Personally, I allowed the use of sha1 to sign packages. This was the only way to use the bacula community packages from the repository. The packages are signed with SHA1. Can't determine authenticity without SHA1. Once the Bacula community project issues a SHA512 key or something similar and signs their packages with that, then SHA1 will be unnecessary.
Here is my runbook from my notes on installing bacula on rocky linux 9. secrets removed and instances of my username have been replaced by 'YOURUSERNAME'. Please note that I run bacula 13.x. Bacula 15.x is in beta and I personally decided not to deploy it in production. The text below proceeds from that perspective. Bacula rocky 9 install and configuration process ************ # most of the following has to be done as root. I'm assuming you've done "sudo su" prior to start. # RL 9 doesn't allow sha1 signing by default. gotta enable it for bacula. update-crypto-policies --set DEFAULT:SHA1 # import bacula project key cd /tmp wget https://www.bacula.org/downloads/Bacula-4096-Distribution-Verification-key.asc rpm --import Bacula-4096-Distribution-Verification-key.asc rm Bacula-4096-Distribution-Verification-key.asc -y # Add the following entries to your /etc/yum.repos.d/Bacula.repo file: nano /etc/yum.repos.d/Bacula.repo # note this URL is customized from the install guide to be for RHEL 9! [Bacula-Community] name=CentOS - Bacula - Community baseurl= https://www.bacula.org/packages/YOURLICENSEKEY/rpms/13.0.3/el9/x86_64/ enabled=1 protect=0 gpgcheck=1 # correct syntax to find all bacula packages on every repo is dnf list|grep -i bacula # we want to disable all the bacula packages in the RHEL appstream repo. they can break bacula installs from the bacula community repo. # lets try adding some exclude lines to /etc/yum.conf. this is symlinked with /etc/dnf/dnf.conf so isn't necessary to edit both nano /etc/yum.conf exclude=bacula-common.x86_64 bacula-console.x86_64 bacula-director.x86_64 bacula-libs-sql.x86_64 bacula-logwatch.noarch bacula-storage.x86_64 # with the above string in yum.conf, yum list|grep -i bacula only shows 13.x bacula repo packages and doesn't show any appstream repo bacula packages, which were version 11.x # same applies to dnf. #WARNING: BACULA 15.X APPEARS TO FEATURE A BACULA-CONSOLE PACKAGE, WHICH MIGHT BE BLACKLISTED BY THE ABOVE PROCESS DURING AN INSTALLATION/UPGRADE OF 15.X # install postgresql and bacula yum install postgresql-server -y service postgresql initdb #output: Hint: the preferred way to do this is now "/usr/bin/postgresql-setup --initdb --unit postgresql" yum install chkconfig -y chkconfig postgresql on yum install bacula-postgresql -y systemctl start postgresql.service su - postgres /opt/bacula/scripts/create_postgresql_database /opt/bacula/scripts/make_postgresql_tables /opt/bacula/scripts/grant_postgresql_privileges exit # give bacula user a shell so I can su into that user chsh -s /bin/bash bacula # add bacula user to tape group usermod -a -G tape bacula # start bacula /opt/bacula/scripts/bacula start # give my user rwx access to bacula dir. used so I can filezilla into the server and edit stuff from windows setfacl -R -m YOURUSERNAME:rwx /opt/bacula/ # make symlinks to all bacula programs in /usr/sbin so they can be ran without a full path cp /opt/bacula/bin/* /usr/sbin -s Robert Gerber 402-237-8692 r...@craeon.net On Fri, May 3, 2024, 3:40 PM James Israel via Bacula-users < bacula-users@lists.sourceforge.net> wrote: > Thanks for the suggestion, Davide. > > > > However, I had tried that script before (used the one for CentOS, as that > OS is pretty close to RHEL), and I get the following errors. (I tried it > again just now, same result): > > > > First, SHA1 checksums don’t work on this RHEL 9 server, as they don’t with > many modern OSes, as they’ve been deemed insecure. So, I get: > > > > warning: Signature not supported. Hash algorithm SHA1 not available. > > error: /tmp/Bacula-4096-Distribution-Verification-key.asc: key 1 import > failed. > > > > As a work around, I downloaded the .asc file to my local Windows machine, > which can still do SHA1, and used the resulting hash in the URL in the > script, commenting out the hash creation parts. > > > > After doing that and running the script again, I get: > > > > Errors during downloading metadata for repository 'Bacula-Community': > > - Status code: 404 for > https://www.bacula.org/packages/bf417a80d9108b58a8a3fc8b78110f9f5b181ae1/rpms/11.0.5/el7/repodata/repomd.xml > (IP: 94.103.98.87) > > Error: Failed to download metadata for repo 'Bacula-Community': Cannot > download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were > tried > > > > As you can see, the url looks correct, but the needed xml file doesn’t > seem to be hosted anywhere anymore, as no mirrors had it. > > > > Is there another way to get that file? > > > > Thanks. > > > > James > > > > > > *From: *Davide F. via Bacula-users <bacula-users@lists.sourceforge.net> > *Sent: *Friday, May 3, 2024 4:11 AM > *To: *Mehrdad Ravanbod <mehrdad.ravan...@ampfield.se> > *Cc: *bacula-users@lists.sourceforge.net > *Subject: *Re: [Bacula-users] Install Bacula-Community from repository? > > > > Hi, > > > > Just thinking loud … > > > > If Bacula rpm package installation guide is not accurate or has issues, > can we do a PR or send a patch to developers ? > > > > Best regards > > > > Davide > > > > On Fri, May 3, 2024 at 10:35 Mehrdad Ravanbod < > mehrdad.ravan...@ampfield.se> wrote: > > HI > > I suggest you try instructions in this document > > > https://www.bacula.lat/community/bacula-community-9-x-official-packages-installation-script/?lang=en > > has instruction for both debian and RHEL installations, some things must > be changed according to the version/enviroment you install but it is to > figure out. > > Reagrds /Mehrdad > > On 2024-05-03 08:57, James Israel via Bacula-users wrote: > > Is it possible to install Bacula-Community from a repository? > > > > I have a RHEL 9 server which came with Bacula Community 11.0.1, but I was > having so much trouble getting it working, I decided to try to update it. > Trying a yum upgrade didn’t work, so I (foolishly) uninstalled it, removing > the repo, thinking it should be no problem to download v13 or v15 repo and > install from that. > > > > I’ve followed instructions from the > https://www.bacula.org/whitepapers/CommunityInstallationGuide.pdf, > however, it’s not working, I get: > > > > Errors during downloading metadata for repository 'Bacula-Community': > > Error: Failed to download metadata for repo 'Bacula-Community': Cannot > download repomd.xml: Cannot download repodata/repomd.xml: All mirrors were > tried > > > > I’ve also tried installing manually by downloading and unpacking > bacula-15.0.2.tar.gz, then using ./configure and make, etc, but that was a > real nightmare, one problem after another to work out, and never could get > it working. > > > > Is there any way to get the repo for Bacula and install it like any other > program with a good ol’ “yum install” command? > > > > Thanks for any help. > > > > - James > > > > _______________________________________________ > > Bacula-users mailing list > > Bacula-users@lists.sourceforge.net > > https://lists.sourceforge.net/lists/listinfo/bacula-users > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users > > > _______________________________________________ > Bacula-users mailing list > Bacula-users@lists.sourceforge.net > https://lists.sourceforge.net/lists/listinfo/bacula-users >
_______________________________________________ Bacula-users mailing list Bacula-users@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/bacula-users
