Instead we will the use the CA certificate provided by the
ca-certificates packages, which is now a mandatory depency of
pve-manager since
067d24db982be44ff64cb5eb61a3297bba6afdc9 and
pve-manager 4.2-17. This change allows us in the future to
use different CA for our https repositories.
This changed has been tested OK with the following combination:
* https repository using a StartCom certificate: works
* https repository using a Let's encrypt certificate: works
User visible changes:
* none : the new configuration file 75pveconf silently
overwrites the olderone, except if local changes were made
in which case you're presented with the traditional debian menu
(keep local/ use packager version/ diff / open a shell)
%:
set -e && for i in ${SUBDIRS}; do ${MAKE} -C $$i $@; done
%:
set -e && for i in ${SUBDIRS}; do ${MAKE} -C $$i $@; done
-pve-repo-ca-certificates.crt:
- rm -rf ca-tmp
- mkdir ca-tmp
- cd ca-tmp; wget http://aia.startssl.com/certs/sub.class1.server.ca.pem
- cd ca-tmp; wget http://aia.startssl.com/certs/ca.pem
- cd ca-tmp; cat *.pem >../$@
-
.PHONY: dinstall
dinstall: ${DEB}
dpkg -i ${DEB}
.PHONY: dinstall
dinstall: ${DEB}
dpkg -i ${DEB}
# rsync po/*.po po/pve-manager.pot pve.proxmox.com:/home/ftp/sources/po-files/
.PHONY: install
# rsync po/*.po po/pve-manager.pot pve.proxmox.com:/home/ftp/sources/po-files/
.PHONY: install
-install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf pve-repo-ca-certificates.crt mtu bridgevlan bridgevlanport vlan vlan-down
+install: country.dat vznet.conf vzdump.conf vzdump-hook-script.pl pve-apt.conf mtu bridgevlan bridgevlanport vlan vlan-down
install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
install -d ${DESTDIR}/usr/share/${PACKAGE}
install -d -m 0700 -o www-data -g www-data ${DESTDIR}/var/log/pveproxy
install -D -m 0644 debian/pve.logrotate ${DESTDIR}/etc/logrotate.d/pve
install -d ${DESTDIR}/usr/share/${PACKAGE}
install -D -m 0644 pve-apt.conf ${DESTDIR}/etc/apt/apt.conf.d/75pveconf
install -D -m 0644 pve-sources.list ${DESTDIR}/etc/apt/sources.list.d/pve-enterprise.list
install -D -m 0644 pve-blacklist.conf ${DESTDIR}/etc/modprobe.d/pve-blacklist.conf
install -D -m 0644 pve-apt.conf ${DESTDIR}/etc/apt/apt.conf.d/75pveconf
install -D -m 0644 pve-sources.list ${DESTDIR}/etc/apt/sources.list.d/pve-enterprise.list
install -D -m 0644 pve-blacklist.conf ${DESTDIR}/etc/modprobe.d/pve-blacklist.conf
- install -D -m 0644 pve-repo-ca-certificates.crt ${DESTDIR}/etc/apt/pve-repo-ca-certificates.crt
install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf
install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf
install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu
install -D -m 0644 vzdump.conf ${DESTDIR}/etc/vzdump.conf
install -D -m 0755 vznet.conf ${DESTDIR}/etc/vz/vznet.conf
install -D -m 0755 mtu ${DESTDIR}/etc/network/if-up.d/mtu
/etc/vzdump.conf
/etc/logrotate.d/pve
/etc/apt/apt.conf.d/75pveconf
/etc/vzdump.conf
/etc/logrotate.d/pve
/etc/apt/apt.conf.d/75pveconf
-/etc/apt/pve-repo-ca-certificates.crt
/etc/apt/sources.list.d/pve-enterprise.list
/etc/network/if-up.d/mtu
/etc/network/if-pre-up.d/vlan
/etc/apt/sources.list.d/pve-enterprise.list
/etc/network/if-up.d/mtu
/etc/network/if-pre-up.d/vlan
-
-Acquire::https::enterprise.proxmox.com::CaInfo "/etc/apt/pve-repo-ca-certificates.crt";
-Acquire::https::enterprise.proxmox.com::Verify-Peer "true";
\ No newline at end of file