: VCS matches the version in the archive
- Git: https://salsa.debian.org/debian-edu/debian-edu-config
- Branch: master
- Path: debian/changelog
- Browser: https://salsa.debian.org/debian-edu/debian-edu-config
- Last scan: 2019-08-16 21:56:48+00
- Next scan: 2019-08-23 22:31:00+00
- Debian changelog in Git:
debian-edu-config (2.10.67) unstable; urgency=medium
[ Wolfgang Schweer ]
* Adjust debian/debian-edu-config.fetch-ldap-cert. (Closes: #934380)
- Use independent conditions to make sure that the LDAP server certificate
is only downloaded once for both host and LTSP chroot.
- Add code to validate the LDAP server certificate in case the Debian Edu
RootCA certificate is available for download.
[ Mike Gabriel ]
* Code review debian-edu-config.fetch-ldap-cert:
- White-space-only change: Fix broken and inconsistent indentations.
- Fully inline-document fetch-ldap-cert script.
- Add "-f" option to all curl calls that don't have it set so far.
This assures that curl bails out with a non-zero exit code, if anything
goes wrong while retrieving certificate files.
- Also report a successful certificate verification if we verified the
LDAP server certificate using the Debian Edu RootCA.
- Really check that the LDAP server uses a certificate issued by the
"Debian Edu RootCA", not just by (some) "RootCA".
- Add 2x FIXME about BUNDLECRT file removal from host and from LTSP chroots.
- LTSP chroot certificate copying: only log those actions, if they are
actually about to happen..
- Silence curl stderr and gnutls-cli stdout+stderr.
- Certificate retrieval: Fix upgrade path for RootCA deployment. Re-run
CERTFILE (and ROOTCACRT retrieval) until we have both on the client.
This will lead to repetitive downloads of the CERTFILE on system boot.
To get rid of this, people must upgrade their TJENERs from Debian Edu
10.0 to 10.1. Then it will stop. This hack is necessary to assure
distribution of the RootCA to all clients that don't have it, yet.
- Detach dependency of ROOTCACRT chroot copying and BUNDLECRT chroot
copying from chroot copying of the CERTFILE. The chroot may have the
CERTFILE, but not the ROOTCACRT, yet. This assures a smooth upgrade
path from Debian Edu 10.0 to Debian Edu 10.1.
- Do a simple validity check if a directory under /opt/ltsp really is
a chroot (and e.g. not the SquashFS images' directory).
-- Holger Levsen <firstname.lastname@example.org> Thu, 15 Aug 2019 16:20:50 +0200
- This branch is even with tag 2.10.67