subject:"\[Desktop\-packages\] \[Bug 1218245\] Re\: Default SSL certificates installed as symlinks and incompatible with pg

[Desktop-packages] [Bug 1218245] Re: Default SSL certificates installed as symlinks and incompatible with pg_basebackup

2013-08-29 Thread Martin Pitt

 To fix this, the locations of these files could be specified with the
ssl_cert_file and ssl_key_file options in postgresql.conf.

This is actually what happens since 9.2 and later. But older versions
didn't have these options yet, so 9.1 and earlier still use symlinks. So
this got fixed in

postgresql-common (142) unstable; urgency=low

  [ Christoph Berg ]
  * Make all scripts honor PGSYSCONFDIR (defaulting to
/etc/postgresql-common).
  * The default behavior of pg_createcluster can be configured in
/etc/postgresql-common/createcluster.conf. This also allows to disable the
creation of main clusters when postgresql server packages are installed,
and to set parameters in the new postgresql.conf.
  * pg_createcluster: Move setting of log_line_prefix to createcluster.conf.
  * debian/postgresql-common.postgresql.init: Do not die of one cluster fails
to start. (Closes: #699911)
  * pg_checksystem: Suppress error message for unavailable filesystems.
(Closes: #705219)
  * pg_upgradecluster: Use a distinct name (pg_hba.conf.pg_upgradecluster) for
the pg_hba.conf backup, and handle the case where this file already exists
gracefully.
  * pg_upgradecluster: On upgrades to 9.3, rename unix_socket_directory to
unix_socket_directories.
  * pg_upgradecluster, t/043_upgrade_ssl_cert.t: Copy server.crt and friends
in the data directory on upgrade. (Closes: #698958)
  * pg_ctlcluster: Set LANG so non-ascii chars in the server log are not
replaced by '?'. Thanks to Adrian Vondendriesch for help debugging this.
(Closes: #671915)

  [ Martin Pitt ]
  * debian/supported-versions: Add 9.3 for testing/unstable.
  * debian/supported-versions: Add Ubuntu 13.10.
  * Bump Standards-Versio to 3.9.4 (no changes necessary).
  * pg_upgradecluster: For upgrades to 9.3, migrate replication_timeout to
wal_sender_timeout.
  * t/060_obsolete_confparams.t: Add full 9.2 configuration, to test 9.2 → 9.3
upgrades.

 -- Martin Pitt mp...@debian.org  Tue, 07 May 2013 11:11:58 +0200


** Changed in: postgresql-common (Ubuntu)
   Status: New = Fix Released

** Bug watch added: Debian Bug tracker #698958
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698958

** Also affects: postgresql-common (Debian) via
   http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=698958
   Importance: Unknown
   Status: Unknown

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to postgresql-common in Ubuntu.
https://bugs.launchpad.net/bugs/1218245

Title:
  Default SSL certificates installed as symlinks and incompatible with
  pg_basebackup

Status in “postgresql-common” package in Ubuntu:
  Fix Released
Status in “postgresql-common” package in Debian:
  Unknown

Bug description:
  A default PostgreSQL installation creates server.crt and server.key
  symlinks in the datadir, referencing the default snakeoil SSL
  certificate.

  When making a filesystem level backup of the database using
  pg_basebackup, these symlinks are not backed up and pg_basebackup
  emits the following warnings:

  WARNING:  skipping special file ./server.crt
  WARNING:  skipping special file ./server.key

  Recovering the filesystem level backup thus requires the extra
  platform specific step of repairing the two missing files:

  cd ~/9.1/main
  ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem .
  ln -s /etc/ssl/private/ssl-cert-snakeoil.key .

  To fix this, the locations of these files could be specified with the
  ssl_cert_file and ssl_key_file options in postgresql.conf.

  Alternatively, the files could be copied rather than symlinked.
  However, the SSL certificate and private key should probably not be
  part of the backup.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: postgresql 9.1+140
  ProcVersionSignature: Ubuntu 3.8.0-29.42-generic 3.8.13.5
  Uname: Linux 3.8.0-29-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.9.2-0ubuntu8.3
  Architecture: amd64
  Date: Thu Aug 29 15:40:03 2013
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2013-02-26 (184 days ago)
  InstallationMedia: Ubuntu 13.04 Raring Ringtail - Alpha amd64 (20130225)
  MarkForUpload: True
  PackageArchitecture: all
  SourcePackage: postgresql-common
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-common/+bug/1218245/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1218245] Re: Default SSL certificates installed as symlinks and incompatible with pg_basebackup

2013-08-29 Thread Bug Watch Updater

** Changed in: postgresql-common (Debian)
   Status: Unknown = Fix Released

-- 
You received this bug notification because you are a member of Desktop
Packages, which is subscribed to postgresql-common in Ubuntu.
https://bugs.launchpad.net/bugs/1218245

Title:
  Default SSL certificates installed as symlinks and incompatible with
  pg_basebackup

Status in “postgresql-common” package in Ubuntu:
  Fix Released
Status in “postgresql-common” package in Debian:
  Fix Released

Bug description:
  A default PostgreSQL installation creates server.crt and server.key
  symlinks in the datadir, referencing the default snakeoil SSL
  certificate.

  When making a filesystem level backup of the database using
  pg_basebackup, these symlinks are not backed up and pg_basebackup
  emits the following warnings:

  WARNING:  skipping special file ./server.crt
  WARNING:  skipping special file ./server.key

  Recovering the filesystem level backup thus requires the extra
  platform specific step of repairing the two missing files:

  cd ~/9.1/main
  ln -s /etc/ssl/certs/ssl-cert-snakeoil.pem .
  ln -s /etc/ssl/private/ssl-cert-snakeoil.key .

  To fix this, the locations of these files could be specified with the
  ssl_cert_file and ssl_key_file options in postgresql.conf.

  Alternatively, the files could be copied rather than symlinked.
  However, the SSL certificate and private key should probably not be
  part of the backup.

  ProblemType: Bug
  DistroRelease: Ubuntu 13.04
  Package: postgresql 9.1+140
  ProcVersionSignature: Ubuntu 3.8.0-29.42-generic 3.8.13.5
  Uname: Linux 3.8.0-29-generic x86_64
  NonfreeKernelModules: nvidia
  ApportVersion: 2.9.2-0ubuntu8.3
  Architecture: amd64
  Date: Thu Aug 29 15:40:03 2013
  EcryptfsInUse: Yes
  InstallationDate: Installed on 2013-02-26 (184 days ago)
  InstallationMedia: Ubuntu 13.04 Raring Ringtail - Alpha amd64 (20130225)
  MarkForUpload: True
  PackageArchitecture: all
  SourcePackage: postgresql-common
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/postgresql-common/+bug/1218245/+subscriptions

-- 
Mailing list: https://launchpad.net/~desktop-packages
Post to : desktop-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~desktop-packages
More help   : https://help.launchpad.net/ListHelp

[Desktop-packages] [Bug 1218245] Re: Default SSL certificates installed as symlinks and incompatible with pg_basebackup

[Desktop-packages] [Bug 1218245] Re: Default SSL certificates installed as symlinks and incompatible with pg_basebackup

2 matches

Site Navigation

Mail list logo

Footer information