Re: [Bacula-users] Bacula in Ubuntu 8.04 without TLS?

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Lukasz Szybalski wrote:
> On Wed, Aug 20, 2008 at 11:23 AM, Ryan Novosielski <novosirj AT umdnj DOT 
> edu> wrote:
>> -----BEGIN PGP SIGNED MESSAGE-----
>> Hash: SHA1
>>
>> Lukasz Szybalski wrote:
>>> On Wed, Aug 20, 2008 at 9:42 AM, Ryan Novosielski <novosirj AT umdnj DOT 
>>> edu> wrote:
>>>> -----BEGIN PGP SIGNED MESSAGE-----
>>>> Hash: SHA1
>>>>
>>>> Lukasz Szybalski wrote:
>>>>> On Tue, Aug 19, 2008 at 6:38 PM, Dan Langille <dan AT langille DOT org> 
>>>>> wrote:
>>>>>> Landon Fuller wrote:
>>>>>>> On Aug 18, 2008, at 9:32 AM, Philipp Geschke wrote:
>>>>>>>
>>>>>>>> Hi List,
>>>>>>>>
>>>>>>>> Can somebody confirm that Ubuntu seriously compiled Bacula in 8.04
>>>>>>>> without TLS after having it enabled in 7.10?
>>>>>>>>
>>>>>>>> Or am I just being dumb?
>>>>>>> Debian upstream disabled it:
>>>>>>>
>>>>>>> README.Debian:
>>>>>>>     bacula (2.2.0-1) unstable; urgency=low
>>>>>>>
>>>>>>>     * SSL/TLS has been disabled in this version of Bacula due to 
>>>>>>> licensing
>>>>>>>      concerns.  See README.Debian and the thread at
>>>>>>>      http://lists.debian.org/debian-legal/2007/07/msg00144.html for more
>>>>>>>      details.
>>>>>>>
>>>>>>> NEWS.Debian
>>>>>>>     Due to licensing concerns (see NEWS.Debian), SSL/TLS is disabled in
>>>>>>> current
>>>>>>>     Debian builds.  This disables both encryption for the on-the-wire
>>>>>>>     protocol as well as encryption of the backed-up data.
>>>>>>>
>>>>>>> Kern specifically allows linking against OpenSSL in the Bacula, and has
>>>>>>> removed any GPL code that can not contain this exception:
>>>>>>>     As a special exception to the GPLv2, the Bacula Project gives
>>>>>>>     permission to link the code of its release of Bacula with the 
>>>>>>> OpenSSL
>>>>>>>     project's "OpenSSL" library (or with modified versions of it that 
>>>>>>> use
>>>>>>>     the same license as the "OpenSSL" library), and distribute the 
>>>>>>> linked
>>>>>>>     executables.  You must obey the GNU General Public License in all
>>>>>>>     respects for all of the code used other than "OpenSSL".
>>>>>>>
>>>>>>> I guess Debian considers the OpenSSL license and the GPL license
>>>>>>> incompatible, and removed support prior to Kern's changes.
>>>>>>> The whole issue is a bit droll.
>>>>>> This is why I like packaging systems which allow you to compile from 
>>>>>> source.
>>>>> Why don't you recompile it from source then.
>>>>>
>>>>>
>>>>> apt-get build-dep bacula
>>>>> aptitude install libssl-dev openssl
>>>>> aptitude source bacula
>>>>> cd bacula-2....
>>>>> vim debian/rules
>>>>>     # (change the options to enable ssl tls)
>>>>> debian/rules binary
>>>>>    #it should now compile and pack all bacula packages
>>>>> cd ..
>>>>> dpkg -i bacula*.deb
>>>>>
>>>>>
>>>>> Done.
>>>> Yes, this is what I was talking about, not getting the source and
>>>> compiling/installing from source alone.
>>>>
>>>> The only issue you may run into here is the distribution's affinity for
>>>> the repository over locally installed packages. I ran into that when
>>>> building tOra with Oracle support. I don't recall how I solved it, but I
>>>> believe there's another step that fixes the changelog so that your
>>>> version is a little newer than the repository but not so new that you
>>>> miss updates.
>>> Well, the commands I sent earlier get the source code of the version
>>> you have installed currently.
>>>
>>> So if ubuntu has 2.2.0 the source code for that deb file will be
>>> downloaded. The goal of this is to just recreate the bacula.deb
>>> package with tls support. Not newer code will be downloaded.
>> Exactly, but apparently software that exists in a Debian repository
>> receives a higher priority than locally installed updates for whatever
>> reason, meaning if there are two equal installs of say 2.2.0,
>> Ubuntu/Debian will prefer to go out and install the version from the
>> repository and will try to "upgrade" you to it constantly. Someone is
>> free to correct me if I'm wrong, but this is how I remember it working.
> 
> I think you are correct.
> If you don't want to upgrade run:
> aptitude hold bacula
> 
> "Fix a package at its current version and don't upgrade it automatically"

And yet another gotcha: adept_updater on KDE (not sure how the GNOME
equivalent behaves) will tell you about the newer package, even though
the eventual package action will be to hold at the current release. This
may or may not be considered a bug, IMHO.

Really the only proper way to do this is edit the Debian Changelog in
the prescribed way (which is pretty easy to do i one just hunts around
for a tutorial... one or two commands). Then the package will be handled
the way it ought to be handled.

- --
 ---- _  _ _  _ ___  _  _  _
 |Y#| |  | |\/| |  \ |\ |  | |Ryan Novosielski - Systems Programmer II
 |$&| |__| |  | |__/ | \| _| |novosirj AT umdnj DOT edu - 973/972.0922 (2-0922)
 \__/ Univ. of Med. and Dent.|IST/AST - NJMS Medical Science Bldg - C630
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org

iD8DBQFIrEnSmb+gadEcsb4RAtmxAJ49k8tAq8Yl9Rq6VdaBhGLbfbnumACdHYq4
S71ZqxeWW5saRqzd6spMXEQ=
=GjYh
-----END PGP SIGNATURE-----

novosirj.vcf
Description: Vcard

-------------------------------------------------------------------------
This SF.Net email is sponsored by the Moblin Your Move Developer's challenge
Build the coolest Linux based applications with Moblin SDK & win great prizes
Grand prize is a trip for two to an Open Source event anywhere in the world
http://moblin-contest.org/redirect.php?banner_id=100&url=/

_______________________________________________
Bacula-users mailing list
Bacula-users AT lists.sourceforge DOT net
https://lists.sourceforge.net/lists/listinfo/bacula-users