Bug#820540: jessie-pu: package bareos/14.2.1+20141017gitc6c5b56-3+deb8u2
Package: release.debian.org
Severity: normal
Tags: jessie
User: release.debian.org@packages.debian.org
Usertags: pu
Hi,
I'd like to update bareos in jessie to fix bug #819807 (TLS completely broken).
This involves backporting 3 commits from upstream.
Similar changes are in the 14.2.6-3 upload but for jessie another backported commit
is necessary.
The debdiff is attached. Most of the diff is the addition of tls autopkgtests.
Cheers,
Felix
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/changelog bareos-14.2.1+20141017gitc6c5b56/debian/changelog
--- bareos-14.2.1+20141017gitc6c5b56/debian/changelog 2015-08-30 09:08:32.000000000 +0200
+++ bareos-14.2.1+20141017gitc6c5b56/debian/changelog 2016-04-09 16:27:23.000000000 +0200
@@ -1,3 +1,14 @@
+bareos (14.2.1+20141017gitc6c5b56-3+deb8u2) jessie; urgency=medium
+
+ * Fix GnuTLS backend initialization. (Closes: #819807)
+ - Backport upstream commits in d/patches/fix-tls-backend-initalization
+ * Add autopkgtests for TLS.
+ * Add breaks-testbed to all tests.
+ * Fix TLS negotiation for passive filedaemons.
+ - Backport upstream commit in d/patches/fix-tls-passive-fds
+
+ -- Felix Geyer <fgeyer@debian.org> Sat, 09 Apr 2016 16:25:33 +0200
+
bareos (14.2.1+20141017gitc6c5b56-3+deb8u1) stable; urgency=medium
[ Felix Geyer ]
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-backend-initalization bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-backend-initalization
--- bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-backend-initalization 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-backend-initalization 2016-04-09 16:22:04.000000000 +0200
@@ -0,0 +1,84 @@
+Description: Fix GnuTLS backend by postponing initialization after it daemonized.
+ Backport upstream commits from version 15.2.
+Origin: https://github.com/bareos/bareos/commit/9097aaeaefe904b40af602caddf5d9cd59959625
+ https://github.com/bareos/bareos/commit/ecb539bc44c0224b378e6e9626b86ea718da5c2c
+
+--- bareos-14.2.6.orig/src/dird/dird.c
++++ bareos-14.2.6/src/dird/dird.c
+@@ -285,6 +285,13 @@ int main (int argc, char *argv[])
+ my_config = new_config_parser();
+ parse_dir_config(my_config, configfile, M_ERROR_TERM);
+
++ if (!test_config) { /* we don't need to do this block in test mode */
++ if (background) {
++ daemon_start();
++ init_stack_dump(); /* grab new pid */
++ }
++ }
++
+ if (init_crypto() != 0) {
+ Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n"));
+ goto bail_out;
+@@ -296,10 +303,6 @@ int main (int argc, char *argv[])
+ }
+
+ if (!test_config) { /* we don't need to do this block in test mode */
+- if (background) {
+- daemon_start();
+- init_stack_dump(); /* grab new pid */
+- }
+ /* Create pid must come after we are a daemon -- so we have our final pid */
+ create_pid_file(me->pid_directory, "bareos-dir",
+ get_first_port_host_order(me->DIRaddrs));
+--- bareos-14.2.6.orig/src/filed/filed.c
++++ bareos-14.2.6/src/filed/filed.c
+@@ -213,6 +213,11 @@ int main (int argc, char *argv[])
+ my_config = new_config_parser();
+ parse_fd_config(my_config, configfile, M_ERROR_TERM);
+
++ if (!foreground && !test_config) {
++ daemon_start();
++ init_stack_dump(); /* set new pid */
++ }
++
+ if (init_crypto() != 0) {
+ Emsg0(M_ERROR, 0, _("Cryptography library initialization failed.\n"));
+ terminate_filed(1);
+@@ -237,11 +242,6 @@ int main (int argc, char *argv[])
+ terminate_filed(0);
+ }
+
+- if (!foreground) {
+- daemon_start();
+- init_stack_dump(); /* set new pid */
+- }
+-
+ set_thread_concurrency(me->MaxConcurrentJobs + 10);
+ lmgr_init_thread(); /* initialize the lockmanager stack */
+
+--- bareos-14.2.6.orig/src/stored/stored.c
++++ bareos-14.2.6/src/stored/stored.c
+@@ -219,6 +219,11 @@ int main (int argc, char *argv[])
+ my_config = new_config_parser();
+ parse_sd_config(my_config, configfile, M_ERROR_TERM);
+
++ if (!foreground && !test_config) {
++ daemon_start(); /* become daemon */
++ init_stack_dump(); /* pick up new pid */
++ }
++
+ if (init_crypto() != 0) {
+ Jmsg((JCR *)NULL, M_ERROR_TERM, 0, _("Cryptography library initialization failed.\n"));
+ }
+@@ -235,11 +240,6 @@ int main (int argc, char *argv[])
+
+ my_name_is(0, (char **)NULL, me->hdr.name); /* Set our real name */
+
+- if (!foreground) {
+- daemon_start(); /* become daemon */
+- init_stack_dump(); /* pick up new pid */
+- }
+-
+ create_pid_file(me->pid_directory, "bareos-sd",
+ get_first_port_host_order(me->SDaddrs));
+ read_state_file(me->working_directory, "bareos-sd",
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-passive-fds bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-passive-fds
--- bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-passive-fds 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/patches/fix-tls-passive-fds 2016-04-09 16:24:46.000000000 +0200
@@ -0,0 +1,38 @@
+From 2fbd7b67bc9471dadef1abbf6abf1de2d96f5eee Mon Sep 17 00:00:00 2001
+From: Marco van Wieringen <marco.van.wieringen@bareos.com>
+Date: Wed, 17 Dec 2014 14:27:57 +0100
+Subject: [PATCH] When initiating the TLS connection use tls_server.
+
+---
+ src/filed/authenticate.c | 16 +++++++++++-----
+ 1 file changed, 11 insertions(+), 5 deletions(-)
+
+diff --git a/src/filed/authenticate.c b/src/filed/authenticate.c
+index ebe182c..89c2e20 100644
+--- a/src/filed/authenticate.c
++++ b/src/filed/authenticate.c
+@@ -329,13 +329,19 @@ static inline bool two_way_authenticate(BSOCK *bs, JCR *jcr, bool initiate, cons
+ */
+ if (initiate) {
+ verify_list = me->tls_allowed_cns;
++ if (!bnet_tls_server(me->tls_ctx, bs, verify_list)) {
++ Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
++ auth_success = false;
++ goto auth_fatal;
++ }
++ } else {
++ if (!bnet_tls_client(me->tls_ctx, bs, verify_list)) {
++ Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
++ auth_success = false;
++ goto auth_fatal;
++ }
+ }
+
+- if (!bnet_tls_client(me->tls_ctx, bs, verify_list)) {
+- Jmsg(jcr, M_FATAL, 0, _("TLS negotiation failed.\n"));
+- auth_success = false;
+- goto auth_fatal;
+- }
+ if (me->tls_authenticate) { /* tls authentication only? */
+ bs->free_tls(); /* yes, shutdown tls */
+ }
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/patches/series bareos-14.2.1+20141017gitc6c5b56/debian/patches/series
--- bareos-14.2.1+20141017gitc6c5b56/debian/patches/series 2015-08-21 16:39:34.000000000 +0200
+++ bareos-14.2.1+20141017gitc6c5b56/debian/patches/series 2016-04-09 16:24:57.000000000 +0200
@@ -1,3 +1,5 @@
size_t_cn_length.patch
fix_multi_volume_data_corruption.diff
dont-create-db-in-tests.patch
+fix-tls-backend-initalization
+fix-tls-passive-fds
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-cert.pem bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-cert.pem
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-cert.pem 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,22 @@
+-----BEGIN CERTIFICATE-----
+MIIDqTCCApGgAwIBAgIJALo7XUqwFCoUMA0GCSqGSIb3DQEBCwUAMGoxCzAJBgNV
+BAYTAkFVMRMwEQYDVQQIDApTb21lLVN0YXRlMSEwHwYDVQQKDBhJbnRlcm5ldCBX
+aWRnaXRzIFB0eSBMdGQxIzAhBgNVBAMMGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBU
+ZXN0MCAXDTE2MDQwMjExMTAwOVoYDzIxMTYwMzA5MTExMDA5WjBqMQswCQYDVQQG
+EwJBVTETMBEGA1UECAwKU29tZS1TdGF0ZTEhMB8GA1UECgwYSW50ZXJuZXQgV2lk
+Z2l0cyBQdHkgTHRkMSMwIQYDVQQDDBpCYXJlb3MgRGViaWFuIFBhY2thZ2UgVGVz
+dDCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAMvdkpb0WrmGDmptkU7/
+xYee3ZQjQJUKRFfgM+oKF72i51MbAY1CzKKK9gWt56V16YpIUrobnyp8yF2fhlZf
+XKBzJKKxeMWAIRYQcYkcrN4chKZavQU2QKAVPpTgLD69bEDCvSTathbCRBdkGU92
+N9w7Kx/lbQB7dt+RMtMFNpbkusdrzDoQKmoHbo6JWpj7s8z9ygzazCAcU76k+QVG
+WaJcHIm7jyhaCJ97dB6JXT8+swsG6s6hQjR0jKtFllnZQIck7s49HHFW0me9Xhh4
+RxbPExdi+JIAEkANyjdfqPeyjV+lerklVU6c7fV/BgK8WibBwCCfSlVgydrhi14Z
+hbsCAwEAAaNQME4wHQYDVR0OBBYEFGU1OgL+ioLaBcWZBL9ZHlZ0VIdhMB8GA1Ud
+IwQYMBaAFGU1OgL+ioLaBcWZBL9ZHlZ0VIdhMAwGA1UdEwQFMAMBAf8wDQYJKoZI
+hvcNAQELBQADggEBAICJwohW/Xg78zB+i4VY7IMaNYskgi9omdpTWnBzvXU5d3i9
+Yl3wUAHNH7+223cRLL5M/6Jlacf3MeGxuKTacbE0cbrAhTwfXGxNWXVGuNxfp6tV
+KUjicUfOK2gle+Fl9k7YwE79vFEwRju6ZdGCGhrRkdRJDDVTNk2vHFmLbJnjqgww
+H3bHKRAt2VaoFacysLMU8x8N/9SYEb8W78QisUU5lQZrKWam+GgtzrZZ86M4Uc8O
+4sO0aqKTDOqm2XBPZ8fJK6ZcljndAvPeN6T+zA9Yw2EDT/6R2z6owv6SRATELilD
+YVXCXugi4KQBNaEyXDZXuusaCAnLfDA0nUFPAgg=
+-----END CERTIFICATE-----
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-key.pem bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-key.pem
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-key.pem 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/ca-key.pem 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,28 @@
+-----BEGIN PRIVATE KEY-----
+MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQDL3ZKW9Fq5hg5q
+bZFO/8WHnt2UI0CVCkRX4DPqChe9oudTGwGNQsyiivYFreeldemKSFK6G58qfMhd
+n4ZWX1ygcySisXjFgCEWEHGJHKzeHISmWr0FNkCgFT6U4Cw+vWxAwr0k2rYWwkQX
+ZBlPdjfcOysf5W0Ae3bfkTLTBTaW5LrHa8w6ECpqB26OiVqY+7PM/coM2swgHFO+
+pPkFRlmiXByJu48oWgife3QeiV0/PrMLBurOoUI0dIyrRZZZ2UCHJO7OPRxxVtJn
+vV4YeEcWzxMXYviSABJADco3X6j3so1fpXq5JVVOnO31fwYCvFomwcAgn0pVYMna
+4YteGYW7AgMBAAECggEABYyqiOFt9s7nZY5F/liIEAELFxU+lNAKvDmmMCDGNKtS
+kLiTejzvRR1zRQRO4foruU/usJI/6vAqpCHLjl5aLyPzQ1qBZx7tx6P68ziMnB86
+nSyrKJEpgTIS2gqgKbUOVVT3wSETA9uV7u0So08chio2KlAcf37c5YkWURg7PDBB
+VAKbhqhLCZE6L+DurkuvsiHb49eKa0HU58pOpimYHvQ70Yy+Y8ABD35OP1JQaKAi
+bAxlJTVFBezqpa7FnAzukeLNFV0CGaMlzLiGGlnAIt8SARnmjQ1TLi5XjKYnVFbB
+kMvkoXVB1Z8CvCvj6b3mihFlGmvUF3NoPBcZWq3OwQKBgQDrIh2CLR0kWq18z3Hx
+BSe/Llv/RmR/cpCDJeI0ZHhYh4IKlMxlkqO2bhoURf+AAwEQVIDlSB+OVG7S0tgz
+dC+Wo2+r1OC4eqB3XvfitIxNMv0csfSwyTtAxlP3rihn8Q3LUzO52KdhRrjQZYRK
+3US3/lvKTj52aqh8BUmSFsfMvQKBgQDd9RmMc7g7v4dTKo3cfIdUNxcriSBzTs05
++nPIATNF57c7mim33R4Y3asrYRFdYzG37KX+aFAE7F8vtu6ix3NVG8Mvb02LMIGh
+FH3m415q4H11zDBW27pz/GCbAO+CGm8agec3f8plRJzjtOl/yoQ4jEg7TRQgXHEs
+nXApPRuP1wKBgE975tG8gl9pr7/DOFcrUPZVq4+tsgdLKQLMaZ0gYXY7yH/fMQEd
+Au6GZZZ42xfg7BkjF7dqHBC3BgeKcr9iBTw832EMwzJZcakol08xjUQDeoCav4aL
+X9ZTtMrDOrF4URtscs3eKSa/C3aW+pN8HOC9wTWwIXlSMMZL20ThIoVZAoGBAMr7
+QRgfI9cQOxOlkQKYp7Iuh3P6/cA1yp1BG+1Gm7tMQ1ewjoJlJwcagVU0egrrkiZf
+txZIExXNjOc35ljbCfBFaWTR5xppi8Lh2Jn0SP54uoOl7ncgjw1POpHGc0KKJh0Z
+u3gX1+JwswHTCs8hR3XnZI9G2CcYIy/n8xDjn3cVAoGAE5EjaxHnSr2hY3xxFBpU
+O5WXFboHImH86JM9IO8PAyPVanz6Z+p14y92iPtFUerxZ9eOg60Nj6AMLtikELRV
+uO5KL8sPkRhPYY11SeXk4+0rGRwNuqj8Z1arNa+YKN9JXMPIr/6Uto4Ot6yi8S8h
+GePDIbOl9FnooL6U1BEfDds=
+-----END PRIVATE KEY-----
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca-key.pem bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca-key.pem
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca-key.pem 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca-key.pem 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG5QIBAAKCAYEA5plN8luYDWxZnHtf8MUQHCBIqwz9w/VnGjeIa6BlHXbJIdWk
+wmTH9fBTK1N5fXhzEIzj4Pmup0ahQfRKhfzzhSwfWmrKcD3fXBAnvnML3lGcf78c
+9PNyVGwBGOtFlE2dUce47PKVdZ9LmTMqIlne44w817LHV2gjBXTwwNgsHRCS18KR
+6NZoE+jz0ITben3F59OlaiFldCpNaie1TLLs0Mqzl2CsBIjWOk+c4qumZg8wXVwQ
+QhGYlFOr7ujjnrXcKtV2sqRYC8uZj74fn+r+fckaft0qFZnqp44ZcoXZW2a1jg4h
+55I0r7CzMYQq7GTks2uK8qeBA0NR9uSuY45KI/BP5/UGnuTjjHkEjk13dmvY/b1L
+61NaCCWTuj0/m94vAYVxzesXWRTl/ua0U8eQF/ILxYeq61QWsOegryLoVGKmzCqh
+KOA4DZHU7OaZW2Q7iMcCCDh86NGrr8NttAcf1RmFkPf1SxDW0trBBpIcxzeTuq4M
+RlktHZzk44Hd7m2nAgMBAAECggGBANWh00ejOYO+DGrfFavuNRWJhykImRRxBjqQ
+lg73gpXAVWfGEKSTT3j2U2bBJ71o2FjN3dOwHPEVixGaK2xkQorurIFMjA1eFM6q
+nNdgp+8n9m+W81GvNA0oHgAi/sv897Eq8ZR6zKIymIvujatTTR3L7xX5p5m/fSpy
+AxT1cDDhCNlghWKLN9KyLybP3rFlUfKK7iUbmWz8P8oHzXuoC6MHF0g3pEVzK9zL
+otGQKlFE4w6q2tkKiitoNNHZ6f5ABV1l0qma3Z8Mm7n6YxSUj0VzadK0xP09Pjyw
+Ay5VAotCSuVwLfPAKp2PMN8MjerZVJassGJGF6jOzuEeQBwn2iKuhJgGLLhgQ+45
+yeIJYyz7ZNmDvrgjL/IA7kRDXfDfsVgEHAF7y59th/Rh0Ekv/oVR1eTXezquIGRl
+T3C/LVaQDzfLbEJmIN7i2b6bPShd3YRmaM9uU3golkNWDoPxZTkXe3K+MJaWr5gA
+zw5mQrOpvwTlNJxJwBA5t3ilMIiiiQKBwQD1uHmpJWkcBfgJCFkJNnqJ/CsjGTXX
+dwK8YGo3mvGnH6pHP1aUQdWFdDV1lrVmjKzXY+rF4CUr61Ds4EygNM1h2s0xORKl
+OYpedL4eYd/Gk8eKLHvniJLuBzPlAuvcMCoIkuzGlE0nA5vzlD/RScq4vAwlEcWx
+d0VBxOMp7y9ViijNmJJENtDIYp7n3EjLlfle+BppfvR4zss9uoR1+e4M7frRJ407
+pS0O16cnUCG6vuK4Nt9aTJlKq+4n9tq+NMMCgcEA8D7iTIjiFddR3fsnCQWy8+cu
+We3GGSHOwnN0RCnU3CG+tAvnyEkQKb5o8AyWzBBXVLG0BZKMYYwyPJRzqg9DswQY
+epIwwcJ4TJDbzOh4suguCPFJmZssi0m0kuAlPZimUbn0zbFlY3Dw/D/WOJfWj5nu
+WFU1nIVnKDMsIjgNc5WD5vkF4AJnCLjcokQ4RLT5GrFSS8/9cxoE1nOlbgBFOu8S
+b90klOG8HNVi6YtiR5iv3lWFp5GXZTj0zMkPgEVNAoHBANqoaWLyjoFIcnsfOZPw
+LcVCZ+SY14fAOOgG6B5JPEda7zztiQ7vMqHKUpQsI4p5HomhOVcSaiGWCnJv+uAJ
+fMZaXYQy5HuxI4eAXXpN4EMmWEeF5FCaAR3dvPlKyzYqig0NKbRgXfOcy5dK0itc
+fhA8DpaiJQkSOMgY+4jidn2pLzwdS/N1z/6xe/SZ2xGHiNxQ7bf5KHWkl8l7g8o0
+OPi6gRrEFnMAPoNZtj5OmWVD3h7NfZ4uUa7YJlrb2bWu3wKBwAkNBW+GtKXH/+CS
+Bq1zVoOT0Q44Q/9MY8K1oMq0nL1SVCHqVOgZwI8iCkgI4WF8uB2LuFGBbOJ76qSX
+nyfn/U/wNo/flBCop+mSh4VXuLxcvOc/V9t+mhYBR9lEsoJ4jsODcvKQ3VX6ukl2
+ijaFmeK9FNqlEyj7aaB9FQuQ+wjAuEBqX0tKK+GLPVyrn0cPXlcgGQ6cHltIvqfp
+oXDcd785pIMsXKVzP6gCbgCIbMJvwShqJmfit0Zr9+UDKh9V/QKBwQC3jYX5u8GE
+rwSjNI2I9EL20wOBbUgdh+7Be1wyRgMEUAwXfQhdi27OfbygGQWOPkWN0jZGEVJN
+7ZEeGSp3QtB+C4VnVc5YPBaR3+48HB0oD3zPsIIJ2bOWFoRZbx67T3oEq423KwFn
+3gD7m0B5c94jC+FAl9zdwyOT28N7MSxA0F5M8TsJ1hXO/F89Jr41tPFbeuUYKiZZ
+KJr1NkkVBRosMHzC9cGL3N2hvx97AVmAiEioWqz0JVjaPeBBD5Bxj04=
+-----END RSA PRIVATE KEY-----
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca.pem bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca.pem
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca.pem 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-ca.pem 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,24 @@
+-----BEGIN CERTIFICATE-----
+MIIEFTCCAn2gAwIBAgIMVv+skSzN3XlMh+YzMA0GCSqGSIb3DQEBCwUAMCUxIzAh
+BgNVBAMTGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBUZXN0MCAXDTE2MDQwMjExMjcx
+M1oYDzIxMTYwMzA5MTEyNzEzWjAlMSMwIQYDVQQDExpCYXJlb3MgRGViaWFuIFBh
+Y2thZ2UgVGVzdDCCAaIwDQYJKoZIhvcNAQEBBQADggGPADCCAYoCggGBAOaZTfJb
+mA1sWZx7X/DFEBwgSKsM/cP1Zxo3iGugZR12ySHVpMJkx/XwUytTeX14cxCM4+D5
+rqdGoUH0SoX884UsH1pqynA931wQJ75zC95RnH+/HPTzclRsARjrRZRNnVHHuOzy
+lXWfS5kzKiJZ3uOMPNeyx1doIwV08MDYLB0QktfCkejWaBPo89CE23p9xefTpWoh
+ZXQqTWontUyy7NDKs5dgrASI1jpPnOKrpmYPMF1cEEIRmJRTq+7o45613CrVdrKk
+WAvLmY++H5/q/n3JGn7dKhWZ6qeOGXKF2VtmtY4OIeeSNK+wszGEKuxk5LNrivKn
+gQNDUfbkrmOOSiPwT+f1Bp7k44x5BI5Nd3Zr2P29S+tTWgglk7o9P5veLwGFcc3r
+F1kU5f7mtFPHkBfyC8WHqutUFrDnoK8i6FRipswqoSjgOA2R1OzmmVtkO4jHAgg4
+fOjRq6/DbbQHH9UZhZD39UsQ1tLawQaSHMc3k7quDEZZLR2c5OOB3e5tpwIDAQAB
+o0MwQTAPBgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYE
+FJZB/KaT4BoKSI6ZNVAXXmMUIoQ5MA0GCSqGSIb3DQEBCwUAA4IBgQCREp1kSxTo
+jy4AcrpZBgnMVWHlt+DmJI8DztB8yrE9HwAG6d7O64g3pmbmDDNEZy0Cfzh0kuNq
+Qu9esa7cgtyrknwVm+QNJ9mlmEMHOHvGzLfwEs9qS2ikDQyIIA5N6MBKCWGUVKLX
+re1L7ZyKYkj7Bm+Zwd4+KnlQvVMAZicJFvL1kMWK67jiF/hDNr5UZgb5pHxiDcQo
+/3of6J4g2a7UCffKoYUc1++yfzBHD/3wLF8FGB6M9n7LAilqRcsGJifPIBYqZBHg
+SEtZwy9jK8k4yBu2/DK5xf7HDVX/+B+pQiMgjCoeRGp0LqUerAyia/8gxOf34DzO
+fVuB4b2cASmFovJCKbAqHX5lCcIgQidovBKgpQzagCyPYD6FZEmiX4LyJFonrml2
+UVuymDlhEJYesszUqAmeWJiVm2FKWZwReCr7cod8YthIzCXOPxWV31ygHl/OGjo/
+xLFsV4Zfrh/byv+5DUbTFju7NYW6604EUtWlo/VG/1GG5p53SJQiBjg=
+-----END CERTIFICATE-----
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-cert.pem bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-cert.pem
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-cert.pem 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-cert.pem 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEQjCCAqqgAwIBAgIMVv+tyyMQsJYflghNMA0GCSqGSIb3DQEBCwUAMCUxIzAh
+BgNVBAMTGkJhcmVvcyBEZWJpYW4gUGFja2FnZSBUZXN0MCAXDTE2MDQwMjExMzIy
+N1oYDzIxMTQxMDI2MTEzMjI3WjAUMRIwEAYDVQQDEwlsb2NhbGhvc3QwggGiMA0G
+CSqGSIb3DQEBAQUAA4IBjwAwggGKAoIBgQCirXwz7RW9PQqhvHFGsil63zeFP2xI
+qtN63rumhuCu+aHWL3KSrmGQ6Y3Rvh3I1IMqXiPj9P5FZwLX/nOUpMKZPSSxgD9M
+VIly3wxuudKYQEwtPoBZhWIkcGiIESlvCd2Qynq+M3CzsspVdQbVNhH+MeYu2jyY
+OF5vAzBfr6q2xJkgBX8F8f6HSZc8AxqlTWdShURtxK2os3FeT9Bwdo3cCPBuKqu7
+2lDoa1bdUJLMREdEOGFblNxX9M9uC9PxlTXTC41TI8ODE76ceamNUX27h40+vwT5
+2q2zMBII3NqsQ9mZpUJKnRvmVaR2UXdng14+ZvAvofl8dEC1kHn6j+XG32rGneib
+++LzQtVyPmINpUH8ydoodUepqT/McHhKdw235HBB3kCqApHtMwjo30XVQ8POQa38
+XAZ2x83t9UtuQnLHSHNJCoZWttEHP0tvfPMsaIk/Bi3NYDO4A7B+z/TR1/AHRw56
+xHBVHkjknx0iUgMouXOI7Qu/YlA8xl4W1XkCAwEAAaOBgDB+MAwGA1UdEwEB/wQC
+MAAwHQYDVR0lBBYwFAYIKwYBBQUHAwIGCCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMH
+oAAwHQYDVR0OBBYEFIA/qbUqaLYBmuBVnhYH3b3AVF07MB8GA1UdIwQYMBaAFJZB
+/KaT4BoKSI6ZNVAXXmMUIoQ5MA0GCSqGSIb3DQEBCwUAA4IBgQBxFgVhXN3l/xAl
+Lb+wkjl4b8MjOKP6eJZeyEGxptHFilV9bf4oQlJbEkiRpH2NoWgS0adCZgaNBCxq
+yJFnr+eyWkJPKCXAFBfvKZ+mP+mnGM+CCLXilPZahlV2tZtU8DtUaosVkeILRl9o
+8oxS9RHcIkrkWJVnimYf6d4Db+D31NcImS59/6piTiIS5yw1YP+wr+KLhFYynpY4
+DgvVcAsekbmvdVQuTyKy32wOwr4QYQjf4dlVF25w52b/fuyORwJJRWXBJ0GJYIyE
+1xwzjJwwUFeFWbYeqSfX/dDymU6HOjRBc580u7tX/RHnRaH2sL/6ysjKvyw1Skea
+nF723sGil6xd/UPNKoEYQ8JbCOSEBSm1Pua40bomOWwOk5V4I7MzoaZUyQupa6+X
+lPisPmG8+dLTREwfXdKz7zRy6T0B293C/N51+lByI+tA6CAljDmWwayKJViC8ba0
+fN3Bca6nusn1+hFSTsCbQTIDFD5IcBRYtKRDzXQ4qvHPpLlf058=
+-----END CERTIFICATE-----
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-key.pem bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-key.pem
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-key.pem 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/certs/tls-key.pem 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,39 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIG4wIBAAKCAYEAoq18M+0VvT0KobxxRrIpet83hT9sSKrTet67pobgrvmh1i9y
+kq5hkOmN0b4dyNSDKl4j4/T+RWcC1/5zlKTCmT0ksYA/TFSJct8MbrnSmEBMLT6A
+WYViJHBoiBEpbwndkMp6vjNws7LKVXUG1TYR/jHmLto8mDhebwMwX6+qtsSZIAV/
+BfH+h0mXPAMapU1nUoVEbcStqLNxXk/QcHaN3Ajwbiqru9pQ6GtW3VCSzERHRDhh
+W5TcV/TPbgvT8ZU10wuNUyPDgxO+nHmpjVF9u4eNPr8E+dqtszASCNzarEPZmaVC
+Sp0b5lWkdlF3Z4NePmbwL6H5fHRAtZB5+o/lxt9qxp3om/vi80LVcj5iDaVB/Mna
+KHVHqak/zHB4SncNt+RwQd5AqgKR7TMI6N9F1UPDzkGt/FwGdsfN7fVLbkJyx0hz
+SQqGVrbRBz9Lb3zzLGiJPwYtzWAzuAOwfs/00dfwB0cOesRwVR5I5J8dIlIDKLlz
+iO0Lv2JQPMZeFtV5AgMBAAECggGAMfKGQgM3O4U0cHhFZ2loZvuGNnlErAMXL5CX
+mQeskMzArdyflv3HoxCypIV066akJywEZQdh0rlQHDVaE3eK8DXfwEgaJzuFgCmP
+zadsS6biPLoF+naDraB919k9GYSz7LLegOuWXPY2PYrS8D/LwnpbrGMBW9Ni2z7l
+aVusVLWENlq5p3+noK4tqxVg5wQfBy0312Qd1cBSvJxQ6VbdM4PjHlAnrmPXl6Tt
+ZMJKcEE+iGmvKslH5hGaZrVm+7PN92f1OOxJMhwZYGHXOoiAvHZrSNCAaKlijwSL
+GZYyIqEr2wU6DMvjS9EXQnECpG3F58MSKaOahHM2vVNbloZSPI9AjZ6NGphTTj9W
+SKEHTEe4m0YcHu4RmJqSrrndkWglqrNMRYbAPcrtNr2ejX57OXBaSJxx+McXLF1V
+7nEgrFunqNYPpdWw6UPVuqDKTDUCObfPZ3z1ppsEToERSyN7hG0imTO4364dqHrP
+USBACnfXLpTNCQuNE30s38Hp0SCpAoHBAMIpkM9/7hAzhXVFmaXUxm7jWUgQzOBm
+ev7VniVPQ8SGaD8yff9nHrbZ9qPESTU9SUNox/+2PB8mF3II6M5vRiGZeeCp5cCZ
+2+aAvgEJ8RG9q3Y+GSQ5bHLWcPUaROkFQhdbKGc47qFGVyvuUrayxjMldoUSm5wr
+b2HaF+h+kvVFDYLIHFTMaAzqXGmhYMzhvndyHRV0HjBvYhvbHJfPlkncuiNzlUL5
+2Oxm+Hm1OpOT2oUVBvb4CzB379BUAFBcQwKBwQDWfOlk26h7lkMFA/n3UTb4Et2W
+mo9pQFn8cyh4CEmreFqg8Smw45j819OJn5Aw/wkuEtGw+tOTvDHbdYphTuXjL9c9
+I25Yuy/1MCixt1SLp5vHrOqN/U5ramrGlkrZmTIboDgx7w/4+Fe9pQd6WPeHtkmB
+/ijT8zfMRveyeY5ku0owJig9H/txNADPgepeODHZCve15NgFj6izbEn1CX7fZrol
+zOHhRDnXSwyVKE/IbXpPxseJhwC5IA9/URcGiZMCgcEAg1YwgVvNAiKHtSMGYtlB
+/QJGg2vx2h0YN8bx+dTbR1WPsKgL+LadXRylLHP6/Utegn2fQ8bWdk+C7n0+VV2J
+t/KkMadbJWQuDoapf/RkoBaHpC0vPoSlaizKLdG+KU2IPlpIQ0KMkIUPNEU6qCDX
+1wMRX8SNhB8RccRgBcGQ0N4L3JpWJ7o46/uf1Uf3Pb+54fxL1hY80ZCWcbdOaRZf
+V8k6E/78SVjONmMU0ucXH3qVBw6JLofssbV/f5FCwRkXAoHAbVIPN0vJzOviTt0e
++5IWXUxoSomOjMuy0bv0JXG78ryOHLeuUy093ak3dU6xlHd4u1X2MKk3S3ZBRyTa
+mgw3mZrZrpyvcmQ95k9cfm/9lIyiFpyolCRGYvNDZuJVViEB7Bi2a6T4VCJnvg4u
+CIrt5ure/nWHY7f0eZa2Su4vyGG5R187ZSQ26RTjUOBbjxg/N+uiI8B25ia5inGo
+JE9prf3S5M9PVZyLipMC38dDGtnJ3H1pWExJ7xFLNM4k2T0nAoHACQC/9r7yZY+h
+172gK7D/LQdGDkzqLEzxYmHG7yxuCJ7y4cdw9iNlInnCjUyqIFNRu2qSDX62Ift0
+19oON4vkLT/VPoINyx95tH66OS3vfqnVRtDiiUPTvFkJUt6miwnSk7Oyjd6eQ9LP
++nSuB7gmveMHt/63uDXm3VMgr22SoXBFLjwfaIak5dgDRHacZys5tra2dG3D4czK
+6VoaqAyXdjBEbSwT4D7QS20O/xkFcD4qDadKXLczTDutu7BIxexg
+-----END RSA PRIVATE KEY-----
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/control bareos-14.2.1+20141017gitc6c5b56/debian/tests/control
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/control 2015-08-21 16:10:00.000000000 +0200
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/control 2016-04-09 16:23:35.000000000 +0200
@@ -1,11 +1,15 @@
Test-Command: test/all
-Restrictions: needs-root allow-stderr
+Restrictions: breaks-testbed needs-root allow-stderr
Depends: postgresql, bareos-database-postgresql, bareos
Test-Command: test/all
-Restrictions: needs-root allow-stderr
+Restrictions: breaks-testbed needs-root allow-stderr
Depends: mysql-server, bareos-database-mysql, bareos
Test-Command: test/all
-Restrictions: needs-root allow-stderr
+Restrictions: breaks-testbed needs-root allow-stderr
+Depends: bareos-database-sqlite3, bareos
+
+Tests: tls tls-passive
+Restrictions: breaks-testbed needs-root allow-stderr
Depends: bareos-database-sqlite3, bareos
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -e
+
+# certs generated using:
+#
+# certtool --generate-privkey --outfile tls-ca-key.pem
+# echo "cn = Bareos Debian Package Test\nca\ncert_signing_key\nexpiration_days = 36500" > template.txt
+# certtool --generate-self-signed --template template.txt --load-privkey tls-ca-key.pem --outfile tls-ca.pem
+# rm template.txt
+#
+# certtool --generate-privkey --outfile tls-key.pem
+# echo "cn = localhost\ntls_www_server\ntls_www_client\nencryption_key\nsigning_key\nexpiration_days = 36000" > template.txt
+# certtool --generate-certificate --template template.txt --load-privkey tls-key.pem --load-ca-certificate tls-ca.pem --load-ca-privkey tls-ca-key.pem --outfile tls-cert.pem
+# rm template.txt
+
+cp debian/tests/certs/*.pem /etc/bareos/
+chgrp bareos /etc/bareos/*.pem
+chmod ug+r /etc/bareos/*.pem
+
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-dir.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-sd.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Client {#Client {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf
+
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf
+sed -i "s#FileDaemon {#FileDaemon {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Verify Peer = no\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+
+echo "--------- config options ----------- "
+echo "/etc/bareos/bareos-dir.conf:"
+grep -3 "TLS" /etc/bareos/bareos-dir.conf
+echo
+echo "/etc/bareos/bareos-sd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-sd.conf
+echo
+echo "/etc/bareos/bareos-fd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-fd.conf
+echo
+
+echo "--------- restarting services ----------- "
+service bareos-dir restart
+service bareos-sd restart
+service bareos-fd restart
+sleep 10
+
+echo "--------- checking services ----------- "
+service bareos-dir status
+service bareos-sd status
+service bareos-fd status
+
+# enable bash debug
+set -v
+
+BACKUP_TEST_FILE=/usr/sbin/bareos.test
+
+echo -e "status dir" | bconsole
+echo
+echo "---- label a volume ----"
+echo -e "label volume=testvol pool=Full" | bconsole
+echo
+echo "----- create some file to test backup / restore ----"
+echo "bareos restore test" > ${BACKUP_TEST_FILE}
+echo
+echo "------ trigger backup job -----"
+echo -e "run job=BackupClient1 yes\rwait" | bconsole | grep "Job queued. JobId="
+echo "status dir" | bconsole
+echo
+echo "------ trigger restore job -----"
+echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole
+echo "status dir" | bconsole
+grep "bareos restore test" /tmp/bareos-restores/${BACKUP_TEST_FILE}
diff -Nru bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls-passive bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls-passive
--- bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls-passive 1970-01-01 01:00:00.000000000 +0100
+++ bareos-14.2.1+20141017gitc6c5b56/debian/tests/tls-passive 2016-04-09 16:23:28.000000000 +0200
@@ -0,0 +1,76 @@
+#!/bin/bash
+
+set -e
+
+# certs generated using:
+#
+# certtool --generate-privkey --outfile tls-ca-key.pem
+# echo "cn = Bareos Debian Package Test\nca\ncert_signing_key\nexpiration_days = 36500" > template.txt
+# certtool --generate-self-signed --template template.txt --load-privkey tls-ca-key.pem --outfile tls-ca.pem
+# rm template.txt
+#
+# certtool --generate-privkey --outfile tls-key.pem
+# echo "cn = localhost\ntls_www_server\ntls_www_client\nencryption_key\nsigning_key\nexpiration_days = 36000" > template.txt
+# certtool --generate-certificate --template template.txt --load-privkey tls-key.pem --load-ca-certificate tls-ca.pem --load-ca-privkey tls-ca-key.pem --outfile tls-cert.pem
+# rm template.txt
+
+cp debian/tests/certs/*.pem /etc/bareos/
+chgrp bareos /etc/bareos/*.pem
+chmod ug+r /etc/bareos/*.pem
+
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-dir.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-sd.conf
+sed -i "s#Address = .*#Address = localhost#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Client {#Client {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem\n Passive = yes#" /etc/bareos/bareos-dir.conf
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-dir.conf
+
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-fd.conf
+sed -i "s#FileDaemon {#FileDaemon {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem\n Compatible=no#" /etc/bareos/bareos-fd.conf
+
+sed -i "s#Storage {#Storage {\n TLS Require = yes\n TLS Verify Peer = no\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+sed -i "s#Director {#Director {\n TLS Require = yes\n TLS Certificate = /etc/bareos/tls-cert.pem\n TLS Key = /etc/bareos/tls-key.pem\n TLS CA Certificate File = /etc/bareos/tls-ca.pem#" /etc/bareos/bareos-sd.conf
+
+echo "--------- config options ----------- "
+echo "/etc/bareos/bareos-dir.conf:"
+grep -3 "TLS" /etc/bareos/bareos-dir.conf
+echo
+echo "/etc/bareos/bareos-sd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-sd.conf
+echo
+echo "/etc/bareos/bareos-fd.conf:"
+grep -3 "TLS" /etc/bareos/bareos-fd.conf
+echo
+
+echo "--------- restarting services ----------- "
+service bareos-dir restart
+service bareos-sd restart
+service bareos-fd restart
+sleep 10
+
+echo "--------- checking services ----------- "
+service bareos-dir status
+service bareos-sd status
+service bareos-fd status
+
+# enable bash debug
+set -v
+
+BACKUP_TEST_FILE=/usr/sbin/bareos.test
+
+echo -e "status dir" | bconsole
+echo
+echo "---- label a volume ----"
+echo -e "label volume=testvol pool=Full" | bconsole
+echo
+echo "----- create some file to test backup / restore ----"
+echo "bareos restore test" > ${BACKUP_TEST_FILE}
+echo
+echo "------ trigger backup job -----"
+echo -e "run job=BackupClient1 yes\rwait" | bconsole | grep "Job queued. JobId="
+echo "status dir" | bconsole
+echo
+echo "------ trigger restore job -----"
+echo -e "restore select current\r2\rls\rmark usr\rdone\ryes\rwait" | bconsole
+echo "status dir" | bconsole
+grep "bareos restore test" /tmp/bareos-restores/${BACKUP_TEST_FILE}
Reply to: