Project

General

Profile

Tâche #31860

Scénario #31671: Eolelisation du MITM "client" sur tous les modules EOLE

Installer l’autorité de certification du proxy lors du reconfigure

Added by Daniel Dehennin about 3 years ago. Updated about 3 years ago.

Status:
Fermé
Priority:
Normal
Assigned To:
Start date:
03/09/2021
Due date:
% Done:

100%

Remaining (hours):
0.0

Description

Actuellement, seul Query-Auto ou Maj-Auto mettent en place l’autorité de certification par un script pre :

root@scribe:~# Query-Auto -D
Mise à jour le mardi 09 mars 2021 13:57:13
Exécution des scripts /usr/share/eole/majauto_pre
run-parts: executing /usr/share/eole/majauto_pre/mitm
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping duplicate certificate in eole.pem
rehash: warning: skipping duplicate certificate in ISRG_Root_X1.pem
rehash: warning: skipping duplicate certificate in ca.crt
rehash: warning: skipping duplicate certificate in ca_local.crt
5 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Replacing debian:antsv3racine.pem
Replacing debian:igca.pem
Replacing debian:ca_proxy.pem
Replacing debian:antsv3racine.pem
Replacing debian:igca.pem
done.
done.
[…]

L’activation des variables et le reconfigure devrait suffire, des fois qu’un script postservice ait besoin de faire des requêtes externes.

Je propose d’installer l’autorité de certification tôt en postservice.

Associated revisions

Revision c5a48b67 (diff)
Added by Emmanuel GARETTE about 3 years ago

ne pas stopper maj si creoled a des problèmes (ref #31860)

Revision 239cde14 (diff)
Added by Emmanuel GARETTE about 3 years ago

telecharge le certificat MITM pendant reconfigure (ref #31860)

History

#1 Updated by Emmanuel GARETTE about 3 years ago

  • Status changed from Nouveau to Résolu
  • Assigned To set to Emmanuel GARETTE
  • % Done changed from 0 to 100

#2 Updated by Daniel Dehennin about 3 years ago

  • Status changed from Résolu to Fermé
  • Remaining (hours) set to 0.0

Le certificat est bien mis en place dès le reconfigure :

run-parts: executing /usr/share/eole/postservice/00-eole-common reconfigure
Updating certificates in /etc/ssl/certs...
rehash: warning: skipping duplicate certificate in eole.pem
rehash: warning: skipping duplicate certificate in ISRG_Root_X1.pem
rehash: warning: skipping duplicate certificate in ca.crt
rehash: warning: skipping duplicate certificate in ca_local.crt
5 added, 0 removed; done.
Running hooks in /etc/ca-certificates/update.d...

Replacing debian:antsv3racine.pem
Replacing debian:igca.pem
Replacing debian:ca_proxy.pem
Replacing debian:antsv3racine.pem
Replacing debian:igca.pem
done.
done.

Also available in: Atom PDF