Bug#747265: marked as done (openvpn: fails to ask for a password using stdin because systemd is detected,even if not installed)

[Debian Bug Tracking System]

Your message dated Thu, 26 Jun 2014 11:23:26 +0000
with message-id <e1x07m2-0007g6...@franck.debian.org>
and subject line Bug#747265: fixed in openvpn 2.3.3-1
has caused the Debian Bug report #747265,
regarding openvpn: fails to ask for a password using stdin because systemd is 
detected,even if not installed
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
747265: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=747265
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems

--- Begin Message ---

Package: openvpn
Version: 2.3.2-9
Severity: important

Dear Maintainer,

When trying to use OpenVPN in CLI mode, I usually need to provide the
password to unlock my user certificate.

OpenVPN normally asks me for it when initialized:
-- 8< --
Tue May  6 22:36:20 2014 us=600190 OpenVPN 2.3.2 x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on
Mar 17 2014
Enter Private Key Password:
-- 8< --

But since the 2.3.2 update, trying to start OpenVPN gives this instead:
-- 8< --
Tue May  6 22:30:37 2014 us=712490 OpenVPN 2.3.2 x86_64-pc-linux-gnu
[SSL (OpenSSL)] [LZO] [EPOLL] [PKCS11] [eurephia] [MH] [IPv6] built on
Mar 17 2014
Tue May  6 22:30:37 2014 us=713476 ERROR: could not not read Private Key
password from stdin
Tue May  6 22:30:37 2014 us=713512 Exiting due to fatal error
-- 8< --

After a little strace session, I got a clue about what was wrong using
strace:
-- 8< --
lstat("/sys/fs/cgroup", {st_mode=S_IFDIR|0755, st_size=60, ...}) = 0
lstat("/sys/fs/cgroup/systemd", {st_mode=S_IFDIR|0755, st_size=0, ...}) = 0
-- 8< --

It seems that due to a change in OpenVPN code, it now tries to detect if
systemd is installed and if yes (/sys/fs/cgroup/systemd is here), it
tries to use /bin/systemd-ask-password to ask for a passphrase.
See https://bugs.archlinux.org/task/33588 for details

I don't have systemd installed (I still use sysvinit), but still,
/sys/fs/cgroup/systemd is mounted on my machine. (Due to systemd-logind
maybe ?), thus breaking my OpenVPN installation.

Also, umounting /sys/fs/cgroup/systemd restores the previous behavior,
which is to ask for the password on stdin.

A fix seems to exist upstream, but has not been committed yet:
https://community.openvpn.net/openvpn/ticket/274

Is it possible to apply it on Debian's package so we prevent situations
like this?

Thanks in advance!

-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)
Foreign Architectures: i386

Kernel: Linux 3.13-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_FR.utf8, LC_CTYPE=fr_FR.utf8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages openvpn depends on:
ii  debconf [debconf-2.0]  1.5.53
ii  initscripts            2.88dsf-53
ii  iproute2               3.14.0-1
ii  libc6                  2.18-5
ii  liblzo2-2              2.06-1.2
ii  libpam0g               1.1.8-3
ii  libpkcs11-helper1      1.11-1
ii  libssl1.0.0            1.0.1g-3

Versions of packages openvpn recommends:
ii  easy-rsa  2.2.2-1

Versions of packages openvpn suggests:
ii  openssl     1.0.1g-3
pn  resolvconf  <none>

-- debconf information:
  openvpn/create_tun: false
-- 
------------------------------------------------------------------------
*Matthieu CERDA*
/System / Network Engineer/
Normation <http://www.normation.com>
------------------------------------------------------------------------
*87, Rue de Turbigo, 75003 Paris, France*
Phone:  +33 (0)1 84 16 06 01
------------------------------------------------------------------------

signature.asc
Description: OpenPGP digital signature

--- End Message ---

--- Begin Message ---

Source: openvpn
Source-Version: 2.3.3-1

We believe that the bug you reported is fixed in the latest version of
openvpn, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 747...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Alberto Gonzalez Iniesta <a...@inittab.org> (supplier of updated openvpn 
package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Mon, 17 Mar 2014 19:40:12 +0100
Source: openvpn
Binary: openvpn
Architecture: source amd64
Version: 2.3.3-1
Distribution: experimental
Urgency: medium
Maintainer: Alberto Gonzalez Iniesta <a...@inittab.org>
Changed-By: Alberto Gonzalez Iniesta <a...@inittab.org>
Description: 
 openvpn    - virtual private network daemon
Closes: 700888 747265 747840
Changes: 
 openvpn (2.3.3-1) experimental; urgency=medium
 .
   * Install tmpfiles.d configuration to create /run/openvpn in
     systemd. Properly fixing #741938.
   * Add reload to openvpn@.service. (Closes: #747840)
   * New upstream release
   * New openvpn.service to override LSB script when running systemd.
     (Closes: #700888)
   * Apply patch from upstream's BTS to improve systemd detection.
     (Closes: #747265)
Checksums-Sha1: 
 f10f97b7462270d59b2f013c505b46a72235c4bd 1855 openvpn_2.3.3-1.dsc
 82ac8e1d81f487ef48dac13129da44bb7ebffadf 1131054 openvpn_2.3.3.orig.tar.gz
 3718947c74a8db9baf6621a3c262d4b60df601c6 105964 openvpn_2.3.3-1.debian.tar.xz
 814ceaca755752a6581457e8eb184701d1cf0848 456454 openvpn_2.3.3-1_amd64.deb
Checksums-Sha256: 
 01edb9eba0089d3c85a8e2d0c0e34b348545dea9c3230a9fde612c82a901b33d 1855 
openvpn_2.3.3-1.dsc
 276949a89853f5091d8d76b373801d16c57e04b9999222dbca3a3c6045809552 1131054 
openvpn_2.3.3.orig.tar.gz
 3a69bbc3c64ad2ed904ec6f0c5ecd2ad6f6599efc9749183e8e9d7428b7e0a11 105964 
openvpn_2.3.3-1.debian.tar.xz
 4bbb331144ea896ec482f3fae0e6b4c04fdcb40519f32e7e318ca88ff53dbc25 456454 
openvpn_2.3.3-1_amd64.deb
Files: 
 508c4aea2cf86df0caa093335a289045 456454 net optional openvpn_2.3.3-1_amd64.deb
 c8f4272bfc12db762df116a1729a156f 1855 net optional openvpn_2.3.3-1.dsc
 c980b49f390ece63b3f29876d89acb1e 1131054 net optional openvpn_2.3.3.orig.tar.gz
 4f9261839a1db4b4257ae903809ae905 105964 net optional 
openvpn_2.3.3-1.debian.tar.xz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJTq/+6AAoJEACbM3VrmqpVUWsQAJdgvUsMsFM2V2iKFI3xiyMM
VlHs27qfFAoT0OPSS5VDVsp+MBOw2U6saVhBIwCnwY96KcGCMH36Gx1T4QebPQOO
WD9Wcdyp7pJy89y0fw5f63+x1wv/EbGuHuQUkTHh+m8EvAIqLvXOhlTJUhS21yUF
AhI2F0907NUqffkDEQ3IKC8IFR9BzCIB6ujrCeRk2Y0CWtQjtEMo4n8YgZhQ87xP
AVKCmu7r6k41BI0E8I2FfylGO9KMbElpdkYN5nICIJBXAu8ZGnMoPp++/LtllzRc
+WMIi2w85vCDTFsjHkmr/LWTcJ20pv+ia+fNDH23fPF5nO2IuA4+ouXPkUKBh6z2
yYf5n9Qoiq4gQWA7z08e7b2JB+kv8IlnIBju3V4U4o2ofsx825zBOjrkundcTgy6
89vuwRNj/facIWUNvp8xF4hxfuXQGdhBodPaKl+ch7yjbpsQognIl5JUy4FehYQA
dPeMZ6v+p1bf0oiWXnDaTW0zUl3AyhGmbzW8J55ViN4SSCuRz3/KfSYt4E9/+t7r
c7/2Ac27HIW+LtjBfBYJTi/JGX4yh6MoBLi4EHXmLIK7pf8Qd6Doa/D+tL6eiNqe
b2BnzFbrkZfkrHJhd6GdgztZLlnkUPbuyhPskFpmHu7GsbiyXW7oOwNxO73XhxQc
0U6sdPf7/LPt4mq3gHr0
=P590
-----END PGP SIGNATURE-----

--- End Message ---