[debian-edu-commits] debian-edu/ 01/01: Use Debian Edu SSL/TLS certificates for Xrdp.
Wolfgang Schweer
schweer-guest at moszumanska.debian.org
Fri Dec 1 12:17:46 UTC 2017
This is an automated email from the git hooks/post-receive script.
schweer-guest pushed a commit to branch master
in repository debian-edu-config.
commit 49a12bc837d13b042071779e369a352464250164
Author: Wolfgang Schweer <wschweer at arcor.de>
Date: Fri Dec 1 13:11:27 2017 +0100
Use Debian Edu SSL/TLS certificates for Xrdp.
Add cfengine configuration file to set certificate links:
- cf/cf.xrdp
Adjust related files:
- share/debian-edu-config/tools/create-debian-edu-certs
- cf/cfengine.conf
- Makefile
- debian/changelog
---
Makefile | 1 +
cf/cf.xrdp | 8 ++++++++
cf/cfengine.conf | 1 +
debian/changelog | 4 +++-
share/debian-edu-config/tools/create-debian-edu-certs | 1 +
5 files changed, 14 insertions(+), 1 deletion(-)
diff --git a/Makefile b/Makefile
index 46d1a37..709afe8 100644
--- a/Makefile
+++ b/Makefile
@@ -66,6 +66,7 @@ CFFILES = \
cf.sysstat \
cf.testsetup \
cf.thunderbird \
+ cf.xrdp \
cfd.conf \
cfengine.conf
diff --git a/cf/cf.xrdp b/cf/cf.xrdp
new file mode 100644
index 0000000..7d71c9f
--- /dev/null
+++ b/cf/cf.xrdp
@@ -0,0 +1,8 @@
+links:
+
+ debian.installation::
+
+ /etc/xrdp/cert.pem ->! /etc/ssl/certs/debian-edu-server.crt
+ nofile=force
+ /etc/xrdp/key.pem ->! /etc/ssl/private/debian-edu-server.key
+ nofile=force
diff --git a/cf/cfengine.conf b/cf/cfengine.conf
index 50b1be1..6b2e6c5 100644
--- a/cf/cfengine.conf
+++ b/cf/cfengine.conf
@@ -124,6 +124,7 @@ import:
cf.squid
cf.sysstat
cf.thunderbird
+ cf.xrdp
debian.ltspserver.installation::
cf.ltsp
diff --git a/debian/changelog b/debian/changelog
index f26e4db..e309150 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -2,7 +2,7 @@ debian-edu-config (1.940) UNRELEASED; urgency=medium
* Use trusted SSL/TLS secured connections in the internal network. Create a
Debian Edu rootCA certificate and a signed certificate that can be used for
- Apache, Cups, Exim and Dovecot. Firefox ESR, Chromium, Konqueror and
+ Apache, Cups, Exim, Dovecot and Xrdp. Firefox ESR, Chromium, Konqueror and
Thunderbird will be configured accordingly so that users will no longer be
bothered with certificate issues.
- Add 'share/debian-edu-config/tools/create-debian-edu-certs'
@@ -23,6 +23,8 @@ debian-edu-config (1.940) UNRELEASED; urgency=medium
- Add cfengine configuration files to configure the skeleton directories:
+ cf/cf.pki
+ cf/cf.thunderbird
+ - Add cfengine configuration file to set xrdp certificate links:
+ + cf/cf.xrdp
- Adjust related cfengine configuration files:
+ cf/cf.apache2
+ cf/cf.chromium
diff --git a/share/debian-edu-config/tools/create-debian-edu-certs b/share/debian-edu-config/tools/create-debian-edu-certs
index ebfa328..e00e59e 100755
--- a/share/debian-edu-config/tools/create-debian-edu-certs
+++ b/share/debian-edu-config/tools/create-debian-edu-certs
@@ -50,6 +50,7 @@ generate() {
logger -t create-debian-edu-certs "rootCA and server certs generated"
# Enable Debian-exim to read key file.
usermod -a -G ssl-cert Debian-exim
+ usermod -a -G ssl-cert xrdp
# Add local trust for the created certificates.
/usr/sbin/update-ca-certificates
# Update dbm and sql certificate and key databases in homedirs.
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git
More information about the debian-edu-commits
mailing list