[Bug 1389596] [NEW] upgrade removed ruby
Public bug reported: this morning our machines performed security updates. As a result of this we lost /usr/bin/ruby (it was just non-existant) This seems to be when ruby package is upgraded _before_ libruby1.9.1. Reinstalling the ruby package fixed this. dpkg.log follows (you can see my manual reinstall of ruby at 09:35): 2014-11-05 08:05:30 startup archives unpack 2014-11-05 08:05:31 upgrade libruby1.9.1:amd64 1.9.3.484-2ubuntu1 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:31 status half-configured libruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:31 status unpacked libruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:31 status half-installed libruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:32 status half-installed libruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:32 status unpacked libruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:32 status unpacked libruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:32 upgrade ruby1.9.1:amd64 1.9.3.484-2ubuntu1 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:32 status half-configured ruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:32 status unpacked ruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:32 status half-installed ruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:32 status triggers-pending man-db:amd64 2.6.7.1-1 2014-11-05 08:05:32 status half-installed ruby1.9.1:amd64 1.9.3.484-2ubuntu1 2014-11-05 08:05:32 status unpacked ruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:32 status unpacked ruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:32 trigproc man-db:amd64 2.6.7.1-1 2.6.7.1-1 2014-11-05 08:05:32 status half-configured man-db:amd64 2.6.7.1-1 2014-11-05 08:05:33 status installed man-db:amd64 2.6.7.1-1 2014-11-05 08:05:33 startup packages configure 2014-11-05 08:05:33 configure libruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:33 status unpacked libruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:33 status unpacked libruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:33 status half-configured libruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:34 status installed libruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:34 status triggers-pending libc-bin:amd64 2.19-0ubuntu6.3 2014-11-05 08:05:34 configure ruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:34 status unpacked ruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:34 status half-configured ruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:34 status installed ruby1.9.1:amd64 1.9.3.484-2ubuntu1.1 2014-11-05 08:05:34 trigproc libc-bin:amd64 2.19-0ubuntu6.3 2014-11-05 08:05:34 status half-configured libc-bin:amd64 2.19-0ubuntu6.3 2014-11-05 08:05:34 status installed libc-bin:amd64 2.19-0ubuntu6.3 2014-11-05 09:35:27 startup packages purge 2014-11-05 09:35:27 status installed ruby:all 1:1.9.3.4 2014-11-05 09:35:44 startup archives unpack 2014-11-05 09:35:46 upgrade ruby:all 1:1.9.3.4 1:1.9.3.4 2014-11-05 09:35:46 status half-configured ruby:all 1:1.9.3.4 2014-11-05 09:35:46 status unpacked ruby:all 1:1.9.3.4 2014-11-05 09:35:46 status half-installed ruby:all 1:1.9.3.4 2014-11-05 09:35:46 status triggers-pending man-db:amd64 2.6.7.1-1 2014-11-05 09:35:46 status half-installed ruby:all 1:1.9.3.4 2014-11-05 09:35:46 status unpacked ruby:all 1:1.9.3.4 2014-11-05 09:35:46 status unpacked ruby:all 1:1.9.3.4 2014-11-05 09:35:46 trigproc man-db:amd64 2.6.7.1-1 2.6.7.1-1 2014-11-05 09:35:46 status half-configured man-db:amd64 2.6.7.1-1 2014-11-05 09:35:47 status installed man-db:amd64 2.6.7.1-1 2014-11-05 09:35:47 startup packages configure 2014-11-05 09:35:47 configure ruby:all 1:1.9.3.4 2014-11-05 09:35:47 status unpacked ruby:all 1:1.9.3.4 2014-11-05 09:35:47 status half-configured ruby:all 1:1.9.3.4 2014-11-05 09:35:47 status installed ruby:all 1:1.9.3.4 ** Affects: ruby1.9.1 (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to ruby1.9.1 in Ubuntu. https://bugs.launchpad.net/bugs/1389596 Title: upgrade removed ruby To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ruby1.9.1/+bug/1389596/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1347954] Re: build slapd-sha2 module for strong passwords
awesome, many thanks Ryan, super quick! -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1347954 Title: build slapd-sha2 module for strong passwords To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1347954/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1347954] [NEW] build slapd-sha2 module for strong passwords
Public bug reported: out of the box, the strongest password encryption supported is SSHA (seeded SHA-1) which isn't really very good these days. The best answer appears to be to compile up the contrib/slapd-sha2 module. https://github.com/gcp/openldap/tree/master/contrib/slapd- modules/passwd/sha2 ** Affects: openldap (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/1347954 Title: build slapd-sha2 module for strong passwords To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/1347954/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 1336886] [NEW] missing configuration reference
Public bug reported: man mongod says: See the "/reference/configuration-options" document for more information about these options. However such a document isn't installed, given that this is basic config it should really be in the package (rather than having to search the web). Thanks, Adrian ** Affects: mongodb (Ubuntu) Importance: Undecided Status: New -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to mongodb in Ubuntu. https://bugs.launchpad.net/bugs/1336886 Title: missing configuration reference To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/mongodb/+bug/1336886/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
FYI I just hit another issue where ldap wouldn't start with errors like this: TLS init def ctx failed: -207 slapd stopped. connections_destroy: nothing to destroy.' This turned out to be due to a PKCS#8 key, using "openssl rsa -in old.key -text" (and then cutting and pasting the "PRIVATE RSA KEY" part to create a PKCS#1 key) fixed the issue. Hopefully this will save someone else a few hours of head scratching/banging/punching the wall. -- You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in Ubuntu. https://bugs.launchpad.net/bugs/217159 Title: slapd + gnutls fails To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/openldap/+bug/217159/+subscriptions -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
I _think_ that the problem was that the LDAP server certificate was just a regular SSL certificate and it needed recreating as a "server" certificate (build-key-server from easy-rsa tools): nsCertType = server extendedKeyUsage=serverAuth keyUsage = digitalSignature, keyEncipherment -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
http://www.openldap.org/its/index.cgi/Software Bugs?id=6053;expression=gnutls is a better link to that patch compiled with openssl rather than gnutls and it's happier.. Aha!!! Found it :-) openssl client then complained that the ceritficate was not suitable for the purpose. In short, I had put a client cert on, not a server set.I use easy-rsa2 from openvpn package to build certs and I had ran it with ./build-key not ./build-key-server.Once the ldap keypair was rebuilt with "-extensions server" everthing was happy (even on the older version of software). Naturally it would be nice if openldap checked this and produced a helpful error :-) many thanks for your help and prompt replies. -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
FYI I've compiled up 2.4.16 (took 2.4.15 from debian and updated source), added a patch from http://209.85.229.132/search?q=cache:idWE3JHeQOUJ:www.openldap.org/its/index.cgi/Software%2520Bugs%3Fid%3D6053%3Bpage%3D1+"main:+TLS+init+def+ctx+failed:+-50"&cd=1&hl=en&ct=clnk&gl=uk&lr=lang_en (Subject: gnutls doen't initialize gnutls_x509_privkey_t structure, leading to TLS init def ctx failed: -50) and it still does the same thing. tcpdump shows SSL client hello being sent, then the ldap server just closes the connection on it :-( (slapd logs saying Could not negotiate a supported cipher suite) -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
sure: /etc/ldap/ldap.conf: BASE dc=opsera,dc=com URI ldap://foo.opsera.com TLS_CACERT /etc/ssl/certs/ca.opsera.com.crt TLS_REQCERT demand TLS_CACERT file: -BEGIN CERTIFICATE- MIIEUTCCAzmgAwIBAgIJAI+dj7GhDEy1MA0GCSqGSIb3DQEBBQUAMHgxCzAJBgNV BAYTAkdCMRIwEAYDVQQIEwlCZXJrc2hpcmUxEDAOBgNVBAcTB1JlYWRpbmcxDzAN BgNVBAoTBk9wc2VyYTESMBAGA1UEAxMJT3BzZXJhIENBMR4wHAYJKoZIhvcNAQkB Fg9yb290QG9wc2VyYS5jb20wHhcNMDgwNTE0MTEyNDAxWhcNMTgwNTEyMTEyNDAx WjB4MQswCQYDVQQGEwJHQjESMBAGA1UECBMJQmVya3NoaXJlMRAwDgYDVQQHEwdS ZWFkaW5nMQ8wDQYDVQQKEwZPcHNlcmExEjAQBgNVBAMTCU9wc2VyYSBDQTEeMBwG CSqGSIb3DQEJARYPcm9vdEBvcHNlcmEuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOC AQ8AMIIBCgKCAQEA5NBn4qZQmpNSfAZGicY11YoRbG2ZW+IMNd6P0t3uqbqlS/xd toLXiLQOKcm0k1FdBXgeredDAd7Lm0KOvXOu85oDcSB4Y+8Xny0ug/oyw5HhrvaT ACP4DdFkVK0rOncpgqjUoPPlHpAtRE+vruxgYqG4WHRZQv2aIfDCLP1vorLNLl68 JoPsTfP8O4ISOHVY5KlmngOjBeU0JuFP7luFoPshXbxpQ8VL2frTNLV3SKpU7zMe QGkUh+86HSCKxk3ahq5grZIYLm+RlOXORTisT8xK6VWTDO1O0DF1HnVN/pkx6AwN HyC4sveyYzm4f+nwVTFd/vKXVRHWJoKLltSUkwIDAQABo4HdMIHaMB0GA1UdDgQW BBQ7ztgRvxawSnughvTiN0BuzzrOMDCBqgYDVR0jBIGiMIGfgBQ7ztgRvxawSnug hvTiN0BuzzrOMKF8pHoweDELMAkGA1UEBhMCR0IxEjAQBgNVBAgTCUJlcmtzaGly ZTEQMA4GA1UEBxMHUmVhZGluZzEPMA0GA1UEChMGT3BzZXJhMRIwEAYDVQQDEwlP cHNlcmEgQ0ExHjAcBgkqhkiG9w0BCQEWD3Jvb3RAb3BzZXJhLmNvbYIJAI+dj7Gh DEy1MAwGA1UdEwQFMAMBAf8wDQYJKoZIhvcNAQEFBQADggEBAKtJww1eJjGtr3c4 xrvRfNlS5FJphmh6xqIyTJf7cglcOziob/FtPD7HJ3FLq2dj1uwRlbreTzTmpajl hr4h/2gxjLTjrMSriLbHjuBhuotHa8/NsuFm3USWZyca0zASOQV4+yGu4AydUmo5 vcOymiVZ4JWprPC4bmALti8ykqejDjhydcl8Vd9nLKz8KuU1EwBMWHtBjSfkuAao IxJZHNTpi+iBXRFguola0aTX3K0g1+IABaYKb1MUerszmvXdqaJ0KnszT79d9R2u XavJFc33egXQUO7K/Vm0tg2+phP7QbRwix95pNP8jkalWbCuXMDbMqLNBN28+u3V w4gO30E= -END CERTIFICATE- gnutls-cli output: Connecting to '127.0.1.1:636'... *** Fatal error: A TLS packet with unexpected length was received. *** Handshake has failed GNUTLS ERROR: A TLS packet with unexpected length was received. package versions: gnutls-bin 2.4.2-6+lenny1 gnutls26 install ok installed ldap-utils 2.4.11-1 openldap install ok installed libgnutls26 2.4.2-6+lenny1 gnutls26 install ok installed libldap-2.4-2 2.4.11-1 openldap install ok installed libnss-ldap 261-2.1 install ok installed libpam-ldap 184-4.2 install ok installed slapd 2.4.11-1 openldap install ok installed sudo-ldap 1.6.9p17-2.1 sudo install ok installed ldapsearch: ldap_url_parse_ext(ldaps://foo.opsera.com/) ldap_create ldap_url_parse_ext(ldaps://foo.opsera.com:636/??base) ldap_sasl_bind ldap_send_initial_request ldap_new_connection 1 1 0 ldap_int_open_connection ldap_connect_to_host: TCP foo.opsera.com:636 ldap_new_socket: 3 ldap_prepare_socket: 3 ldap_connect_to_host: Trying 127.0.1.1:636 ldap_pvt_connect: fd: 3 tm: -1 async: 0 tls_write: want=93, written=93 : 16 03 02 00 58 01 00 00 54 03 02 49 ef 6d 28 ac X...T..I.m(. 0010: b6 ff 62 fd 12 78 93 a8 58 cb f7 39 a6 b7 61 59 ..b..x..X..9..aY 0020: 1e 8f f4 5a 5d 4c a6 83 b5 73 d0 00 00 24 00 33 ...Z]L...s...$.3 0030: 00 45 00 39 00 88 00 16 00 32 00 44 00 38 00 87 .E.9.2.D.8.. 0040: 00 13 00 66 00 2f 00 41 00 35 00 84 00 0a 00 05 ...f./.A.5.. 0050: 00 04 01 00 00 07 00 09 00 03 02 00 01. tls_read: want=5, got=0 TLS: can't connect: A TLS packet with unexpected length was received.. ldap_err2string ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
[Bug 217159] Re: slapd + gnutls fails
FWIW I've got the same on a debian box I've just upgraded from etch to lenny: slapd 2.4.11-1 libldap-2.4-2 2.4.11-1 libgnutls26 2.4.2-6+lenny1 certs are not blacklisted (checked ca and server), gnutls-serv works fine. tracign with openssl shows a very quick reply: openssl s_client -connect localhost:636 -debug CONNECTED(0003) write to 0x68d7c0 [0x68e390] (118 bytes => 118 (0x76)) - 80 74 01 03 01 00 4b 00-00 00 20 00 00 39 00 00 .tK... ..9.. 0010 - 38 00 00 35 00 00 16 00-00 13 00 00 0a 07 00 c0 8..5 0020 - 00 00 33 00 00 32 00 00-2f 03 00 80 00 00 05 00 ..3..2../... 0030 - 00 04 01 00 80 00 00 15-00 00 12 00 00 09 06 00 0040 - 40 00 00 14 00 00 11 00-00 08 00 00 06 04 00 80 @... 0050 - 00 00 03 02 00 80 88 ce-a0 bb 73 ed f1 ba 4a 72 ..s...Jr 0060 - de c5 25 dc 88 8d b5 8a-d7 15 10 17 68 46 a7 23 ..%.hF.# 0070 - 94 41 2e 07 92 aa .A read from 0x68d7c0 [0x6938f0] (7 bytes => 0 (0x0)) 8434:error:140790E5:SSL routines:SSL23_WRITE:ssl handshake failure:s23_lib.c:188: gnutls-cli -l shows a huge list too. permissions all seem fine (and readable) -- slapd + gnutls fails https://bugs.launchpad.net/bugs/217159 You received this bug notification because you are a member of Ubuntu Server Team, which is subscribed to openldap in ubuntu. -- Ubuntu-server-bugs mailing list Ubuntu-server-bugs@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-server-bugs
