Unfortunately, not … :-/ It seems the change of the Dockerfile (https://github.com/reviewboard/reviewboard/commit/5fc77fd85bf11cb5e0d6e6551a5579fa07bd1fba#diff-e818f6b11598d2656922413d3912abb820c175e2f739549dbda55cc9559bd6fddoesn’t) didn’t make it into the updated docker image: https://hub.docker.com/layers/beanbag/reviewboard/6.0.2/images/sha256-c8f5c7768949e10280f5b4ea8c10e574a8e1b17ad111876d4a342e370aec2956?context=explore
-Florian From: reviewboard@googlegroups.com <reviewboard@googlegroups.com> On Behalf Of Christian Hammond Sent: Mittwoch, 6. März 2024 19:33 To: reviewboard@googlegroups.com Subject: Re: libldap-common missing in beanbag/reviewboard:6.0 and above BeSecure! This email comes from outside of ABB. Make sure you verify the sender before clicking any links or downloading/opening attachments. If this email looks suspicious, report it by clicking 'Report Phishing' button in Outlook or raising a ticket on MyIS. Thanks for the report and the patch! We’ve deployed new images with this library installed, so hopefully that sorts things out. Christian -- Christian Hammond President/CEO of Beanbag Makers of Review Board On Wed, Mar 6, 2024 at 08:25 'Florian Miedniak' via Review Board Community <reviewboard@googlegroups.com<mailto:reviewboard@googlegroups.com>> wrote: https://hellosplat.com/s/beanbag/tickets/5023/<https://urldefense.com/v3/__https:/hellosplat.com/s/beanbag/tickets/5023/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2vRQYhRk$> On Tuesday, March 5, 2024 at 12:33:57 PM UTC+1 Florian Miedniak wrote: I just stumbled upon this: libldap-common missing in beanbag/reviewboard:6.0 and above. This has a nasty consequence: Verification of LDAPS servers with non-public certificates is not possible anymore! Instead, RB will just report the very unspecific error: Error authenticating with LDAP: {'result': -1, 'desc': "Can't contact LDAP server", 'ctrls': [], 'info': '(unknown error code)'} Back-trace down to root-cause: 1. Certificate of LDAP server can't be verified -> No connection possible 2. LDAP client library is not configured to access system-wide certificates as located in /etc/ssl/certs (Should be configured in /etc/ldap/ldap.conf, but whole directory is missing) 3. Directory is missing, because package libldap-common is not installed 4. Chain of dependencies leading to installation: * RB 5.0 image: curl -> libcurl4 -> libldap-2.4-2 -DEPENDS-> libldap-common * RB 6.0 image: curl -> libcurl4 -> libldap-2.5-0 -RECOMMENDS-> libldap-common => Package libldap-common is not installed because its relationship changed from "dependents" to "recommends": Before: https://packages.ubuntu.com/focal/libldap-2.4-2<https://urldefense.com/v3/__https:/packages.ubuntu.com/focal/libldap-2.4-2__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2WdFJ1-M$> Now: https://packages.ubuntu.com/jammy-updates/libldap-2.5-0<https://urldefense.com/v3/__https:/packages.ubuntu.com/jammy-updates/libldap-2.5-0__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2r-4W_E0$> and OS packages are installed with --no-install-recommends For now, I'll live with explicitly installing libldap-common in my own image that is derived from beanbag/reviewboard:6.0. But IMO it would be better to solve this in the base image. Possible solutions: (a) Remove the --no-install-recommends from call to apt-get + No explicit installation of libldap-common necessary, reduces risk of similar issues with other packages in future - May bloat the image with other packages that are neither wanted nor needed (b) Explicitly install package libldap-common + Reduces risk of bloating the image and minimizes change in images Any opinions on that? Anyway, is https://github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile<https://urldefense.com/v3/__https:/github.com/reviewboard/reviewboard/blob/release-6.0.2/contrib/docker/Dockerfile__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2vS1wcoE$> the correct file to look at and may I open a pull request for this right away or is it usual to discuss it first in this group? -Florian -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/<https://urldefense.com/v3/__https:/www.reviewboard.org/powerpack/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2peDBxmA$> Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/<https://urldefense.com/v3/__https:/rbcommons.com/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2SCzRILQ$> Happy user? Let us know! https://www.reviewboard.org/users/<https://urldefense.com/v3/__https:/www.reviewboard.org/users/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2w9ugZdE$> --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com<mailto:reviewboard+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn%40googlegroups.com<https://urldefense.com/v3/__https:/groups.google.com/d/msgid/reviewboard/2f969746-ffc1-45aa-9985-e81b0c38350dn*40googlegroups.com?utm_medium=email&utm_source=footer__;JQ!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2wkQRIBE$>. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/<https://urldefense.com/v3/__https:/www.reviewboard.org/powerpack/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2peDBxmA$> Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/<https://urldefense.com/v3/__https:/rbcommons.com/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2SCzRILQ$> Happy user? Let us know! https://www.reviewboard.org/users/<https://urldefense.com/v3/__https:/www.reviewboard.org/users/__;!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2w9ugZdE$> --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com<mailto:reviewboard+unsubscr...@googlegroups.com>. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/CAE7VndnCUeBwWudqqDwWbEFZvTxHp2qbRax8mRQzChH7xRWJkg%40mail.gmail.com<https://urldefense.com/v3/__https:/groups.google.com/d/msgid/reviewboard/CAE7VndnCUeBwWudqqDwWbEFZvTxHp2qbRax8mRQzChH7xRWJkg*40mail.gmail.com?utm_medium=email&utm_source=footer__;JQ!!NLW3fF9v!Je3sdvRUouFuxZrQTg_tN2E0oc_8KiygH-L3FQ2TLsU8INU0NJS-WoJxgD4787uT9kblolX9Sbt7Oex_FOM2wMBozTw$>. -- Supercharge your Review Board with Power Pack: https://www.reviewboard.org/powerpack/ Want us to host Review Board for you? Check out RBCommons: https://rbcommons.com/ Happy user? Let us know! https://www.reviewboard.org/users/ --- You received this message because you are subscribed to the Google Groups "Review Board Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to reviewboard+unsubscr...@googlegroups.com. To view this discussion on the web visit https://groups.google.com/d/msgid/reviewboard/AM6PR06MB55277381677B01E283889B70AC212%40AM6PR06MB5527.eurprd06.prod.outlook.com.
