Bug#771586: pre-approval/advice: debian-lan-config/0.17
Hi,
On Wed, Dec 03, 2014 at 07:51:56PM +0100, Ivo De Decker wrote:
> On Sun, Nov 30, 2014 at 10:45:13PM +0100, Andreas B. Mundt wrote:
[...]
> > Currently, I am aware of two issues that probably need minor changes
> > in debian-lan-config 0.17 to make it work as flawlessly as it works
> > right now:
> >
> > 1) Modifications in dovecot (1:2.2.13-7, not yet in jessie) removed
> > the creation of self signed certificates. This resulted in
> > #771407, #771334.
> >
> > --> The certificate handling has to be moved to debian-lan-config.
> >
> > 2) di-netboot-assistant will hopefully/probably be updated to support
> > jessie, cf. #759424
> >
> > --> A workaround for the current di-netboot-assistant package can be
> > removed from debian-lan-config.
> >
[...]
> > It would be great if you could share your opinion on that.
>
> You're correct that the Dec 5th deadline is very close. We can't really
> comment without patches. It's probably best to create a version based on what
> you know now and upload it to unstable before the weekend. Ideally, the
> changes should work with the packages currently in testing and with the
> packages fixing the bugs you listed above.
>
I have the fix ready in local git here, now. Fortunately, there is already code
to create the certificate, but SSL has been disabled in the latest dovecot package ->
switch it on here. The copying of the installer files checks now if they do not
exist already.
Tomorrow after work I will prepare the package as soon as I can.
diff --git a/fai/config/scripts/FAISERVER/50-di-netboot b/fai/config/scripts/FAISERVER/50-di-netboot
index ac10cbf..64a4796 100755
--- a/fai/config/scripts/FAISERVER/50-di-netboot
+++ b/fai/config/scripts/FAISERVER/50-di-netboot
@@ -106,11 +106,11 @@ $ROOTCMD di-netboot-assistant install $DISTRI --arch=i386
$ROOTCMD di-netboot-assistant rebuild-menu
# FIXME: Bug #759424
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/ldlinux.c32 /srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/libcom32.c32 /srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/libutil.c32 /srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/chain.c32 /srv/tftp/debian-installer/
-
+for FILE in ldlinux.c32 libcom32.c32 libutil.c32 ; do
+ if [ ! -e $target/srv/tftp/debian-installer/$FILE ] ; then
+ $ROOTCMD cp /usr/lib/syslinux/modules/bios/$FILE /srv/tftp/debian-installer/
+ fi
+done
#wheezy:
#d-i preseed/late_command string mkdir -p /target/var/lib/fai/config; \
diff --git a/fai/config/scripts/MAIL_SERVER/30-certs b/fai/config/scripts/MAIL_SERVER/30-certs
index 7235276..c1aa23f 100755
--- a/fai/config/scripts/MAIL_SERVER/30-certs
+++ b/fai/config/scripts/MAIL_SERVER/30-certs
@@ -40,6 +40,10 @@ if [ ! -f ${target}/$CONF ] ; then
$ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
$ROOTCMD chmod 640 $KEY $CERT $CONF
$ROOTCMD chown root:dovecot $KEY $CERT
+ # switch on SSL:
+ $ROOTCMD sed -i "s/^ssl = no/ssl = yes/" /etc/dovecot/conf.d/10-ssl.conf
+ $ROOTCMD sed -i "s/^#\(ssl_cert = .*\)$/\1/" /etc/dovecot/conf.d/10-ssl.conf
+ $ROOTCMD sed -i "s/^#\(ssl_key = .*\)$/\1/" /etc/dovecot/conf.d/10-ssl.conf
else
echo "${target}/$CONF exists, nothing done!"
fi
> Please remove the moreinfo tag once the upload is in unstable.
I'll do that. Thanks and best regards,
Andi
Reply to: