[debian-edu-commits] debian-edu/ 01/01: Use Debian Edu SSL/TLS certificates for Xrdp.

Wolfgang Schweer schweer-guest at moszumanska.debian.org
Fri Dec 1 12:17:46 UTC 2017


This is an automated email from the git hooks/post-receive script.

schweer-guest pushed a commit to branch master
in repository debian-edu-config.

commit 49a12bc837d13b042071779e369a352464250164
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Fri Dec 1 13:11:27 2017 +0100

    Use Debian Edu SSL/TLS certificates for Xrdp.
    
    Add cfengine configuration file to set certificate links:
    - cf/cf.xrdp
    Adjust related files:
    - share/debian-edu-config/tools/create-debian-edu-certs
    - cf/cfengine.conf
    - Makefile
    - debian/changelog
---
 Makefile                                              | 1 +
 cf/cf.xrdp                                            | 8 ++++++++
 cf/cfengine.conf                                      | 1 +
 debian/changelog                                      | 4 +++-
 share/debian-edu-config/tools/create-debian-edu-certs | 1 +
 5 files changed, 14 insertions(+), 1 deletion(-)

diff --git a/Makefile b/Makefile
index 46d1a37..709afe8 100644
--- a/Makefile
+++ b/Makefile
@@ -66,6 +66,7 @@ CFFILES = \
 	cf.sysstat \
 	cf.testsetup \
 	cf.thunderbird \
+	cf.xrdp \
 	cfd.conf \
 	cfengine.conf
 
diff --git a/cf/cf.xrdp b/cf/cf.xrdp
new file mode 100644
index 0000000..7d71c9f
--- /dev/null
+++ b/cf/cf.xrdp
@@ -0,0 +1,8 @@
+links:
+
+  debian.installation::
+
+    /etc/xrdp/cert.pem ->! /etc/ssl/certs/debian-edu-server.crt
+		nofile=force
+    /etc/xrdp/key.pem ->! /etc/ssl/private/debian-edu-server.key
+		nofile=force
diff --git a/cf/cfengine.conf b/cf/cfengine.conf
index 50b1be1..6b2e6c5 100644
--- a/cf/cfengine.conf
+++ b/cf/cfengine.conf
@@ -124,6 +124,7 @@ import:
 			cf.squid
 			cf.sysstat
 			cf.thunderbird
+			cf.xrdp
 
 	debian.ltspserver.installation::
 			cf.ltsp
diff --git a/debian/changelog b/debian/changelog
index f26e4db..e309150 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ debian-edu-config (1.940) UNRELEASED; urgency=medium
 
   * Use trusted SSL/TLS secured connections in the internal network. Create a
     Debian Edu rootCA certificate and a signed certificate that can be used for
-    Apache, Cups, Exim and Dovecot. Firefox ESR, Chromium, Konqueror and
+    Apache, Cups, Exim, Dovecot and Xrdp. Firefox ESR, Chromium, Konqueror and
     Thunderbird will be configured accordingly so that users will no longer be
     bothered with certificate issues.
     - Add 'share/debian-edu-config/tools/create-debian-edu-certs'
@@ -23,6 +23,8 @@ debian-edu-config (1.940) UNRELEASED; urgency=medium
     - Add cfengine configuration files to configure the skeleton directories:
       + cf/cf.pki
       + cf/cf.thunderbird
+    - Add cfengine configuration file to set xrdp certificate links:
+      + cf/cf.xrdp
     - Adjust related cfengine configuration files:
       + cf/cf.apache2
       + cf/cf.chromium
diff --git a/share/debian-edu-config/tools/create-debian-edu-certs b/share/debian-edu-config/tools/create-debian-edu-certs
index ebfa328..e00e59e 100755
--- a/share/debian-edu-config/tools/create-debian-edu-certs
+++ b/share/debian-edu-config/tools/create-debian-edu-certs
@@ -50,6 +50,7 @@ generate() {
     logger -t create-debian-edu-certs "rootCA and server certs generated"
     # Enable Debian-exim to read key file.
     usermod -a -G ssl-cert Debian-exim
+    usermod -a -G ssl-cert xrdp
     # Add local trust for the created certificates.
     /usr/sbin/update-ca-certificates
     # Update dbm and sql certificate and key databases in homedirs.

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git



More information about the debian-edu-commits mailing list