Bug#892315: marked as done (sssd: secrets service does not work due to lack of /var/lib/sss/secrets)

Tue, 13 Mar 2018 03:22:12 -0700 

Your message dated Tue, 13 Mar 2018 10:19:36 +0000
with message-id <e1evh1s-000cm1...@fasolo.debian.org>
and subject line Bug#892315: fixed in sssd 1.16.1-1
has caused the Debian Bug report #892315,
regarding sssd: secrets service does not work due to lack of 
/var/lib/sss/secrets
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)


-- 
892315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892315
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message --- 
Package: sssd
Version: 1.16.0-5
Severity: normal

Dear Maintainer,

The (socket activated) secrets service doesn't work because it can't
create a secrets database due to the lack of the /var/lib/sss/secrets
directory.

Right after installation, if you try to access it like this for example:

$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>500 Internal Server Error</title></head>
<body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error.</p>

/var/log/syslog log shows:
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: ltdb: 
tdb(/var/lib/sss/secrets/secrets.ldb): tdb_open_ex: could not open file 
/var/lib/sss/secrets/secrets.ldb: No such file or directory
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: Unable to open tdb 
'/var/lib/sss/secrets/secrets.ldb': No such file or directory
Mar  8 07:38:58 sid-sssd sssd_secrets[6272]: Failed to connect to 
'/var/lib/sss/secrets/secrets.ldb' with backend 'tdb': Unable to open tdb 
'/var/lib/sss/secrets/secrets.ldb': No such file or directory

Once that directory is created, the service works:

# mkdir -m 0700 /var/lib/sss/secrets

$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>404 Not Found</title></head>
<body>
<h1>Not Found</h1>
<p>The requested resource was not found.</p>


And you can create secrets:
$ curl -H "Content-Type: application/json" --unix-socket 
/var/run/secrets.socket -XPUT http://localhost/secrets/foo 
-d'{"type":"simple","value":"foosecret"}'
<html>
<head>
<title>200 OK</title></head>
<body>
<h1>OK</h1>
<p>Success</p>

root@sid-sssd:~# ls -lah /var/lib/sss/secrets/
total 5.5K
drwx------ 2 root root    4 Mar  8 08:02 .
drwxr-xr-x 9 root root    9 Mar  8 08:02 ..
-rw------- 1 root root   32 Mar  8 08:02 .secrets.mkey
-rw------- 1 root root 1.3M Mar  8 08:03 secrets.ldb


-- System Information:
Debian Release: buster/sid
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 4.13.0-36-generic (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8 
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages sssd depends on:
ii  python3-sss  1.16.0-5
ii  sssd-ad      1.16.0-5
ii  sssd-common  1.16.0-5
ii  sssd-ipa     1.16.0-5
ii  sssd-krb5    1.16.0-5
ii  sssd-ldap    1.16.0-5
ii  sssd-proxy   1.16.0-5

sssd recommends no packages.

sssd suggests no packages.

-- no debconf information

--- End Message ---
--- Begin Message --- 
Source: sssd
Source-Version: 1.16.1-1

We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 892...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Timo Aaltonen <tjaal...@debian.org> (supplier of updated sssd package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Format: 1.8
Date: Tue, 13 Mar 2018 11:25:00 +0200
Source: sssd
Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-kcm 
sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss 
libpam-sss libipa-hbac0 libipa-hbac-dev libsss-certmap0 libsss-certmap-dev 
libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev 
libsss-sudo libsss-simpleifp0 libsss-simpleifp-dev libwbclient-sssd 
libwbclient-sssd-dev python-libipa-hbac python-libsss-nss-idmap python-sss 
python3-libipa-hbac python3-libsss-nss-idmap python3-sss
Architecture: source
Version: 1.16.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian SSSD Team <pkg-sssd-de...@lists.alioth.debian.org>
Changed-By: Timo Aaltonen <tjaal...@debian.org>
Description:
 libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
 libipa-hbac0 - FreeIPA HBAC Evaluator library
 libnss-sss - Nss library for the System Security Services Daemon
 libpam-sss - Pam module for the System Security Services Daemon
 libsss-certmap-dev - Certificate mapping library for SSSD -- development files
 libsss-certmap0 - Certificate mapping library for SSSD
 libsss-idmap-dev - ID mapping library for SSSD -- development files
 libsss-idmap0 - ID mapping library for SSSD
 libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files
 libsss-nss-idmap0 - SID based lookups library for SSSD
 libsss-simpleifp-dev - SSSD D-Bus responder helper library -- development files
 libsss-simpleifp0 - SSSD D-Bus responder helper library
 libsss-sudo - Communicator library for sudo
 libwbclient-sssd - SSSD libwbclient implementation
 libwbclient-sssd-dev - SSSD libwbclient implementation -- development files
 python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
 python-libsss-nss-idmap - Python bindings for the SID lookups library
 python-sss - Python module for the System Security Services Daemon
 python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
 python3-libsss-nss-idmap - Python3 bindings for the SID lookups library
 python3-sss - Python3 module for the System Security Services Daemon
 sssd       - System Security Services Daemon -- metapackage
 sssd-ad    - System Security Services Daemon -- Active Directory back end
 sssd-ad-common - System Security Services Daemon -- PAC responder
 sssd-common - System Security Services Daemon -- common files
 sssd-dbus  - System Security Services Daemon -- D-Bus responder
 sssd-ipa   - System Security Services Daemon -- IPA back end
 sssd-kcm   - System Security Services Daemon -- Kerberos KCM server implementa
 sssd-krb5  - System Security Services Daemon -- Kerberos back end
 sssd-krb5-common - System Security Services Daemon -- Kerberos helpers
 sssd-ldap  - System Security Services Daemon -- LDAP back end
 sssd-proxy - System Security Services Daemon -- proxy back end
 sssd-tools - System Security Services Daemon -- tools
Closes: 892315
Changes:
 sssd (1.16.1-1) unstable; urgency=medium
 .
   * New upstream release.
   * common.dirs, common.postinst: Add dir for secrets with correct
     permissions. (Closes: #892315)
   * common: Add support for Fleet Commander, create deskprofile dir with
     correct permissions.
   * control: Add libgdm-dev to build-depends to support multiple
     certificates.
   * control, rules, common.install: Add support for systemtap.
   * control: Bump policy to 4.1.3, no changes.
Checksums-Sha1:
 5ec1a1a2916270987a57e0eeea989c15d25aa3d9 4636 sssd_1.16.1-1.dsc
 a840f0244b580f79e4c332f97d2722c2269b1f8d 5992778 sssd_1.16.1.orig.tar.gz
 b64cd16916b52fa4228334d285dc3e131f79f530 95350 sssd_1.16.1-1.diff.gz
Checksums-Sha256:
 d59242f1a0fe2522e60cb77c5b34a62cdd989d12d5efd2e4c0f0c123c062a517 4636 
sssd_1.16.1-1.dsc
 2dbf677851afdefcdf57eccaf25d59eb682a2994ad2a2dbf419003930a0b506e 5992778 
sssd_1.16.1.orig.tar.gz
 128cf92b82cfe21ffde19e5dffed19982ef93b41ba3c2e1e5a78db467106ef7b 95350 
sssd_1.16.1-1.diff.gz
Files:
 1d46c92ba1c0c112b88a5288c29f9ab3 4636 utils extra sssd_1.16.1-1.dsc
 b4df37eace2b62a604214a40855d2574 5992778 utils extra sssd_1.16.1.orig.tar.gz
 4f3db10deb4e5e15b79e6bb42e34a07e 95350 utils extra sssd_1.16.1-1.diff.gz

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJap5kUAAoJEMtwMWWoiYTcVzUQAJYjN7jHdkyIwHkOvJI1Bu05
0gJ+U3a/GyvaUPM/y1EJGF798N5oMwhc0ktvDe5HiNm3TqV9s2YE3VVVH03hMMia
QAnbB87+mGwfRIsjNJueWa+8B+nRWE+yxPqCX2Mqn/eJEaG7Kd1FuqSqskp9YEGh
MXbCbFih38n1WuQCEyTi1EcIdJVCPlojs7GjsHIY3WS6/IVGQynFJhttybOQUv13
Pl1IWM7t7xM0XsAA2qbOgpFc/4HirWlXPmfsa/7RrMgDCYtpGYSWDPPLkhTXKNLa
YTTP6MU35E9zbA+ig9CelCTMD6j6hUUq7RQRC20B9wqJsguc5i8UJK7qXErqNk0s
dvSgI2Rmk2Cf2ffiwO6ywG3HIEr6fctysPRIZT0WRiH0kk/aeI1irpFRtqQuCETA
00SHVPr2Eex91d4X7TOALUK3EaIzjxmFQkB5KKJQu/M3zhm/YbC5og+kStB38TzN
h+xfmT/c2AgMjs62qwtnSmaHEgpXMVDhuHQKy5kL3J4ykhesb/aG8mUn9alu8l90
uRIcn+NsstogzI1Bljp62yS9p6ZnyEjJN2VPV1Kf5ZQSMuYP7hR8do8CUtAVyYUO
m/nZ65oHBXYfQonJtTm7pf6ZKxzdlqO33BgeKw+lcF4DdxhV8U6ABTxoExchmWgK
RVL/H7Fw/MYEts8ZZKRR
=Xd5T
-----END PGP SIGNATURE-----

--- End Message ---

Reply via email to