Your message dated Wed, 13 Nov 2019 09:49:38 +0000 with message-id <E1iUpHO-000BP7-0H@fasolo.debian.org> and subject line Bug#944450: fixed in debian-edu-config 2.11.9 has caused the Debian Bug report #944450, regarding should use policies file for firefox-esr and thunderbird PKI setup to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 944450: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=944450 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: should use policies file for firefox-esr and thunderbird PKI setup
- From: Wolfgang Schweer <w.schweer@gmx.de>
- Date: Sun, 10 Nov 2019 11:22:39 +0100
- Message-id: <[🔎] 20191110102239.GA4072@star>
Package: debian-edu-config Version: 2.10.65+deb10u2 Severity: important The method used for rootCA certificate integration for firefox-esr (>= 68.2.0esr) is deprecated. Instead of touching each user's home directory, nowadays the use of a policies file is the recommended way to go. This has the benefit that it will be valid for thunderbird (>= 68.2.1, atm in unstable) as well. The policy file should be shipped as share/firefox-esr/distribution/policies.json and should have this content: { "policies": { "Certificates": { "ImportEnterpriseRoots": true, "Install": [ "/etc/ssl/certs/Debian-Edu_rootCA.crt" ] }, "NewTabPage": false, "OverrideFirstRunPage": "" } } This makes sure that the Debian-Edu_rootCA.crt file gets installed as trusted certificate for firefox-esr and thunderbird. It also forces the Debian Edu startpage to be shown prominently like before (instead of the Firefox one) at first launch; the Firefox privacy page is available via a second tab (i.e. the both tabs are switched). In addition, no longer needed files should be removed (share/debian-edu-config/{installs.ini,profiles.ini,profiles.ini.ff}) and these related tools should be adjusted (share/debian-edu-config/tools/{gosa-cate,create-user-nssdb,update-cert-dbs}, ldap-tools/ldap-debian-edu-install). WolfgangAttachment: signature.asc
Description: PGP signature
--- End Message ---
--- Begin Message ---
- To: 944450-close@bugs.debian.org
- Subject: Bug#944450: fixed in debian-edu-config 2.11.9
- From: Holger Levsen <holger@debian.org>
- Date: Wed, 13 Nov 2019 09:49:38 +0000
- Message-id: <E1iUpHO-000BP7-0H@fasolo.debian.org>
Source: debian-edu-config Source-Version: 2.11.9 We believe that the bug you reported is fixed in the latest version of debian-edu-config, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 944450@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Holger Levsen <holger@debian.org> (supplier of updated debian-edu-config package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Format: 1.8 Date: Wed, 13 Nov 2019 10:07:29 +0100 Source: debian-edu-config Architecture: source Version: 2.11.9 Distribution: unstable Urgency: medium Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Holger Levsen <holger@debian.org> Closes: 944450 Changes: debian-edu-config (2.11.9) unstable; urgency=medium . [ Wolfgang Schweer ] * share/debian-edu-config/tools/kerberos-kdc-init: - Update kdc.conf content from template shipped with the krb5-kdc package. This fixes the recently broken Kerberos setup. * Replace workaround for rootCA certificate integration (both firefox-esr and thunderbird 68.2.x) with a nowadays recommended setup: (Closes: #944450) - Add policy file share/firefox-esr/distribution/policies.json. This makes sure that the Debian-Edu_rootCA.crt file gets installed as trusted certificate for firefox-esr and thunderbird. The policy also forces the Debian Edu startpage to be shown (instead of the Firefox one) at first launch; the Firefox privacy page is available via a second tab. - Drop share/debian-edu-config/{installs.ini,profiles.ini,profiles.ini.ff}. These files are no longer required. - Adjust related tools: + share/debian-edu-config/tools/gosa-create + share/debian-edu-config/tools/create-user-nssdb + share/debian-edu-config/tools/update-cert-dbs + ldap-tools/ldap-debian-edu-install - Adjust Makefile. * Drop workaround now that Squid bug #911325 has been fixed: - Remove share/debian-edu-config/squid.resolvconf - Adjust Makefile and cf3/cf.workarounds. Checksums-Sha1: 5e5b1f52ea50ccc22c3a4378a560017b54aab5a5 1914 debian-edu-config_2.11.9.dsc 762f51a21163a29f913009a1aa6d6966d999ae94 340448 debian-edu-config_2.11.9.tar.xz b9ce2dc961381ca6bafa8f8d87202947a2f77cb9 5283 debian-edu-config_2.11.9_source.buildinfo Checksums-Sha256: 417bb9830ab36099e616d1c42685825a8cd38e7752d87f59cfd09fe25efbbd11 1914 debian-edu-config_2.11.9.dsc 84462a8a28955718ddff665d9d6ca5970ba983ad68ffaae0aa45d2c256fa022d 340448 debian-edu-config_2.11.9.tar.xz 070706fe0b047e594cd6785c886444aeadd5bf5203ca522dd93d0184eaccc7cf 5283 debian-edu-config_2.11.9_source.buildinfo Files: 2ca7e9b314587e669b52d876d5cba7df 1914 misc optional debian-edu-config_2.11.9.dsc 60dd757c49f7d6db735cf56f466bb975 340448 misc optional debian-edu-config_2.11.9.tar.xz 72f9e662cf7633310b9424128d4349d1 5283 misc optional debian-edu-config_2.11.9_source.buildinfo -----BEGIN PGP SIGNATURE----- iQIzBAEBCgAdFiEEuL9UE3sJ01zwJv6dCRq4VgaaqhwFAl3LyUMACgkQCRq4Vgaa qhyFoRAAgUSNHA13BgbpejuwO5jgzwFhps/pkwh+3Hks/PiN2YQQGfSl/sTwSqCU LHw8vnWJU1i/bj8rIb6Mo449DyRARdQJZyUNPAPWgPbOOJpA1n19TzgxBlPAuAW+ iMxj4rJOZJpJL6T6HzYFxokpi4B3uUJfH/VI2NezlWpE8qQp+V+80ioQrPFTdAk5 aifdDEbd8aomAgmVRbY3DCF641MF7n7e8DL9VZXR9mohQf+8SaJahEFiw9FYCqrI mkXOQJcTjSHzSZQ7o6tWLBhBCYZuEr9xEEOsg4wQCrUNWv5dwBwYtTflCdtV9b4S Y80AaUgZ0uG0zR9dSed9NObHrtrEqquNxfnwL0UwfUw9Ctqd5TD4ig2QxdoMQg80 4LXFBInqKAuk1ubT1MuTwF3A+FedRW7lOGBqdneWYR5143SmdIfLOoXabhVn//jv /QOwn7f5CEVKjgzYGGmzdo4ckbzuYxb0uvDe5zG6l0iLRJf+dC/qopF17IxgSqGL iNX7vACEL0aybMvLBu3lB8B/Gk0W5GAcVbNIjFXL07yWBNXKLqf1e6OGnt/wanVf PeRJ9WK4TQU4HRZEvSPFOXhq6wB0Q62T9kmauAzXAgvnLdQsqfdZqq//0DsBVjXW V5jChP9yLlMXX6dsvJkE3L/lPz2BbNo1F1Sh3jyPFB6GHPM11/c= =1ZRF -----END PGP SIGNATURE-----
--- End Message ---