[28641] in Source-Commits
auto-update commit: Remove MIT CA; depend curl and ca-certificates
daemon@ATHENA.MIT.EDU (Anders Kaseorg)
Sat Jun 25 22:11:29 2016
Date: Sat, 25 Jun 2016 22:11:26 -0400
From: Anders Kaseorg <andersk@mit.edu>
Message-Id: <201606260211.u5Q2BQsD023819@drugstore.mit.edu>
To: source-commits@mit.edu
https://github.com/mit-athena/auto-update/commit/e8a5183c3eeb0e5b8d2e27de003bfd4041cc2e51
commit e8a5183c3eeb0e5b8d2e27de003bfd4041cc2e51
Author: Anders Kaseorg <andersk@mit.edu>
Date: Thu Jun 23 03:32:25 2016 -0400
Remove MIT CA; depend curl and ca-certificates
debian/athena-auto-update | 5 ++---
debian/changelog | 7 +++++++
debian/control | 2 +-
debian/debathena-auto-update.install | 1 -
debian/mitCA.crt | 21 ---------------------
5 files changed, 10 insertions(+), 26 deletions(-)
diff --git a/debian/athena-auto-update b/debian/athena-auto-update
index 5a6ed14..39a3320 100644
--- a/debian/athena-auto-update
+++ b/debian/athena-auto-update
@@ -184,13 +184,12 @@ fi
UPDATE_HOOK_URL="https://athena10.mit.edu/update-hook/debathena-update-hook.sh"
UPDATE_HOOK_SUM="https://athena10.mit.edu/update-hook/debathena-update-hook-sha256sum"
-MITCA="/usr/share/debathena-auto-update/mitCA.crt"
UPDATE_HOOK="/var/run/debathena-update-hook.sh"
rm -f $UPDATE_HOOK
if [ "$RUN_UPDATE_HOOK" = "yes" ] && \
- curl -sf -o $UPDATE_HOOK --cacert $MITCA $UPDATE_HOOK_URL; then
- SHA256SUM="$(curl -sf --cacert $MITCA $UPDATE_HOOK_SUM)"
+ curl -sf -o "$UPDATE_HOOK" "$UPDATE_HOOK_URL"; then
+ SHA256SUM="$(curl -sf "$UPDATE_HOOK_SUM")"
rv=$?
if [ $rv != 0 ]; then
complain "Failed to retrieve $UPDATE_HOOK_SUM (curl returned $rv)"
diff --git a/debian/changelog b/debian/changelog
index 900ba07..ecc531c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,10 @@
+debathena-auto-update (1.48) unstable; urgency=medium
+
+ * Remove MIT CA, which no longer signs https://athena10.mit.edu.
+ * Depend curl and ca-certificates.
+
+ -- Anders Kaseorg <andersk@mit.edu> Thu, 23 Jun 2016 03:31:19 -0400
+
debathena-auto-update (1.47) unstable; urgency=low
* Disable CLEANUP_OLD_KERNELS, because it no longer works on Trusty,
diff --git a/debian/control b/debian/control
index 230d811..ffb673c 100644
--- a/debian/control
+++ b/debian/control
@@ -9,7 +9,7 @@ Package: debathena-auto-update
Architecture: all
# For dpkg-maintscript-helper
Pre-Depends: dpkg (>= 1.15.7.2~)
-Depends: ${misc:Depends}, debathena-desync, cron, aptitude, apt-file, kexec-tools, bc, debathena-license-config, debathena-athinfod (>= 10.1-0debathena1~)
+Depends: ${misc:Depends}, debathena-desync, cron, aptitude, apt-file, kexec-tools, bc, curl, ca-certificates, debathena-license-config, debathena-athinfod (>= 10.1-0debathena1~)
Breaks: debathena-reactivate (<< 2.0~)
Description: Performs automatic updates for Athena machines.
This package performs automatic updates for Athena machines.
diff --git a/debian/debathena-auto-update.install b/debian/debathena-auto-update.install
index c99af32..9307ed3 100644
--- a/debian/debathena-auto-update.install
+++ b/debian/debathena-auto-update.install
@@ -2,5 +2,4 @@ debian/athena-auto-update usr/sbin
debian/athena-auto-update.8 usr/share/man/man8
debian/athena-auto-upgrade usr/sbin
debian/athena-auto-upgrade.8 usr/share/man/man8
-debian/mitCA.crt usr/share/debathena-auto-update
debian/debathena-auto-update.defs etc/athena/athinfo.defs.d
diff --git a/debian/mitCA.crt b/debian/mitCA.crt
deleted file mode 100644
index 7738838..0000000
--- a/debian/mitCA.crt
+++ /dev/null
@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZTCCAs6gAwIBAgIBATANBgkqhkiG9w0BAQUFADB7MQswCQYDVQQGEwJVUzEW
-MBQGA1UECBMNTWFzc2FjaHVzZXR0czEuMCwGA1UEChMlTWFzc2FjaHVzZXR0cyBJ
-bnN0aXR1dGUgb2YgVGVjaG5vbG9neTEkMCIGA1UECxMbTUlUIENlcnRpZmljYXRp
-b24gQXV0aG9yaXR5MB4XDTA2MDQwODE2NTAwNFoXDTI2MDgwMTE2NTAwNFowezEL
-MAkGA1UEBhMCVVMxFjAUBgNVBAgTDU1hc3NhY2h1c2V0dHMxLjAsBgNVBAoTJU1h
-c3NhY2h1c2V0dHMgSW5zdGl0dXRlIG9mIFRlY2hub2xvZ3kxJDAiBgNVBAsTG01J
-VCBDZXJ0aWZpY2F0aW9uIEF1dGhvcml0eTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA09Dr51G1M3Wm2KOE6gJwXM+cIOALA4uORm4VJeF39mvEcN3UFgvMEYgx
-OAvufFkkV+mNzXX4UmPdMwzwT5+1/JGuMoWMGnVjGZiGHpIjsofz9cmmopdo8uyy
-Gq2z9e0J6sznvLRkUBXmVwAaesbe/uEwWFpdq7u0HBHsZMHTpFUCAwEAAaOB+DCB
-9TAdBgNVHQ4EFgQUU/WjDwZdZdiKj1JtafrrVS29iwwwgaUGA1UdIwSBnTCBmoAU
-U/WjDwZdZdiKj1JtafrrVS29iwyhf6R9MHsxCzAJBgNVBAYTAlVTMRYwFAYDVQQI
-Ew1NYXNzYWNodXNldHRzMS4wLAYDVQQKEyVNYXNzYWNodXNldHRzIEluc3RpdHV0
-ZSBvZiBUZWNobm9sb2d5MSQwIgYDVQQLExtNSVQgQ2VydGlmaWNhdGlvbiBBdXRo
-b3JpdHmCAQEwDAYDVR0TBAUwAwEB/zALBgNVHQ8EBAMCAQYwEQYJYIZIAYb4QgEB
-BAQDAgEGMA0GCSqGSIb3DQEBBQUAA4GBAMTjXyVdM89JlPTzoe3o5CIvUP6TrWMN
-Bm3/mSX5pXeZWbWLtdVfUgQ9mW6UBYXaQSUPmz9C09ZNBH8N3vOoDS5/jD8MMcV/
-U/rOAIb4v2bMRKpPweSINGm72Pv/Pg15t1sRcnatBK94orekYvfJa3PiPU/3pfge
-RYhCd9zByXr2
------END CERTIFICATE-----
