Source: ktls-utils Version: 1.3.0-1 Severity: normal Tags: patch Dear Maintainer,
The 1.3.0-1 update of ktls-utils moved the tlshd config from /etc/tlshd.conf to /etc/tlshd/config, but the autopkgtests still expect the old /etc/tlshd.conf path. The autopkgtests aren't run on Debian because of the breaks-testbed restriction, but this made the package unable to migrate on Ubuntu (LP: #2133822). I've included a patch which fixes the autopkgtest failures by updating the path in the autopkgtest (and the README for consistency).
From 6e25030635b24e690fcae3336cd0448c63d3ff39 Mon Sep 17 00:00:00 2001 From: Max Gilmour <[email protected]> Date: Wed, 3 Dec 2025 13:15:43 -0800 Subject: [PATCH] debian/{README.debian,tests/test-common}: Replace deprecated conf path --- debian/README.debian | 4 ++-- debian/tests/test-common | 6 +++--- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/debian/README.debian b/debian/README.debian index d3baf5f..17b7418 100644 --- a/debian/README.debian +++ b/debian/README.debian @@ -20,7 +20,7 @@ To enable TLS on an NFS server: certificate should include all the domain names that clients will use to connect to the server. 2. Put the filenames of the private key and certificate in the - [authenticate.server] section of /etc/tlshd.conf. These cannot be + [authenticate.server] section of /etc/tlshd/config. These cannot be symlinks. 3. Add the "xprtsec=..." option to the relevant lines in /etc/exports. Normally you would use either "xprtsec=mtls" to require TLS and @@ -34,7 +34,7 @@ To enable TLS on an NFS client: CA needs to be trusted on both the client and the server. The name(s) and purposes in this certificate are currently ignored. 2. Put the filenames of the private key and certificate in the - [authenticate.client] section of /etc/tlshd.conf. These cannot be + [authenticate.client] section of /etc/tlshd/config. These cannot be symlinks. 2. Add the "xprtsec=..." option to the relevant lines in /etc/fstab. Normally you would use either "xprtsec=mtls" to require TLS and a diff --git a/debian/tests/test-common b/debian/tests/test-common index 14ee0f8..c6bd8c7 100644 --- a/debian/tests/test-common +++ b/debian/tests/test-common @@ -21,7 +21,7 @@ openssl req -new -key "$AUTOPKGTEST_TMP/ca.key.priv.pem" \ -config "$AUTOPKGTEST_TMP/ca.openssl.cnf" sed -i '/^\[authenticate\.client\]/,$ { /=/d }' \ - /etc/tlshd.conf + /etc/tlshd/config for role in server client; do # Create private key and certificate for role @@ -52,12 +52,12 @@ EOF -utf8 -nodes -batch -x509 \ -outform PEM -out "$AUTOPKGTEST_TMP/$role.x509.pem" - # Update tlshd.conf + # Update tlshd config sed -i '/^\[authenticate\.'$role'\]/a\ x509.truststore='"$AUTOPKGTEST_TMP/ca.x509.pem"'\ x509.certificate='"$AUTOPKGTEST_TMP/$role.x509.pem"'\ x509.private_key='"$AUTOPKGTEST_TMP/$role.key.priv.pem" \ - /etc/tlshd.conf + /etc/tlshd/config done # Make server name resolvable -- 2.43.0
