From wt-lists at trexler.at Tue Aug 21 20:04:27 2018 From: wt-lists at trexler.at (Wolfgang Trexler) Date: Tue, 21 Aug 2018 21:04:27 +0200 Subject: [Box Backup] Certificate generation broken with Ubuntu 18.04 packages (out of the box) Message-ID: <3a4b5820-790b-140b-7007-8676ce438635@trexler.at> Hi, I just want to notice the maintainers of the Debian/Ubuntu packages of boxbackup-server that contain the CA scripts, that the signing functionality is broken due to changes in the openssl output that is parsed in the script bbstored-certs. When signing a server certificate I get the following error: # bbstored-certs ca sign-server name.domain.com-csr.pem No subject found in CSR name.domain.com-csr.pem at /usr/bin/bbstored-certs line 297. I'd expect the same problem with client certificates as it seems they use the same function to obtain the csr common name. The problem is that the output of # openssl req -text -in name.domain.com-csr.pem# that is used in the script in line 286 now delivers the following "Subject Line" Subject: CN = name.domain.com while Subject: CN=name.domain.com is expected in line 291 of "/usr/bin/bbstored-certs" I had to change line 291 from: $subject = $1 if m/Subject:.+?CN=([-\.\w]+)/ to $subject = $1 if m/Subject:.+?CN = ([-\.\w]+)/ to get it working again. I'm quite sure that there is a better solution to this formatting problem than my inflexible quick-fix, but being a bit out of practice in regex I leave this up to the maintainer ;-) thanks for all the work and please keep boxbackup alive! br Wolfgang -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 833 bytes Desc: OpenPGP digital signature URL: From chris+google at qwirx.com Tue Aug 21 21:25:31 2018 From: chris+google at qwirx.com (Chris Wilson) Date: Tue, 21 Aug 2018 21:25:31 +0100 Subject: [Box Backup] Certificate generation broken with Ubuntu 18.04 packages (out of the box) In-Reply-To: <3a4b5820-790b-140b-7007-8676ce438635@trexler.at> References: <3a4b5820-790b-140b-7007-8676ce438635@trexler.at> Message-ID: Hi Wolfgang, Thanks for letting us know! I have copied our Debian package maintainer. I think that this bug was fixed in October 2017 in commit fea4efb , and Debian has already pulled in this fix (Debian's version was tagged in March 2018 ), so I hope it's as simple as persuading Ubuntu to pull a more recent version of the Debian package. However my experience of getting Ubuntu to fix any issues via Launchpad has been absolutely dire (issues ignored or closed after 5+ years) so I have basically given up on Ubuntu. I am happy for someone else to have a go. Thanks, Chris. On 21 August 2018 at 20:04, Wolfgang Trexler wrote: > Hi, > > I just want to notice the maintainers of the Debian/Ubuntu packages of > boxbackup-server that contain the CA scripts, that the signing > functionality is broken due to changes in the openssl output that is > parsed in the script bbstored-certs. > > When signing a server certificate I get the following error: > # bbstored-certs ca sign-server name.domain.com-csr.pem > No subject found in CSR name.domain.com-csr.pem at > /usr/bin/bbstored-certs line 297. > I'd expect the same problem with client certificates as it seems they > use the same function to obtain the csr common name. > > > The problem is that the output of > # openssl req -text -in name.domain.com-csr.pem# > that is used in the script in line 286 > now delivers the following "Subject Line" > Subject: CN = name.domain.com > while > Subject: CN=name.domain.com > is expected in line 291 of "/usr/bin/bbstored-certs" > > I had to change line 291 from: > $subject = $1 if m/Subject:.+?CN=([-\.\w]+)/ > to > $subject = $1 if m/Subject:.+?CN = ([-\.\w]+)/ > to get it working again. I'm quite sure that there is a better solution > to this formatting problem than my inflexible quick-fix, but being a bit > out of practice in regex I leave this up to the maintainer ;-) > > thanks for all the work and please keep boxbackup alive! > br > Wolfgang > > > _______________________________________________ > Boxbackup mailing list > Boxbackup at boxbackup.org > http://lists.boxbackup.org/mailman/listinfo/boxbackup > > -------------- next part -------------- An HTML attachment was scrubbed... URL: From wt-lists at trexler.at Wed Aug 22 08:43:34 2018 From: wt-lists at trexler.at (Wolfgang Trexler) Date: Wed, 22 Aug 2018 09:43:34 +0200 Subject: [Box Backup] Certificate generation broken with Ubuntu 18.04 packages (out of the box) In-Reply-To: <93b7abca-f334-9777-687a-a57fb74e7862@debian.org> References: <3a4b5820-790b-140b-7007-8676ce438635@trexler.at> <93b7abca-f334-9777-687a-a57fb74e7862@debian.org> Message-ID: Hi Reinhard, hi Chris! First of all, many, many thanks for the fast reply and your engagement. Indeed I'm using Ubuntu bionic/18.04 (as mentioned in the subject ;-) ) Ubuntu 18.04 is a Long Term Release which makes the (trivial) bug worse. Anyone who tries to set up a _new_ installation with boxbackup on Ubuntu 18.04 will fail to do so, given that signing of the server certificate is not possible. As for the paperwork to get the fix into bionic/18.04, I'm sorry I've to admit I probably miss both, time and qualification... br Wolfgang P.S. Chris: I'm on the mailing list... Am 2018-08-22 um 01:53 schrieb Reinhard Tartler: > Hi Wolfgang, hi Chris, > > I'm sorry to hear about your trouble with the boxbackup package. I'm glad to hear that you did find a workaround. In fact, the fix that Chris mentions is already available in both Debian and Ubuntu: > >>> rmadison -u ubuntu boxbackup > boxbackup | 0.11.1~r2837-1 | precise/universe | source > boxbackup | 0.11.1~r2837-1 | trusty/universe | source > boxbackup | 0.11.1~r2837-1 | xenial/universe | source > boxbackup | 0.11.1~r2837-4 | bionic/universe | source > boxbackup | 0.11.1~r2837-4 | cosmic/universe | source > boxbackup | 0.13~~git20180313.g16a11e86-1 | cosmic-proposed/universe | source > >>> rmadison -u debian boxbackup > boxbackup | 0.11.1~r2837-1 | oldoldstable | source > boxbackup | 0.11.1~r2837-1 | oldstable | source > boxbackup | 0.11.1~r2837-1 | oldstable-kfreebsd | source > boxbackup | 0.11.1~r2837-4 | stable | source > boxbackup | 0.13~~git20180313.g16a11e86-1 | testing | source > boxbackup | 0.13~~git20180313.g16a11e86-1 | unstable | source > boxbackup | 0.13~~git20180313.g16a11e86-1 | unstable-debug | source > > The version numbers are a bit confusing since to the best of my knowledge boxbackup hasn't seen a 0.13 release yet. The version number 0.13~~git20180313 indicates the date when I took the code from github and they do contain the fix. > > I suppose that you are using a version of ubuntu earlier than cosmic? Updating released versions of ubuntu comes with additional paperwork to reduce the risk of regressions. The procedure for that is outlined here: https://wiki.ubuntu.com/StableReleaseUpdates > > This procedure is relatively involved (for good reasons). Let me know if you have time and energy to follow it through! > > Best, > Reinhard > > On 08/21/2018 04:25 PM, Chris Wilson wrote: >> Hi Wolfgang, >> >> Thanks for letting us know! I have copied our Debian package maintainer. >> >> I think that this bug was fixed in October 2017 in commit?fea4efb , and Debian has already pulled in this fix (Debian's version was tagged in March 2018 ), so I hope it's as simple as persuading Ubuntu to pull a more recent version of the Debian package. However my experience of getting Ubuntu to fix any issues via Launchpad has been absolutely dire (issues ignored or closed after 5+ years) so I have basically given up on Ubuntu. I am happy for someone else to have a go. >> >> Thanks, Chris. >> >> On 21 August 2018 at 20:04, Wolfgang Trexler > wrote: >> >> Hi, >> >> I? just want to notice the maintainers of the Debian/Ubuntu packages of >> boxbackup-server that contain the CA scripts, that the signing >> functionality is broken due to changes in the openssl output that is >> parsed in the script bbstored-certs. >> >> When signing a server certificate I get the following error: >> # bbstored-certs ca sign-server name.domain.com-csr.pem >> No subject found in CSR name.domain.com-csr.pem at >> /usr/bin/bbstored-certs line 297. >> I'd expect the same problem with client certificates as it seems they >> use the same function to obtain the csr common name. >> >> >> The problem is that the output of >> # openssl req -text -in name.domain.com-csr.pem# >> that is used in the script in line 286 >> now delivers the following "Subject Line" >> ? ? ? ? Subject: CN = name.domain.com >> while >> ? ? ? ? Subject: CN=name.domain.com >> is expected in line 291 of "/usr/bin/bbstored-certs" >> >> I had to change line 291 from: >> ? ?$subject = $1 if m/Subject:.+?CN=([-\.\w]+)/ >> to >> ? ?$subject = $1 if m/Subject:.+?CN = ([-\.\w]+)/ >> to get it working again. I'm quite sure that there is a better solution >> to this formatting problem than my inflexible quick-fix, but being a bit >> out of practice in regex I leave this up to the maintainer ;-) >> >> thanks for all the work and please keep boxbackup alive! >> br >> Wolfgang >> >> >> _______________________________________________ >> Boxbackup mailing list >> Boxbackup at boxbackup.org >> http://lists.boxbackup.org/mailman/listinfo/boxbackup >> >> >