Skip site navigation (1)Skip section navigation (2)
Date:      Sun, 13 Jul 2008 14:31:40 GMT
From:      Franz Schwartau <franz@electromail.org>
To:        freebsd-gnats-submit@FreeBSD.org
Subject:   ports/125566: amanda ports: SSH option not working, problem with amcrypt-ossl*
Message-ID:  <200807131431.m6DEVeRZ057043@www.freebsd.org>
Resent-Message-ID: <200807131440.m6DEe1ld070780@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help

>Number:         125566
>Category:       ports
>Synopsis:       amanda ports: SSH option not working, problem with amcrypt-ossl*
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports-bugs
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Sun Jul 13 14:40:00 UTC 2008
>Closed-Date:
>Last-Modified:
>Originator:     Franz Schwartau
>Release:        7.0-RELEASE
>Organization:
>Environment:
doesn't matter
>Description:
Hi!

There is a typo in regard to the SSH option. The Makefile asks for WITH_SSL instead of WITH_SSH. The option is relevant for both client and server part anyway, not just for the server part.

BTW. I would add --with-ssh-security to CONFIGURE_ARGS unconditionally, i. e. enable ssh security by default.

The helper scripts amcrypt-ossl and amcrypt-ossl-asym use amandabackup as a hardcoded user name. But on FreeBSD the default user is operator. So amcrypt-ossl and amcrypt-ossl-asym should use @CLIENT_LOGIN@. BTW. amanda 2.5.2 has these patches already in patchset 325:

http://amanda.svn.sourceforge.net/viewvc/amanda/amanda/branches/amanda-252/server-src/amcrypt-ossl.sh.in?r1=299&r2=325
http://amanda.svn.sourceforge.net/viewvc/amanda/amanda/branches/amanda-252/server-src/amcrypt-ossl-asym.sh.in?r1=299&r2=325

While I was at it I added openssl with an absolute path instead of using "which" for security reasons.

    Best regards
        Franz

>How-To-Repeat:

>Fix:
See attached patch.

Patch attached with submission follows:

diff -ruN amanda-server.BAK/Makefile amanda-server/Makefile
--- amanda-server.BAK/Makefile	2008-06-08 09:34:37.000000000 +0200
+++ amanda-server/Makefile	2008-07-12 13:13:04.000000000 +0200
@@ -23,6 +23,7 @@
 NO_LATEST_LINK=	yes
 USE_AUTOTOOLS=	autoconf:261
 USE_GMAKE=	yes
+USE_OPENSSL=	yes
 PATCH_STRIP=
 CONFIGURE_ARGS=	--libexecdir=${PREFIX}/libexec/amanda \
 		--with-amandahosts --with-fqdn \
@@ -32,7 +33,8 @@
 USE_LDCONFIG=	yes
 WANT_PERL=	yes
 
-OPTIONS=	GNUTAR "use GNU tar" on
+OPTIONS=	GNUTAR "use GNU tar" on \
+		SSH "enable ssh-auth" off
 
 .include <bsd.port.pre.mk>
 
@@ -57,6 +59,10 @@
 CONFIGURE_ARGS+=	--with-udpportrange=${AMANDA_UDPPORTRANGE}
 .endif
 
+.if defined (WITH_SSH)
+CONFIGURE_ARGS+=	--with-ssh-security
+.endif
+
 # AMANDA_PORTRANGE is obsoleted.  Use AMANDA_TCPPORTRANGE instead.
 .if defined (AMANDA_PORTRANGE)
 AMANDA_TCPPORTRANGE=	${AMANDA_PORTRANGE}
@@ -99,6 +105,12 @@
 	@${ECHO} "        The default is no restriction on UDP ports."
 	@${ECHO} ""
 
+post-patch:
+	@${REINPLACE_CMD} \
+		-e 's|^OPENSSL=.*$$|OPENSSL=${OPENSSLBASE}/bin/openssl|' \
+		${WRKSRC}/server-src/amcrypt-ossl.sh.in \
+		${WRKSRC}/server-src/amcrypt-ossl-asym.sh.in
+
 USE_PERL5=	yes
 
 BUILD_DEPENDS+=	${LOCALBASE}/sbin/amrecover:${PORTSDIR}/misc/amanda-client
@@ -116,8 +128,7 @@
 OPTIONS+=	PLOT "enable ploting, requires X11 libraries" off\
 		SAMBA "enable the use of smbclient" off \
 		MTX "enable the use of mtx changer scripts" off \
-		AESPIPE "enable encryption. Needed by amcrypt" off \
-		SSH "enable ssh-auth" off
+		AESPIPE "enable encryption. Needed by amcrypt" off
 
 .if defined (WITH_PLOT)
 BUILD_DEPENDS+=	gnuplot:${PORTSDIR}/math/gnuplot
@@ -143,10 +154,6 @@
 RUN_DEPENDS+=	aespipe:${PORTSDIR}/security/aespipe
 .endif
 
-.if defined (WITH_SSL)
-CONFIGURE_ARGS+=	--with-ssh-security
-.endif
-
 .if defined (AMANDA_TAPE)
 CONFIGURE_ARGS+=	--with-tape-device=${AMANDA_TAPE}
 .endif
diff -ruN amanda-server.BAK/files/patch-server-src::amcrypt-ossl-asym.sh.in amanda-server/files/patch-server-src::amcrypt-ossl-asym.sh.in
--- amanda-server.BAK/files/patch-server-src::amcrypt-ossl-asym.sh.in	1970-01-01 01:00:00.000000000 +0100
+++ amanda-server/files/patch-server-src::amcrypt-ossl-asym.sh.in	2008-07-12 12:14:49.000000000 +0200
@@ -0,0 +1,11 @@
+--- server-src/amcrypt-ossl-asym.sh.in.orig	2006-07-04 13:28:47.000000000 +0200
++++ server-src/amcrypt-ossl-asym.sh.in	2008-07-12 12:11:30.000000000 +0200
+@@ -36,7 +36,7 @@
+ # change these as needed
+ OPENSSL=			# whatever's in $PATH
+ CIPHER=aes-256-cbc		# see `openssl help` for more ciphers
+-AMANDA_HOME=~amandabackup
++AMANDA_HOME=~@CLIENT_LOGIN@
+ RANDFILE=$AMANDA_HOME/.rnd
+ export RANDFILE
+ PASSPHRASE=$AMANDA_HOME/.am_passphrase	# optional
diff -ruN amanda-server.BAK/files/patch-server-src::amcrypt-ossl.sh.in amanda-server/files/patch-server-src::amcrypt-ossl.sh.in
--- amanda-server.BAK/files/patch-server-src::amcrypt-ossl.sh.in	1970-01-01 01:00:00.000000000 +0100
+++ amanda-server/files/patch-server-src::amcrypt-ossl.sh.in	2008-07-12 12:14:35.000000000 +0200
@@ -0,0 +1,11 @@
+--- server-src/amcrypt-ossl.sh.in.orig	2006-07-04 13:28:47.000000000 +0200
++++ server-src/amcrypt-ossl.sh.in	2008-07-12 12:11:35.000000000 +0200
+@@ -7,7 +7,7 @@
+ # change these as needed
+ OPENSSL=			# whatever's in $PATH
+ CIPHER=aes-256-cbc		# see `openssl help` for more ciphers
+-AMANDA_HOME=~amandabackup
++AMANDA_HOME=~@CLIENT_LOGIN@
+ RANDFILE=$AMANDA_HOME/.rnd
+ export RANDFILE
+ PASSPHRASE=$AMANDA_HOME/.am_passphrase	# required


>Release-Note:
>Audit-Trail:
>Unformatted:



Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807131431.m6DEVeRZ057043>