NetBSD Problem Report #57190

From www@netbsd.org  Thu Jan 19 20:36:32 2023
Return-Path: <www@netbsd.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 3754A1A9239
	for <gnats-bugs@gnats.NetBSD.org>; Thu, 19 Jan 2023 20:36:32 +0000 (UTC)
Message-Id: <20230119203631.1295F1A923B@mollari.NetBSD.org>
Date: Thu, 19 Jan 2023 20:36:31 +0000 (UTC)
From: xfalkenx@sdf.org
Reply-To: xfalkenx@sdf.org
To: gnats-bugs@NetBSD.org
Subject: Tahoe-LAFS looks for moduli file in the wrong place.
X-Send-Pr-Version: www-1.0

>Number:         57190
>Category:       pkg
>Synopsis:       Tahoe-LAFS looks for moduli file in the wrong place.
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    gdt
>State:          open
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Thu Jan 19 20:40:01 +0000 2023
>Last-Modified:  Thu Jul 11 11:45:01 +0000 2024
>Originator:     Xavier F.
>Release:        9.2
>Organization:
>Environment:
NetBSD tahoec01.local 9.2 NetBSD 9.2 (GENERIC) #0: Wed May 12 13:15:55 UTC 2021  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/amd64/compile/GENERIC amd64

>Description:
The following error comes up when connecting to the SFTP service from a Tahoe-LAFS client compiled from pkgsrc (filesystems/tahoe-lafs) on a NetBSD release 9.2 installed in an amd64 box.

2022-12-27T04:56:06+0100 [allmydata.frontends.sftpd.SSHFactory#info] disabling non-fixed-group key exchange algorithms because we cannot find moduli file

This is because Tahoe-LAFS client looks for this file in the usual placement which is:

/etc/ssh/moduli

Instead, NetBSD keeps this file in:

/etc/moduli

To get rid off this error one must link or copy the file to the former path.

Note that this error does not keep the SFTP service from being used at all with the NetBSD's stock openssh client but unknown issues could come up when combining non-stock ciphers or algorithms between the client and the service.




>How-To-Repeat:
Install filesystems/tahoe-lafs.

Setup a Tahoe-LAFS client configuration for connecting to a standard grid.

Add the standard [sftpd] directives:

----
[sftpd]
enabled = true
port = tcp:8022:interface=127.0.0.1
host_pubkey_file = private/ssh_host_rsa_key.pub
host_privkey_file = private/ssh_host_rsa_key
accounts.file = private/accounts
----

Create proper host key files and populate the private/accounts with a valid ssh public key (use the current user account for simplicity).

Start the client:

tahoec01$ tahoe run&

Log will be written to stdout.

Open a new xterm and connect to the SFTP client's service:

tahoec01$ sftp -P 8022 127.0.0.1

Just before the negotiation and authentication, the log will show the above mentioned error.

>Fix:

>Release-Note:

>Audit-Trail:

Responsible-Changed-From-To: pkg-manager->gdt
Responsible-Changed-By: bsiegert@NetBSD.org
Responsible-Changed-When: Wed, 10 Jul 2024 20:02:05 +0000
Responsible-Changed-Why:
Over to maintainer


From: Greg Troxel <gdt@lexort.com>
To: xfalkenx@sdf.org
Cc: gnats-bugs@netbsd.org
Subject: Re: pkg/57190 (Tahoe-LAFS looks for moduli file in the wrong place.)
Date: Thu, 11 Jul 2024 07:41:38 -0400

 Thanks for reporting the bug.

 My doctrine for what is a pkgsrc bug vs an upstream bug is: If you build
 upstream's release, following their instructions, does it work
 correctly?  If so, and the pacakge does not, it's a pkgsrc bug.  But if
 not, it's an upstream bug.  pkgsrc does add fixes for upstream bugs, but
 we ask that such bugs be filed upstream and the bug URL be included in
 the package.

 Currently the pkgsrc build wraps upstream by providing dependencies and
 doesn't change the code.

 Could you check tahoe built from upstream sources?  A quick read of the
 sources indicates that it just assumes the presumably-Linux location.

 It seem like upstream should somehow either search for moduli, or have a
 mapping from OS to path.  pkgsrc supports many operating systems, so
 patching to NetBSD's location isn't a reasonable answer.

 Upstream's bug tracker is at
   https://tahoe-lafs.org/trac/tahoe-lafs/

>Unformatted:

Home	PR Database Search