Package: bareos Version: 14.2.1+20141017gitc6c5b56-3 Tags: patch Hi Evgeni,
I finally figured out why the GnuTLS backend doesn't work at all. Bareos initalizes the crypto backend and then daemonizes itself and closes all fds. Unfortunately GnuTLS opens /dev/urandom in its init method and relies upon it staying open. Turns out this is already fixed in 15.2 but was never backported. Attached are git patches against the debian branch to add the fix and some tests. Cheers, Felix
>From b5896fc9083d967ce243b8b64f7f2e555909ccd9 Mon Sep 17 00:00:00 2001 From: Felix Geyer <fge...@debian.org> Date: Sat, 2 Apr 2016 15:49:37 +0200 Subject: [PATCH 1/3] Fix GnuTLS backend by postponing initialization after it daemonized. Backport upstream commits from version 15.2. --- debian/patches/fix-tls-backend-initalization | 84 ++++++++++++++++++++++++++++ debian/patches/series | 1 + 2 files changed, 85 insertions(+) create mode 100644 debian/patches/fix-tls-backend-initalization diff --git a/debian/patches/fix-tls-backend-initalization b/debian/patches/fix-tls-backend-initalization new file mode 100644 index 0000000..b9c2026 --- /dev/null +++ b/debian/patches/fix-tls-backend-initalization @@ -0,0 +1,84 @@ +Description: Fix GnuTLS backend by postponing initialization after it daemonized. + Backport upstream commits from version 15.2. +Origin: https://github.com/bareos/bareos/commit/9097aaeaefe904b40af602caddf5d9cd59959625 + https://github.com/bareos/bareos/commit/ecb539bc44c0224b378e6e9626b86ea718da5c2c + +--- bareos-14.2.6.orig/src/dird/dird.c ++++ bareos-14.2.6/src/dird/dird.c +@@ -285,6 +285,13 @@ int main (int argc, char *argv[]) + my_config = new_config_parser(); + parse_dir_config(my_config, configfile, M_ERROR_TERM); + ++ if (!test_config) { /* we don't need to do this block in test mode */ ++ if (background) { ++ daemon_start(); ++ init_stack_dump(); /* grab new pid */ ++ } ++ } ++ + if (init_crypto() != 0) { + Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n")); + goto bail_out; +@@ -296,10 +303,6 @@ int main (int argc, char *argv[]) + } + + if (!test_config) { /* we don't need to do this block in test mode */ +- if (background) { +- daemon_start(); +- init_stack_dump(); /* grab new pid */ +- } + /* Create pid must come after we are a daemon -- so we have our final pid */ + create_pid_file(me->pid_directory, "bareos-dir", + get_first_port_host_order(me->DIRaddrs)); +--- bareos-14.2.6.orig/src/filed/filed.c ++++ bareos-14.2.6/src/filed/filed.c +@@ -213,6 +213,11 @@ int main (int argc, char *argv[]) + my_config = new_config_parser(); + parse_fd_config(my_config, configfile, M_ERROR_TERM); + ++ if (!foreground && !test_config) { ++ daemon_start(); ++ init_stack_dump(); /* set new pid */ ++ } ++ + if (init_crypto() != 0) { + Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n")); + terminate_filed(1); +@@ -237,11 +242,6 @@ int main (int argc, char *argv[]) + terminate_filed(0); + } + +- if (!foreground) { +- daemon_start(); +- init_stack_dump(); /* set new pid */ +- } +- + set_thread_concurrency(me->MaxConcurrentJobs + 10); + lmgr_init_thread(); /* initialize the lockmanager stack */ + +--- bareos-14.2.6.orig/src/stored/stored.c ++++ bareos-14.2.6/src/stored/stored.c +@@ -219,6 +219,11 @@ int main (int argc, char *argv[]) + my_config = new_config_parser(); + parse_sd_config(my_config, configfile, M_ERROR_TERM); + ++ if (!foreground && !test_config) { ++ daemon_start(); /* become daemon */ ++ init_stack_dump(); /* pick up new pid */ ++ } ++ + if (init_crypto() != 0) { + Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n")); + } +@@ -235,11 +240,6 @@ int main (int argc, char *argv[]) + + my_name_is(0, (char **)NULL, me->hdr.name); /* Set our real name */ + +- if (!foreground) { +- daemon_start(); /* become daemon */ +- init_stack_dump(); /* pick up new pid */ +- } +- + create_pid_file(me->pid_directory, "bareos-sd", + get_first_port_host_order(me->SDaddrs)); + read_state_file(me->working_directory, "bareos-sd", diff --git a/debian/patches/series b/debian/patches/series index 818c007..2035a52 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -1,3 +1,4 @@ dont-generate-debian-files set-dbuser-dbname openssl-no-home-rnd +fix-tls-backend-initalization -- 2.8.0.rc3
>From 3c049737686bfe0885e306af83283bd8fa528b71 Mon Sep 17 00:00:00 2001 From: Felix Geyer <fge...@debian.org> Date: Sat, 2 Apr 2016 15:55:44 +0200 Subject: [PATCH 2/3] Add autopkgtests for TLS. --- debian/tests/certs/ca-cert.pem | 22 ++++++++++++ debian/tests/certs/ca-key.pem | 28 +++++++++++++++ debian/tests/certs/tls-ca-key.pem | 39 ++++++++++++++++++++ debian/tests/certs/tls-ca.pem | 24 +++++++++++++ debian/tests/certs/tls-cert.pem | 25 +++++++++++++ debian/tests/certs/tls-key.pem | 39 ++++++++++++++++++++ debian/tests/control | 4 +++ debian/tests/tls | 76 +++++++++++++++++++++++++++++++++++++++ debian/tests/tls-passive | 76 +++++++++++++++++++++++++++++++++++++++ 9 files changed, 333 insertions(+) create mode 100644 debian/tests/certs/ca-cert.pem create mode 100644 debian/tests/certs/ca-key.pem create mode 100644 debian/tests/certs/tls-ca-key.pem create mode 100644 debian/tests/certs/tls-ca.pem create mode 100644 debian/tests/certs/tls-cert.pem create mode 100644 debian/tests/certs/tls-key.pem create mode 100755 debian/tests/tls create mode 100755 debian/tests/tls-passive diff --git a/debian/tests/certs/ca-cert.pem b/debian/tests/certs/ca-cert.pem new file mode 100644 index 0000000..d2ce66d --- /dev/null +++ b/debian/tests/certs/ca-cert.pem @@ -0,0 +1,22 @@ +-----BEGIN CERTIFICATE----- +MIIDqTCCApGgAwIBAgIJALo7XUqwFCoUMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV +BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX +aWRnaXRzIFB0eSBMdGQxIzAhBgNVBAMMGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBU +ZXN0MCAXDTE2MDQwMjExMTAwOVoYDzIxMTYwMzA5MTExMDA5WjBqMQswCQYDVQQG +EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk +Z2l0cyBQdHkgTHRkMSMwIQYDVQQDDBpCYXJlb3MgRGViaWFuIFBhY2thZ2UgVGVz +dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvdkpb0WrmGDmptkU7/ +xYee3ZQjQJUKRFfgM+oKF72i51MbAY1CzKKK9gWt56V16YpIUrobnyp8yF2fhlZf +XKBzJKKxeMWAIRYQcYkcrN4chKZavQU2QKAVPpTgLD69bEDCvSTathbCRBdkGU92 +N9w7Kx/lbQB7dt+RMtMFNpbkusdrzDoQKmoHbo6JWpj7s8z9ygzazCAcU76k+QVG +WaJcHIm7jyhaCJ97dB6JXT8+swsG6s6hQjR0jKtFllnZQIck7s49HHFW0me9Xhh4 +RxbPExdi+JIAEkANyjdfqPeyjV+lerklVU6c7fV/BgK8WibBwCCfSlVgydrhi14Z +hbsCAwEAAaNQME4wHQYDVR0OBBYEFGU1OgL+ioLaBcWZBL9ZHlZ0VIdhMB8GA1Ud +IwQYMBaAFGU1OgL+ioLaBcWZBL9ZHlZ0VIdhMAwGA1UdEwQFMAMBAf8wDQYJKoZI +hvcNAQELBQADggEBAICJwohW/Xg78zB+i4VY7IMaNYskgi9omdpTWnBzvXU5d3i9 +Yl3wUAHNH7+223cRLL5M/6Jlacf3MeGxuKTacbE0cbrAhTwfXGxNWXVGuNxfp6tV +KUjicUfOK2gle+Fl9k7YwE79vFEwRju6ZdGCGhrRkdRJDDVTNk2vHFmLbJnjqgww +H3bHKRAt2VaoFacysLMU8x8N/9SYEb8W78QisUU5lQZrKWam+GgtzrZZ86M4Uc8O +4sO0aqKTDOqm2XBPZ8fJK6ZcljndAvPeN6T+zA9Yw2EDT/6R2z6owv6SRATELilD +YVXCXugi4KQBNaEyXDZXuusaCAnLfDA0nUFPAgg= +-----END CERTIFICATE----- diff --git a/debian/tests/certs/ca-key.pem b/debian/tests/certs/ca-key.pem new file mode 100644 index 0000000..f0e56c4 --- /dev/null +++ b/debian/tests/certs/ca-key.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDL3ZKW9Fq5hg5q +bZFO/8WHnt2UI0CVCkRX4DPqChe9oudTGwGNQsyiivYFreeldemKSFK6G58qfMhd +n4ZWX1ygcySisXjFgCEWEHGJHKzeHISmWr0FNkCgFT6U4Cw+vWxAwr0k2rYWwkQX +ZBlPdjfcOysf5W0Ae3bfkTLTBTaW5LrHa8w6ECpqB26OiVqY+7PM/coM2swgHFO+ +pPkFRlmiXByJu48oWgife3QeiV0/PrMLBurOoUI0dIyrRZZZ2UCHJO7OPRxxVtJn +vV4YeEcWzxMXYviSABJADco3X6j3so1fpXq5JVVOnO31fwYCvFomwcAgn0pVYMna +4YteGYW7AgMBAAECggEABYyqiOFt9s7nZY5F/liIEAELFxU+lNAKvDmmMCDGNKtS +kLiTejzvRR1zRQRO4foruU/usJI/6vAqpCHLjl5aLyPzQ1qBZx7tx6P68ziMnB86 +nSyrKJEpgTIS2gqgKbUOVVT3wSETA9uV7u0So08chio2KlAcf37c5YkWURg7PDBB +VAKbhqhLCZE6L+DurkuvsiHb49eKa0HU58pOpimYHvQ70Yy+Y8ABD35OP1JQaKAi +bAxlJTVFBezqpa7FnAzukeLNFV0CGaMlzLiGGlnAIt8SARnmjQ1TLi5XjKYnVFbB +kMvkoXVB1Z8CvCvj6b3mihFlGmvUF3NoPBcZWq3OwQKBgQDrIh2CLR0kWq18z3Hx +BSe/Llv/RmR/cpCDJeI0ZHhYh4IKlMxlkqO2bhoURf+AAwEQVIDlSB+OVG7S0tgz +dC+Wo2+r1OC4eqB3XvfitIxNMv0csfSwyTtAxlP3rihn8Q3LUzO52KdhRrjQZYRK +3US3/lvKTj52aqh8BUmSFsfMvQKBgQDd9RmMc7g7v4dTKo3cfIdUNxcriSBzTs05 ++nPIATNF57c7mim33R4Y3asrYRFdYzG37KX+aFAE7F8vtu6ix3NVG8Mvb02LMIGh +FH3m415q4H11zDBW27pz/GCbAO+CGm8agec3f8plRJzjtOl/yoQ4jEg7TRQgXHEs +nXApPRuP1wKBgE975tG8gl9pr7/DOFcrUPZVq4+tsgdLKQLMaZ0gYXY7yH/fMQEd +Au6GZZZ42xfg7BkjF7dqHBC3BgeKcr9iBTw832EMwzJZcakol08xjUQDeoCav4aL +X9ZTtMrDOrF4URtscs3eKSa/C3aW+pN8HOC9wTWwIXlSMMZL20ThIoVZAoGBAMr7 +QRgfI9cQOxOlkQKYp7Iuh3P6/cA1yp1BG+1Gm7tMQ1ewjoJlJwcagVU0egrrkiZf +txZIExXNjOc35ljbCfBFaWTR5xppi8Lh2Jn0SP54uoOl7ncgjw1POpHGc0KKJh0Z +u3gX1+JwswHTCs8hR3XnZI9G2CcYIy/n8xDjn3cVAoGAE5EjaxHnSr2hY3xxFBpU +O5WXFboHImH86JM9IO8PAyPVanz6Z+p14y92iPtFUerxZ9eOg60Nj6AMLtikELRV +uO5KL8sPkRhPYY11SeXk4+0rGRwNuqj8Z1arNa+YKN9JXMPIr/6Uto4Ot6yi8S8h +GePDIbOl9FnooL6U1BEfDds= +-----END PRIVATE KEY----- diff --git a/debian/tests/certs/tls-ca-key.pem b/debian/tests/certs/tls-ca-key.pem new file mode 100644 index 0000000..e97635f --- /dev/null +++ b/debian/tests/certs/tls-ca-key.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG5QIBAAKCAYEA5plN8luYDWxZnHtf8MUQHCBIqwz9w/VnGjeIa6BlHXbJIdWk +wmTH9fBTK1N5fXhzEIzj4Pmup0ahQfRKhfzzhSwfWmrKcD3fXBAnvnML3lGcf78c +9PNyVGwBGOtFlE2dUce47PKVdZ9LmTMqIlne44w817LHV2gjBXTwwNgsHRCS18KR +6NZoE+jz0ITben3F59OlaiFldCpNaie1TLLs0Mqzl2CsBIjWOk+c4qumZg8wXVwQ +QhGYlFOr7ujjnrXcKtV2sqRYC8uZj74fn+r+fckaft0qFZnqp44ZcoXZW2a1jg4h +55I0r7CzMYQq7GTks2uK8qeBA0NR9uSuY45KI/BP5/UGnuTjjHkEjk13dmvY/b1L +61NaCCWTuj0/m94vAYVxzesXWRTl/ua0U8eQF/ILxYeq61QWsOegryLoVGKmzCqh +KOA4DZHU7OaZW2Q7iMcCCDh86NGrr8NttAcf1RmFkPf1SxDW0trBBpIcxzeTuq4M +RlktHZzk44Hd7m2nAgMBAAECggGBANWh00ejOYO+DGrfFavuNRWJhykImRRxBjqQ +lg73gpXAVWfGEKSTT3j2U2bBJ71o2FjN3dOwHPEVixGaK2xkQorurIFMjA1eFM6q +nNdgp+8n9m+W81GvNA0oHgAi/sv897Eq8ZR6zKIymIvujatTTR3L7xX5p5m/fSpy +AxT1cDDhCNlghWKLN9KyLybP3rFlUfKK7iUbmWz8P8oHzXuoC6MHF0g3pEVzK9zL +otGQKlFE4w6q2tkKiitoNNHZ6f5ABV1l0qma3Z8Mm7n6YxSUj0VzadK0xP09Pjyw +Ay5VAotCSuVwLfPAKp2PMN8MjerZVJassGJGF6jOzuEeQBwn2iKuhJgGLLhgQ+45 +yeIJYyz7ZNmDvrgjL/IA7kRDXfDfsVgEHAF7y59th/Rh0Ekv/oVR1eTXezquIGRl +T3C/LVaQDzfLbEJmIN7i2b6bPShd3YRmaM9uU3golkNWDoPxZTkXe3K+MJaWr5gA +zw5mQrOpvwTlNJxJwBA5t3ilMIiiiQKBwQD1uHmpJWkcBfgJCFkJNnqJ/CsjGTXX +dwK8YGo3mvGnH6pHP1aUQdWFdDV1lrVmjKzXY+rF4CUr61Ds4EygNM1h2s0xORKl +OYpedL4eYd/Gk8eKLHvniJLuBzPlAuvcMCoIkuzGlE0nA5vzlD/RScq4vAwlEcWx +d0VBxOMp7y9ViijNmJJENtDIYp7n3EjLlfle+BppfvR4zss9uoR1+e4M7frRJ407 +pS0O16cnUCG6vuK4Nt9aTJlKq+4n9tq+NMMCgcEA8D7iTIjiFddR3fsnCQWy8+cu +We3GGSHOwnN0RCnU3CG+tAvnyEkQKb5o8AyWzBBXVLG0BZKMYYwyPJRzqg9DswQY +epIwwcJ4TJDbzOh4suguCPFJmZssi0m0kuAlPZimUbn0zbFlY3Dw/D/WOJfWj5nu +WFU1nIVnKDMsIjgNc5WD5vkF4AJnCLjcokQ4RLT5GrFSS8/9cxoE1nOlbgBFOu8S +b90klOG8HNVi6YtiR5iv3lWFp5GXZTj0zMkPgEVNAoHBANqoaWLyjoFIcnsfOZPw +LcVCZ+SY14fAOOgG6B5JPEda7zztiQ7vMqHKUpQsI4p5HomhOVcSaiGWCnJv+uAJ +fMZaXYQy5HuxI4eAXXpN4EMmWEeF5FCaAR3dvPlKyzYqig0NKbRgXfOcy5dK0itc +fhA8DpaiJQkSOMgY+4jidn2pLzwdS/N1z/6xe/SZ2xGHiNxQ7bf5KHWkl8l7g8o0 +OPi6gRrEFnMAPoNZtj5OmWVD3h7NfZ4uUa7YJlrb2bWu3wKBwAkNBW+GtKXH/+CS +Bq1zVoOT0Q44Q/9MY8K1oMq0nL1SVCHqVOgZwI8iCkgI4WF8uB2LuFGBbOJ76qSX +nyfn/U/wNo/flBCop+mSh4VXuLxcvOc/V9t+mhYBR9lEsoJ4jsODcvKQ3VX6ukl2 +ijaFmeK9FNqlEyj7aaB9FQuQ+wjAuEBqX0tKK+GLPVyrn0cPXlcgGQ6cHltIvqfp +oXDcd785pIMsXKVzP6gCbgCIbMJvwShqJmfit0Zr9+UDKh9V/QKBwQC3jYX5u8GE +rwSjNI2I9EL20wOBbUgdh+7Be1wyRgMEUAwXfQhdi27OfbygGQWOPkWN0jZGEVJN +7ZEeGSp3QtB+C4VnVc5YPBaR3+48HB0oD3zPsIIJ2bOWFoRZbx67T3oEq423KwFn +3gD7m0B5c94jC+FAl9zdwyOT28N7MSxA0F5M8TsJ1hXO/F89Jr41tPFbeuUYKiZZ +KJr1NkkVBRosMHzC9cGL3N2hvx97AVmAiEioWqz0JVjaPeBBD5Bxj04= +-----END RSA PRIVATE KEY----- diff --git a/debian/tests/certs/tls-ca.pem b/debian/tests/certs/tls-ca.pem new file mode 100644 index 0000000..66d51c2 --- /dev/null +++ b/debian/tests/certs/tls-ca.pem @@ -0,0 +1,24 @@ +-----BEGIN CERTIFICATE----- +MIIEFTCCAn2gAwIBAgIMVv+skSzN3XlMh+YzMA0GCSqGSIb3DQEBCwUAMCUxIzAh +BgNVBAMTGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBUZXN0MCAXDTE2MDQwMjExMjcx +M1oYDzIxMTYwMzA5MTEyNzEzWjAlMSMwIQYDVQQDExpCYXJlb3MgRGViaWFuIFBh +Y2thZ2UgVGVzdDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOaZTfJb +mA1sWZx7X/DFEBwgSKsM/cP1Zxo3iGugZR12ySHVpMJkx/XwUytTeX14cxCM4+D5 +rqdGoUH0SoX884UsH1pqynA931wQJ75zC95RnH+/HPTzclRsARjrRZRNnVHHuOzy +lXWfS5kzKiJZ3uOMPNeyx1doIwV08MDYLB0QktfCkejWaBPo89CE23p9xefTpWoh +ZXQqTWontUyy7NDKs5dgrASI1jpPnOKrpmYPMF1cEEIRmJRTq+7o45613CrVdrKk +WAvLmY++H5/q/n3JGn7dKhWZ6qeOGXKF2VtmtY4OIeeSNK+wszGEKuxk5LNrivKn +gQNDUfbkrmOOSiPwT+f1Bp7k44x5BI5Nd3Zr2P29S+tTWgglk7o9P5veLwGFcc3r +F1kU5f7mtFPHkBfyC8WHqutUFrDnoK8i6FRipswqoSjgOA2R1OzmmVtkO4jHAgg4 +fOjRq6/DbbQHH9UZhZD39UsQ1tLawQaSHMc3k7quDEZZLR2c5OOB3e5tpwIDAQAB +o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE +FJZB/KaT4BoKSI6ZNVAXXmMUIoQ5MA0GCSqGSIb3DQEBCwUAA4IBgQCREp1kSxTo +jy4AcrpZBgnMVWHlt+DmJI8DztB8yrE9HwAG6d7O64g3pmbmDDNEZy0Cfzh0kuNq +Qu9esa7cgtyrknwVm+QNJ9mlmEMHOHvGzLfwEs9qS2ikDQyIIA5N6MBKCWGUVKLX +re1L7ZyKYkj7Bm+Zwd4+KnlQvVMAZicJFvL1kMWK67jiF/hDNr5UZgb5pHxiDcQo +/3of6J4g2a7UCffKoYUc1++yfzBHD/3wLF8FGB6M9n7LAilqRcsGJifPIBYqZBHg +SEtZwy9jK8k4yBu2/DK5xf7HDVX/+B+pQiMgjCoeRGp0LqUerAyia/8gxOf34DzO +fVuB4b2cASmFovJCKbAqHX5lCcIgQidovBKgpQzagCyPYD6FZEmiX4LyJFonrml2 +UVuymDlhEJYesszUqAmeWJiVm2FKWZwReCr7cod8YthIzCXOPxWV31ygHl/OGjo/ +xLFsV4Zfrh/byv+5DUbTFju7NYW6604EUtWlo/VG/1GG5p53SJQiBjg= +-----END CERTIFICATE----- diff --git a/debian/tests/certs/tls-cert.pem b/debian/tests/certs/tls-cert.pem new file mode 100644 index 0000000..894adcb --- /dev/null +++ b/debian/tests/certs/tls-cert.pem @@ -0,0 +1,25 @@ +-----BEGIN CERTIFICATE----- +MIIEQjCCAqqgAwIBAgIMVv+tyyMQsJYflghNMA0GCSqGSIb3DQEBCwUAMCUxIzAh +BgNVBAMTGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBUZXN0MCAXDTE2MDQwMjExMzIy +N1oYDzIxMTQxMDI2MTEzMjI3WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggGiMA0G +CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCirXwz7RW9PQqhvHFGsil63zeFP2xI +qtN63rumhuCu+aHWL3KSrmGQ6Y3Rvh3I1IMqXiPj9P5FZwLX/nOUpMKZPSSxgD9M +VIly3wxuudKYQEwtPoBZhWIkcGiIESlvCd2Qynq+M3CzsspVdQbVNhH+MeYu2jyY +OF5vAzBfr6q2xJkgBX8F8f6HSZc8AxqlTWdShURtxK2os3FeT9Bwdo3cCPBuKqu7 +2lDoa1bdUJLMREdEOGFblNxX9M9uC9PxlTXTC41TI8ODE76ceamNUX27h40+vwT5 +2q2zMBII3NqsQ9mZpUJKnRvmVaR2UXdng14+ZvAvofl8dEC1kHn6j+XG32rGneib +++LzQtVyPmINpUH8ydoodUepqT/McHhKdw235HBB3kCqApHtMwjo30XVQ8POQa38 +XAZ2x83t9UtuQnLHSHNJCoZWttEHP0tvfPMsaIk/Bi3NYDO4A7B+z/TR1/AHRw56 +xHBVHkjknx0iUgMouXOI7Qu/YlA8xl4W1XkCAwEAAaOBgDB+MAwGA1UdEwEB/wQC +MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH +oAAwHQYDVR0OBBYEFIA/qbUqaLYBmuBVnhYH3b3AVF07MB8GA1UdIwQYMBaAFJZB +/KaT4BoKSI6ZNVAXXmMUIoQ5MA0GCSqGSIb3DQEBCwUAA4IBgQBxFgVhXN3l/xAl +Lb+wkjl4b8MjOKP6eJZeyEGxptHFilV9bf4oQlJbEkiRpH2NoWgS0adCZgaNBCxq +yJFnr+eyWkJPKCXAFBfvKZ+mP+mnGM+CCLXilPZahlV2tZtU8DtUaosVkeILRl9o +8oxS9RHcIkrkWJVnimYf6d4Db+D31NcImS59/6piTiIS5yw1YP+wr+KLhFYynpY4 +DgvVcAsekbmvdVQuTyKy32wOwr4QYQjf4dlVF25w52b/fuyORwJJRWXBJ0GJYIyE +1xwzjJwwUFeFWbYeqSfX/dDymU6HOjRBc580u7tX/RHnRaH2sL/6ysjKvyw1Skea +nF723sGil6xd/UPNKoEYQ8JbCOSEBSm1Pua40bomOWwOk5V4I7MzoaZUyQupa6+X +lPisPmG8+dLTREwfXdKz7zRy6T0B293C/N51+lByI+tA6CAljDmWwayKJViC8ba0 +fN3Bca6nusn1+hFSTsCbQTIDFD5IcBRYtKRDzXQ4qvHPpLlf058= +-----END CERTIFICATE----- diff --git a/debian/tests/certs/tls-key.pem b/debian/tests/certs/tls-key.pem new file mode 100644 index 0000000..a639f93 --- /dev/null +++ b/debian/tests/certs/tls-key.pem @@ -0,0 +1,39 @@ +-----BEGIN RSA PRIVATE KEY----- +MIIG4wIBAAKCAYEAoq18M+0VvT0KobxxRrIpet83hT9sSKrTet67pobgrvmh1i9y +kq5hkOmN0b4dyNSDKl4j4/T+RWcC1/5zlKTCmT0ksYA/TFSJct8MbrnSmEBMLT6A +WYViJHBoiBEpbwndkMp6vjNws7LKVXUG1TYR/jHmLto8mDhebwMwX6+qtsSZIAV/ +BfH+h0mXPAMapU1nUoVEbcStqLNxXk/QcHaN3Ajwbiqru9pQ6GtW3VCSzERHRDhh +W5TcV/TPbgvT8ZU10wuNUyPDgxO+nHmpjVF9u4eNPr8E+dqtszASCNzarEPZmaVC +Sp0b5lWkdlF3Z4NePmbwL6H5fHRAtZB5+o/lxt9qxp3om/vi80LVcj5iDaVB/Mna +KHVHqak/zHB4SncNt+RwQd5AqgKR7TMI6N9F1UPDzkGt/FwGdsfN7fVLbkJyx0hz +SQqGVrbRBz9Lb3zzLGiJPwYtzWAzuAOwfs/00dfwB0cOesRwVR5I5J8dIlIDKLlz +iO0Lv2JQPMZeFtV5AgMBAAECggGAMfKGQgM3O4U0cHhFZ2loZvuGNnlErAMXL5CX +mQeskMzArdyflv3HoxCypIV066akJywEZQdh0rlQHDVaE3eK8DXfwEgaJzuFgCmP +zadsS6biPLoF+naDraB919k9GYSz7LLegOuWXPY2PYrS8D/LwnpbrGMBW9Ni2z7l +aVusVLWENlq5p3+noK4tqxVg5wQfBy0312Qd1cBSvJxQ6VbdM4PjHlAnrmPXl6Tt +ZMJKcEE+iGmvKslH5hGaZrVm+7PN92f1OOxJMhwZYGHXOoiAvHZrSNCAaKlijwSL +GZYyIqEr2wU6DMvjS9EXQnECpG3F58MSKaOahHM2vVNbloZSPI9AjZ6NGphTTj9W +SKEHTEe4m0YcHu4RmJqSrrndkWglqrNMRYbAPcrtNr2ejX57OXBaSJxx+McXLF1V +7nEgrFunqNYPpdWw6UPVuqDKTDUCObfPZ3z1ppsEToERSyN7hG0imTO4364dqHrP +USBACnfXLpTNCQuNE30s38Hp0SCpAoHBAMIpkM9/7hAzhXVFmaXUxm7jWUgQzOBm +ev7VniVPQ8SGaD8yff9nHrbZ9qPESTU9SUNox/+2PB8mF3II6M5vRiGZeeCp5cCZ +2+aAvgEJ8RG9q3Y+GSQ5bHLWcPUaROkFQhdbKGc47qFGVyvuUrayxjMldoUSm5wr +b2HaF+h+kvVFDYLIHFTMaAzqXGmhYMzhvndyHRV0HjBvYhvbHJfPlkncuiNzlUL5 +2Oxm+Hm1OpOT2oUVBvb4CzB379BUAFBcQwKBwQDWfOlk26h7lkMFA/n3UTb4Et2W +mo9pQFn8cyh4CEmreFqg8Smw45j819OJn5Aw/wkuEtGw+tOTvDHbdYphTuXjL9c9 +I25Yuy/1MCixt1SLp5vHrOqN/U5ramrGlkrZmTIboDgx7w/4+Fe9pQd6WPeHtkmB +/ijT8zfMRveyeY5ku0owJig9H/txNADPgepeODHZCve15NgFj6izbEn1CX7fZrol +zOHhRDnXSwyVKE/IbXpPxseJhwC5IA9/URcGiZMCgcEAg1YwgVvNAiKHtSMGYtlB +/QJGg2vx2h0YN8bx+dTbR1WPsKgL+LadXRylLHP6/Utegn2fQ8bWdk+C7n0+VV2J +t/KkMadbJWQuDoapf/RkoBaHpC0vPoSlaizKLdG+KU2IPlpIQ0KMkIUPNEU6qCDX +1wMRX8SNhB8RccRgBcGQ0N4L3JpWJ7o46/uf1Uf3Pb+54fxL1hY80ZCWcbdOaRZf +V8k6E/78SVjONmMU0ucXH3qVBw6JLofssbV/f5FCwRkXAoHAbVIPN0vJzOviTt0e ++5IWXUxoSomOjMuy0bv0JXG78ryOHLeuUy093ak3dU6xlHd4u1X2MKk3S3ZBRyTa +mgw3mZrZrpyvcmQ95k9cfm/9lIyiFpyolCRGYvNDZuJVViEB7Bi2a6T4VCJnvg4u +CIrt5ure/nWHY7f0eZa2Su4vyGG5R187ZSQ26RTjUOBbjxg/N+uiI8B25ia5inGo +JE9prf3S5M9PVZyLipMC38dDGtnJ3H1pWExJ7xFLNM4k2T0nAoHACQC/9r7yZY+h +172gK7D/LQdGDkzqLEzxYmHG7yxuCJ7y4cdw9iNlInnCjUyqIFNRu2qSDX62Ift0 +19oON4vkLT/VPoINyx95tH66OS3vfqnVRtDiiUPTvFkJUt6miwnSk7Oyjd6eQ9LP ++nSuB7gmveMHt/63uDXm3VMgr22SoXBFLjwfaIak5dgDRHacZys5tra2dG3D4czK +6VoaqAyXdjBEbSwT4D7QS20O/xkFcD4qDadKXLczTDutu7BIxexg +-----END RSA PRIVATE KEY----- diff --git a/debian/tests/control b/debian/tests/control index cfdd717..a66cc3d 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -9,3 +9,7 @@ Depends: mysql-server, bareos-database-mysql, bareos Test-Command: test/all Restrictions: needs-root allow-stderr Depends: bareos-database-sqlite3, bareos + +Tests: tls tls-passive +Restrictions: needs-root allow-stderr +Depends: bareos-database-sqlite3, bareos diff --git a/debian/tests/tls b/debian/tests/tls new file mode 100755 index 0000000..faf6bac --- /dev/null +++ b/debian/tests/tls @@ -0,0 +1,76 @@ +#!/bin/bash + +set -e + +# certs generated using: +# +# certtool --generate-privkey --outfile tls-ca-key.pem +# echo "cn = Bareos Debian Package Test\nca\ncert_signing_key\nexpiration_days = 36500" > template.txt +# certtool --generate-self-signed --template template.txt --load-privkey tls-ca-key.pem --outfile tls-ca.pem +# rm template.txt +# +# certtool --generate-privkey --outfile tls-key.pem +# echo "cn = localhost\ntls_www_server\ntls_www_client\nencryption_key\nsigning_key\nexpiration_days = 36000" > template.txt +# certtool --generate-certificate --template template.txt --load-privkey tls-key.pem --load-ca-certificate tls-ca.pem --load-ca-privkey tls-ca-key.pem --outfile tls-cert.pem +# rm template.txt + +cp debian/tests/certs/*.pem /etc/bareos/ +chgrp bareos /etc/bareos/*.pem +chmod ug+r /etc/bareos/*.pem + +sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-dir.conf +sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-sd.conf +sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-fd.conf + +sed -i "s#Client {#Client {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf +sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf + +sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf +sed -i "s#FileDaemon {#FileDaemon {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf + +sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Verify Peer = no\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf +sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf + +echo "--------- config options ----------- " +echo "/etc/bareos/bareos-dir.conf:" +grep -3 "TLS" /etc/bareos/bareos-dir.conf +echo +echo "/etc/bareos/bareos-sd.conf:" +grep -3 "TLS" /etc/bareos/bareos-sd.conf +echo +echo "/etc/bareos/bareos-fd.conf:" +grep -3 "TLS" /etc/bareos/bareos-fd.conf +echo + +echo "--------- restarting services ----------- " +service bareos-dir restart +service bareos-sd restart +service bareos-fd restart +sleep 10 + +echo "--------- checking services ----------- " +service bareos-dir status +service bareos-sd status +service bareos-fd status + +# enable bash debug +set -v + +BACKUP_TEST_FILE=/usr/sbin/bareos.test + +echo -e "status dir" | bconsole +echo +echo "---- label a volume ----" +echo -e "label volume=testvol pool=Full" | bconsole +echo +echo "----- create some file to test backup / restore ----" +echo "bareos restore test" > ${BACKUP_TEST_FILE} +echo +echo "------ trigger backup job -----" +echo -e "run job=BackupClient1 yes\rwait" | bconsole | grep "Job queued. JobId=" +echo "status dir" | bconsole +echo +echo "------ trigger restore job -----" +echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole +echo "status dir" | bconsole +grep "bareos restore test" /tmp/bareos-restores/${BACKUP_TEST_FILE} diff --git a/debian/tests/tls-passive b/debian/tests/tls-passive new file mode 100755 index 0000000..d7f2313 --- /dev/null +++ b/debian/tests/tls-passive @@ -0,0 +1,76 @@ +#!/bin/bash + +set -e + +# certs generated using: +# +# certtool --generate-privkey --outfile tls-ca-key.pem +# echo "cn = Bareos Debian Package Test\nca\ncert_signing_key\nexpiration_days = 36500" > template.txt +# certtool --generate-self-signed --template template.txt --load-privkey tls-ca-key.pem --outfile tls-ca.pem +# rm template.txt +# +# certtool --generate-privkey --outfile tls-key.pem +# echo "cn = localhost\ntls_www_server\ntls_www_client\nencryption_key\nsigning_key\nexpiration_days = 36000" > template.txt +# certtool --generate-certificate --template template.txt --load-privkey tls-key.pem --load-ca-certificate tls-ca.pem --load-ca-privkey tls-ca-key.pem --outfile tls-cert.pem +# rm template.txt + +cp debian/tests/certs/*.pem /etc/bareos/ +chgrp bareos /etc/bareos/*.pem +chmod ug+r /etc/bareos/*.pem + +sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-dir.conf +sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-sd.conf +sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-fd.conf + +sed -i "s#Client {#Client {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem\n Passive = yes#" /etc/bareos/bareos-dir.conf +sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf + +sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf +sed -i "s#FileDaemon {#FileDaemon {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem\n Compatible=no#" /etc/bareos/bareos-fd.conf + +sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Verify Peer = no\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf +sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf + +echo "--------- config options ----------- " +echo "/etc/bareos/bareos-dir.conf:" +grep -3 "TLS" /etc/bareos/bareos-dir.conf +echo +echo "/etc/bareos/bareos-sd.conf:" +grep -3 "TLS" /etc/bareos/bareos-sd.conf +echo +echo "/etc/bareos/bareos-fd.conf:" +grep -3 "TLS" /etc/bareos/bareos-fd.conf +echo + +echo "--------- restarting services ----------- " +service bareos-dir restart +service bareos-sd restart +service bareos-fd restart +sleep 10 + +echo "--------- checking services ----------- " +service bareos-dir status +service bareos-sd status +service bareos-fd status + +# enable bash debug +set -v + +BACKUP_TEST_FILE=/usr/sbin/bareos.test + +echo -e "status dir" | bconsole +echo +echo "---- label a volume ----" +echo -e "label volume=testvol pool=Full" | bconsole +echo +echo "----- create some file to test backup / restore ----" +echo "bareos restore test" > ${BACKUP_TEST_FILE} +echo +echo "------ trigger backup job -----" +echo -e "run job=BackupClient1 yes\rwait" | bconsole | grep "Job queued. JobId=" +echo "status dir" | bconsole +echo +echo "------ trigger restore job -----" +echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole +echo "status dir" | bconsole +grep "bareos restore test" /tmp/bareos-restores/${BACKUP_TEST_FILE} -- 2.8.0.rc3
>From f54ac1eca0fea92902a159fd80957c815474a4bb Mon Sep 17 00:00:00 2001 From: Felix Geyer <fge...@debian.org> Date: Sat, 2 Apr 2016 15:56:18 +0200 Subject: [PATCH 3/3] Add breaks-testbed to all tests. We want a fresh testbed for every test. Previously the tests might not have detected errors because the backup job from a previous job was still in the catalog and the restored file was still lying around. --- debian/tests/control | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/debian/tests/control b/debian/tests/control index a66cc3d..1b5fc4f 100644 --- a/debian/tests/control +++ b/debian/tests/control @@ -1,15 +1,15 @@ Test-Command: test/all -Restrictions: needs-root allow-stderr +Restrictions: breaks-testbed needs-root allow-stderr Depends: postgresql, bareos-database-postgresql, bareos Test-Command: test/all -Restrictions: needs-root allow-stderr +Restrictions: breaks-testbed needs-root allow-stderr Depends: mysql-server, bareos-database-mysql, bareos Test-Command: test/all -Restrictions: needs-root allow-stderr +Restrictions: breaks-testbed needs-root allow-stderr Depends: bareos-database-sqlite3, bareos Tests: tls tls-passive -Restrictions: needs-root allow-stderr +Restrictions: breaks-testbed needs-root allow-stderr Depends: bareos-database-sqlite3, bareos -- 2.8.0.rc3
_______________________________________________ Pkg-bareos-devel mailing list Pkg-bareos-devel@lists.alioth.debian.org https://lists.alioth.debian.org/mailman/listinfo/pkg-bareos-devel