Your message dated Sun, 8 Mar 2026 18:43:02 -0700
with message-id <[email protected]>
and subject line Re: [Freedombox-pkg-team] Bug#1130126: freedombox: switch from
pubtkt to openid connect leaves a broken apache2 configuration
has caused the Debian Bug report #1130126,
regarding freedombox: switch from pubtkt to openid connect leaves a broken
apache2 configuration
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact [email protected]
immediately.)
--
1130126: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1130126
Debian Bug Tracking System
Contact [email protected] with problems
--- Begin Message ---
Package: freedombox
Version: 26.4
Severity: grave
Thanks for maintaining freedombox; it has been tremendously valuable!
Unfortunately, when my freedombox upgraded to 26.4~bpo13+1, the
libapache2-mod-auth-pubtkt package was removed, but not purged, leaving
/etc/apache2/mods-enabled/auto_pubtkt.load pointing to a non-existing
file:
LoadModule auth_pubtkt_module /usr/lib/apache2/modules/mod_auth_pubtkt.so
This caused apache2 to fail to (re)start, which was a pretty sad
experience for the freedombox, given the primary admin interfaces to
freedombox are through the web interface (hence grave severity), and the
updates are configured to happen automatiocally by the freedombox (or at
least strongly encouraged to do so during setup).
I worked around it by running:
sudo a2dismod auth_pubtkt
And then apache2 was able to start.
I admittedly have not reproduced this behavior on a pure sid freedombox,
but I would be pretty surprised if this particular issue did not occur
on upgrades in sid as well...
live well,
vagrant
-- System Information:
Debian Release: 13.3
APT prefers stable-updates
APT policy: (500, 'stable-updates'), (500, 'stable-security'), (500, 'stable')
Architecture: arm64 (aarch64)
Kernel: Linux 6.12.73+deb13-arm64 (SMP w/4 CPU threads)
Kernel taint flags: TAINT_CRAP
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE not set
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages freedombox depends on:
ii adduser 3.152
ii apache2 2.4.66-1~deb13u1
ii augeas-tools 1.14.1-1+b3
ii avahi-daemon 0.8-16
ii avahi-utils 0.8-16
ii batctl 2025.0-2
ii bind9-dnsutils 1:9.20.18-1~deb13u1
ii borgbackup 1.4.0-5
ii certbot 4.0.0-2
ii cockpit 337-1
ii curl 8.14.1-2+deb13u2
ii debconf [debconf-2.0] 1.5.91
ii debsecan 0.4.20.1
ii fail2ban 1.1.0-8
ii firewalld 2.3.1-1
ii fonts-fork-awesome 1.2.0+ds1-1
ii fuse3 3.17.2-3
ii gdisk 1.0.10-2+b1
ii gettext 0.23.1-2
ii gir1.2-glib-2.0 2.84.4-3~deb13u2
ii gir1.2-nm-1.0 1.52.1-1
ii gir1.2-udisks-2.0 2.10.1-12.1+deb13u1
ii gpg 2.4.7-21+deb13u1+b1
ii iproute2 6.15.0-1
ii javascript-common 12+nmu1
ii ldap-utils 2.6.10+dfsg-1
ii ldapscripts 2.0.8-2
ii libapache2-mod-auth-openidc 2.4.17-1
ii libglib2.0-bin 2.84.4-3~deb13u2
ii libjs-bootstrap5 5.3.5+dfsg-4
ii libjs-htmx 2.0.4-1
ii libnss-ldapd 0.9.13-1
ii libpam-ldapd 0.9.13-1
ii lsof 4.99.4+dfsg-2
ii needrestart 3.11-1
ii netcat-openbsd 1.229-1
ii network-manager 1.52.1-1
ii nftables 1.1.3-1
ii node-popper2 2.11.2-8
ii nslcd 0.9.13-1
ii openssh-server 1:10.0p1-7
ii openssl 3.5.4-1~deb13u2
ii parted 3.6-5
ii php-fpm 2:8.4+96
ii php8.4-fpm [php-fpm] 8.4.16-1~deb13u1
ii popularity-contest 1.78
ii ppp 2.5.2-1+1
ii pppoe 4.0-1+b1
ii python3 3.13.5-1
ii python3-apt 3.0.0
ii python3-argon2 21.1.0-3
ii python3-augeas 1.2.0-1
ii python3-bootstrapform 3.4-9
ii python3-cherrypy3 18.10.0-1
ii python3-configobj 5.0.9-1
ii python3-dbus 1.4.0-1
ii python3-django 3:4.2.28-0+deb13u1
ii python3-django-axes 5.39.0-6
ii python3-django-bootstrapform 3.4-9
ii python3-django-captcha 0.6.2-1
ii python3-django-ipware 4.0.2-1
ii python3-django-oauth-toolkit 3.0.1-1
ii python3-django-stronghold 0.4.0+debian-2
ii python3-gi 3.50.0-4+b1
ii python3-markupsafe 2.1.5-1+b4
ii python3-pampy 2.0.2-3
ii python3-pexpect 4.9-3
ii python3-psutil 7.0.0-2
ii python3-requests 2.32.3+dfsg-5
ii python3-ruamel.yaml 0.18.10+ds-1
ii python3-systemd 235-1+b7
ii python3-yaml 6.0.2-1+b2
ii samba-common-bin 2:4.22.6+dfsg-0+deb13u1
ii slapd 2.6.10+dfsg-1
ii snapper 0.10.6-1.2
ii sshfs 3.7.3-1.1+b3
ii sshpass 1.10-0.1+b1
ii ssl-cert 1.1.3
ii sudo 1.9.16p2-3
ii systemd-timesyncd 257.9-1~deb13u1
ii tdb-tools 2:1.4.13+samba4.22.6+dfsg-0+deb13u1
ii udisks2 2.10.1-12.1+deb13u1
ii unattended-upgrades 2.12
ii uwsgi 2.0.28-9
ii uwsgi-plugin-python3 2.0.28+8+0.0.2+b1
ii wget 1.25.0-2
ii zram-tools 0.3.7-1
Versions of packages freedombox recommends:
ii e2fsprogs 1.47.2-3+b7
ii firmware-ath9k-htc 1.4.0-110-ge888634+dfsg1-0.1
ii freedombox-doc-en 26.4~bpo13+1
ii freedombox-doc-es 26.4~bpo13+1
ii libnss-mdns 0.15.1-4+b1
ii libnss-myhostname 257.9-1~deb13u1
ii locales 2.41-12+deb13u1
ii locales-all 2.41-12+deb13u1
ii openssh-client 1:10.0p1-7
ii powermgmt-base 1.38
ii psmisc 23.7-2
freedombox suggests no packages.
-- Configuration Files:
/etc/sudoers.d/plinth [Errno 13] Permission denied: '/etc/sudoers.d/plinth'
-- debconf information excluded
signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
Package: freedombox
Version: 26.4.2
On 3/8/26 3:48 PM, Vagrant Cascadian wrote:
Package: freedombox
Version: 26.4
Severity: grave
Thanks for maintaining freedombox; it has been tremendously valuable!
Unfortunately, when my freedombox upgraded to 26.4~bpo13+1, the
libapache2-mod-auth-pubtkt package was removed, but not purged, leaving
/etc/apache2/mods-enabled/auto_pubtkt.load pointing to a non-existing
file:
LoadModule auth_pubtkt_module /usr/lib/apache2/modules/mod_auth_pubtkt.so
This caused apache2 to fail to (re)start, which was a pretty sad
experience for the freedombox, given the primary admin interfaces to
freedombox are through the web interface (hence grave severity), and the
updates are configured to happen automatiocally by the freedombox (or at
least strongly encouraged to do so during setup).
I worked around it by running:
sudo a2dismod auth_pubtkt
And then apache2 was able to start.
I admittedly have not reproduced this behavior on a pure sid freedombox,
but I would be pretty surprised if this particular issue did not occur
on upgrades in sid as well...
Thank you for the bug report. This issue has been fixed today[1] in
version 26.4.2[2]. The fix should reach stable machines (via backports)
in a couple of days. No action is required on the part of users if they
are willing to wait until automatic recovery. A workaround has been
published meanwhile to recover from this issue[3]. Your workaround also
works.
This is a grave problem indeed. In general, we put in a lot of effort
to avoid issues like this and indeed they are rare considering our
bi-weekly release over the years and the scale of improvements we make.
We also deployed a lot of fixes to application behavior in Trixie
release. I believe the recommendation to users to enable frequent
feature updates (allowing freedombox package through backports) is still
a good one (we will revisit this in the future). Needless to say, our
team will be more careful in the future. Thank you for your understanding.
Links:
1) https://salsa.debian.org/freedombox-team/freedombox/-/merge_requests/2760
2) https://tracker.debian.org/media/packages/f/freedombox/changelog-26.4.2
3)
https://discuss.freedombox.org/t/solved-after-upgrade-to-freedombox-26-4-webserver-not-running/4109/5
--
Sunil
--- End Message ---
