-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Thu, 15 Aug 2019 16:20:50 +0200 Source: debian-edu-config Architecture: source Version: 2.10.67 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers <debian-...@lists.debian.org> Changed-By: Holger Levsen <hol...@debian.org> Closes: 934380 Changes: debian-edu-config (2.10.67) unstable; urgency=medium . [ Wolfgang Schweer ] * Adjust debian/debian-edu-config.fetch-ldap-cert. (Closes: #934380) - Use independent conditions to make sure that the LDAP server certificate is only downloaded once for both host and LTSP chroot. - Add code to validate the LDAP server certificate in case the Debian Edu RootCA certificate is available for download. . [ Mike Gabriel ] * Code review debian-edu-config.fetch-ldap-cert: - White-space-only change: Fix broken and inconsistent indentations. - Fully inline-document fetch-ldap-cert script. - Add "-f" option to all curl calls that don't have it set so far. This assures that curl bails out with a non-zero exit code, if anything goes wrong while retrieving certificate files. - Also report a successful certificate verification if we verified the LDAP server certificate using the Debian Edu RootCA. - Really check that the LDAP server uses a certificate issued by the "Debian Edu RootCA", not just by (some) "RootCA". - Add 2x FIXME about BUNDLECRT file removal from host and from LTSP chroots. - LTSP chroot certificate copying: only log those actions, if they are actually about to happen.. - Silence curl stderr and gnutls-cli stdout+stderr. - Certificate retrieval: Fix upgrade path for RootCA deployment. Re-run CERTFILE (and ROOTCACRT retrieval) until we have both on the client. This will lead to repetitive downloads of the CERTFILE on system boot. To get rid of this, people must upgrade their TJENERs from Debian Edu 10.0 to 10.1. Then it will stop. This hack is necessary to assure distribution of the RootCA to all clients that don't have it, yet. - Detach dependency of ROOTCACRT chroot copying and BUNDLECRT chroot copying from chroot copying of the CERTFILE. The chroot may have the CERTFILE, but not the ROOTCACRT, yet. This assures a smooth upgrade path from Debian Edu 10.0 to Debian Edu 10.1. - Do a simple validity check if a directory under /opt/ltsp really is a chroot (and e.g. not the SquashFS images' directory). Checksums-Sha1: 3bd8da91b4e9c3dbdf61e357dcd12b0516398229 1918 debian-edu-config_2.10.67.dsc a54a2cfe07829975ee8a258e0afd44dbc9987531 344664 debian-edu-config_2.10.67.tar.xz 87e735f6f2a8996b3852873742505b4e7515de69 5276 debian-edu-config_2.10.67_source.buildinfo Checksums-Sha256: 3b45bbe47a91000f13d4420d98a047f46b41e4b2758aa58b8bfe9235ddd94d41 1918 debian-edu-config_2.10.67.dsc 7fd13aeeae687972269ad4a60dba3bb4671cd12d5e519965432d1774af28c76e 344664 debian-edu-config_2.10.67.tar.xz 8df1a4f64d14c95622890593615d0675168ebd0c5590221940a6c820fc47b18b 5276 debian-edu-config_2.10.67_source.buildinfo Files: a842b5853927c469bee3ce05a7878108 1918 misc optional debian-edu-config_2.10.67.dsc eed77fc54f4b09e828205c5a336ba81c 344664 misc optional debian-edu-config_2.10.67.tar.xz 376de7c334d73b18d454c847e2de0acd 5276 misc optional debian-edu-config_2.10.67_source.buildinfo
-----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl1VaooACgkQCRq4Vgaa qhwnfQ/9Hw8QTdPD2t/qa3Af00eXx93Lxmtd2Fin6cMfMPkJxAaxZuGPS/eCp7Da kedNOU2zrERFZfCIARyj2qRuGhqKFA6PQUWGdEcSVX/+wj9OACNpQSwYnwrLVkGo hIIhZ7soNLYoLU78x4ouZ+LD5x7aVh3sy/7DJqQN4utdiwi/VHPMQl7g8mQefbEW w0DeeM0wp+rAabb+2Rr1P1Fo25pC5M7daet+GFniM/c2wRZ6A1KalTYyJKt7J4n3 bS9kmEmrjcYNtun8O3O6h15Asd762N7hYsMDiBMmy5zgyLW+27hToLAJg74VYnwu nL0mLRUykZcdyguAtLd0A8VZew/HEOrb9oQRBB+Fp0yntFxyUvAWd7UEvUjUtQjf NVjvMIEOd2A3yjri1SiuGUyTZkphmbYAeE3spB1/9AvtWGOV3lLTL3I5/F8VcGDW IvWbMvOojOy6Ulm7d2j28z2wTg7ECM4LWxFFkwuvDHc1a3fVEA5fNOw3k8IfABPZ QZhoLOJTcDgdz0dHPMpf2Qw1eoNhYL5Xidg+cwIgDS8OZyPKxgwsWgAls9mvgXwd KYOHVjLJ7yr1cQrYEt+JN1NAdWlisox36+KYbkKFMGnMDrR2leYtJEqN/ICh+kDM mBYwyHuOSfnTbXefykmncbcEppulNs/N6vhqMwZRirgq7CsRo0A= =QqbT -----END PGP SIGNATURE-----