Package: bareos
Version: 14.2.1+20141017gitc6c5b56-3
Tags: patch
Hi Evgeni,
I finally figured out why the GnuTLS backend doesn't work at all.
Bareos initalizes the crypto backend and then daemonizes itself and closes
all fds.
Unfortunately GnuTLS opens /dev/urandom in its init method and relies upon
it staying open.
Turns out this is already fixed in 15.2 but was never backported.
Attached are git patches against the debian branch to add the fix and some
tests.
Cheers,
Felix
>From b5896fc9083d967ce243b8b64f7f2e555909ccd9 Mon Sep 17 00:00:00 2001
From: Felix Geyer <fge...@debian.org>
Date: Sat, 2 Apr 2016 15:49:37 +0200
Subject: [PATCH 1/3] Fix GnuTLS backend by postponing initialization after it
daemonized.
Backport upstream commits from version 15.2.
---
debian/patches/fix-tls-backend-initalization | 84 ++++++++++++++++++++++++++++
debian/patches/series | 1 +
2 files changed, 85 insertions(+)
create mode 100644 debian/patches/fix-tls-backend-initalization
diff --git a/debian/patches/fix-tls-backend-initalization b/debian/patches/fix-tls-backend-initalization
new file mode 100644
index 0000000..b9c2026
--- /dev/null
+++ b/debian/patches/fix-tls-backend-initalization
@@ -0,0 +1,84 @@
+Description: Fix GnuTLS backend by postponing initialization after it daemonized.
+ Backport upstream commits from version 15.2.
+Origin: https://github.com/bareos/bareos/commit/9097aaeaefe904b40af602caddf5d9cd59959625
+ https://github.com/bareos/bareos/commit/ecb539bc44c0224b378e6e9626b86ea718da5c2c
+
+--- bareos-14.2.6.orig/src/dird/dird.c
++++ bareos-14.2.6/src/dird/dird.c
+@@ -285,6 +285,13 @@ int main (int argc, char *argv[])
+ my_config = new_config_parser();
+ parse_dir_config(my_config, configfile, M_ERROR_TERM);
+
++ if (!test_config) { /* we don't need to do this block in test mode */
++ if (background) {
++ daemon_start();
++ init_stack_dump(); /* grab new pid */
++ }
++ }
++
+ if (init_crypto() != 0) {
+ Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n"));
+ goto bail_out;
+@@ -296,10 +303,6 @@ int main (int argc, char *argv[])
+ }
+
+ if (!test_config) { /* we don't need to do this block in test mode */
+- if (background) {
+- daemon_start();
+- init_stack_dump(); /* grab new pid */
+- }
+ /* Create pid must come after we are a daemon -- so we have our final pid */
+ create_pid_file(me->pid_directory, "bareos-dir",
+ get_first_port_host_order(me->DIRaddrs));
+--- bareos-14.2.6.orig/src/filed/filed.c
++++ bareos-14.2.6/src/filed/filed.c
+@@ -213,6 +213,11 @@ int main (int argc, char *argv[])
+ my_config = new_config_parser();
+ parse_fd_config(my_config, configfile, M_ERROR_TERM);
+
++ if (!foreground && !test_config) {
++ daemon_start();
++ init_stack_dump(); /* set new pid */
++ }
++
+ if (init_crypto() != 0) {
+ Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
+ terminate_filed(1);
+@@ -237,11 +242,6 @@ int main (int argc, char *argv[])
+ terminate_filed(0);
+ }
+
+- if (!foreground) {
+- daemon_start();
+- init_stack_dump(); /* set new pid */
+- }
+-
+ set_thread_concurrency(me->MaxConcurrentJobs + 10);
+ lmgr_init_thread(); /* initialize the lockmanager stack */
+
+--- bareos-14.2.6.orig/src/stored/stored.c
++++ bareos-14.2.6/src/stored/stored.c
+@@ -219,6 +219,11 @@ int main (int argc, char *argv[])
+ my_config = new_config_parser();
+ parse_sd_config(my_config, configfile, M_ERROR_TERM);
+
++ if (!foreground && !test_config) {
++ daemon_start(); /* become daemon */
++ init_stack_dump(); /* pick up new pid */
++ }
++
+ if (init_crypto() != 0) {
+ Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n"));
+ }
+@@ -235,11 +240,6 @@ int main (int argc, char *argv[])
+
+ my_name_is(0, (char **)NULL, me->hdr.name); /* Set our real name */
+
+- if (!foreground) {
+- daemon_start(); /* become daemon */
+- init_stack_dump(); /* pick up new pid */
+- }
+-
+ create_pid_file(me->pid_directory, "bareos-sd",
+ get_first_port_host_order(me->SDaddrs));
+ read_state_file(me->working_directory, "bareos-sd",
diff --git a/debian/patches/series b/debian/patches/series
index 818c007..2035a52 100644
--- a/debian/patches/series
+++ b/debian/patches/series
@@ -1,3 +1,4 @@
dont-generate-debian-files
set-dbuser-dbname
openssl-no-home-rnd
+fix-tls-backend-initalization
--
2.8.0.rc3
>From 3c049737686bfe0885e306af83283bd8fa528b71 Mon Sep 17 00:00:00 2001
From: Felix Geyer <fge...@debian.org>
Date: Sat, 2 Apr 2016 15:55:44 +0200
Subject: [PATCH 2/3] Add autopkgtests for TLS.
---
debian/tests/certs/ca-cert.pem | 22 ++++++++++++
debian/tests/certs/ca-key.pem | 28 +++++++++++++++
debian/tests/certs/tls-ca-key.pem | 39 ++++++++++++++++++++
debian/tests/certs/tls-ca.pem | 24 +++++++++++++
debian/tests/certs/tls-cert.pem | 25 +++++++++++++
debian/tests/certs/tls-key.pem | 39 ++++++++++++++++++++
debian/tests/control | 4 +++
debian/tests/tls | 76 +++++++++++++++++++++++++++++++++++++++
debian/tests/tls-passive | 76 +++++++++++++++++++++++++++++++++++++++
9 files changed, 333 insertions(+)
create mode 100644 debian/tests/certs/ca-cert.pem
create mode 100644 debian/tests/certs/ca-key.pem
create mode 100644 debian/tests/certs/tls-ca-key.pem
create mode 100644 debian/tests/certs/tls-ca.pem
create mode 100644 debian/tests/certs/tls-cert.pem
create mode 100644 debian/tests/certs/tls-key.pem
create mode 100755 debian/tests/tls
create mode 100755 debian/tests/tls-passive
diff --git a/debian/tests/certs/ca-cert.pem b/debian/tests/certs/ca-cert.pem
new file mode 100644
index 0000000..d2ce66d
--- /dev/null
+++ b/debian/tests/certs/ca-cert.pem
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIJALo7XUqwFCoUMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxIzAhBgNVBAMMGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBU
+ZXN0MCAXDTE2MDQwMjExMTAwOVoYDzIxMTYwMzA5MTExMDA5WjBqMQswCQYDVQQG
+EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
+Z2l0cyBQdHkgTHRkMSMwIQYDVQQDDBpCYXJlb3MgRGViaWFuIFBhY2thZ2UgVGVz
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvdkpb0WrmGDmptkU7/
+xYee3ZQjQJUKRFfgM+oKF72i51MbAY1CzKKK9gWt56V16YpIUrobnyp8yF2fhlZf
+XKBzJKKxeMWAIRYQcYkcrN4chKZavQU2QKAVPpTgLD69bEDCvSTathbCRBdkGU92
+N9w7Kx/lbQB7dt+RMtMFNpbkusdrzDoQKmoHbo6JWpj7s8z9ygzazCAcU76k+QVG
+WaJcHIm7jyhaCJ97dB6JXT8+swsG6s6hQjR0jKtFllnZQIck7s49HHFW0me9Xhh4
+RxbPExdi+JIAEkANyjdfqPeyjV+lerklVU6c7fV/BgK8WibBwCCfSlVgydrhi14Z
+hbsCAwEAAaNQME4wHQYDVR0OBBYEFGU1OgL+ioLaBcWZBL9ZHlZ0VIdhMB8GA1Ud
+IwQYMBaAFGU1OgL+ioLaBcWZBL9ZHlZ0VIdhMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAICJwohW/Xg78zB+i4VY7IMaNYskgi9omdpTWnBzvXU5d3i9
+Yl3wUAHNH7+223cRLL5M/6Jlacf3MeGxuKTacbE0cbrAhTwfXGxNWXVGuNxfp6tV
+KUjicUfOK2gle+Fl9k7YwE79vFEwRju6ZdGCGhrRkdRJDDVTNk2vHFmLbJnjqgww
+H3bHKRAt2VaoFacysLMU8x8N/9SYEb8W78QisUU5lQZrKWam+GgtzrZZ86M4Uc8O
+4sO0aqKTDOqm2XBPZ8fJK6ZcljndAvPeN6T+zA9Yw2EDT/6R2z6owv6SRATELilD
+YVXCXugi4KQBNaEyXDZXuusaCAnLfDA0nUFPAgg=
+-----END CERTIFICATE-----
diff --git a/debian/tests/certs/ca-key.pem b/debian/tests/certs/ca-key.pem
new file mode 100644
index 0000000..f0e56c4
--- /dev/null
+++ b/debian/tests/certs/ca-key.pem
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDL3ZKW9Fq5hg5q
+bZFO/8WHnt2UI0CVCkRX4DPqChe9oudTGwGNQsyiivYFreeldemKSFK6G58qfMhd
+n4ZWX1ygcySisXjFgCEWEHGJHKzeHISmWr0FNkCgFT6U4Cw+vWxAwr0k2rYWwkQX
+ZBlPdjfcOysf5W0Ae3bfkTLTBTaW5LrHa8w6ECpqB26OiVqY+7PM/coM2swgHFO+
+pPkFRlmiXByJu48oWgife3QeiV0/PrMLBurOoUI0dIyrRZZZ2UCHJO7OPRxxVtJn
+vV4YeEcWzxMXYviSABJADco3X6j3so1fpXq5JVVOnO31fwYCvFomwcAgn0pVYMna
+4YteGYW7AgMBAAECggEABYyqiOFt9s7nZY5F/liIEAELFxU+lNAKvDmmMCDGNKtS
+kLiTejzvRR1zRQRO4foruU/usJI/6vAqpCHLjl5aLyPzQ1qBZx7tx6P68ziMnB86
+nSyrKJEpgTIS2gqgKbUOVVT3wSETA9uV7u0So08chio2KlAcf37c5YkWURg7PDBB
+VAKbhqhLCZE6L+DurkuvsiHb49eKa0HU58pOpimYHvQ70Yy+Y8ABD35OP1JQaKAi
+bAxlJTVFBezqpa7FnAzukeLNFV0CGaMlzLiGGlnAIt8SARnmjQ1TLi5XjKYnVFbB
+kMvkoXVB1Z8CvCvj6b3mihFlGmvUF3NoPBcZWq3OwQKBgQDrIh2CLR0kWq18z3Hx
+BSe/Llv/RmR/cpCDJeI0ZHhYh4IKlMxlkqO2bhoURf+AAwEQVIDlSB+OVG7S0tgz
+dC+Wo2+r1OC4eqB3XvfitIxNMv0csfSwyTtAxlP3rihn8Q3LUzO52KdhRrjQZYRK
+3US3/lvKTj52aqh8BUmSFsfMvQKBgQDd9RmMc7g7v4dTKo3cfIdUNxcriSBzTs05
++nPIATNF57c7mim33R4Y3asrYRFdYzG37KX+aFAE7F8vtu6ix3NVG8Mvb02LMIGh
+FH3m415q4H11zDBW27pz/GCbAO+CGm8agec3f8plRJzjtOl/yoQ4jEg7TRQgXHEs
+nXApPRuP1wKBgE975tG8gl9pr7/DOFcrUPZVq4+tsgdLKQLMaZ0gYXY7yH/fMQEd
+Au6GZZZ42xfg7BkjF7dqHBC3BgeKcr9iBTw832EMwzJZcakol08xjUQDeoCav4aL
+X9ZTtMrDOrF4URtscs3eKSa/C3aW+pN8HOC9wTWwIXlSMMZL20ThIoVZAoGBAMr7
+QRgfI9cQOxOlkQKYp7Iuh3P6/cA1yp1BG+1Gm7tMQ1ewjoJlJwcagVU0egrrkiZf
+txZIExXNjOc35ljbCfBFaWTR5xppi8Lh2Jn0SP54uoOl7ncgjw1POpHGc0KKJh0Z
+u3gX1+JwswHTCs8hR3XnZI9G2CcYIy/n8xDjn3cVAoGAE5EjaxHnSr2hY3xxFBpU
+O5WXFboHImH86JM9IO8PAyPVanz6Z+p14y92iPtFUerxZ9eOg60Nj6AMLtikELRV
+uO5KL8sPkRhPYY11SeXk4+0rGRwNuqj8Z1arNa+YKN9JXMPIr/6Uto4Ot6yi8S8h
+GePDIbOl9FnooL6U1BEfDds=
+-----END PRIVATE KEY-----
diff --git a/debian/tests/certs/tls-ca-key.pem b/debian/tests/certs/tls-ca-key.pem
new file mode 100644
index 0000000..e97635f
--- /dev/null
+++ b/debian/tests/certs/tls-ca-key.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5QIBAAKCAYEA5plN8luYDWxZnHtf8MUQHCBIqwz9w/VnGjeIa6BlHXbJIdWk
+wmTH9fBTK1N5fXhzEIzj4Pmup0ahQfRKhfzzhSwfWmrKcD3fXBAnvnML3lGcf78c
+9PNyVGwBGOtFlE2dUce47PKVdZ9LmTMqIlne44w817LHV2gjBXTwwNgsHRCS18KR
+6NZoE+jz0ITben3F59OlaiFldCpNaie1TLLs0Mqzl2CsBIjWOk+c4qumZg8wXVwQ
+QhGYlFOr7ujjnrXcKtV2sqRYC8uZj74fn+r+fckaft0qFZnqp44ZcoXZW2a1jg4h
+55I0r7CzMYQq7GTks2uK8qeBA0NR9uSuY45KI/BP5/UGnuTjjHkEjk13dmvY/b1L
+61NaCCWTuj0/m94vAYVxzesXWRTl/ua0U8eQF/ILxYeq61QWsOegryLoVGKmzCqh
+KOA4DZHU7OaZW2Q7iMcCCDh86NGrr8NttAcf1RmFkPf1SxDW0trBBpIcxzeTuq4M
+RlktHZzk44Hd7m2nAgMBAAECggGBANWh00ejOYO+DGrfFavuNRWJhykImRRxBjqQ
+lg73gpXAVWfGEKSTT3j2U2bBJ71o2FjN3dOwHPEVixGaK2xkQorurIFMjA1eFM6q
+nNdgp+8n9m+W81GvNA0oHgAi/sv897Eq8ZR6zKIymIvujatTTR3L7xX5p5m/fSpy
+AxT1cDDhCNlghWKLN9KyLybP3rFlUfKK7iUbmWz8P8oHzXuoC6MHF0g3pEVzK9zL
+otGQKlFE4w6q2tkKiitoNNHZ6f5ABV1l0qma3Z8Mm7n6YxSUj0VzadK0xP09Pjyw
+Ay5VAotCSuVwLfPAKp2PMN8MjerZVJassGJGF6jOzuEeQBwn2iKuhJgGLLhgQ+45
+yeIJYyz7ZNmDvrgjL/IA7kRDXfDfsVgEHAF7y59th/Rh0Ekv/oVR1eTXezquIGRl
+T3C/LVaQDzfLbEJmIN7i2b6bPShd3YRmaM9uU3golkNWDoPxZTkXe3K+MJaWr5gA
+zw5mQrOpvwTlNJxJwBA5t3ilMIiiiQKBwQD1uHmpJWkcBfgJCFkJNnqJ/CsjGTXX
+dwK8YGo3mvGnH6pHP1aUQdWFdDV1lrVmjKzXY+rF4CUr61Ds4EygNM1h2s0xORKl
+OYpedL4eYd/Gk8eKLHvniJLuBzPlAuvcMCoIkuzGlE0nA5vzlD/RScq4vAwlEcWx
+d0VBxOMp7y9ViijNmJJENtDIYp7n3EjLlfle+BppfvR4zss9uoR1+e4M7frRJ407
+pS0O16cnUCG6vuK4Nt9aTJlKq+4n9tq+NMMCgcEA8D7iTIjiFddR3fsnCQWy8+cu
+We3GGSHOwnN0RCnU3CG+tAvnyEkQKb5o8AyWzBBXVLG0BZKMYYwyPJRzqg9DswQY
+epIwwcJ4TJDbzOh4suguCPFJmZssi0m0kuAlPZimUbn0zbFlY3Dw/D/WOJfWj5nu
+WFU1nIVnKDMsIjgNc5WD5vkF4AJnCLjcokQ4RLT5GrFSS8/9cxoE1nOlbgBFOu8S
+b90klOG8HNVi6YtiR5iv3lWFp5GXZTj0zMkPgEVNAoHBANqoaWLyjoFIcnsfOZPw
+LcVCZ+SY14fAOOgG6B5JPEda7zztiQ7vMqHKUpQsI4p5HomhOVcSaiGWCnJv+uAJ
+fMZaXYQy5HuxI4eAXXpN4EMmWEeF5FCaAR3dvPlKyzYqig0NKbRgXfOcy5dK0itc
+fhA8DpaiJQkSOMgY+4jidn2pLzwdS/N1z/6xe/SZ2xGHiNxQ7bf5KHWkl8l7g8o0
+OPi6gRrEFnMAPoNZtj5OmWVD3h7NfZ4uUa7YJlrb2bWu3wKBwAkNBW+GtKXH/+CS
+Bq1zVoOT0Q44Q/9MY8K1oMq0nL1SVCHqVOgZwI8iCkgI4WF8uB2LuFGBbOJ76qSX
+nyfn/U/wNo/flBCop+mSh4VXuLxcvOc/V9t+mhYBR9lEsoJ4jsODcvKQ3VX6ukl2
+ijaFmeK9FNqlEyj7aaB9FQuQ+wjAuEBqX0tKK+GLPVyrn0cPXlcgGQ6cHltIvqfp
+oXDcd785pIMsXKVzP6gCbgCIbMJvwShqJmfit0Zr9+UDKh9V/QKBwQC3jYX5u8GE
+rwSjNI2I9EL20wOBbUgdh+7Be1wyRgMEUAwXfQhdi27OfbygGQWOPkWN0jZGEVJN
+7ZEeGSp3QtB+C4VnVc5YPBaR3+48HB0oD3zPsIIJ2bOWFoRZbx67T3oEq423KwFn
+3gD7m0B5c94jC+FAl9zdwyOT28N7MSxA0F5M8TsJ1hXO/F89Jr41tPFbeuUYKiZZ
+KJr1NkkVBRosMHzC9cGL3N2hvx97AVmAiEioWqz0JVjaPeBBD5Bxj04=
+-----END RSA PRIVATE KEY-----
diff --git a/debian/tests/certs/tls-ca.pem b/debian/tests/certs/tls-ca.pem
new file mode 100644
index 0000000..66d51c2
--- /dev/null
+++ b/debian/tests/certs/tls-ca.pem
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAn2gAwIBAgIMVv+skSzN3XlMh+YzMA0GCSqGSIb3DQEBCwUAMCUxIzAh
+BgNVBAMTGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBUZXN0MCAXDTE2MDQwMjExMjcx
+M1oYDzIxMTYwMzA5MTEyNzEzWjAlMSMwIQYDVQQDExpCYXJlb3MgRGViaWFuIFBh
+Y2thZ2UgVGVzdDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOaZTfJb
+mA1sWZx7X/DFEBwgSKsM/cP1Zxo3iGugZR12ySHVpMJkx/XwUytTeX14cxCM4+D5
+rqdGoUH0SoX884UsH1pqynA931wQJ75zC95RnH+/HPTzclRsARjrRZRNnVHHuOzy
+lXWfS5kzKiJZ3uOMPNeyx1doIwV08MDYLB0QktfCkejWaBPo89CE23p9xefTpWoh
+ZXQqTWontUyy7NDKs5dgrASI1jpPnOKrpmYPMF1cEEIRmJRTq+7o45613CrVdrKk
+WAvLmY++H5/q/n3JGn7dKhWZ6qeOGXKF2VtmtY4OIeeSNK+wszGEKuxk5LNrivKn
+gQNDUfbkrmOOSiPwT+f1Bp7k44x5BI5Nd3Zr2P29S+tTWgglk7o9P5veLwGFcc3r
+F1kU5f7mtFPHkBfyC8WHqutUFrDnoK8i6FRipswqoSjgOA2R1OzmmVtkO4jHAgg4
+fOjRq6/DbbQHH9UZhZD39UsQ1tLawQaSHMc3k7quDEZZLR2c5OOB3e5tpwIDAQAB
+o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE
+FJZB/KaT4BoKSI6ZNVAXXmMUIoQ5MA0GCSqGSIb3DQEBCwUAA4IBgQCREp1kSxTo
+jy4AcrpZBgnMVWHlt+DmJI8DztB8yrE9HwAG6d7O64g3pmbmDDNEZy0Cfzh0kuNq
+Qu9esa7cgtyrknwVm+QNJ9mlmEMHOHvGzLfwEs9qS2ikDQyIIA5N6MBKCWGUVKLX
+re1L7ZyKYkj7Bm+Zwd4+KnlQvVMAZicJFvL1kMWK67jiF/hDNr5UZgb5pHxiDcQo
+/3of6J4g2a7UCffKoYUc1++yfzBHD/3wLF8FGB6M9n7LAilqRcsGJifPIBYqZBHg
+SEtZwy9jK8k4yBu2/DK5xf7HDVX/+B+pQiMgjCoeRGp0LqUerAyia/8gxOf34DzO
+fVuB4b2cASmFovJCKbAqHX5lCcIgQidovBKgpQzagCyPYD6FZEmiX4LyJFonrml2
+UVuymDlhEJYesszUqAmeWJiVm2FKWZwReCr7cod8YthIzCXOPxWV31ygHl/OGjo/
+xLFsV4Zfrh/byv+5DUbTFju7NYW6604EUtWlo/VG/1GG5p53SJQiBjg=
+-----END CERTIFICATE-----
diff --git a/debian/tests/certs/tls-cert.pem b/debian/tests/certs/tls-cert.pem
new file mode 100644
index 0000000..894adcb
--- /dev/null
+++ b/debian/tests/certs/tls-cert.pem
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQjCCAqqgAwIBAgIMVv+tyyMQsJYflghNMA0GCSqGSIb3DQEBCwUAMCUxIzAh
+BgNVBAMTGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBUZXN0MCAXDTE2MDQwMjExMzIy
+N1oYDzIxMTQxMDI2MTEzMjI3WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggGiMA0G
+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCirXwz7RW9PQqhvHFGsil63zeFP2xI
+qtN63rumhuCu+aHWL3KSrmGQ6Y3Rvh3I1IMqXiPj9P5FZwLX/nOUpMKZPSSxgD9M
+VIly3wxuudKYQEwtPoBZhWIkcGiIESlvCd2Qynq+M3CzsspVdQbVNhH+MeYu2jyY
+OF5vAzBfr6q2xJkgBX8F8f6HSZc8AxqlTWdShURtxK2os3FeT9Bwdo3cCPBuKqu7
+2lDoa1bdUJLMREdEOGFblNxX9M9uC9PxlTXTC41TI8ODE76ceamNUX27h40+vwT5
+2q2zMBII3NqsQ9mZpUJKnRvmVaR2UXdng14+ZvAvofl8dEC1kHn6j+XG32rGneib
+++LzQtVyPmINpUH8ydoodUepqT/McHhKdw235HBB3kCqApHtMwjo30XVQ8POQa38
+XAZ2x83t9UtuQnLHSHNJCoZWttEHP0tvfPMsaIk/Bi3NYDO4A7B+z/TR1/AHRw56
+xHBVHkjknx0iUgMouXOI7Qu/YlA8xl4W1XkCAwEAAaOBgDB+MAwGA1UdEwEB/wQC
+MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH
+oAAwHQYDVR0OBBYEFIA/qbUqaLYBmuBVnhYH3b3AVF07MB8GA1UdIwQYMBaAFJZB
+/KaT4BoKSI6ZNVAXXmMUIoQ5MA0GCSqGSIb3DQEBCwUAA4IBgQBxFgVhXN3l/xAl
+Lb+wkjl4b8MjOKP6eJZeyEGxptHFilV9bf4oQlJbEkiRpH2NoWgS0adCZgaNBCxq
+yJFnr+eyWkJPKCXAFBfvKZ+mP+mnGM+CCLXilPZahlV2tZtU8DtUaosVkeILRl9o
+8oxS9RHcIkrkWJVnimYf6d4Db+D31NcImS59/6piTiIS5yw1YP+wr+KLhFYynpY4
+DgvVcAsekbmvdVQuTyKy32wOwr4QYQjf4dlVF25w52b/fuyORwJJRWXBJ0GJYIyE
+1xwzjJwwUFeFWbYeqSfX/dDymU6HOjRBc580u7tX/RHnRaH2sL/6ysjKvyw1Skea
+nF723sGil6xd/UPNKoEYQ8JbCOSEBSm1Pua40bomOWwOk5V4I7MzoaZUyQupa6+X
+lPisPmG8+dLTREwfXdKz7zRy6T0B293C/N51+lByI+tA6CAljDmWwayKJViC8ba0
+fN3Bca6nusn1+hFSTsCbQTIDFD5IcBRYtKRDzXQ4qvHPpLlf058=
+-----END CERTIFICATE-----
diff --git a/debian/tests/certs/tls-key.pem b/debian/tests/certs/tls-key.pem
new file mode 100644
index 0000000..a639f93
--- /dev/null
+++ b/debian/tests/certs/tls-key.pem
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAoq18M+0VvT0KobxxRrIpet83hT9sSKrTet67pobgrvmh1i9y
+kq5hkOmN0b4dyNSDKl4j4/T+RWcC1/5zlKTCmT0ksYA/TFSJct8MbrnSmEBMLT6A
+WYViJHBoiBEpbwndkMp6vjNws7LKVXUG1TYR/jHmLto8mDhebwMwX6+qtsSZIAV/
+BfH+h0mXPAMapU1nUoVEbcStqLNxXk/QcHaN3Ajwbiqru9pQ6GtW3VCSzERHRDhh
+W5TcV/TPbgvT8ZU10wuNUyPDgxO+nHmpjVF9u4eNPr8E+dqtszASCNzarEPZmaVC
+Sp0b5lWkdlF3Z4NePmbwL6H5fHRAtZB5+o/lxt9qxp3om/vi80LVcj5iDaVB/Mna
+KHVHqak/zHB4SncNt+RwQd5AqgKR7TMI6N9F1UPDzkGt/FwGdsfN7fVLbkJyx0hz
+SQqGVrbRBz9Lb3zzLGiJPwYtzWAzuAOwfs/00dfwB0cOesRwVR5I5J8dIlIDKLlz
+iO0Lv2JQPMZeFtV5AgMBAAECggGAMfKGQgM3O4U0cHhFZ2loZvuGNnlErAMXL5CX
+mQeskMzArdyflv3HoxCypIV066akJywEZQdh0rlQHDVaE3eK8DXfwEgaJzuFgCmP
+zadsS6biPLoF+naDraB919k9GYSz7LLegOuWXPY2PYrS8D/LwnpbrGMBW9Ni2z7l
+aVusVLWENlq5p3+noK4tqxVg5wQfBy0312Qd1cBSvJxQ6VbdM4PjHlAnrmPXl6Tt
+ZMJKcEE+iGmvKslH5hGaZrVm+7PN92f1OOxJMhwZYGHXOoiAvHZrSNCAaKlijwSL
+GZYyIqEr2wU6DMvjS9EXQnECpG3F58MSKaOahHM2vVNbloZSPI9AjZ6NGphTTj9W
+SKEHTEe4m0YcHu4RmJqSrrndkWglqrNMRYbAPcrtNr2ejX57OXBaSJxx+McXLF1V
+7nEgrFunqNYPpdWw6UPVuqDKTDUCObfPZ3z1ppsEToERSyN7hG0imTO4364dqHrP
+USBACnfXLpTNCQuNE30s38Hp0SCpAoHBAMIpkM9/7hAzhXVFmaXUxm7jWUgQzOBm
+ev7VniVPQ8SGaD8yff9nHrbZ9qPESTU9SUNox/+2PB8mF3II6M5vRiGZeeCp5cCZ
+2+aAvgEJ8RG9q3Y+GSQ5bHLWcPUaROkFQhdbKGc47qFGVyvuUrayxjMldoUSm5wr
+b2HaF+h+kvVFDYLIHFTMaAzqXGmhYMzhvndyHRV0HjBvYhvbHJfPlkncuiNzlUL5
+2Oxm+Hm1OpOT2oUVBvb4CzB379BUAFBcQwKBwQDWfOlk26h7lkMFA/n3UTb4Et2W
+mo9pQFn8cyh4CEmreFqg8Smw45j819OJn5Aw/wkuEtGw+tOTvDHbdYphTuXjL9c9
+I25Yuy/1MCixt1SLp5vHrOqN/U5ramrGlkrZmTIboDgx7w/4+Fe9pQd6WPeHtkmB
+/ijT8zfMRveyeY5ku0owJig9H/txNADPgepeODHZCve15NgFj6izbEn1CX7fZrol
+zOHhRDnXSwyVKE/IbXpPxseJhwC5IA9/URcGiZMCgcEAg1YwgVvNAiKHtSMGYtlB
+/QJGg2vx2h0YN8bx+dTbR1WPsKgL+LadXRylLHP6/Utegn2fQ8bWdk+C7n0+VV2J
+t/KkMadbJWQuDoapf/RkoBaHpC0vPoSlaizKLdG+KU2IPlpIQ0KMkIUPNEU6qCDX
+1wMRX8SNhB8RccRgBcGQ0N4L3JpWJ7o46/uf1Uf3Pb+54fxL1hY80ZCWcbdOaRZf
+V8k6E/78SVjONmMU0ucXH3qVBw6JLofssbV/f5FCwRkXAoHAbVIPN0vJzOviTt0e
++5IWXUxoSomOjMuy0bv0JXG78ryOHLeuUy093ak3dU6xlHd4u1X2MKk3S3ZBRyTa
+mgw3mZrZrpyvcmQ95k9cfm/9lIyiFpyolCRGYvNDZuJVViEB7Bi2a6T4VCJnvg4u
+CIrt5ure/nWHY7f0eZa2Su4vyGG5R187ZSQ26RTjUOBbjxg/N+uiI8B25ia5inGo
+JE9prf3S5M9PVZyLipMC38dDGtnJ3H1pWExJ7xFLNM4k2T0nAoHACQC/9r7yZY+h
+172gK7D/LQdGDkzqLEzxYmHG7yxuCJ7y4cdw9iNlInnCjUyqIFNRu2qSDX62Ift0
+19oON4vkLT/VPoINyx95tH66OS3vfqnVRtDiiUPTvFkJUt6miwnSk7Oyjd6eQ9LP
++nSuB7gmveMHt/63uDXm3VMgr22SoXBFLjwfaIak5dgDRHacZys5tra2dG3D4czK
+6VoaqAyXdjBEbSwT4D7QS20O/xkFcD4qDadKXLczTDutu7BIxexg
+-----END RSA PRIVATE KEY-----
diff --git a/debian/tests/control b/debian/tests/control
index cfdd717..a66cc3d 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -9,3 +9,7 @@ Depends: mysql-server, bareos-database-mysql, bareos
Test-Command: test/all
Restrictions: needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
+
+Tests: tls tls-passive
+Restrictions: needs-root allow-stderr
+Depends: bareos-database-sqlite3, bareos
diff --git a/debian/tests/tls b/debian/tests/tls
new file mode 100755
index 0000000..faf6bac
--- /dev/null
+++ b/debian/tests/tls
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -e
+
+# certs generated using:
+#
+# certtool --generate-privkey --outfile tls-ca-key.pem
+# echo "cn = Bareos Debian Package Test\nca\ncert_signing_key\nexpiration_days = 36500" > template.txt
+# certtool --generate-self-signed --template template.txt --load-privkey tls-ca-key.pem --outfile tls-ca.pem
+# rm template.txt
+#
+# certtool --generate-privkey --outfile tls-key.pem
+# echo "cn = localhost\ntls_www_server\ntls_www_client\nencryption_key\nsigning_key\nexpiration_days = 36000" > template.txt
+# certtool --generate-certificate --template template.txt --load-privkey tls-key.pem --load-ca-certificate tls-ca.pem --load-ca-privkey tls-ca-key.pem --outfile tls-cert.pem
+# rm template.txt
+
+cp debian/tests/certs/*.pem /etc/bareos/
+chgrp bareos /etc/bareos/*.pem
+chmod ug+r /etc/bareos/*.pem
+
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-dir.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-sd.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Client {#Client {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf
+
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf
+sed -i "s#FileDaemon {#FileDaemon {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Verify Peer = no\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+
+echo "--------- config options ----------- "
+echo "/etc/bareos/bareos-dir.conf:"
+grep -3 "TLS" /etc/bareos/bareos-dir.conf
+echo
+echo "/etc/bareos/bareos-sd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-sd.conf
+echo
+echo "/etc/bareos/bareos-fd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-fd.conf
+echo
+
+echo "--------- restarting services ----------- "
+service bareos-dir restart
+service bareos-sd restart
+service bareos-fd restart
+sleep 10
+
+echo "--------- checking services ----------- "
+service bareos-dir status
+service bareos-sd status
+service bareos-fd status
+
+# enable bash debug
+set -v
+
+BACKUP_TEST_FILE=/usr/sbin/bareos.test
+
+echo -e "status dir" | bconsole
+echo
+echo "---- label a volume ----"
+echo -e "label volume=testvol pool=Full" | bconsole
+echo
+echo "----- create some file to test backup / restore ----"
+echo "bareos restore test" > ${BACKUP_TEST_FILE}
+echo
+echo "------ trigger backup job -----"
+echo -e "run job=BackupClient1 yes\rwait" | bconsole | grep "Job queued. JobId="
+echo "status dir" | bconsole
+echo
+echo "------ trigger restore job -----"
+echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole
+echo "status dir" | bconsole
+grep "bareos restore test" /tmp/bareos-restores/${BACKUP_TEST_FILE}
diff --git a/debian/tests/tls-passive b/debian/tests/tls-passive
new file mode 100755
index 0000000..d7f2313
--- /dev/null
+++ b/debian/tests/tls-passive
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -e
+
+# certs generated using:
+#
+# certtool --generate-privkey --outfile tls-ca-key.pem
+# echo "cn = Bareos Debian Package Test\nca\ncert_signing_key\nexpiration_days = 36500" > template.txt
+# certtool --generate-self-signed --template template.txt --load-privkey tls-ca-key.pem --outfile tls-ca.pem
+# rm template.txt
+#
+# certtool --generate-privkey --outfile tls-key.pem
+# echo "cn = localhost\ntls_www_server\ntls_www_client\nencryption_key\nsigning_key\nexpiration_days = 36000" > template.txt
+# certtool --generate-certificate --template template.txt --load-privkey tls-key.pem --load-ca-certificate tls-ca.pem --load-ca-privkey tls-ca-key.pem --outfile tls-cert.pem
+# rm template.txt
+
+cp debian/tests/certs/*.pem /etc/bareos/
+chgrp bareos /etc/bareos/*.pem
+chmod ug+r /etc/bareos/*.pem
+
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-dir.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-sd.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Client {#Client {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem\n Passive = yes#" /etc/bareos/bareos-dir.conf
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf
+
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf
+sed -i "s#FileDaemon {#FileDaemon {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem\n Compatible=no#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Verify Peer = no\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+
+echo "--------- config options ----------- "
+echo "/etc/bareos/bareos-dir.conf:"
+grep -3 "TLS" /etc/bareos/bareos-dir.conf
+echo
+echo "/etc/bareos/bareos-sd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-sd.conf
+echo
+echo "/etc/bareos/bareos-fd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-fd.conf
+echo
+
+echo "--------- restarting services ----------- "
+service bareos-dir restart
+service bareos-sd restart
+service bareos-fd restart
+sleep 10
+
+echo "--------- checking services ----------- "
+service bareos-dir status
+service bareos-sd status
+service bareos-fd status
+
+# enable bash debug
+set -v
+
+BACKUP_TEST_FILE=/usr/sbin/bareos.test
+
+echo -e "status dir" | bconsole
+echo
+echo "---- label a volume ----"
+echo -e "label volume=testvol pool=Full" | bconsole
+echo
+echo "----- create some file to test backup / restore ----"
+echo "bareos restore test" > ${BACKUP_TEST_FILE}
+echo
+echo "------ trigger backup job -----"
+echo -e "run job=BackupClient1 yes\rwait" | bconsole | grep "Job queued. JobId="
+echo "status dir" | bconsole
+echo
+echo "------ trigger restore job -----"
+echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole
+echo "status dir" | bconsole
+grep "bareos restore test" /tmp/bareos-restores/${BACKUP_TEST_FILE}
--
2.8.0.rc3
>From f54ac1eca0fea92902a159fd80957c815474a4bb Mon Sep 17 00:00:00 2001
From: Felix Geyer <fge...@debian.org>
Date: Sat, 2 Apr 2016 15:56:18 +0200
Subject: [PATCH 3/3] Add breaks-testbed to all tests.
We want a fresh testbed for every test.
Previously the tests might not have detected errors because the backup job
from a previous job was still in the catalog and the restored file was still
lying around.
---
debian/tests/control | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/debian/tests/control b/debian/tests/control
index a66cc3d..1b5fc4f 100644
--- a/debian/tests/control
+++ b/debian/tests/control
@@ -1,15 +1,15 @@
Test-Command: test/all
-Restrictions: needs-root allow-stderr
+Restrictions: breaks-testbed needs-root allow-stderr
Depends: postgresql, bareos-database-postgresql, bareos
Test-Command: test/all
-Restrictions: needs-root allow-stderr
+Restrictions: breaks-testbed needs-root allow-stderr
Depends: mysql-server, bareos-database-mysql, bareos
Test-Command: test/all
-Restrictions: needs-root allow-stderr
+Restrictions: breaks-testbed needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
Tests: tls tls-passive
-Restrictions: needs-root allow-stderr
+Restrictions: breaks-testbed needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
--
2.8.0.rc3
_______________________________________________
Pkg-bareos-devel mailing list
Pkg-bareos-devel@lists.alioth.debian.org
https://lists.alioth.debian.org/mailman/listinfo/pkg-bareos-devel
