Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
Hello, there are two new commits that should keep the goto plugin alive. https://github.com/gosa-project/gosa-plugins-goto/commit/e7f4515574e7f76612470b0a398252db81dd1501 Therefore the DaemonEvent classes remain available and I reworked the patch for the systems plugin. https://github.com/gosa-project/gosa-plugins-systems/commit/cf34737977a97e0090e09390b209078dabdc77af Best regards -- Benjamin Zapiec(System Engineer) * GONICUS GmbH * Moehnestrasse 55 (Kaiserhaus) * D-59755 Arnsberg * Tel.: +49 (0) 29 32 / 9 16 - 0 * Fax: +49 (0) 29 32 / 9 16 - 245 * http://www.GONICUS.de * Sitz der Gesellschaft: Moehnestrasse 55 * D-59755 Arnsberg * Geschaeftsfuehrer: Rainer Luelsdorf, Alfred Schroeder * Vorsitzender des Beirats: Juergen Michels * Amtsgericht Arnsberg * HRB 1968 signature.asc Description: OpenPGP digital signature
Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
On Wed, Feb 28, 2018 at 02:24:59PM +0100, Benjamin Zapiec wrote: > the plugin uses gosaSupportDaemon for communication. > This class uses mcrypt extension. That is the reason why > it was removed. > > Using an incompatible openssl implementation is useless > so the only other option is to provide further support > for the Daemon. But this is most likely not to happen. > > Another way, I want to mention, is that it looks like > the communication to the daemon can be unencrypted. > This would allow the communication classes without > mcrypt dependencies. > > But even if I wouldn't strongly recommend not > to use unencrypted network traffic, the daemon > remains unsupported. > > I don't know if there is a benefit in using this > plugin without gosaSupportDaemon. > > If you do think so, tell me and I may revert the commit. > Do you have a running setup with gosa-si? Thanks for the feedback. Debian Edu doesn't use gosa-si. AFAIK there's no need for the gosaSupportDaemon as there's no communication happening; only the LDAP related goto plugin features are needed. It would be nice if the goto plugin could live on, stripped down like that. Wolfgang signature.asc Description: PGP signature
Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
Hi Benjamin, thanks for your work. On Tue, Feb 27, 2018 at 03:18:18PM +0100, Benjamin Zapiec wrote: > Since the password hashing script wasn't the only part of the GOsa² > code that was using the php mcrypt extension i needed to clean up some > more code. [..] > https://github.com/gosa-project/gosa-plugins-goto/commit/1a29481e8eef32f980f61ecb4b83a7981e6913b3 [..] > These commits basically remove their plugin. I don't think the plugins > do something useful without the possibility to communicate with the so > called "gosa support infrastructure daemon". (gosa-si) With the goto plugin removed, Debian Edu would loose some machine management functionality. ATM it is possible to add systems of type workstations, terminals and printers (besides servers and devices) allowing one to have a better overview. To get an impression about the details, see the related manual chapter: https://wiki.debian.org/DebianEdu/Documentation/Stretch/GettingStarted#Machine_Management_with_GOsa.2BALI- While the related instructions could be adjusted for new installations, existing installations would be badly hit upon upgrades. I figure all systems other than servers and devices would disappear from the GOsa² system overview. These systems would still work o.k., but admins are expected to be confused. Wolfgang signature.asc Description: PGP signature
Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
Hello, this specific bug is addressed with the following commit: https://github.com/gosa-project/gosa-core/commit/8a57db04f84337903f7de202e3c897d9b76d9b5f Since the password hashing script wasn't the only part of the GOsa² code that was using the php mcrypt extension i needed to clean up some more code. The following commits were necessary to completely remove mcrypt dependencies: https://github.com/gosa-project/gosa-plugins-heimdal/commit/c892f11a4fd679c6ee5a9210dc2f0bf4386bc17d https://github.com/gosa-project/gosa-plugins-goto/commit/1a29481e8eef32f980f61ecb4b83a7981e6913b3 https://github.com/gosa-project/gosa-plugins-goto-ng/commit/764c3a113368071c3d678cc2c437ea565422611e https://github.com/gosa-project/gosa-plugins-opsi/commit/10c974ec6718ed745ea3476a5f258975415a1abf https://github.com/gosa-project/gosa-plugins-fai/commit/76aceb00ceda6de661abb9620f1a54ca6fd10ac1 These commits basically remove their plugin. I don't think the plugins do something useful without the possibility to communicate with the so called "gosa support infrastructure daemon". (gosa-si) The support for this daemon stopped long time ago so we can consider it as broken. The next commits are "minor" changes to the plugins that additionally could interact with gosa-si but don't necessarily need to. https://github.com/gosa-project/gosa-plugins-systems/commit/c6d2271eaf08ebb9ba8773fdc56c817920a081e2 https://github.com/gosa-project/gosa-plugins-mail/commit/e6d6e1bfe630c1e0ac0842e922cd235fa315ca2e Best regards -- Benjamin Zapiec(System Engineer) * GONICUS GmbH * Moehnestrasse 55 (Kaiserhaus) * D-59755 Arnsberg * Tel.: +49 (0) 29 32 / 9 16 - 0 * Fax: +49 (0) 29 32 / 9 16 - 245 * http://www.GONICUS.de * Sitz der Gesellschaft: Moehnestrasse 55 * D-59755 Arnsberg * Geschaeftsfuehrer: Rainer Luelsdorf, Alfred Schroeder * Vorsitzender des Beirats: Juergen Michels * Amtsgericht Arnsberg * HRB 1968 signature.asc Description: OpenPGP digital signature
Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
On Thu, 15 Feb 2018 09:33:27 + Mike Gabrielwrote: > Hi, > > On Mi 07 Feb 2018 14:01:53 CET, Holger Levsen wrote: > > > control: affects -1 src:debian-edu > > # thanks for this bug report, Wolfgang! > > I just notified GONICUS about this issue and Benjamin Zapiec said, > that they will work on a patch. FYI, upstream is resolving this in https://github.com/gosa-project/gosa-core/issues/12 -Nish
Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
Hi, On Mi 07 Feb 2018 14:01:53 CET, Holger Levsen wrote: control: affects -1 src:debian-edu # thanks for this bug report, Wolfgang! I just notified GONICUS about this issue and Benjamin Zapiec said, that they will work on a patch. Mike -- DAS-NETZWERKTEAM mike gabriel, herweg 7, 24357 fleckeby mobile: +49 (1520) 1976 148 landline: +49 (4354) 8390 139 GnuPG Fingerprint: 9BFB AEE8 6C0A A5FF BF22 0782 9AF4 6B30 2577 1B31 mail: mike.gabr...@das-netzwerkteam.de, http://das-netzwerkteam.de pgpSdS5LUVMsO.pgp Description: Digitale PGP-Signatur
Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
control: affects -1 src:debian-edu # thanks for this bug report, Wolfgang! -- cheers, Holger signature.asc Description: PGP signature
Bug#889811: gosa-encrypt-password is broken since PHP7.2's php-mcrypt removal
Package: gosa Version: 2.7.4+reloaded2-13 Severity: serious User: debian-...@lists.debian.org Usertags: debian-edu Hi, trying to set up a new LDAP in Debian Edu Buster failed because /usr/sbin/gosa-encrypt-passwords is now broken in testing. The encryption uses mcrypt, but php-mcrypt has been deprecated in PHP7.1 and has been removed in PHP7.2 (which is now the PHP version in testing). AFAIK gosa-encrypt-passwords is used by default in a non Debian Edu case as well. Please check and use a different tool than mcrypt. Wolfgang signature.asc Description: PGP signature