Massano,Thanks for the debugging output, it's exactly what's needed. The crash-causing logic error was already fixed in subversion by Kern, and I believe a release is planned soon; As a temporary work-around, you can set "PKI Signatures = no" in the configuration file when doing the emergency restore.
The "Could not find a valid public key for signature" message is expected -- the signatures are created using available signing keys, and your signing public key is no longer available to Bacula. Since the master private key is not available at encryption time, the files are not signed with it. This should obviously not cause a crash, though.
I eventually intend on implementing HMAC signing -- in addition to being much faster, it will allow any valid decryption key to verify the signature, regardless of public key availability.
-landonf On May 11, 2007, at 8:32 AM, massano jerome wrote:
Here is the output of the debug (followed the instructions on the manualto get more debugging infos) : sme-fd: bnet.c:1154 who=client host=192.168.0.1 port=36387 [New Thread -1211208784 (LWP 4619)] sme-fd: find.c:81 init_find_files ff=8e528e0 sme-fd: job.c:232 <dird: Hello Director nec-dir calling sme-fd: job.c:248 Executing Hello command. sme-fd: job.c:351 Calling Authenticatesme-fd: cram-md5.c:71 send: auth cram-md5 <[EMAIL PROTECTED]>ssl=0 sme-fd: cram-md5.c:131 cram-get: auth cram-md5 <[EMAIL PROTECTED]> ssl=0sme-fd: cram-md5.c:150 sending resp to challenge: bEU/R4lTp/+WMm+N/i +saAsme-fd: job.c:355 OK Authenticatesme-fd: job.c:232 <dird: JobId=401 Job=RestoreFiles. 2007-05-11_17.27.53SDid=28 SDtime=1178874819 Authorization=OEFH-DFHP-ABNJ-OJEH-KLNL-LBOF-FPNC-IONP sme-fd: job.c:248 Executing JobId= command.sme-fd: job.c:449 JobId=401 Auth=OEFH-DFHP-ABNJ-OJEH-KLNL-LBOF-FPNC- IONPsme-fd: job.c:232 <dird: storage address=192.168.0.1 port=9103 ssl=0 sme-fd: job.c:248 Executing storage command. sme-fd: job.c:1253 StorageCmd: storage address=192.168.0.1 port=9103 ssl=0 sme-fd: job.c:1259 Open storage: 192.168.0.1:9103 ssl=0 sme-fd: bnet.c:792 Current host[ipv4:192.168.0.1:9103] All host[ipv4:192.168.0.1:9103] sme-fd: bnet.c:1154 who=Storage daemon host=192.168.0.1 port=9103 sme-fd: job.c:1271 Connection OK to SD. sme-fd: cram-md5.c:131 cram-get: auth cram-md5 <[EMAIL PROTECTED]> ssl=0sme-fd: cram-md5.c:150 sending resp to challenge: Hj/7R/+Gu6/TOTVfP1 +SfC sme-fd: cram-md5.c:78 send: auth cram-md5 <[EMAIL PROTECTED]>ssl=0 sme-fd: cram-md5.c:97 Authenticate OK 62/xH8NSmS4n165Ilg+/SC sme-fd: job.c:1280 Authenticated with SD. sme-fd: job.c:232 <dird: bootstrap sme-fd: job.c:248 Executing bootstrap command. sme-fd: job.c:1106 filed<dird: bootstrap file Volume="Vol0098" sme-fd: job.c:1106 filed<dird: bootstrap file MediaType="File" sme-fd: job.c:1106 filed<dird: bootstrap file Device="FileStorage" sme-fd: job.c:1106 filed<dird: bootstrap file VolSessionId=27sme-fd: job.c:1106 filed<dird: bootstrap file VolSessionTime=1178874819sme-fd: job.c:1106 filed<dird: bootstrap file VolFile=0 sme-fd: job.c:1106 filed<dird: bootstrap file VolBlock=185-45743481 sme-fd: job.c:1106 filed<dird: bootstrap file FileIndex=1-2853 sme-fd: job.c:1106 filed<dird: bootstrap file Count=2853 sme-fd: job.c:232 <dird: restore replace=a prelinks=0 where=/tmp/bacula-restoressme-fd: job.c:248 Executing restore command. sme-fd: job.c:1578 restore command sme-fd: job.c:1596 Got replace a, where=/tmp/bacula-restores sme-fd: job.c:1604 bfiled>dird: 2000 OK restore sme-fd: job.c:1669 VolSessId=28 VolsessT=1178874819 SF=0 EF=0 sme-fd: job.c:1670 JobId=401 vol=DummyVolume sme-fd: job.c:1677 >stored: read open session = DummyVolume 28 1178874819 0 0 0 0 sme-fd: job.c:1683 bfiled<stored: 3000 OK open ticket = 28 sme-fd: job.c:1688 bfiled: got Ticket=28 sme-fd: job.c:1745 3000 OK bootstrap sme-fd: job.c:1702 >stored: read data 28 sme-fd: job.c:1745 3000 OK data sme-fd: restore.c:248 Got hdr: Files=0 FilInx=1 Stream=1, File attributes. sme-fd: restore.c:260 Got stream: File attributes len=96 extract=0 sme-fd: restore.c:343 File /home/httpd/html/horde/index.php attrib=P0A FHYC IGk B A A A 59 BAA I BGRImB BEy5GP BGRD8F A A U attribsEx= sme-fd: restore.c:361 Outfile=/tmp/bacula-restores/home/httpd/html/horde/index.php sme-fd: create_file.c:88 type=3 newmode=81a4 file=/tmp/bacula-restores/home/httpd/html/horde/index.php sme-fd: create_file.c:186 Make path /tmp/bacula-restores/home/httpd/html/horde sme-fd: create_file.c:205 Create file /tmp/bacula-restores/home/httpd/html/horde/index.php sme-fd: create_file.c:210 Create file: /tmp/bacula-restores/home/httpd/html/horde/index.php (no debugging symbols found)sme-fd: attr.c:243 -rw-r--r-- 1 root root 3709 2007-05-1112:01:41 /tmp/bacula-restores/home/httpd/html/horde/index.php sme-fd: restore.c:248 Got hdr: Files=1 FilInx=1 Stream=22, 22. sme-fd: restore.c:260 Got stream: 22 len=640 extract=1 sme-fd: restore.c:248 Got hdr: Files=1 FilInx=1 Stream=20, Encrypted File data.sme-fd: restore.c:260 Got stream: Encrypted File data len=3712 extract=1sme-fd: restore.c:975 decrypted len=3696 encrypted len=3712 sme-fd: restore.c:248 Got hdr: Files=1 FilInx=1 Stream=20, Encrypted File data. sme-fd: restore.c:260 Got stream: Encrypted File data len=16 extract=1 sme-fd: restore.c:975 decrypted len=16 encrypted len=16 sme-fd: restore.c:248 Got hdr: Files=1 FilInx=1 Stream=19, Signed digest. sme-fd: restore.c:260 Got stream: Signed digest len=318 extract=1 sme-fd: restore.c:248 Got hdr: Files=1 FilInx=2 Stream=1, File attributes. sme-fd: restore.c:260 Got stream: File attributes len=108 extract=1 sme-fd: restore.c:1059 Flush decrypt len=1 buf_len=3712 sme-fd: restore.c:1072 Encryption writing full block, 3709 bytes, remaining 0 bytes in buffer sme-fd: restore.c:1096 Call store_data sme-fd: restore.c:1101 Flush write 3709 bytes, JobBytes=3709 sme-fd: restore.c:839 Could not find a valid public key for signature on /tmp/bacula-restores/home/httpd/html/horde/index.php Program received signal SIGSEGV, Segmentation fault. [Switching to Thread -1211208784 (LWP 4619)] 0x001d748e in EVP_MD_CTX_cleanup () from /lib/libcrypto.so.4 (gdb) Hope that can help... why does it say it could not find a valid public key ? The job I am trying to restore was backed up with this master key (maybe the master key was not taken ?) Le vendredi 11 mai 2007 à 15:59 +0200, massano jerome a écrit :Last info about my problem : after a failed restore (with the master keypair), the File Daemon is shut down. Le vendredi 11 mai 2007 à 15:34 +0200, massano jerome a écrit :Just more info that could help : Bacula 2.0.3 compiled form sources on aSMEserver (linux distribution based on CentOS) with Mysql. Le vendredi 11 mai 2007 à 15:26 +0200, massano jerome a écrit :Hello. Thank you for your answer.Ok. I did what you told me, but it doesn't work : here is the output : The message of the console are in french, I have made a translation ofthem (between brackets). ---- *messages11-mai 15:09 nec-dir: Start Restore Job RestoreFiles. 2007-05-11_15.09.00*messages 11-mai 15:09 nec-sd: Ready to read from volume "Vol0093" on device "FileStorage" (/tmp). 11-mai 15:09 nec-sd: Forward spacing Volume "Vol0093" to file:block 0:185. 11-mai 15:09 nec-dir: RestoreFiles.2007-05-11_15.09.00 Fatal error:Network error with FD during Restore: ERR=Aucune donnée disponible (Nodata available) 11-mai 15:09 nec-sd: RestoreFiles.2007-05-11_15.09.00 Fatal error:read.c:139 Error sending to File daemon. ERR=Connexion ré- initialiséepar le correspondant (Connection reset by peer)11-mai 15:09 nec-sd: RestoreFiles.2007-05-11_15.09.00 Error: bnet.c:439Write error sending 14384 bytes to client:192.168.0.4:36643:ERR=Connexion ré-initialisée par le correspondant (Connection reset bypeer)11-mai 15:09 nec-dir: RestoreFiles.2007-05-11_15.09.00 Fatal error: NoJob status returned from FD.11-mai 15:09 nec-dir: RestoreFiles.2007-05-11_15.09.00 Error: Bacula2.0.3 (06Mar07): 11-mai-2007 15:09:03 JobId: 388 Job: RestoreFiles.2007-05-11_15.09.00 Client: sme-fd Start time: 11-mai-2007 15:09:02 End time: 11-mai-2007 15:09:03 Files Expected: 50,388 Files Restored: 0 Bytes Restored: 0 Rate: 0.0 KB/s FD Errors: 0 FD termination status: Error SD termination status: Error Termination: *** Restore Error *** 11-mai 15:09 nec-dir: Begin pruning Jobs. 11-mai 15:09 nec-dir: No Jobs found to prune. 11-mai 15:09 nec-dir: Begin pruning Files. 11-mai 15:09 nec-dir: No Files found to prune. 11-mai 15:09 nec-dir: End auto prune. ---- It works perfectly when I use the original keypair. Can anyone see where the problem comes from ? Le jeudi 10 mai 2007 à 21:34 -0700, Landon Fuller a écrit :On May 10, 2007, at 4:51 AM, massano jerome wrote:Le jeudi 10 mai 2007 à 12:01 +0200, Kern Sibbald a écrit :This is what I understood. I have made a copy of my master key, but inOn Thursday 10 May 2007 11:14, massano jerome wrote:Hello.I know this kind of mail is supposed to be sent on the user list,but i've asked for it 3 times, and nobody could answer me. Maybe somebody in the dev list can help me ?Maybe you didn't get an answer because it is rather obvious. If you encrypt something with an encryption key, you must make a secure non- encrypted copyof the encryption key, or use the master key, which is to the bestof my knowledge documented (at least a number of users are using it). When you figure out how to do it, please let us know.the documentation it is not said how I can use the master key to recover my files. It is only documented how I can create it and use it toencrypt, but not how to restore encrypted data. This is why I sentit tothe list (I read the documentation BEFORE sending ^^). So if somebody can tell me how to use my Master Key to restore previously encryptedbackups...It is preferable to retain a secure, non-encrypted copy of the client's own encryption keypair. However, should you lose the client's keypair, recovery with the master keypair is possible. You must: 1) Concatenate the master private and public key into a single keypair file, ie: cat master.key master.cert >master.keypair2) Set the PKI Keypair statement in your bacula configuration file:PKI Keypair = master.keypair3) Start the restore. The master keypair will be used to decrypt thefile data. -landonf------------------------------------------------------------------- ------This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users-------------------------------------------------------------------- -----This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/bacula-devel--------------------------------------------------------------------- ----This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/ _______________________________________________ Bacula-devel mailing list [EMAIL PROTECTED] https://lists.sourceforge.net/lists/listinfo/bacula-devel
PGP.sig
Description: This is a digitally signed message part
------------------------------------------------------------------------- This SF.net email is sponsored by DB2 Express Download DB2 Express C - the FREE version of DB2 express and take control of your XML. No limits. Just data. Click to get it now. http://sourceforge.net/powerbar/db2/
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
