Your message dated Tue, 13 Mar 2018 10:19:36 +0000
with message-id <e1evh1s-000cm1...@fasolo.debian.org>
and subject line Bug#892315: fixed in sssd 1.16.1-1
has caused the Debian Bug report #892315,
regarding sssd: secrets service does not work due to lack of
/var/lib/sss/secrets
to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact ow...@bugs.debian.org
immediately.)
--
892315: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=892315
Debian Bug Tracking System
Contact ow...@bugs.debian.org with problems
--- Begin Message ---
Package: sssd
Version: 1.16.0-5
Severity: normal
Dear Maintainer,
The (socket activated) secrets service doesn't work because it can't
create a secrets database due to the lack of the /var/lib/sss/secrets
directory.
Right after installation, if you try to access it like this for example:
$ curl -H "Content-Type: application/json" --unix-socket
/var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>500 Internal Server Error</title></head>
<body>
<h1>Internal Server Error</h1>
<p>The server encountered an internal error.</p>
/var/log/syslog log shows:
Mar 8 07:38:58 sid-sssd sssd_secrets[6272]: ltdb:
tdb(/var/lib/sss/secrets/secrets.ldb): tdb_open_ex: could not open file
/var/lib/sss/secrets/secrets.ldb: No such file or directory
Mar 8 07:38:58 sid-sssd sssd_secrets[6272]: Unable to open tdb
'/var/lib/sss/secrets/secrets.ldb': No such file or directory
Mar 8 07:38:58 sid-sssd sssd_secrets[6272]: Failed to connect to
'/var/lib/sss/secrets/secrets.ldb' with backend 'tdb': Unable to open tdb
'/var/lib/sss/secrets/secrets.ldb': No such file or directory
Once that directory is created, the service works:
# mkdir -m 0700 /var/lib/sss/secrets
$ curl -H "Content-Type: application/json" --unix-socket
/var/run/secrets.socket -XGET http://localhost/secrets/
<html>
<head>
<title>404 Not Found</title></head>
<body>
<h1>Not Found</h1>
<p>The requested resource was not found.</p>
And you can create secrets:
$ curl -H "Content-Type: application/json" --unix-socket
/var/run/secrets.socket -XPUT http://localhost/secrets/foo
-d'{"type":"simple","value":"foosecret"}'
<html>
<head>
<title>200 OK</title></head>
<body>
<h1>OK</h1>
<p>Success</p>
root@sid-sssd:~# ls -lah /var/lib/sss/secrets/
total 5.5K
drwx------ 2 root root 4 Mar 8 08:02 .
drwxr-xr-x 9 root root 9 Mar 8 08:02 ..
-rw------- 1 root root 32 Mar 8 08:02 .secrets.mkey
-rw------- 1 root root 1.3M Mar 8 08:03 secrets.ldb
-- System Information:
Debian Release: buster/sid
APT prefers unstable
APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.13.0-36-generic (SMP w/4 CPU cores)
Locale: LANG=C.UTF-8, LC_CTYPE=C.UTF-8 (charmap=UTF-8), LANGUAGE=C.UTF-8
(charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)
Versions of packages sssd depends on:
ii python3-sss 1.16.0-5
ii sssd-ad 1.16.0-5
ii sssd-common 1.16.0-5
ii sssd-ipa 1.16.0-5
ii sssd-krb5 1.16.0-5
ii sssd-ldap 1.16.0-5
ii sssd-proxy 1.16.0-5
sssd recommends no packages.
sssd suggests no packages.
-- no debconf information
--- End Message ---
--- Begin Message ---
Source: sssd
Source-Version: 1.16.1-1
We believe that the bug you reported is fixed in the latest version of
sssd, which is due to be installed in the Debian FTP archive.
A summary of the changes between this version and the previous one is
attached.
Thank you for reporting the bug, which will now be closed. If you
have further comments please address them to 892...@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.
Debian distribution maintenance software
pp.
Timo Aaltonen <tjaal...@debian.org> (supplier of updated sssd package)
(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmas...@ftp-master.debian.org)
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Tue, 13 Mar 2018 11:25:00 +0200
Source: sssd
Binary: sssd sssd-common sssd-ad sssd-ad-common sssd-dbus sssd-ipa sssd-kcm
sssd-krb5 sssd-krb5-common sssd-ldap sssd-proxy sssd-tools libnss-sss
libpam-sss libipa-hbac0 libipa-hbac-dev libsss-certmap0 libsss-certmap-dev
libsss-idmap0 libsss-idmap-dev libsss-nss-idmap0 libsss-nss-idmap-dev
libsss-sudo libsss-simpleifp0 libsss-simpleifp-dev libwbclient-sssd
libwbclient-sssd-dev python-libipa-hbac python-libsss-nss-idmap python-sss
python3-libipa-hbac python3-libsss-nss-idmap python3-sss
Architecture: source
Version: 1.16.1-1
Distribution: unstable
Urgency: medium
Maintainer: Debian SSSD Team <pkg-sssd-de...@lists.alioth.debian.org>
Changed-By: Timo Aaltonen <tjaal...@debian.org>
Description:
libipa-hbac-dev - FreeIPA HBAC Evaluator library -- development files
libipa-hbac0 - FreeIPA HBAC Evaluator library
libnss-sss - Nss library for the System Security Services Daemon
libpam-sss - Pam module for the System Security Services Daemon
libsss-certmap-dev - Certificate mapping library for SSSD -- development files
libsss-certmap0 - Certificate mapping library for SSSD
libsss-idmap-dev - ID mapping library for SSSD -- development files
libsss-idmap0 - ID mapping library for SSSD
libsss-nss-idmap-dev - SID based lookups library for SSSD -- development files
libsss-nss-idmap0 - SID based lookups library for SSSD
libsss-simpleifp-dev - SSSD D-Bus responder helper library -- development files
libsss-simpleifp0 - SSSD D-Bus responder helper library
libsss-sudo - Communicator library for sudo
libwbclient-sssd - SSSD libwbclient implementation
libwbclient-sssd-dev - SSSD libwbclient implementation -- development files
python-libipa-hbac - Python bindings for the FreeIPA HBAC Evaluator library
python-libsss-nss-idmap - Python bindings for the SID lookups library
python-sss - Python module for the System Security Services Daemon
python3-libipa-hbac - Python3 bindings for the FreeIPA HBAC Evaluator library
python3-libsss-nss-idmap - Python3 bindings for the SID lookups library
python3-sss - Python3 module for the System Security Services Daemon
sssd - System Security Services Daemon -- metapackage
sssd-ad - System Security Services Daemon -- Active Directory back end
sssd-ad-common - System Security Services Daemon -- PAC responder
sssd-common - System Security Services Daemon -- common files
sssd-dbus - System Security Services Daemon -- D-Bus responder
sssd-ipa - System Security Services Daemon -- IPA back end
sssd-kcm - System Security Services Daemon -- Kerberos KCM server implementa
sssd-krb5 - System Security Services Daemon -- Kerberos back end
sssd-krb5-common - System Security Services Daemon -- Kerberos helpers
sssd-ldap - System Security Services Daemon -- LDAP back end
sssd-proxy - System Security Services Daemon -- proxy back end
sssd-tools - System Security Services Daemon -- tools
Closes: 892315
Changes:
sssd (1.16.1-1) unstable; urgency=medium
.
* New upstream release.
* common.dirs, common.postinst: Add dir for secrets with correct
permissions. (Closes: #892315)
* common: Add support for Fleet Commander, create deskprofile dir with
correct permissions.
* control: Add libgdm-dev to build-depends to support multiple
certificates.
* control, rules, common.install: Add support for systemtap.
* control: Bump policy to 4.1.3, no changes.
Checksums-Sha1:
5ec1a1a2916270987a57e0eeea989c15d25aa3d9 4636 sssd_1.16.1-1.dsc
a840f0244b580f79e4c332f97d2722c2269b1f8d 5992778 sssd_1.16.1.orig.tar.gz
b64cd16916b52fa4228334d285dc3e131f79f530 95350 sssd_1.16.1-1.diff.gz
Checksums-Sha256:
d59242f1a0fe2522e60cb77c5b34a62cdd989d12d5efd2e4c0f0c123c062a517 4636
sssd_1.16.1-1.dsc
2dbf677851afdefcdf57eccaf25d59eb682a2994ad2a2dbf419003930a0b506e 5992778
sssd_1.16.1.orig.tar.gz
128cf92b82cfe21ffde19e5dffed19982ef93b41ba3c2e1e5a78db467106ef7b 95350
sssd_1.16.1-1.diff.gz
Files:
1d46c92ba1c0c112b88a5288c29f9ab3 4636 utils extra sssd_1.16.1-1.dsc
b4df37eace2b62a604214a40855d2574 5992778 utils extra sssd_1.16.1.orig.tar.gz
4f3db10deb4e5e15b79e6bb42e34a07e 95350 utils extra sssd_1.16.1-1.diff.gz
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iQIcBAEBCAAGBQJap5kUAAoJEMtwMWWoiYTcVzUQAJYjN7jHdkyIwHkOvJI1Bu05
0gJ+U3a/GyvaUPM/y1EJGF798N5oMwhc0ktvDe5HiNm3TqV9s2YE3VVVH03hMMia
QAnbB87+mGwfRIsjNJueWa+8B+nRWE+yxPqCX2Mqn/eJEaG7Kd1FuqSqskp9YEGh
MXbCbFih38n1WuQCEyTi1EcIdJVCPlojs7GjsHIY3WS6/IVGQynFJhttybOQUv13
Pl1IWM7t7xM0XsAA2qbOgpFc/4HirWlXPmfsa/7RrMgDCYtpGYSWDPPLkhTXKNLa
YTTP6MU35E9zbA+ig9CelCTMD6j6hUUq7RQRC20B9wqJsguc5i8UJK7qXErqNk0s
dvSgI2Rmk2Cf2ffiwO6ywG3HIEr6fctysPRIZT0WRiH0kk/aeI1irpFRtqQuCETA
00SHVPr2Eex91d4X7TOALUK3EaIzjxmFQkB5KKJQu/M3zhm/YbC5og+kStB38TzN
h+xfmT/c2AgMjs62qwtnSmaHEgpXMVDhuHQKy5kL3J4ykhesb/aG8mUn9alu8l90
uRIcn+NsstogzI1Bljp62yS9p6ZnyEjJN2VPV1Kf5ZQSMuYP7hR8do8CUtAVyYUO
m/nZ65oHBXYfQonJtTm7pf6ZKxzdlqO33BgeKw+lcF4DdxhV8U6ABTxoExchmWgK
RVL/H7Fw/MYEts8ZZKRR
=Xd5T
-----END PGP SIGNATURE-----
--- End Message ---