Bug#1001592: marked as done (prosody: changes certs/localhost.{crt,key} back to snakeoil on upgrade)

Wed, 22 Dec 2021 04:09:16 -0800 

Your message dated Wed, 22 Dec 2021 12:04:09 +0000
with message-id <[email protected]>
and subject line Bug#1001592: fixed in prosody 0.11.11-1
has caused the Debian Bug report #1001592,
regarding prosody: changes certs/localhost.{crt,key} back to snakeoil on upgrade
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)


-- 
1001592: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1001592
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message --- 
Package: prosody
Version: 0.11.9-2
Severity: serious
Justification: Policy 10.7.3

During an upgrade from buster to bullseye, prosody broke my SSL configuration,
as shown by etckeeper / “git log -p” in /etc:

diff --git a/prosody/certs/localhost.crt b/prosody/certs/localhost.crt
index f119f6c..2d292e2 120000
--- a/prosody/certs/localhost.crt
+++ b/prosody/certs/localhost.crt
@@ -1 +1 @@
-../../ssl/deflt+ca.pem
\ No newline at end of file
+/etc/ssl/certs/ssl-cert-snakeoil.pem
\ No newline at end of file
diff --git a/prosody/certs/localhost.key b/prosody/certs/localhost.key
index 7fbf56c..8dd7db9 120000
--- a/prosody/certs/localhost.key
+++ b/prosody/certs/localhost.key
@@ -1 +1 @@
-../../ssl/private/default.key
\ No newline at end of file
+/etc/ssl/private/ssl-cert-snakeoil.key
\ No newline at end of file

And indeed, I had to manually revert this change:

root@caas:/etc/prosody/certs # ll
total 0
[…]
lrwxrwxrwx 1 root root 36 Dec 12 19:16 localhost.crt -> 
/etc/ssl/certs/ssl-cert-snakeoil.pem
lrwxrwxrwx 1 root root 38 Dec 12 19:16 localhost.key -> 
/etc/ssl/private/ssl-cert-snakeoil.key
root@caas:/etc/prosody/certs # ln -sf ../../ssl/deflt+ca.pem localhost.crt
root@caas:/etc/prosody/certs # ln -sf ../../ssl/private/default.key 
localhost.key
root@caas:/etc/prosody/certs # ll
total 0
[…]
lrwxrwxrwx 1 root root 22 Dec 12 19:29 localhost.crt -> ../../ssl/deflt+ca.pem
lrwxrwxrwx 1 root root 29 Dec 12 19:29 localhost.key -> 
../../ssl/private/default.key

This is a violation of Policy:

* local changes must be preserved during a package upgrade, and


-- System Information:
Debian Release: 11.1
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.19.0-18-amd64 (SMP w/1 CPU thread)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /bin/lksh
Init: sysvinit (via /sbin/init)

Versions of packages prosody depends on:
ii  adduser                             3.118
ii  init-system-helpers                 1.60
ii  libc6                               2.31-13+deb11u2
ii  libidn11                            1.33-3
ii  libssl1.1                           1.1.1k-1+deb11u1
ii  lsb-base                            11.1.0
ii  lua-bitop [lua5.2-bitop]            1.0.2-5
ii  lua-expat [lua5.2-expat]            1.3.0-4+b1
ii  lua-filesystem [lua5.2-filesystem]  1.8.0-1
ii  lua-sec [lua5.2-sec]                1.0-1
ii  lua-socket [lua5.2-socket]          3.0~rc1+git+ac3201d-4
ii  lua5.2                              5.2.4-1.1+b3
ii  ssl-cert                            1.1.0+nmu1

Versions of packages prosody recommends:
pn  lua5.2-event  <none>

Versions of packages prosody suggests:
pn  lua-dbi-mysql       <none>
pn  lua-dbi-postgresql  <none>
pn  lua-dbi-sqlite3     <none>
pn  lua-zlib            <none>

-- Configuration Files:
/etc/init.d/prosody changed [not included]
/etc/prosody/conf.avail/example.com.cfg.lua [Errno 13] Permission denied: 
'/etc/prosody/conf.avail/example.com.cfg.lua'
/etc/prosody/conf.avail/localhost.cfg.lua [Errno 13] Permission denied: 
'/etc/prosody/conf.avail/localhost.cfg.lua'
/etc/prosody/prosody.cfg.lua [Errno 13] Permission denied: 
'/etc/prosody/prosody.cfg.lua'

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: prosody
Source-Version: 0.11.11-1
Done: Victor Seva <[email protected]>

We believe that the bug you reported is fixed in the latest version of
prosody, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [email protected],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Victor Seva <[email protected]> (supplier of updated prosody package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [email protected])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 22 Dec 2021 10:54:11 +0100
Source: prosody
Architecture: source
Version: 0.11.11-1
Distribution: unstable
Urgency: medium
Maintainer: Debian XMPP Maintainers <[email protected]>
Changed-By: Victor Seva <[email protected]>
Closes: 998678 1001592
Changes:
 prosody (0.11.11-1) unstable; urgency=medium
 .
   * service: use network-online.target and nss-lookup.target (Closes: #998678)
   * deal with previous conffile at link on preinst (Closes: #1001592)
   * New upstream version 0.11.11
Checksums-Sha1:
 c736635a291766a632830d9c0dbd247d80a87e0f 2130 prosody_0.11.11-1.dsc
 ff653812fcb1789a517b55281a8d01e9e8261848 439395 prosody_0.11.11.orig.tar.gz
 07f5c2432c3c5c03928ef9c8428d70ccaf12c900 833 prosody_0.11.11.orig.tar.gz.asc
 58b35d0b02105c568816a9b234acdf6ad4f29cae 28516 prosody_0.11.11-1.debian.tar.xz
 c9a95dc314946a1c5a2252c51289660da8168a09 6617 prosody_0.11.11-1_amd64.buildinfo
Checksums-Sha256:
 ed4917dc11aa31cb6fff9e4bc5df7f81190d8c03688d45c7b907edecd35398de 2130 
prosody_0.11.11-1.dsc
 a1af90e2d4ac2f7cf81b385475140ecee60bec1eb83003efb5aeb89765b13774 439395 
prosody_0.11.11.orig.tar.gz
 fe0acee648e789a97dea0d75d9920550686ad21dd48701adb615e00b2c94a151 833 
prosody_0.11.11.orig.tar.gz.asc
 01f3cf3cd4d718883a27e8ce513909636af867c0f6d1897b9fe104a2a046e1fd 28516 
prosody_0.11.11-1.debian.tar.xz
 12dc7e253bd1327f3ab626f193448eabc3a90f95833d5a4c1ba9c174cebaff60 6617 
prosody_0.11.11-1_amd64.buildinfo
Files:
 a8e1ba97ee5740bc40cbca1a421c319a 2130 net optional prosody_0.11.11-1.dsc
 78d01bb97a935f6a776d141873a33fd7 439395 net optional 
prosody_0.11.11.orig.tar.gz
 b2847c75e3a2f099f14641f12f0d3782 833 net optional 
prosody_0.11.11.orig.tar.gz.asc
 c1f17731c5b8eb72d1b459e44641166f 28516 net optional 
prosody_0.11.11-1.debian.tar.xz
 fe2dbc188623f9a50332af0d0c413383 6617 net optional 
prosody_0.11.11-1_amd64.buildinfo

-----BEGIN PGP SIGNATURE-----

iQFFBAEBCgAvFiEE3S3PbKiJPTunbGuNsViYiXJxmOAFAmHDEVARHHZzZXZhQGRl
Ymlhbi5vcmcACgkQsViYiXJxmODDqQf8Du9Ukldt0tZ89aPC7+G4V3G0JKd/jD/5
ECQxpCEUFCvfUWVsfYimk68WWe4jTGTCvAeabjHOTeGNmvFTgu3e8ZpSiNwMBpOe
TGLNlQrNk8vzLnhOxOOOpsTButXpZQ0ob3IPhXj4ovQhYmHf7yxHlV0RjUWnGEtn
QfkNWGobOxB69aCu8OcRUkdsi9ZwyRfhD3T69DGh33ClU1u3GPAEyTyxNxXUmdPy
NKsIayfbq0T2VHTufPY885F/n+ToPsu9glZmE/96D7ZRCvrsjyy1T7089ZjCGW5c
YIGDSagQOcAgX/dlFFUpqMkHU4xY52MqdhAFfGU/+BDyhBQ549/wew==
=lfls
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to