[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#771586: pre-approval/advice: debian-lan-config/0.17

Hi,

On Wed, Dec 03, 2014 at 07:51:56PM +0100, Ivo De Decker wrote:
> On Sun, Nov 30, 2014 at 10:45:13PM +0100, Andreas B. Mundt wrote:
[...]
> > Currently, I am aware of two issues that probably need minor changes
> > in debian-lan-config 0.17 to make it work as flawlessly as it works
> > right now:
> >
> > 1)  Modifications in dovecot (1:2.2.13-7, not yet in jessie) removed
> >     the creation of self signed certificates. This resulted in
> >     #771407, #771334.
> >
> >  --> The certificate handling has to be moved to debian-lan-config.
> >
> > 2)  di-netboot-assistant will hopefully/probably be updated to support
> >     jessie, cf. #759424
> >
> >  --> A workaround for the current di-netboot-assistant package can be
> >      removed from debian-lan-config.
> >
[...]
> > It would be great if you could share your opinion on that.
>
> You're correct that the Dec 5th deadline is very close. We can't really
> comment without patches. It's probably best to create a version based on what
> you know now and upload it to unstable before the weekend. Ideally, the
> changes should work with the packages currently in testing and with the
> packages fixing the bugs you listed above.
>

I have the fix ready in local git here, now.  Fortunately, there is already code
to create the certificate, but SSL has been disabled in the latest dovecot package ->
switch it on here.  The copying of the installer files checks now if they do not
exist already.

Tomorrow after work I will prepare the package as soon as I can.

diff --git a/fai/config/scripts/FAISERVER/50-di-netboot b/fai/config/scripts/FAISERVER/50-di-netboot
index ac10cbf..64a4796 100755
--- a/fai/config/scripts/FAISERVER/50-di-netboot
+++ b/fai/config/scripts/FAISERVER/50-di-netboot
@@ -106,11 +106,11 @@ $ROOTCMD di-netboot-assistant install $DISTRI --arch=i386
 $ROOTCMD di-netboot-assistant rebuild-menu

 # FIXME: Bug #759424
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/ldlinux.c32 /srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/libcom32.c32 /srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/libutil.c32 /srv/tftp/debian-installer/
-$ROOTCMD cp /usr/lib/syslinux/modules/bios/chain.c32 /srv/tftp/debian-installer/
-
+for FILE in ldlinux.c32 libcom32.c32 libutil.c32 ; do
+    if [ ! -e $target/srv/tftp/debian-installer/$FILE ] ; then
+        $ROOTCMD cp /usr/lib/syslinux/modules/bios/$FILE /srv/tftp/debian-installer/
+    fi
+done

 #wheezy:
 #d-i preseed/late_command string mkdir -p /target/var/lib/fai/config; \
diff --git a/fai/config/scripts/MAIL_SERVER/30-certs b/fai/config/scripts/MAIL_SERVER/30-certs
index 7235276..c1aa23f 100755
--- a/fai/config/scripts/MAIL_SERVER/30-certs
+++ b/fai/config/scripts/MAIL_SERVER/30-certs
@@ -40,6 +40,10 @@ if [ ! -f ${target}/$CONF ] ; then
     $ROOTCMD openssl req -config $CONF -new -x509 -days 7000 -nodes -out $CERT -keyout $KEY
     $ROOTCMD chmod 640 $KEY $CERT $CONF
     $ROOTCMD chown root:dovecot $KEY $CERT
+    # switch on SSL:
+    $ROOTCMD sed -i "s/^ssl = no/ssl = yes/" /etc/dovecot/conf.d/10-ssl.conf
+    $ROOTCMD sed -i "s/^#\(ssl_cert = .*\)$/\1/" /etc/dovecot/conf.d/10-ssl.conf
+    $ROOTCMD sed -i "s/^#\(ssl_key = .*\)$/\1/" /etc/dovecot/conf.d/10-ssl.conf
 else
     echo "${target}/$CONF exists, nothing done!"
 fi

> Please remove the moreinfo tag once the upload is in unstable.

I'll do that. Thanks and best regards,

     Andi
Reply to: