Bug#944450: marked as done (should use policies file for firefox-esr and thunderbird PKI setup)

To: Holger Levsen <holger@debian.org>
Subject: Bug#944450: marked as done (should use policies file for firefox-esr and thunderbird PKI setup)
From: "Debian Bug Tracking System" <owner@bugs.debian.org>
Date: Wed, 13 Nov 2019 09:51:04 +0000
Message-id: <[🔎] handler.944450.D944450.157363858221895.ackdone@bugs.debian.org>
Reply-to: 944450@bugs.debian.org
References: <E1iUpHO-000BP7-0H@fasolo.debian.org> <[🔎] 20191110102239.GA4072@star>

Your message dated Wed, 13 Nov 2019 09:49:38 +0000
with message-id <E1iUpHO-000BP7-0H@fasolo.debian.org>
and subject line Bug#944450: fixed in debian-edu-config 2.11.9
has caused the Debian Bug report #944450,
regarding should use policies file for firefox-esr and thunderbird PKI setup
to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what this
message is talking about, this may indicate a serious mail system
misconfiguration somewhere. Please contact owner@bugs.debian.org
immediately.)


-- 
944450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944450
Debian Bug Tracking System
Contact owner@bugs.debian.org with problems

--- Begin Message ---

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: should use policies file for firefox-esr and thunderbird PKI setup
From: Wolfgang Schweer <w.schweer@gmx.de>
Date: Sun, 10 Nov 2019 11:22:39 +0100
Message-id: <[🔎] 20191110102239.GA4072@star>

Package: debian-edu-config
Version: 2.10.65+deb10u2
Severity: important

The method used for rootCA certificate integration for firefox-esr (>= 
68.2.0esr) is deprecated. Instead of touching each user's home 
directory, nowadays the use of a policies file is the recommended way to 
go. This has the benefit that it will be valid for thunderbird (>= 
68.2.1, atm in unstable) as well.

The policy file should be shipped as 
share/firefox-esr/distribution/policies.json and should have this content:

{
  "policies": {
    "Certificates": {
      "ImportEnterpriseRoots": true,
      "Install": [
        "/etc/ssl/certs/Debian-Edu_rootCA.crt"
      ]
    },
    "NewTabPage": false,
    "OverrideFirstRunPage": ""
  }
}

This makes sure that the Debian-Edu_rootCA.crt file gets installed as 
trusted certificate for firefox-esr and thunderbird. It also forces the 
Debian Edu startpage to be shown prominently like before (instead of the 
Firefox one) at first launch; the Firefox privacy page is available via 
a second tab (i.e. the both tabs are switched).

In addition, no longer needed files should be removed 
(share/debian-edu-config/{installs.ini,profiles.ini,profiles.ini.ff}) 
and these related tools should be adjusted 
(share/debian-edu-config/tools/{gosa-cate,create-user-nssdb,update-cert-dbs}, 
ldap-tools/ldap-debian-edu-install).

Wolfgang

Attachment: signature.asc
Description: PGP signature

--- End Message ---

--- Begin Message ---

To: 944450-close@bugs.debian.org
Subject: Bug#944450: fixed in debian-edu-config 2.11.9
From: Holger Levsen <holger@debian.org>
Date: Wed, 13 Nov 2019 09:49:38 +0000
Message-id: <E1iUpHO-000BP7-0H@fasolo.debian.org>

Source: debian-edu-config
Source-Version: 2.11.9

We believe that the bug you reported is fixed in the latest version of
debian-edu-config, which is due to be installed in the Debian FTP archive.

A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to 944450@bugs.debian.org,
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing ftpmaster@ftp-master.debian.org)


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Format: 1.8
Date: Wed, 13 Nov 2019 10:07:29 +0100
Source: debian-edu-config
Architecture: source
Version: 2.11.9
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Holger Levsen <holger@debian.org>
Closes: 944450
Changes:
 debian-edu-config (2.11.9) unstable; urgency=medium
 .
   [ Wolfgang Schweer ]
   * share/debian-edu-config/tools/kerberos-kdc-init:
     - Update kdc.conf content from template shipped with the krb5-kdc package.
       This fixes the recently broken Kerberos setup.
   * Replace workaround for rootCA certificate integration (both firefox-esr and
     thunderbird 68.2.x) with a nowadays recommended setup: (Closes: #944450)
     - Add policy file share/firefox-esr/distribution/policies.json.
       This makes sure that the Debian-Edu_rootCA.crt file gets installed as
       trusted certificate for firefox-esr and thunderbird.
       The policy also forces the Debian Edu startpage to be shown (instead of
       the Firefox one) at first launch; the Firefox privacy page is available
       via a second tab.
     - Drop share/debian-edu-config/{installs.ini,profiles.ini,profiles.ini.ff}.
       These files are no longer required.
     - Adjust related tools:
       + share/debian-edu-config/tools/gosa-create
       + share/debian-edu-config/tools/create-user-nssdb
       + share/debian-edu-config/tools/update-cert-dbs
       + ldap-tools/ldap-debian-edu-install
     - Adjust Makefile.
   * Drop workaround now that Squid bug #911325 has been fixed:
     - Remove share/debian-edu-config/squid.resolvconf
     - Adjust Makefile and cf3/cf.workarounds.
Checksums-Sha1:
 5e5b1f52ea50ccc22c3a4378a560017b54aab5a5 1914 debian-edu-config_2.11.9.dsc
 762f51a21163a29f913009a1aa6d6966d999ae94 340448 debian-edu-config_2.11.9.tar.xz
 b9ce2dc961381ca6bafa8f8d87202947a2f77cb9 5283 debian-edu-config_2.11.9_source.buildinfo
Checksums-Sha256:
 417bb9830ab36099e616d1c42685825a8cd38e7752d87f59cfd09fe25efbbd11 1914 debian-edu-config_2.11.9.dsc
 84462a8a28955718ddff665d9d6ca5970ba983ad68ffaae0aa45d2c256fa022d 340448 debian-edu-config_2.11.9.tar.xz
 070706fe0b047e594cd6785c886444aeadd5bf5203ca522dd93d0184eaccc7cf 5283 debian-edu-config_2.11.9_source.buildinfo
Files:
 2ca7e9b314587e669b52d876d5cba7df 1914 misc optional debian-edu-config_2.11.9.dsc
 60dd757c49f7d6db735cf56f466bb975 340448 misc optional debian-edu-config_2.11.9.tar.xz
 72f9e662cf7633310b9424128d4349d1 5283 misc optional debian-edu-config_2.11.9_source.buildinfo

-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl3LyUMACgkQCRq4Vgaa
qhyFoRAAgUSNHA13BgbpejuwO5jgzwFhps/pkwh+3Hks/PiN2YQQGfSl/sTwSqCU
LHw8vnWJU1i/bj8rIb6Mo449DyRARdQJZyUNPAPWgPbOOJpA1n19TzgxBlPAuAW+
iMxj4rJOZJpJL6T6HzYFxokpi4B3uUJfH/VI2NezlWpE8qQp+V+80ioQrPFTdAk5
aifdDEbd8aomAgmVRbY3DCF641MF7n7e8DL9VZXR9mohQf+8SaJahEFiw9FYCqrI
mkXOQJcTjSHzSZQ7o6tWLBhBCYZuEr9xEEOsg4wQCrUNWv5dwBwYtTflCdtV9b4S
Y80AaUgZ0uG0zR9dSed9NObHrtrEqquNxfnwL0UwfUw9Ctqd5TD4ig2QxdoMQg80
4LXFBInqKAuk1ubT1MuTwF3A+FedRW7lOGBqdneWYR5143SmdIfLOoXabhVn//jv
/QOwn7f5CEVKjgzYGGmzdo4ckbzuYxb0uvDe5zG6l0iLRJf+dC/qopF17IxgSqGL
iNX7vACEL0aybMvLBu3lB8B/Gk0W5GAcVbNIjFXL07yWBNXKLqf1e6OGnt/wanVf
PeRJ9WK4TQU4HRZEvSPFOXhq6wB0Q62T9kmauAzXAgvnLdQsqfdZqq//0DsBVjXW
V5jChP9yLlMXX6dsvJkE3L/lPz2BbNo1F1Sh3jyPFB6GHPM11/c=
=1ZRF
-----END PGP SIGNATURE-----

--- End Message ---

Reply to:

References:
- Bug#944450: should use policies file for firefox-esr and thunderbird PKI setup
  - From: Wolfgang Schweer <w.schweer@gmx.de>

Prev by Date: Processing of debian-edu-config_2.11.9_source.changes
Next by Date: debian-edu-config_2.11.9_source.changes ACCEPTED into unstable
Previous by thread: Bug#944450: should use policies file for firefox-esr and thunderbird PKI setup
Next by thread: Processed: tagging 944450
Index(es):
- Date
- Thread