not able to install FR 3.0.16+git in (pure) Debian 9

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

not able to install FR 3.0.16+git in (pure) Debian 9

Rui Ribeiro-2
Hi,

I have been compiling and deploying FR source for a good while in Debian 9;
however upon trying to install it in a cleanly installed system, I just
found out I cant.

The difference is that my production system (still) has a dangling libssl
version from Debian 8 backports, that was installed *before* the upgrade to
Debian 9.

As in:

$dpkg -l | grep libssl

ii  libssl1.0.0:amd64                         1.0.2k-1~bpo8+1   <<---
 amd64        Secure Sockets Layer toolkit - shared libraries

ii  libssl1.0.2:amd64                         1.0.2l-2
  amd64        Secure Sockets Layer toolkit - shared libraries

ii  libssl1.1:amd64                           1.1.0f-3
  amd64        Secure Sockets Layer toolkit - shared libraries

So clearly the leftover libssl satisfies a built-in dependency, even though
it was compiled in another server *without* the 1.0.2k libssl, and when
running, it ends up using libssl1.1, as:

#ldd /usr/sbin/freeradius  | grep libssl
libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1
(0x00007fed0b35b000)

However, in a pure Debian 9 system, I see this error when trying to install
FR 3.0.16 git from my internal repository:

The following packages have unmet dependencies:

 freeradius : Depends: libssl1.0.0 (>= 1.0.1) but it is not installable

The only thing that I change to compile it is in

debian/control:10: libjson0 | libjson-c2,


Changing libjson-c2 to libjson-c3.


I also know the culprit of the runtime behaviour I am describing is this
rule:


debian/rules:59:       SUBSTVARS = -Vdist:Depends="libssl1.0.0 (>=
1.0.1e-2+deb7u5)"


I would like to ask for a change for installing it in Debian 9; it has been
running well, however I do not have the necessary background to propose a
*proper quality* patch.

--
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: not able to install FR 3.0.16+git in (pure) Debian 9

Rui Ribeiro-2
Correction: the correct error is:

   freeradius : Depends: libssl1.0.0 (>= 1.0.1e-2+deb7u5) but it is not
installable

The other output was a tentative local patch of mine.

On 10 August 2017 at 17:27, Rui Ribeiro <[hidden email]> wrote:

> Hi,
>
> I have been compiling and deploying FR source for a good while in Debian
> 9; however upon trying to install it in a cleanly installed system, I just
> found out I cant.
>
> The difference is that my production system (still) has a dangling libssl
> version from Debian 8 backports, that was installed *before* the upgrade to
> Debian 9.
>
> As in:
>
> $dpkg -l | grep libssl
>
> ii  libssl1.0.0:amd64                         1.0.2k-1~bpo8+1   <<---
>    amd64        Secure Sockets Layer toolkit - shared libraries
>
> ii  libssl1.0.2:amd64                         1.0.2l-2
>   amd64        Secure Sockets Layer toolkit - shared libraries
>
> ii  libssl1.1:amd64                           1.1.0f-3
>   amd64        Secure Sockets Layer toolkit - shared libraries
>
> So clearly the leftover libssl satisfies a built-in dependency, even
> though it was compiled in another server *without* the 1.0.2k libssl, and
> when running, it ends up using libssl1.1, as:
>
> #ldd /usr/sbin/freeradius  | grep libssl
> libssl.so.1.1 => /usr/lib/x86_64-linux-gnu/libssl.so.1.1
> (0x00007fed0b35b000)
>
> However, in a pure Debian 9 system, I see this error when trying to
> install FR 3.0.16 git from my internal repository:
>
> The following packages have unmet dependencies:
>
>  freeradius : Depends: libssl1.0.0 (>= 1.0.1) but it is not installable
>
> The only thing that I change to compile it is in
>
> debian/control:10: libjson0 | libjson-c2,
>
>
> Changing libjson-c2 to libjson-c3.
>
>
> I also know the culprit of the runtime behaviour I am describing is this
> rule:
>
>
> debian/rules:59:       SUBSTVARS = -Vdist:Depends="libssl1.0.0 (>=
> 1.0.1e-2+deb7u5)"
>
>
> I would like to ask for a change for installing it in Debian 9; it has
> been running well, however I do not have the necessary background to
> propose a *proper quality* patch.
>
> --
> Regards,
>
> --
> Rui Ribeiro
> Senior Linux Architect and Network Administrator
> ISCTE-IUL
> https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
>



--
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: not able to install FR 3.0.16+git in (pure) Debian 9

Alan DeKok-2
In reply to this post by Rui Ribeiro-2
On Aug 10, 2017, at 6:27 PM, Rui Ribeiro <[hidden email]> wrote:
>
> I have been compiling and deploying FR source for a good while in Debian 9;
> however upon trying to install it in a cleanly installed system, I just
> found out I cant.
>
> The difference is that my production system (still) has a dangling libssl
> version from Debian 8 backports, that was installed *before* the upgrade to
> Debian 9.

  That shouldn't make much difference...

> However, in a pure Debian 9 system, I see this error when trying to install
> FR 3.0.16 git from my internal repository:
>
> The following packages have unmet dependencies:
>
> freeradius : Depends: libssl1.0.0 (>= 1.0.1) but it is not installable
>
> The only thing that I change to compile it is in
>
> debian/control:10: libjson0 | libjson-c2,
>
>
> Changing libjson-c2 to libjson-c3.

  Ah... the "DLL hell" problem.  Different packages have different dependencies.  And those dependencies can conflict...

> I would like to ask for a change for installing it in Debian 9; it has been
> running well, however I do not have the necessary background to propose a
> *proper quality* patch.

  We'll take a look thanks.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: not able to install FR 3.0.16+git in (pure) Debian 9

Rui Ribeiro-2
In reply to this post by Rui Ribeiro-2
> ------------------------------

>
> Message: 5
> Date: Thu, 10 Aug 2017 18:31:39 +0200
> From: Alan DeKok <[hidden email]>
> To: FreeRadius users mailing list
>         <[hidden email]>
> Subject: Re: not able to install FR 3.0.16+git in (pure) Debian 9
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=us-ascii
>
> On Aug 10, 2017, at 6:27 PM, Rui Ribeiro <[hidden email]> wrote:
> >
> > I have been compiling and deploying FR source for a good while in Debian
> 9;
> > however upon trying to install it in a cleanly installed system, I just
> > found out I cant.
> >
> > The difference is that my production system (still) has a dangling libssl
> > version from Debian 8 backports, that was installed *before* the upgrade
> to
> > Debian 9.
>
>   That shouldn't make much difference...
>
> > However, in a pure Debian 9 system, I see this error when trying to
> install
> > FR 3.0.16 git from my internal repository:
> >
> > The following packages have unmet dependencies:
> >
> > freeradius : Depends: libssl1.0.0 (>= 1.0.1) but it is not installable
> >
> > The only thing that I change to compile it is in
> >
> > debian/control:10: libjson0 | libjson-c2,
> >
> >
> > Changing libjson-c2 to libjson-c3.
>
>   Ah... the "DLL hell" problem.  Different packages have different
> dependencies.  And those dependencies can conflict...
>
> > I would like to ask for a change for installing it in Debian 9; it has
> been
> > running well, however I do not have the necessary background to propose a
> > *proper quality* patch.
>
>   We'll take a look thanks.
>
>   Alan DeKok.
>
>
Hi Alan,

What is the best way to send patches?

This is the one  for including libjson-c3


--- debian/control.old 2017-08-11 16:42:59.971350545 +0100

+++ debian/control 2017-08-11 16:44:02.810791057 +0100

@@ -7,7 +7,7 @@

  libcap-dev,

  libgdbm-dev,

  libiodbc2-dev,

- libjson0 | libjson-c2,

+ libjson0 | libjson-c2 | libjson-c3,

  libjson0-dev | libjson-c-dev,

  libkrb5-dev | heimdal-dev,

  libldap2-dev,



--
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

debian_control.patch (434 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: not able to install FR 3.0.16+git in (pure) Debian 9

Alan DeKok-2
On Aug 11, 2017, at 5:50 PM, Rui Ribeiro <[hidden email]> wrote:
> What is the best way to send patches?
>
> This is the one  for including libjson-c3

  For small things, that's fine.  I've pushed a fix.

  Alan DeKok.

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: not able to install FR 3.0.16+git in (pure) Debian 9

Rui Ribeiro-2
In reply to this post by Rui Ribeiro-2
>

> Message: 2
> Date: Fri, 11 Aug 2017 17:55:12 +0200
> From: Alan DeKok <[hidden email]>
> To: FreeRadius users mailing list
>         <[hidden email]>
> Subject: Re: not able to install FR 3.0.16+git in (pure) Debian 9
> Message-ID: <[hidden email]>
> Content-Type: text/plain; charset=us-ascii
>
> On Aug 11, 2017, at 5:50 PM, Rui Ribeiro <[hidden email]> wrote:
> > What is the best way to send patches?
> >
> > This is the one  for including libjson-c3
>
>   For small things, that's fine.  I've pushed a fix.
>
>   Alan DeKok.
>
>
>
> Hi again Alan,
After this commit, you can already compile for Debian 9, thanks.

If you would not mind, I would also propose striking out the HeartBleed
check from debian/rules in 3.0.x, to be able to install it on Debian 9.
Otherwise, the dependencies are not satisfied, and Debian 9 refuses to
install the packages.

--- debian/rules.old 2017-08-16 15:19:15.015393327 +0100

+++ debian/rules 2017-08-16 15:19:27.647279581 +0100

@@ -52,13 +52,6 @@

  confflags += --build $(DEB_BUILD_GNU_TYPE) --host $(DEB_HOST_GNU_TYPE)

 endif



-# Add dependency on distribution specific version of openssl that fixes
Heartbleed (CVE-2014-0160).

-ifeq ($(shell dpkg-vendor --derives-from Ubuntu && echo yes),yes)

-       SUBSTVARS = -Vdist:Depends="libssl1.0.0 (>= 1.0.1f-1ubuntu2)"

-else

-       SUBSTVARS = -Vdist:Depends="libssl1.0.0 (>= 1.0.1e-2+deb7u5)"

-endif

-

 # Add libsystemd-dev as a Build-Depends to debian/control if it is known
to this system

 ifeq ($(shell apt-cache show libsystemd-dev &>/dev/null && echo yes),yes)

        CONTROL_BUILDDEPS += libsystemd-dev,




--
Regards,

--
Rui Ribeiro
Senior Linux Architect and Network Administrator
ISCTE-IUL
https://www.linkedin.com/pub/rui-ribeiro/16/ab8/434

-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

rules.patch (1018 bytes) Download Attachment
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: not able to install FR 3.0.16+git in (pure) Debian 9

Alan DeKok-2
On Aug 16, 2017, at 4:26 PM, Rui Ribeiro <[hidden email]> wrote:
> After this commit, you can already compile for Debian 9, thanks.

  Good, thanks.

> If you would not mind, I would also propose striking out the HeartBleed
> check from debian/rules in 3.0.x, to be able to install it on Debian 9.
> Otherwise, the dependencies are not satisfied, and Debian 9 refuses to
> install the packages.

  That can't happen, sorry.  The server must be secure, even if the underlying OS uses vulnerable versions of OpenSSL.

  There are other ways to get the server installed.  Local patches, if nothing else.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Loading...