it did not

Tags: patch
Revision history for this message
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in bareos (Ubuntu):
status: New → Confirmed
Revision history for this message
Sebastian Marsching (sebastian-marsching) wrote :

This problem exists because the build-process of the package compiles against GnuTLS insteaed of OpenSSL. The encryption features are only supported when compiling with OpenSSL.

In order to change from GnuTLS to OpenSSL, the following changes have to be applied to the source tree:

diff -Naur bareos-14.2.6-gnutls/debian/control bareos-14.2.6-openssl/debian/control
--- bareos-14.2.6-gnutls/debian/control 2016-04-02 00:12:43.000000000 +0200
+++ bareos-14.2.6-openssl/debian/control 2016-09-10 11:51:27.000000000 +0200
@@ -15,7 +15,7 @@
  liblzo2-dev,
  libqt4-dev,
  libreadline-dev,
- libgnutls28-dev,
+ libssl-dev,
  libwrap0-dev,
  libx11-dev,
  libsqlite3-dev, libmysqlclient-dev, libpq-dev,
diff -Naur bareos-14.2.6-gnutls/debian/rules bareos-14.2.6-openssl/debian/rules
--- bareos-14.2.6-gnutls/debian/rules 2016-04-02 00:12:43.000000000 +0200
+++ bareos-14.2.6-openssl/debian/rules 2016-09-10 11:48:47.000000000 +0200
@@ -54,8 +54,8 @@
   --with-mysql \
   --with-sqlite3 \
   --with-tcp-wrappers \
- --without-openssl \
- --with-gnutls \
+ --with-openssl \
+ --without-gnutls \
   --with-dir-user=$(DIRECTOR_DAEMON_USER) \
   --with-dir-group=$(DAEMON_GROUP) \
   --with-sd-user=$(STORAGE_DAEMON_USER) \

However, the package maintainer might have had good reasons to change from OpenSSL to GnuTLS. Funnily, even though the package is currently built with GnuTLS, the binary package still depends on OpenSSL, due to a dependency defined in the control file. I guess this was just forgotten when changing from OpenSSL to GnuTLS, but it means that when changing back to OpenSSL, this actually does not have an effect on the binary dependencies.

Revision history for this message
Sebastian Marsching (sebastian-marsching) wrote :
Revision history for this message
Ubuntu Foundations Team Bug Bot (crichton) wrote :

The attachment "bareos-openssl.patch" seems to be a patch. If it isn't, please remove the "patch" flag from the attachment, remove the "patch" tag, and if you are a member of the ~ubuntu-reviewers, unsubscribe the team.

[This is an automated message performed by a Launchpad user owned by ~brian-murray, for any issues please contact him.]

tags: added: patch
Revision history for this message
trunet (wsartori) wrote :

so, we have a patch, why this is still not working?

To post a comment you must log in.
This report contains Public information  
Everyone can see this information.
Subscribing...

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.