Date: Sun, 13 Jul 2008 14:31:40 GMT From: Franz Schwartau <franz@electromail.org> To: freebsd-gnats-submit@FreeBSD.org Subject: ports/125566: amanda ports: SSH option not working, problem with amcrypt-ossl* Message-ID: <200807131431.m6DEVeRZ057043@www.freebsd.org> Resent-Message-ID: <200807131440.m6DEe1ld070780@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 125566 >Category: ports >Synopsis: amanda ports: SSH option not working, problem with amcrypt-ossl* >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Sun Jul 13 14:40:00 UTC 2008 >Closed-Date: >Last-Modified: >Originator: Franz Schwartau >Release: 7.0-RELEASE >Organization: >Environment: doesn't matter >Description: Hi! There is a typo in regard to the SSH option. The Makefile asks for WITH_SSL instead of WITH_SSH. The option is relevant for both client and server part anyway, not just for the server part. BTW. I would add --with-ssh-security to CONFIGURE_ARGS unconditionally, i. e. enable ssh security by default. The helper scripts amcrypt-ossl and amcrypt-ossl-asym use amandabackup as a hardcoded user name. But on FreeBSD the default user is operator. So amcrypt-ossl and amcrypt-ossl-asym should use @CLIENT_LOGIN@. BTW. amanda 2.5.2 has these patches already in patchset 325: http://amanda.svn.sourceforge.net/viewvc/amanda/amanda/branches/amanda-252/server-src/amcrypt-ossl.sh.in?r1=299&r2=325 http://amanda.svn.sourceforge.net/viewvc/amanda/amanda/branches/amanda-252/server-src/amcrypt-ossl-asym.sh.in?r1=299&r2=325 While I was at it I added openssl with an absolute path instead of using "which" for security reasons. Best regards Franz >How-To-Repeat: >Fix: See attached patch. Patch attached with submission follows: diff -ruN amanda-server.BAK/Makefile amanda-server/Makefile --- amanda-server.BAK/Makefile 2008-06-08 09:34:37.000000000 +0200 +++ amanda-server/Makefile 2008-07-12 13:13:04.000000000 +0200 @@ -23,6 +23,7 @@ NO_LATEST_LINK= yes USE_AUTOTOOLS= autoconf:261 USE_GMAKE= yes +USE_OPENSSL= yes PATCH_STRIP= CONFIGURE_ARGS= --libexecdir=${PREFIX}/libexec/amanda \ --with-amandahosts --with-fqdn \ @@ -32,7 +33,8 @@ USE_LDCONFIG= yes WANT_PERL= yes -OPTIONS= GNUTAR "use GNU tar" on +OPTIONS= GNUTAR "use GNU tar" on \ + SSH "enable ssh-auth" off .include <bsd.port.pre.mk> @@ -57,6 +59,10 @@ CONFIGURE_ARGS+= --with-udpportrange=${AMANDA_UDPPORTRANGE} .endif +.if defined (WITH_SSH) +CONFIGURE_ARGS+= --with-ssh-security +.endif + # AMANDA_PORTRANGE is obsoleted. Use AMANDA_TCPPORTRANGE instead. .if defined (AMANDA_PORTRANGE) AMANDA_TCPPORTRANGE= ${AMANDA_PORTRANGE} @@ -99,6 +105,12 @@ @${ECHO} " The default is no restriction on UDP ports." @${ECHO} "" +post-patch: + @${REINPLACE_CMD} \ + -e 's|^OPENSSL=.*$$|OPENSSL=${OPENSSLBASE}/bin/openssl|' \ + ${WRKSRC}/server-src/amcrypt-ossl.sh.in \ + ${WRKSRC}/server-src/amcrypt-ossl-asym.sh.in + USE_PERL5= yes BUILD_DEPENDS+= ${LOCALBASE}/sbin/amrecover:${PORTSDIR}/misc/amanda-client @@ -116,8 +128,7 @@ OPTIONS+= PLOT "enable ploting, requires X11 libraries" off\ SAMBA "enable the use of smbclient" off \ MTX "enable the use of mtx changer scripts" off \ - AESPIPE "enable encryption. Needed by amcrypt" off \ - SSH "enable ssh-auth" off + AESPIPE "enable encryption. Needed by amcrypt" off .if defined (WITH_PLOT) BUILD_DEPENDS+= gnuplot:${PORTSDIR}/math/gnuplot @@ -143,10 +154,6 @@ RUN_DEPENDS+= aespipe:${PORTSDIR}/security/aespipe .endif -.if defined (WITH_SSL) -CONFIGURE_ARGS+= --with-ssh-security -.endif - .if defined (AMANDA_TAPE) CONFIGURE_ARGS+= --with-tape-device=${AMANDA_TAPE} .endif diff -ruN amanda-server.BAK/files/patch-server-src::amcrypt-ossl-asym.sh.in amanda-server/files/patch-server-src::amcrypt-ossl-asym.sh.in --- amanda-server.BAK/files/patch-server-src::amcrypt-ossl-asym.sh.in 1970-01-01 01:00:00.000000000 +0100 +++ amanda-server/files/patch-server-src::amcrypt-ossl-asym.sh.in 2008-07-12 12:14:49.000000000 +0200 @@ -0,0 +1,11 @@ +--- server-src/amcrypt-ossl-asym.sh.in.orig 2006-07-04 13:28:47.000000000 +0200 ++++ server-src/amcrypt-ossl-asym.sh.in 2008-07-12 12:11:30.000000000 +0200 +@@ -36,7 +36,7 @@ + # change these as needed + OPENSSL= # whatever's in $PATH + CIPHER=aes-256-cbc # see `openssl help` for more ciphers +-AMANDA_HOME=~amandabackup ++AMANDA_HOME=~@CLIENT_LOGIN@ + RANDFILE=$AMANDA_HOME/.rnd + export RANDFILE + PASSPHRASE=$AMANDA_HOME/.am_passphrase # optional diff -ruN amanda-server.BAK/files/patch-server-src::amcrypt-ossl.sh.in amanda-server/files/patch-server-src::amcrypt-ossl.sh.in --- amanda-server.BAK/files/patch-server-src::amcrypt-ossl.sh.in 1970-01-01 01:00:00.000000000 +0100 +++ amanda-server/files/patch-server-src::amcrypt-ossl.sh.in 2008-07-12 12:14:35.000000000 +0200 @@ -0,0 +1,11 @@ +--- server-src/amcrypt-ossl.sh.in.orig 2006-07-04 13:28:47.000000000 +0200 ++++ server-src/amcrypt-ossl.sh.in 2008-07-12 12:11:35.000000000 +0200 +@@ -7,7 +7,7 @@ + # change these as needed + OPENSSL= # whatever's in $PATH + CIPHER=aes-256-cbc # see `openssl help` for more ciphers +-AMANDA_HOME=~amandabackup ++AMANDA_HOME=~@CLIENT_LOGIN@ + RANDFILE=$AMANDA_HOME/.rnd + export RANDFILE + PASSPHRASE=$AMANDA_HOME/.am_passphrase # required >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200807131431.m6DEVeRZ057043>