Commit ea62c78e authored by Elena Grandi's avatar Elena Grandi
Browse files

Work around issues with easy-rsa (#1016759 in Debian).

parent df029cbe
Pipeline #484 passed with stage
in 1 minute and 12 seconds
......@@ -31,24 +31,33 @@
- name: Create skel for {{ssl_ca_name}} CA
command: make-cadir {{ssl_ca_name}}
args:
creates: "{{ssl_ca_defaults}}"
creates: "{{ssl_ca_dir}}/{{ssl_ca_name}}"
chdir: "{{ssl_ca_dir}}"
# Workaround for https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016759
# After that bug has been closed we should check which one is the right file to
# use and edit that.
- name: Remove var file
file:
path: "{{ssl_ca_defaults}}"
state: absent
- name: Initialize directories for {{ssl_ca_name}} CA
command: ./easyrsa init-pki
args:
creates: "{{ssl_ca_path}}/pki"
chdir: "{{ssl_ca_path}}"
- name: Setup default values for certificates
blockinfile:
dest: "{{ssl_ca_defaults}}"
#dest: "{{ssl_ca_defaults}}"
dest: "{{ssl_ca_path}}/pki/vars"
block: |
{% for var in easy_rsa_vars %}
set_var EASYRSA_{{var}} "{{easy_rsa_vars[var]}}"
{% endfor %}
register: results
- name: Initialize directories for {{ssl_ca_name}} CA
command: ./easyrsa init-pki
args:
creates: "{{ssl_ca_path}}/pki"
chdir: "{{ssl_ca_path}}"
- name: Create {{ssl_ca_name}} CA files
command: ./easyrsa build-ca nopass
args:
......
......@@ -13,6 +13,7 @@ fuss-server (12.0.0) UNRELEASED; urgency=medium
* Temporarily changed the algorithm for dnssec-keygen to RSASHA512.
* Temporarily disable squid-deb-proxy (not in testing).
* Updated configuration for ntp to apply to ntpsec.
* Work around issues with easy-rsa (#1016759 in Debian).
-- Elena Grandi <elena@truelite.it> Wed, 26 Oct 2022 10:20:35 +0200
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment