[Bug 1888926] Re: tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0

Fri Aug 7 00:31:29 UTC 2020

Verification/comparison steps to ensure that the modified
rsyslog package is built and working correctly, given its
importance in the distribution:

1) Compare test suite results in build logs
2) Compare configuration options in build logs
3) Compare packages' control file and contents

All look good.  Details:

1) Compare test suite results in build logs
-------------------------------------------

The build-time test suite runs 550ish tests,
which gives us confidence it does look good.

There are 20 test files which name includes 'relp',
and 2 test files include the option name 'tlscfgcmd'.

	$ grep -rl tlscfgcmd rsyslog-8.2001.0/tests/ 
	rsyslog-8.2001.0/tests/sndrcv_relp_tls-cfgcmd.sh
	rsyslog-8.2001.0/tests/imrelp-tls-cfgcmd.sh

	These 2 are not mentioned in the previous build log,
	but are mentioned and PASS in the test package's build log,
	so the option is enabled and good as in tests.

Before:

	# TOTAL: 551
	# PASS:  544
	# SKIP:  7
	# XFAIL: 0
	# FAIL:  0
	# XPASS: 0
	# ERROR: 0

After:

	+PASS: imrelp-tls-cfgcmd.sh
	+PASS: sndrcv_relp_tls-cfgcmd.sh

	# TOTAL: 553
	# PASS:  546
	# SKIP:  7
	# XFAIL: 0
	# FAIL:  0
	# XPASS: 0
	# ERROR: 0

2) Compare configuration options in build logs
----------------------------------------------

Download the old (focal-release) and new (ppa) build logs:

        $ curl -s https://launchpadlibrarian.net/464664394
/buildlog_ubuntu-focal-amd64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz |
gzip -dc > buildlog.old

        $ curl -s buildlog_modified
https://launchpadlibrarian.net/492228312/buildlog_ubuntu-focal-
amd64.rsyslog_8.2001.0-1ubuntu1.1_BUILDING.txt.gz | gzip -dc >
buildlog.new

Filter the section for configure:

	dh_auto_configure -- \
	<...>
	config.status: executing libtool commands

        $ sed -n '/^dh_auto_configure --/,/^config.status: executing
libtool commands/p' buildlog.old > buildlog.old.configure

        $ sed -n '/^dh_auto_configure --/,/^config.status: executing
libtool commands/p' buildlog.new > buildlog.new.configure

The only difference is the new/reported option 'relpSrvSetTlsConfigCmd'

	$ diff -u buildlog.old.configure buildlog.new.configure
	--- buildlog.old.configure	2020-08-06 23:44:34.072713719 +0000
	+++ buildlog.new.configure	2020-08-06 23:44:38.080688125 +0000
	@@ -407,8 +407,8 @@
	 checking for relpSrvSetOversizeMode... yes
	 checking for relpSrvSetLstnAddr... yes
	 checking for relpEngineSetTLSLibByName... yes
	-checking for relpSrvSetTlsConfigCmd... no
	-checking for relpSrvSetTlsConfigCmd... (cached) no
	+checking for relpSrvSetTlsConfigCmd... yes
	+checking for relpSrvSetTlsConfigCmd... (cached) yes
	 checking for LIBLOGGING_STDLOG... no
	 configure: liblogging-stdlog not found, parts of the testbench will not run
	 checking for ip... no

3) Compare packages' control file and contents
----------------------------------------------

Get the old and new packages' control/contents:

	mkdir debs-old && cd debs-old
	pull-lp-debs rsyslog focal
	cd ..

	mkdir debs-new && cd debs-new
	pull-ppa-debs --ppa mfo/lp1888926 rsyslog focal
	cd ..

	for dir in debs-old debs-new; do 
		pushd $dir
		for deb in *.deb; do 
		  pkg=${deb%%_*}
		  dpkg-deb -e $deb deb_control_$pkg
		  dpkg-deb -c $deb \
		    | awk '{ $3 = "SIZE"; $4 = "DATE"; $5 = "TIME"; print $0 }' `#normalize` \
		    | sort \
		    > deb_content_$pkg
		done
		popd
	done

Compare the control files:

	for dir in debs-old/deb_control_*; do
	  dir="$(basename $dir)"
	  echo "DIR: $dir"
	  diff -U0 debs-old/$dir/control debs-new/$dir/control
	  echo
	done

The only differences are:
1) the Version: bump,
2) the versioned dependency bump on rsyslog,
3) and rsyslog-relp also has versioned dependency bump on librelp0, as expected.

	DIR: deb_control_rsyslog-relp
	--- debs-old/deb_control_rsyslog-relp/control	2020-02-11 15:25:29.000000000 +0000
	+++ debs-new/deb_control_rsyslog-relp/control	2020-07-30 19:53:18.000000000 +0000
	@@ -3 +3 @@
	-Version: 8.2001.0-1ubuntu1
	+Version: 8.2001.0-1ubuntu1.1
	@@ -7 +7 @@
	-Depends: libc6 (>= 2.14), librelp0 (>= 1.4.0), rsyslog (= 8.2001.0-1ubuntu1)
	+Depends: libc6 (>= 2.14), librelp0 (>= 1.5.0), rsyslog (= 8.2001.0-1ubuntu1.1)

Compare the contents:

	for file in debs-old/deb_content_*; do
	  file="$(basename $file)"
	  echo "FILE: $file"
	  diff -U0 debs-old/$file debs-new/$file
	  echo
	done

The only differences are the /usr/share/doc/rsyslog-<pkg>/{NEWS,changelog}.Debian.gz files,
which used to be symlinks to ../rsyslog/{NEWS,changelog}.Debian.gz, but are not anymore; eg:

	FILE: deb_content_rsyslog-czmq
	--- debs-old/deb_content_rsyslog-czmq	2020-08-06 23:52:05.910354509 +0000
	+++ debs-new/deb_content_rsyslog-czmq	2020-08-06 23:51:54.622403701 +0000
	@@ -2,0 +3 @@
	+-rw-r--r-- root/root SIZE DATE TIME ./usr/share/doc/rsyslog-czmq/NEWS.Debian.gz
	@@ -3,0 +5 @@
	+-rw-r--r-- root/root SIZE DATE TIME ./usr/share/doc/rsyslog-czmq/changelog.Debian.gz
	@@ -13,2 +14,0 @@
	-lrwxrwxrwx root/root SIZE DATE TIME ./usr/share/doc/rsyslog-czmq/NEWS.Debian.gz -> ../rsyslog/NEWS.Debian.gz
	-lrwxrwxrwx root/root SIZE DATE TIME ./usr/share/doc/rsyslog-czmq/changelog.Debian.gz -> ../rsyslog/changelog.Debian.gz

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1888926

Title:
  tls.tlscfgcmd not recognized; rebuild rsyslog against librelp 1.5.0

Status in rsyslog package in Ubuntu:
  Fix Released
Status in rsyslog source package in Focal:
  In Progress
Status in rsyslog source package in Groovy:
  Fix Released

Bug description:
  [Description]

  Problem is according to https://launchpad.net/ubuntu/+source/librelp/+publishinghistory,
  librelp-dev 1.5.0 was published into focal at 2020-04-21, but reverse dependencies
  (such as rsyslog) weren't rebuilt after this new version was published

  # dpkg -l | grep librelp
  ii librelp-dev:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library - development files
  ii librelp0:amd64 1.5.0-1ubuntu2 amd64 Reliable Event Logging Protocol (RELP) library

  rsyslogd: error during parsing file /etc/rsyslog.d/FILENAME.conf, on
  or before line 22: imrelp: librelp does not support input parameter
  'tls.tlscfgcmd'; it probably is too old (1.5.0 or higher should be
  fine); ignoring setting now. [v8.2001.0 try
  https://www.rsyslog.com/e/2207 ]

  [Reproducer]

  Setup a focal machine with rsyslog, using the following configuration:

  ----
  module(load="imrelp" tls.tlslib="openssl")

  input(
      type="imrelp" port="2515"
      tls="on"
      # This should work in rsyslog 8.2006.0:
      #tls.mycert="/etc/rsyslog.tls/fullchain.pem"
      # for now we use the work-around discussed in:
      # https://github.com/rsyslog/rsyslog/issues/4360
      tls.cacert="/etc/rsyslog.tls/chain.pem"
      tls.mycert="/etc/rsyslog.tls/cert.pem"
      tls.myprivkey="/etc/rsyslog.tls/privkey.pem"
      tls.tlscfgcmd="ServerPreference CipherString=ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 Ciphersuites=TLS_AES_128_GCM_SHA256:TLS_CHACHA20_POLY1305_SHA256:TLS_AES_256_GCM_SHA384 MinProtocol=TLSv1.2"
  )
  ----

  This error comes from this code in plugins/imrelp/imrelp.c:

  ----
  #if defined(HAVE_RELPENGINESETTLSCFGCMD)
                          inst->tlscfgcmd = (uchar*)es_str2cstr(pvals[i].val.d.estr, NULL);
  #else
                          parser_errmsg("imrelp: librelp does not support input parameter 'tls.tlscfgcmd'; "
                                  "it probably is too old (1.5.0 or higher should be fine); ignoring setting now.");
  #endif
  ----

  The build log for focal:
  https://launchpadlibrarian.net/464665610/buildlog_ubuntu-focal-arm64.rsyslog_8.2001.0-1ubuntu1_BUILDING.txt.gz
  says:
  checking for relpSrvSetTlsConfigCmd... no
  checking for relpSrvSetTlsConfigCmd... (cached) no

  The build log for groovy:
  https://launchpadlibrarian.net/486409321/buildlog_ubuntu-groovy-arm64.rsyslog_8.2006.0-2ubuntu1_BUILDING.txt.gz
  says:
  checking for relpSrvSetTlsConfigCmd... yes
  checking for relpSrvSetTlsConfigCmd... (cached) yes

  If I rebuild the rsyslog package, I get:
  checking for relpSrvSetTlsConfigCmd... yes
  checking for relpSrvSetTlsConfigCmd... (cached) yes

  I suspect that the rsyslog package was built against and older librelp
  version. A simple rebuild of rsyslog should fix this, though a more
  complete fix would be to raise the Build-Depends from librelp-dev (>=
  1.4.0) to librelp-dev (>= 1.5.0).

  [Risk potential]

  * No identified as this is a rebuild that should have been done on all 
  reverse dependencies of librelp-dev when upgraded from 1.4.0 to 1.5.0

  [Fix]

  Provide a rebuild SRU for focal.

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/rsyslog/+bug/1888926/+subscriptions