SSL Certificates No Longer Generated in v13

[bj-github]

myMPD version: 13.0.2

Describe the bug

Per the documentation at https://jcorporation.github.io/myMPD/configuration/ssl, SSL certificates are supposed to be checked and, as necessary, (re-)generated at start-up. This happened on v12. It no longer appears to happen on v13.

To Reproduce

Using Raspberry Pi OS Bookworm 64bit Lite dated 2023-10-10

sudo apt update
sudo apt full-upgrade
sudo apt install mpd
sudo nano /etc/default/mpd

Uncomment MPDCONF line in /etc/default/mpd and save.

sudo systemctl enable mpd
sudo systemctl start mpd

Used the following to confirm mpd was running and listening on port 6600:

sudo systemctl status mpd
sudo journalctl -u mpd
sudo ss -lntup

Confirmed Debian version as 12:

source /etc/os-release
echo $VERSION_ID

Adapting instructions at https://jcorporation.github.io/myMPD/installation/prebuild-packages-debian ...

Changed 11 to 12 in the first, curl ... command.

curl http://download.opensuse.org/repositories/home:/jcorporation/Debian_12/Release.key > MyMPD_Release.key
sudo gpg --no-default-keyring --keyring /usr/share/keyrings/jcorporation.github.io.gpg --import < MyMPD_Release.key
gpg --no-default-keyring --keyring /usr/share/keyrings/jcorporation.github.io.gpg --fingerprint

The last command showed:

/usr/share/keyrings/jcorporation.github.io.gpg
----------------------------------------------
pub   rsa2048 2018-08-27 [SC] [expires: 2025-02-25]
      A37A ADC4 0A1C C6BE FB75  372F AA09 B8CC E895 BD7D
uid           [ unknown] home:jcorporation OBS Project <home:jcorporation@build.opensuse.org>

Continuing ...

sudo chmod 644 /usr/share/keyrings/jcorporation.github.io.gpg
sudo nano /etc/apt/sources.list.d/jcorporation.list

Pasted the following into the file via nano and saved:

deb [signed-by=/usr/share/keyrings/jcorporation.github.io.gpg] http://download.opensuse.org/repositories/home:/jcorporation/Debian_12/ ./

Confirmed its contents, and proceeded to install, enable, and start mympd and check its status:

cat /etc/apt/sources.list.d/jcorporation.list
sudo apt update
sudo apt install mympd
sudo journalctl -u mympd

mympd had failed to start because of missing server.pem file:

Nov 05 01:06:06 S02 systemd[1]: Started mympd.service - myMPD server daemon.
Nov 05 01:06:06 S02 mympd[4868]: NOTICE   mympd     Cache dir: "/var/cache/mympd"
Nov 05 01:06:06 S02 mympd[4868]: NOTICE   mympd     Work dir: "/var/lib/mympd"
Nov 05 01:06:06 S02 mympd[4868]: NOTICE   mympd     Config dir: "/var/lib/mympd/config" created
Nov 05 01:06:06 S02 mympd[4868]: NOTICE   mympd     Setting loglevel to NOTICE
Nov 05 01:06:06 S02 mympd[4868]: NOTICE   mympd     Starting myMPD 13.0.2
Nov 05 01:06:06 S02 mympd[4868]: NOTICE   mympd     Listening on http://[::]:80
Nov 05 01:06:06 S02 mympd[4868]: NOTICE   mympd     Listening on https://[::]:443
Nov 05 01:06:06 S02 mympd[4868]: ERROR    mympd     Error opening file "/var/lib/mympd/ssl/server.pem"
Nov 05 01:06:06 S02 mympd[4868]: ERROR    mympd     No such file or directory
Nov 05 01:06:06 S02 mympd[4868]: ERROR    mympd     Failure reading ssl key and cert from disc
Nov 05 01:06:06 S02 mympd[4868]: Exiting erroneous, thank you for using myMPD
Nov 05 01:06:06 S02 systemd[1]: mympd.service: Main process exited, code=exited, status=1/FAILURE
Nov 05 01:06:06 S02 systemd[1]: mympd.service: Failed with result 'exit-code'.

Per the documentation at https://jcorporation.github.io/myMPD/configuration/ssl a default certificate should have been automatically created.

Looking at /var/lib/mympd (which redirects to /var/lib/private/mympd there is on a single subdirectory of config. And it is empty.

Expected behavior

As per the documentation, I expected mympd to generate certificates it could use.

Screenshots

(Not applicable.)

Server plattform (please complete the following information):

• OS: Raspberry Pi OS Lite 64-bit dated October 10, 2023 from https://www.raspberrypi.com/software/operating-systems/#raspberry-pi-os-64-bit

• OS version: Linux 6.1.0-rpi4-rpi-v8 aarch64

• Platform: RaspberryPi 3 B+ Rev 1.3

• MPD version: 0.23.12

Client plattform (please complete the following information):

(Everything related to the issue is on the device, detailed above, running both MPD and MyMPD.)

Debug logs (please attach if it can be useful)

(See journalctl output above.)

Configuration (please attach if it can be useful)

As noted above, /var/lib/mympd contains only a config subdirectory, and it is empty.

mpd.conf is unchanged from what was distributed in the distribution packaging, shown by apt list mpd as:

 mpd/stable,now 0.23.12-1+b1 arm64 [installed]

Additional context

This worked as documented prior to v13.

I have another issue I was look to report, but I'll mention here: I use Easy-RSA to maintain a "certificate authority" for devices within my private network. Prior to V13, I was able to swap those in without an issue. In V13, this now fails when a browser client tries to connect with multiple errors of:

Nov 05 12:47:13 S02 mympd[969]: 80F1DDA77F000000:error:068000A8:asn1 encoding routines:asn1_check_tlen:wrong tag:../crypto/asn1/tasn_dec.c:1188:
Nov 05 12:47:13 S02 mympd[969]: 80F1DDA77F000000:error:0688010A:asn1 encoding routines:asn1_item_embed_d2i:nested asn1 error:../crypto/asn1/tasn_dec.c:349:Type=X509
Nov 05 12:47:13 S02 mympd[969]: ERROR    webserver 6bfe2  1 mongoose.c:905:mg_error        9 9 CERT err 1

The first of the two 9s increments from one message to the next. Perhaps there's more fields now expected in the Certificate than Easy-RSA is populating? If so, perhaps it could be added to the documentation.

But, as I said, I anticipated reporting this as a separate issue in due course.

[jcorporation]

Annoying bug, it was introduced in the adapation of the new ssl api of mongoose. It is now fixed in devel, can you test? I will release a fixed myMPD v13.0.3 soon.

[bj-github]

Just to confirm: I was able to compile and install the devel branch - identified as v13.0.4 - and start it as before, with default certificates created.

Alas, it did not fix the second issue I reported in the comments. I will create a new issue for that, with more specific details, in due course. Probably after the release which includes this fix.

[bj-github]

FWIW, also tried stopping MyMPD, removing the server.key and server.pem files in the ssl subdirectory, and restarting MyMPD. Those files were recreated as part of starting MyMPD as expected.