[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1121921: ktls-utils: Deprecated tlshd config path breaks autopkgtests

Source: ktls-utils
Version: 1.3.0-1
Severity: normal
Tags: patch

Dear Maintainer,

The 1.3.0-1 update of ktls-utils moved the tlshd config from /etc/tlshd.conf to /etc/tlshd/config, but the autopkgtests still expect the old /etc/tlshd.conf path.

The autopkgtests aren't run on Debian because of the breaks-testbed restriction, but this made the package unable to migrate on Ubuntu (LP: #2133822).

I've included a patch which fixes the autopkgtest failures by updating the path in the autopkgtest (and the README for consistency).
From 6e25030635b24e690fcae3336cd0448c63d3ff39 Mon Sep 17 00:00:00 2001
From: Max Gilmour <max.gilmour@canonical.com>
Date: Wed, 3 Dec 2025 13:15:43 -0800
Subject: [PATCH] debian/{README.debian,tests/test-common}: Replace deprecated
 conf path

---
 debian/README.debian     | 4 ++--
 debian/tests/test-common | 6 +++---
 2 files changed, 5 insertions(+), 5 deletions(-)

diff --git a/debian/README.debian b/debian/README.debian
index d3baf5f..17b7418 100644
--- a/debian/README.debian
+++ b/debian/README.debian
@@ -20,7 +20,7 @@ To enable TLS on an NFS server:
    certificate should include all the domain names that clients will
    use to connect to the server.
 2. Put the filenames of the private key and certificate in the
-   [authenticate.server] section of /etc/tlshd.conf.  These cannot be
+   [authenticate.server] section of /etc/tlshd/config.  These cannot be
    symlinks.
 3. Add the "xprtsec=..." option to the relevant lines in /etc/exports.
    Normally you would use either "xprtsec=mtls" to require TLS and
@@ -34,7 +34,7 @@ To enable TLS on an NFS client:
       CA needs to be trusted on both the client and the server.  The
       name(s) and purposes in this certificate are currently ignored.
    2. Put the filenames of the private key and certificate in the
-      [authenticate.client] section of /etc/tlshd.conf.  These cannot be
+      [authenticate.client] section of /etc/tlshd/config.  These cannot be
       symlinks.
 2. Add the "xprtsec=..." option to the relevant lines in /etc/fstab.
    Normally you would use either "xprtsec=mtls" to require TLS and a
diff --git a/debian/tests/test-common b/debian/tests/test-common
index 14ee0f8..c6bd8c7 100644
--- a/debian/tests/test-common
+++ b/debian/tests/test-common
@@ -21,7 +21,7 @@ openssl req -new -key "$AUTOPKGTEST_TMP/ca.key.priv.pem" \
         -config "$AUTOPKGTEST_TMP/ca.openssl.cnf"
 
 sed -i '/^\[authenticate\.client\]/,$ { /=/d }' \
-    /etc/tlshd.conf
+    /etc/tlshd/config
 
 for role in server client; do
     # Create private key and certificate for role
@@ -52,12 +52,12 @@ EOF
 	    -utf8 -nodes -batch -x509 \
             -outform PEM -out "$AUTOPKGTEST_TMP/$role.x509.pem"
 
-    # Update tlshd.conf
+    # Update tlshd config
     sed -i '/^\[authenticate\.'$role'\]/a\
 x509.truststore='"$AUTOPKGTEST_TMP/ca.x509.pem"'\
 x509.certificate='"$AUTOPKGTEST_TMP/$role.x509.pem"'\
 x509.private_key='"$AUTOPKGTEST_TMP/$role.key.priv.pem" \
-	/etc/tlshd.conf
+	/etc/tlshd/config
 done
 
 # Make server name resolvable
-- 
2.43.0
Reply to: