Ubuntu
ssl-cert package

Merge ~vorlon/ubuntu/+source/ssl-cert:lp.2037869 into ubuntu/+source/ssl-cert:ubuntu/devel

  1. Git
  2. lp:~vorlon/ubuntu/+source/ssl-cert
  3. lp.2037869
  4. Merge into ubuntu/devel
Proposed by Steve Langasek
Status: Merged
Merged at revision: 2d4f9e8c4ab1023522aac967789df414b1ff060a
Proposed branch: ~vorlon/ubuntu/+source/ssl-cert:lp.2037869
Merge into: ubuntu/+source/ssl-cert:ubuntu/devel
Diff against target: 60 lines (+23/-1)
4 files modified
debian/changelog (+9/-0)
debian/control (+2/-1)
debian/rules (+1/-0)
debian/ssl-cert.service (+11/-0)
Reviewer Review Type Date Requested Status
Michael Hudson-Doyle (community) Needs Information
Nick Rosbrook (community) Approve
Ubuntu Server Pending
Dan Bungert Pending
Review via email: mp+452495@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Nick Rosbrook (enr0n) wrote :

The service file looks appropriately configured for first-boot, so LGTM.

review: Approve
Revision history for this message
Steve Langasek (vorlon) wrote :

Unfortunately, discussing the subiquity side of this and talking to xnox, it seems we can't trust ConditionFirstBoot to be correct, so I'm looking at doing this with ConditionFileExists instead

Revision history for this message
Nick Rosbrook (enr0n) wrote :

> Unfortunately, discussing the subiquity side of this and talking to xnox, it
> seems we can't trust ConditionFirstBoot to be correct, so I'm looking at doing
> this with ConditionFileExists instead

Ah, yeah I should have added that this depends on certain behavior around /etc/machine-id (or potentially systemd.condition-first-boot).

Revision history for this message
Steve Langasek (vorlon) wrote :

Adjusted to use ConditionPathExists=!/etc/ssl/private/ssl-cert-snakeoil.key

Revision history for this message
Michael Hudson-Doyle (mwhudson) :
review: Needs Fixing
Revision history for this message
Steve Langasek (vorlon) wrote :

right, fixed up the systemd service properly, and did a boot test with it in lxd. looks better to me now, WDYT?

Revision history for this message
Michael Hudson-Doyle (mwhudson) wrote :

Still a bit of a quibble but I think it's a minor one if you just want to get this done.

review: Needs Information
Revision history for this message
Steve Langasek (vorlon) :

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
diff --git a/debian/changelog b/debian/changelog
index 5e91747..b833c4c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,12 @@
1ssl-cert (1.1.2ubuntu1) mantic; urgency=medium
2
3 * Add a systemd unit to generate a fresh private key for each
4 installed system when ssl-cert is preinstalled in installation media
5 (true for all Ubuntu and flavor desktop live images today).
6 LP: #2037869.
7
8 -- Steve Langasek <steve.langasek@ubuntu.com> Sat, 30 Sep 2023 21:19:41 -0700
9
1ssl-cert (1.1.2) unstable; urgency=medium10ssl-cert (1.1.2) unstable; urgency=medium
211
3 [ Simon Chopin ]12 [ Simon Chopin ]
diff --git a/debian/control b/debian/control
index 86165ba..ffd71ed 100644
--- a/debian/control
+++ b/debian/control
@@ -1,7 +1,8 @@
1Source: ssl-cert1Source: ssl-cert
2Section: utils2Section: utils
3Priority: optional3Priority: optional
4Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>4Maintainer: Ubuntu Developers <ubuntu-devel-discuss@lists.ubuntu.com>
5XSBC-Original-Maintainer: Debian Apache Maintainers <debian-apache@lists.debian.org>
5Uploaders: Stefan Fritsch <sf@debian.org>6Uploaders: Stefan Fritsch <sf@debian.org>
6Build-Depends: debhelper-compat (= 12), po-debconf7Build-Depends: debhelper-compat (= 12), po-debconf
7Standards-Version: 4.6.08Standards-Version: 4.6.0
diff --git a/debian/rules b/debian/rules
index 23d1661..ca6320d 100755
--- a/debian/rules
+++ b/debian/rules
@@ -6,6 +6,7 @@ install:
6 dh_clean6 dh_clean
7 dh_installdirs7 dh_installdirs
8 dh_installdocs README8 dh_installdocs README
9 dh_installsystemd
9 dh_installman make-ssl-cert.810 dh_installman make-ssl-cert.8
10 dh_installchangelogs11 dh_installchangelogs
11 dh_lintian12 dh_lintian
diff --git a/debian/ssl-cert.service b/debian/ssl-cert.service
12new file mode 10064413new file mode 100644
index 0000000..09665f2
--- /dev/null
+++ b/debian/ssl-cert.service
@@ -0,0 +1,11 @@
1[Unit]
2Description=Generate snakeoil SSL keypair
3ConditionPathExists=!/etc/ssl/private/ssl-cert-snakeoil.key
4
5[Service]
6Type=oneshot
7RemainAfterExit=yes
8ExecStart=-/usr/sbin/make-ssl-cert generate-default-snakeoil --force-overwrite
9
10[Install]
11WantedBy=multi-user.target

Subscribers

People subscribed via source and target branches