21.7.5 - ntopng (misconfigured) - libldap-2.4.so.2 / check sum mismatch

[GrimmSh0t]

New to OPNSense - take it easy on me :)

Installed ntopng from here:
https://www.ntop.org/guides/ntopng/third_party_integrations/opnsense.html

Read about the misconfigured (cosmetic) but then saw this when I ran the audit health:

Any guidance?
NOTE: New installation then update!

>>> Check installed kernel version
Version 21.7.5 is correct.
>>> Check for missing or altered kernel files
No problems detected.
>>> Check installed base version
Version 21.7.5 is correct.
>>> Check for missing or altered base files
No problems detected.
>>> Check for missing package dependencies
Checking all packages: .......... done
ntopng is missing a required shared library: libldap-2.4.so.2
>>> Check for missing or altered package files
Checking all packages: ....
ntopng-5.1.211120: checksum mismatch for /usr/local/share/ntopng/httpdocs/ssl/ntopng-cert.pem
Checking all packages......... done
>>> Check for core packages consistency
Core package "opnsense" has 66 dependencies to check.
Checking packages: .................................................................... done
***DONE***

[franco]

The installed package from the third party mirror does not adhere to our standards and build compatibility. There's nothing we can do since ntopng people want to run their own thing without helping out on our side so far.


Cheers,
Franco

[GrimmSh0t]

@Franco,
Thanks for the quick reply, that's a bummer.  Well maybe they will come around....
They (ntopng) miss out on a lot of future customers like that!

[franco]

Personally I think the lack of effort in providing compatible OPNsense builds and timely updates thereof is done on the backs of the actual user base having to deal with upgrade issues on major iterations in particular later on.


Cheers,
Franco

[gpb]

Looks like that missing library is included here: https://www.freshports.org/net/openldap24-client/

Checking my system, I do have the file in question as well as the package referenced above.  How I got it installed I can't say for sure.  No issues running ntopng. Just an fyi.

Code Select Expand


root@opnsense:/ # pkg info 'openldap24-client'
openldap24-client-2.4.59_4
Name           : openldap24-client
Version        : 2.4.59_4
Installed on   : Fri Nov 12 22:33:59 2021 EST
Origin         : net/openldap24-client
Architecture   : FreeBSD:12:amd64
Prefix         : /usr/local
Categories     : databases net
Licenses       : OPENLDAP
Maintainer     : delphij@FreeBSD.org
WWW            : https://www.OpenLDAP.org/
Comment        : Open source LDAP client implementation
Options        :
        DEBUG          : on
        DOCS           : off
        FETCH          : off
        GSSAPI         : on
Shared Libs required:
        libsasl2.so.3
        libcrypto.so.11
        libssl.so.11
Shared Libs provided:
        libldap_r-2.4.so.2
        liblber-2.4.so.2
Annotations    :
        FreeBSD_version: 1201000
        cpe            : cpe:2.3:a:openldap:openldap:2.4.59:::::freebsd12:x64:4
        repo_type      : binary
        repository     : OPNsense
Flat size      : 1.94MiB
Description    :
OpenLDAP is a suite of Lightweight Directory Access Protocol (v3) servers,
clients, utilities and development tools.

This package includes the following major components:

* -lldap - a LDAP client library
* -llber - a lightweight BER/DER encoding/decoding library
* LDAP tools - A collection of command line LDAP utilities
* documentation - man pages for all components

WWW: https://www.OpenLDAP.org/


[franco]

Well, actually the "error" is from FreeBSD package manager tool itself and not the linker/system complaining and refusing to work.

FreeBSD and in turn we did change package names for OpenLDAP packages between 21.7.2 and 21.7.3.

The new package in the standard install provides the following libraries:

# pkg info -b openldap24-client
openldap24-client-2.4.59_4:
   libldap_r-2.4.so.2
   liblber-2.4.so.2

(the package is a dependency of the squid package btw)

The old package shared library provide looks like this:

# fetch https://pkg.opnsense.org/FreeBSD:12:amd64/21.7/MINT/21.7.2/OpenSSL/All/openldap-client-2.4.59_1.txz
# pkg info -bF openldap-client-2.4.59_1.txz
openldap-client-2.4.59_1:
   libldap_r-2.4.so.2
   libldap-2.4.so.2
   liblber-2.4.so.2

And you can see it claims to have had that extra library. Whether ntopng uses it or not I have no clue, but this is basically how it came to be and why the ntop packages are outdated.


Cheers,
Franco