Hi Mike, thanks for the fast feedback. On Wed, Jul 24, 2019 at 03:11:11PM +0000, Mike Gabriel wrote: > I am waiting for the system to come online again fully. The admin teacher at > that school has been pinged/pong. Good. > > + if curl -k https://www.intern/debian-edu-bundle.crt > $BUNDLECRT && \ > > > + grep -v -q 404 $BUNDLECRT ; then > > WARNING: you dropped the "-f" parameter from curl. Without "-f" curl always > exits with exit code 0, we should rather have curl to fail properly on > connection problems, DNS problems, etc. Further above, in the remove curl > call, I had added the "-f" option especially for better exit result > handling. > > Capturing curl issues by grepping for a 404 is IMHO incomplete. (Turn of > Apache2 and you won't get the 404 and curl | grep ends in some untested > realm). Good point; this should definitly be improved. > Furthermore, you operate on the bundle certificate file still for > buster<->buster setups. > > Have you tested with distributing just the rootCA file to the clients? Yes, works like expected. But then, one more change needs to get into 10.1 (share/debian-edu-config/tools/create-debian-edu-certs) and it won't be easy to handle this change upon upgrades. Please correct me if I'm wrong. Wolfgang
Attachment:
signature.asc
Description: PGP signature