Peter Palfrader [Wed, 11 Feb 2015 13:22:00 +0000 (14:22 +0100)]
system shutdown check with systemd
Tollef Fog Heen [Wed, 11 Feb 2015 12:51:18 +0000 (13:51 +0100)]
Drop no longer in use office network
Peter Palfrader [Tue, 10 Feb 2015 10:38:40 +0000 (11:38 +0100)]
Replace a tab with spaces in python code
Peter Palfrader [Tue, 10 Feb 2015 10:38:20 +0000 (11:38 +0100)]
Kill evil spaces
Peter Palfrader [Mon, 9 Feb 2015 18:22:01 +0000 (19:22 +0100)]
Make ud-replicated depend on syslog.service
Peter Palfrader [Mon, 9 Feb 2015 12:01:14 +0000 (13:01 +0100)]
make dsa-check-libs +x
Peter Palfrader [Mon, 9 Feb 2015 09:30:18 +0000 (10:30 +0100)]
Fix path
Peter Palfrader [Mon, 9 Feb 2015 09:28:16 +0000 (10:28 +0100)]
Ship dsa-check-libs via puppet for now
Peter Palfrader [Sun, 8 Feb 2015 13:01:55 +0000 (14:01 +0100)]
apache 2.4 config for default vhost
Peter Palfrader [Sun, 8 Feb 2015 07:58:55 +0000 (08:58 +0100)]
rossini out of ekey
Peter Palfrader [Sat, 7 Feb 2015 18:58:31 +0000 (19:58 +0100)]
remove villa from no-backup
Peter Palfrader [Sat, 7 Feb 2015 18:31:53 +0000 (19:31 +0100)]
set listen=NO in vsftpd
Peter Palfrader [Sat, 7 Feb 2015 18:20:42 +0000 (19:20 +0100)]
apache 2.4 compatbile security.d.o
Peter Palfrader [Sat, 7 Feb 2015 18:19:19 +0000 (19:19 +0100)]
Make a template out of the security.d.o apache conf
Peter Palfrader [Sat, 7 Feb 2015 18:12:14 +0000 (19:12 +0100)]
syntax fix
Peter Palfrader [Sat, 7 Feb 2015 18:11:28 +0000 (19:11 +0100)]
apache 2.4 sites stuff
Tollef Fog Heen [Wed, 4 Feb 2015 19:32:03 +0000 (20:32 +0100)]
postmasterish is not a spam trap, put that after host and sender address blacklist
Luca Filipozzi [Mon, 2 Feb 2015 03:16:26 +0000 (03:16 +0000)]
move entropy key from salieri to rossini
Peter Palfrader [Wed, 28 Jan 2015 17:30:31 +0000 (18:30 +0100)]
Get rid of always broken http.d.net
Peter Palfrader [Wed, 28 Jan 2015 13:24:31 +0000 (14:24 +0100)]
Ignore /etc/nagios/check-libs.conf
Peter Palfrader [Wed, 28 Jan 2015 13:16:40 +0000 (14:16 +0100)]
Push nagios check-libs.conf via puppet
Peter Palfrader [Wed, 28 Jan 2015 13:09:30 +0000 (14:09 +0100)]
Add nagios plugins to root's PATH
Peter Palfrader [Tue, 27 Jan 2015 23:15:52 +0000 (00:15 +0100)]
Allow nagios to run dsa-check-libs under sudo
Peter Palfrader [Mon, 26 Jan 2015 20:37:27 +0000 (21:37 +0100)]
Add minkus to porterboxes
Peter Palfrader [Thu, 22 Jan 2015 09:37:49 +0000 (10:37 +0100)]
Blacklist hatemshaheen21@yahoo.com
Peter Palfrader [Thu, 15 Jan 2015 22:36:56 +0000 (23:36 +0100)]
Make buildd-schroot-aptitude-kill work on jessie
Peter Palfrader [Wed, 14 Jan 2015 21:56:32 +0000 (22:56 +0100)]
I think we want to ignore errors here
Peter Palfrader [Wed, 14 Jan 2015 21:43:28 +0000 (22:43 +0100)]
Try porting torproject changes: support excluding mirror for a single static component
Julien Cristau [Sat, 10 Jan 2015 15:18:33 +0000 (16:18 +0100)]
Add root ssh key for jcristau
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Fri, 9 Jan 2015 19:00:44 +0000 (20:00 +0100)]
New leap second
Paul Wise [Wed, 7 Jan 2015 15:12:58 +0000 (23:12 +0800)]
rt-mailgate needs the ca-debian workaround too
Paul Wise [Wed, 7 Jan 2015 07:06:52 +0000 (15:06 +0800)]
The snakeoil key is handled by puppet also.
Paul Wise [Wed, 7 Jan 2015 06:43:04 +0000 (14:43 +0800)]
We still have some debian.org certs signed by SPI and USERFirst
Paul Wise [Wed, 7 Jan 2015 06:11:01 +0000 (14:11 +0800)]
Trailing line ending characters are sometimes nice
Paul Wise [Wed, 7 Jan 2015 06:09:14 +0000 (14:09 +0800)]
Fix typo
Paul Wise [Wed, 31 Dec 2014 02:32:55 +0000 (10:32 +0800)]
Enforce SSL configuration using puppet, add dirs for debian and global CAs
Peter Palfrader [Tue, 6 Jan 2015 20:20:04 +0000 (21:20 +0100)]
Remove any references to ahbl.org blocklists as they have shut down (re: RT#5684)
Paul Wise [Tue, 6 Jan 2015 16:52:49 +0000 (00:52 +0800)]
Fix typo
Paul Wise [Tue, 6 Jan 2015 14:53:24 +0000 (22:53 +0800)]
Skip processes that no longer exist
Paul Wise [Sat, 3 Jan 2015 03:46:06 +0000 (11:46 +0800)]
cdn.debian.net has been deprecated, replace it with http.debian.net
https://lists.debian.org/CAG2RKXMdBLL-vSFW6dEu4P0NwT7qqor3PxVQDu-mwrM1J-6opw@mail.gmail.com
Tollef Fog Heen [Fri, 2 Jan 2015 17:19:30 +0000 (18:19 +0100)]
Work around service(8) not reloading syslog-ng correctly
It seems systemd fails to mark syslog-ng as reloadable, which in turn
leads to invoke-rc.d failing. Just call systemctl directly if we're
running systemd to work around this.
James McCoy [Wed, 31 Dec 2014 03:01:18 +0000 (22:01 -0500)]
dd-schroot-cmd: Relax session name check
As per schroot.conf(5):
A number of characters or words are not permitted in a chroot name,
session name or configuration filename. The name may not contain a
leading period (‘.’). The characters ‘:’ (colon), ‘,’ (comma) and ‘/’
(forward slash) are not permitted anywhere in the name. The name may
also not contain a trailing tilde (‘~’).
Relaxing the session name check in get_session_owner to better align
with schroot's actual restrictions reduces the chance that a user will
create a session yet be unable to manipulate it with dd-schroot-cmd.
Signed-off-by: James McCoy <jamessan@debian.org>
Signed-off-by: Paul Wise <pabs@debian.org>
Martin Zobel-Helas [Sun, 28 Dec 2014 09:57:45 +0000 (09:57 +0000)]
run ntp everywhere again
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 27 Dec 2014 15:05:58 +0000 (15:05 +0000)]
Revert "disable oyens for now"
This reverts commit
57a38b9f3f9858c0619de09d7b3d01e86c599f9c.
Martin Zobel-Helas [Tue, 23 Dec 2014 22:21:10 +0000 (22:21 +0000)]
disable oyens for now
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Tue, 23 Dec 2014 12:19:19 +0000 (12:19 +0000)]
Fix apache2/jessie conf-enabled symlinks
Peter Palfrader [Tue, 23 Dec 2014 12:11:16 +0000 (13:11 +0100)]
First attempt at making apache conf stuff work on jessie
Peter Palfrader [Tue, 23 Dec 2014 12:07:04 +0000 (13:07 +0100)]
Update security.conf to version from jessie, but keep ServerTokens at ProductOnly
Peter Palfrader [Tue, 23 Dec 2014 09:26:45 +0000 (10:26 +0100)]
s/search-/cgi-/
Peter Palfrader [Tue, 23 Dec 2014 09:13:24 +0000 (10:13 +0100)]
Add stunnel for search
Héctor Orón Martínez [Mon, 22 Dec 2014 11:21:56 +0000 (12:21 +0100)]
autofs: ensure nfsv4 module is loaded
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Sat, 20 Dec 2014 20:45:00 +0000 (21:45 +0100)]
stable may run ntp again
Peter Palfrader [Sat, 20 Dec 2014 20:43:33 +0000 (21:43 +0100)]
Update leap-seconds.list. Not that any new ones have been added.
Peter Palfrader [Sat, 20 Dec 2014 17:07:39 +0000 (18:07 +0100)]
And another loghost-grnet-01 fix
Peter Palfrader [Sat, 20 Dec 2014 15:51:20 +0000 (16:51 +0100)]
New cert for db
Peter Palfrader [Sat, 20 Dec 2014 13:58:19 +0000 (14:58 +0100)]
New cert for piuparts
Peter Palfrader [Sat, 20 Dec 2014 13:57:47 +0000 (14:57 +0100)]
New cert for packages
Peter Palfrader [Sat, 20 Dec 2014 13:56:52 +0000 (14:56 +0100)]
New cert for bugs-master
Peter Palfrader [Sat, 20 Dec 2014 13:56:26 +0000 (14:56 +0100)]
New cert for rtc
Peter Palfrader [Sat, 20 Dec 2014 13:55:55 +0000 (14:55 +0100)]
New cert for sip-ws
Peter Palfrader [Sat, 20 Dec 2014 13:55:17 +0000 (14:55 +0100)]
New cert for bugs
Peter Palfrader [Sat, 20 Dec 2014 13:30:48 +0000 (13:30 +0000)]
Do not run ntpd for now
Peter Palfrader [Wed, 17 Dec 2014 15:59:21 +0000 (16:59 +0100)]
new vote cert
Peter Palfrader [Wed, 17 Dec 2014 15:57:34 +0000 (16:57 +0100)]
new release cert
Peter Palfrader [Wed, 17 Dec 2014 15:56:42 +0000 (16:56 +0100)]
new nagios cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:54 +0000 (16:55 +0100)]
new munin cert
Peter Palfrader [Wed, 17 Dec 2014 15:55:21 +0000 (16:55 +0100)]
new ftp-master cert
Peter Palfrader [Wed, 17 Dec 2014 15:42:08 +0000 (16:42 +0100)]
new www cert
Peter Palfrader [Wed, 17 Dec 2014 15:41:30 +0000 (16:41 +0100)]
new dsa cert
Peter Palfrader [Wed, 17 Dec 2014 14:50:02 +0000 (15:50 +0100)]
new contributors cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:52 +0000 (15:48 +0100)]
new sso cert
Peter Palfrader [Wed, 17 Dec 2014 14:48:28 +0000 (15:48 +0100)]
new security-tracker cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:53 +0000 (15:47 +0100)]
new rt cert
Peter Palfrader [Wed, 17 Dec 2014 14:47:14 +0000 (15:47 +0100)]
new nm cert
Peter Palfrader [Wed, 17 Dec 2014 09:26:23 +0000 (10:26 +0100)]
Update buildd CA TA to new gandi cert for jessie hosts
Peter Palfrader [Wed, 17 Dec 2014 09:25:39 +0000 (10:25 +0100)]
Remove unneeded variable
Peter Palfrader [Tue, 16 Dec 2014 13:57:53 +0000 (14:57 +0100)]
new buildd cert
Peter Palfrader [Tue, 16 Dec 2014 13:33:11 +0000 (14:33 +0100)]
new lists cert
Peter Palfrader [Tue, 16 Dec 2014 13:31:11 +0000 (14:31 +0100)]
new udd cert
Peter Palfrader [Tue, 16 Dec 2014 13:14:11 +0000 (14:14 +0100)]
new udd cert
Paul Wise [Mon, 15 Dec 2014 22:46:45 +0000 (06:46 +0800)]
nagios needs to be able to run systemctl as root otherwise dbus is needed
Martin Zobel-Helas [Sat, 13 Dec 2014 10:26:36 +0000 (11:26 +0100)]
and different names for v6 rules
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 13 Dec 2014 10:24:42 +0000 (11:24 +0100)]
add IPv6 range (second try)
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Sat, 13 Dec 2014 10:18:06 +0000 (11:18 +0100)]
Revert "add IPv6 range"
This reverts commit
fc978e2bb512bf85d82d054d6086b926a3769bd5.
Martin Zobel-Helas [Sat, 13 Dec 2014 10:14:47 +0000 (11:14 +0100)]
add IPv6 range
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Paul Wise [Thu, 11 Dec 2014 03:54:10 +0000 (11:54 +0800)]
Use ruby1.9.1 to avoid ruby1.8 + puppetd segfaults on ball
More info: https://lists.debian.org/
1418271834.28231.36.camel@debian.org
Peter Palfrader [Wed, 10 Dec 2014 19:54:28 +0000 (20:54 +0100)]
Better with a newline
Peter Palfrader [Wed, 10 Dec 2014 19:52:53 +0000 (20:52 +0100)]
Add /etc/schroot/buildd/config with CHROOT_FILE_UNPACK_DIR=/srv/buildd/unpack if /srv/buildd exists
Peter Palfrader [Tue, 9 Dec 2014 21:11:33 +0000 (22:11 +0100)]
enable ud-replicated.service
Peter Palfrader [Tue, 9 Dec 2014 20:47:56 +0000 (21:47 +0100)]
Fix regex in bacula-backup-dirs
Peter Palfrader [Tue, 9 Dec 2014 18:17:00 +0000 (19:17 +0100)]
Add minkus
Peter Palfrader [Tue, 9 Dec 2014 18:16:16 +0000 (19:16 +0100)]
Fix several dedication lines (format violations)
Peter Palfrader [Sun, 7 Dec 2014 18:43:33 +0000 (19:43 +0100)]
Make sure geoip-database is installed on geo nameservers
Héctor Orón Martínez [Sun, 7 Dec 2014 17:10:41 +0000 (18:10 +0100)]
ferm: allow debsources access
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Sun, 7 Dec 2014 16:46:53 +0000 (17:46 +0100)]
Make setup-buildd not fail when there is nothing wrong
Héctor Orón Martínez [Sun, 7 Dec 2014 16:10:42 +0000 (17:10 +0100)]
autofs: add bm sor
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Sun, 7 Dec 2014 10:02:28 +0000 (11:02 +0100)]
Stop using always-broken http.debian.net
Peter Palfrader [Sun, 7 Dec 2014 09:43:23 +0000 (10:43 +0100)]
fix variable use
Peter Palfrader [Sun, 7 Dec 2014 09:41:51 +0000 (10:41 +0100)]
Enable ssh_host_ed25519_key if it exists
Peter Palfrader [Sun, 7 Dec 2014 09:41:36 +0000 (10:41 +0100)]
Move ServerKeyBits to 1024, the new default in jessie - this only affects version 1 anyhow, but still