Package: debian-edu-config
Version: 2.10.65+deb10u2
Severity: important
The method used for rootCA certificate integration for firefox-esr (>=
68.2.0esr) is deprecated. Instead of touching each user's home
directory, nowadays the use of a policies file is the recommended way to
go. This has the benefit that it will be valid for thunderbird (>=
68.2.1, atm in unstable) as well.
The policy file should be shipped as
share/firefox-esr/distribution/policies.json and should have this content:
{
"policies": {
"Certificates": {
"ImportEnterpriseRoots": true,
"Install": [
"/etc/ssl/certs/Debian-Edu_rootCA.crt"
]
},
"NewTabPage": false,
"OverrideFirstRunPage": ""
}
}
This makes sure that the Debian-Edu_rootCA.crt file gets installed as
trusted certificate for firefox-esr and thunderbird. It also forces the
Debian Edu startpage to be shown prominently like before (instead of the
Firefox one) at first launch; the Firefox privacy page is available via
a second tab (i.e. the both tabs are switched).
In addition, no longer needed files should be removed
(share/debian-edu-config/{installs.ini,profiles.ini,profiles.ini.ff})
and these related tools should be adjusted
(share/debian-edu-config/tools/{gosa-cate,create-user-nssdb,update-cert-dbs},
ldap-tools/ldap-debian-edu-install).
Wolfgang
Attachment:
signature.asc
Description: PGP signature