On Mon, Sep 15, 2014 at 02:51:20PM +0200, Rémi Palancher wrote: > On Thu, Jul 03, 2014 at 09:31:51PM +0200, John Paul Adrian Glaubitz wrote: > > [...] > > dpkg: dependency problems prevent configuration of slurm-llnl: > > slurm-llnl depends on munge; however: > > Package munge is not configured yet. > > Actually, the bug comes from munge package so I reassigned it properly. See > details in #761651 that I reported before figuring out this is a duplicate of > this one.
Here is a patch attached that fixes this bug. It generates a new key during post-installation if there is none existing key.
diff -Nru munge-0.5.11/debian/changelog munge-0.5.11/debian/changelog --- munge-0.5.11/debian/changelog 2013-11-01 12:19:33.000000000 +0100 +++ munge-0.5.11/debian/changelog 2014-09-17 11:24:16.000000000 +0200 @@ -1,3 +1,13 @@ +munge (0.5.11-1.1) unstable; urgency=medium + + * Non-maintainer upload. + * Fix post-installation by generating new key in case none existed + previously. (Closes: #753643) + * Updated README.Debian with instructions for key management + * Bumped Standards-Version to 3.9.5 + + -- Rémi Palancher <r...@rezib.org> Wed, 17 Sep 2014 11:15:24 +0200 + munge (0.5.11-1) unstable; urgency=low * New upstream release (Closes: #727467) diff -Nru munge-0.5.11/debian/control munge-0.5.11/debian/control --- munge-0.5.11/debian/control 2013-10-31 18:27:00.000000000 +0100 +++ munge-0.5.11/debian/control 2014-09-17 11:23:33.000000000 +0200 @@ -3,7 +3,7 @@ Priority: extra Maintainer: Gennaro Oliva <oliv...@na.icar.cnr.it> Build-Depends: debhelper (>= 7.0.0), autotools-dev, po-debconf, dpkg-dev (>= 1.13.19), zlib1g-dev, libbz2-dev, libgcrypt11-dev -Standards-Version: 3.9.4.0 +Standards-Version: 3.9.5 Homepage: http://munge.googlecode.com/ Package: munge diff -Nru munge-0.5.11/debian/postinst munge-0.5.11/debian/postinst --- munge-0.5.11/debian/postinst 2013-10-31 18:27:00.000000000 +0100 +++ munge-0.5.11/debian/postinst 2014-09-17 11:31:37.000000000 +0200 @@ -27,6 +27,10 @@ if [ -e /etc/munge/munge.key ] ; then chown munge:munge /etc/munge/munge.key chmod 0400 /etc/munge/munge.key + else + create-munge-key + echo "Please refer to /usr/share/doc/munge/README.Debian"\ + "for instructions to generate more secure key." fi ;; diff -Nru munge-0.5.11/debian/README.Debian munge-0.5.11/debian/README.Debian --- munge-0.5.11/debian/README.Debian 2013-10-31 18:27:00.000000000 +0100 +++ munge-0.5.11/debian/README.Debian 2014-09-17 10:30:48.000000000 +0200 @@ -1,12 +1,20 @@ -To use munge, you need to create a secret key file /etc/munge/munge.key, -you can run the create-munge-key script as root to generate a random -key or follow the instructions in QUICKSTART. +Munge daemon needs a secret key file /etc/munge/munge.key. -You need to securely propagate the secret key file (eg, via ssh) to -other hosts within the same security realm. Credentials are valid only -within a security realm (ie, on hosts sharing the same secret key). All -munged daemons exchanging credentials need to share the same secret key. +If not existing previously, the package generates a new key at +installation time. In order to minimize the generation time, the +generator does not use a random number generator with a very good +source of entropy. In order to generate stronger key with better +entropy, you are advised to run the following command as root: + + # create-munge-key -f -r If the secret key file is created or copyed before the package is installed, the installation script will accept the key instead of generating a new one. + +Then follow the instructions in QUICKSTART. + +You need to securely propagate the secret key file (eg, via ssh) to +other hosts within the same security realm. Credentials are valid only +within a security realm (ie, on hosts sharing the same secret key). All +munged daemons exchanging credentials need to share the same secret key.
