Peter Palfrader [Thu, 14 May 2015 16:04:39 +0000 (18:04 +0200)]
Handle multiple keys in ldap correctly
Peter Palfrader [Thu, 14 May 2015 15:18:46 +0000 (17:18 +0200)]
remove blavet (RT#5813)
Peter Palfrader [Thu, 14 May 2015 15:17:46 +0000 (17:17 +0200)]
remove blavet (RT#5813)
Peter Palfrader [Thu, 14 May 2015 10:17:33 +0000 (12:17 +0200)]
retire ravel
Peter Palfrader [Thu, 14 May 2015 09:36:55 +0000 (11:36 +0200)]
remove ,bind from schroot fstab on freebsd
Martin Zobel-Helas [Wed, 13 May 2015 17:40:54 +0000 (17:40 +0000)]
maybe staging wants a 3rdparty module path as well...
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 May 2015 16:42:33 +0000 (16:42 +0000)]
remove private class use of concat::setup
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 May 2015 16:37:38 +0000 (16:37 +0000)]
remove private class use of concat::setup
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 May 2015 16:24:07 +0000 (16:24 +0000)]
remove include on it as well
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 13 May 2015 16:21:17 +0000 (16:21 +0000)]
remove private class use of concat::setup
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Peter Palfrader [Wed, 13 May 2015 09:07:59 +0000 (11:07 +0200)]
there is a volatile for freebsd after all
Peter Palfrader [Wed, 13 May 2015 08:16:42 +0000 (08:16 +0000)]
kfreebsd jessie apt sources
Martin Zobel-Helas [Tue, 12 May 2015 17:18:04 +0000 (17:18 +0000)]
Upgrade to 3rdparty version 0.9.5 of elasticsearch/elasticsearch
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Tue, 12 May 2015 17:16:21 +0000 (17:16 +0000)]
Upgrade to 3rdparty version 0.9.4 of elasticsearch/elasticsearch
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Aurelien Jarno [Mon, 11 May 2015 16:46:53 +0000 (18:46 +0200)]
Add mirror for linaro hoster
The machines are in USA, defaulting to a mirror in Europe is suboptimal.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Julien Cristau [Sun, 10 May 2015 13:27:55 +0000 (15:27 +0200)]
remove buildd-proposed apt repo on porpora
There's no jessie-proposed.
Signed-off-by: Julien Cristau <jcristau@debian.org>
Martin Zobel-Helas [Wed, 6 May 2015 21:49:04 +0000 (21:49 +0000)]
remove lobos
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Julien Cristau [Tue, 28 Apr 2015 15:37:56 +0000 (17:37 +0200)]
apache2: configure mpm_worker module on jessie hosts
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Wed, 6 May 2015 18:51:48 +0000 (20:51 +0200)]
Fix comment in HSTS macro
Peter Palfrader [Wed, 6 May 2015 06:21:16 +0000 (08:21 +0200)]
armhf anf s390x now have the default set of suites
Peter Palfrader [Wed, 6 May 2015 06:20:52 +0000 (08:20 +0200)]
no stretch for kfreebsd
Peter Palfrader [Wed, 6 May 2015 06:09:25 +0000 (08:09 +0200)]
Use -kfreebsd suite name on jessie/kfreebsd
Peter Palfrader [Wed, 6 May 2015 06:08:26 +0000 (08:08 +0200)]
Use -kfreebsd suite name on jessie/kfreebsd
Peter Palfrader [Wed, 6 May 2015 06:02:56 +0000 (08:02 +0200)]
Also extract arch info from schroot name
Paul Wise [Sat, 2 May 2015 14:16:15 +0000 (22:16 +0800)]
The needed tzdata is also in jessie-updates
Paul Wise [Sun, 26 Apr 2015 23:53:18 +0000 (07:53 +0800)]
Use the leap-seconds.list file from tzdata on stretch (see #775166)
Allows us to get rid of the leap-seconds.list embedded data copy.
Paul Wise [Sat, 2 May 2015 12:11:54 +0000 (20:11 +0800)]
Remove some dpkg cruft for removed ulogd package
Peter Palfrader [Sat, 2 May 2015 10:16:09 +0000 (12:16 +0200)]
Add -x to allowed rsync parameteres due to jessie
Peter Palfrader [Sat, 2 May 2015 10:10:54 +0000 (12:10 +0200)]
Add -x to allowed rsync parameteres due to jessie
Julien Cristau [Fri, 1 May 2015 17:53:34 +0000 (19:53 +0200)]
Re-enable symlinks on static vhosts
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Fri, 1 May 2015 17:38:54 +0000 (19:38 +0200)]
Enable Indexes option for static vhosts
Signed-off-by: Julien Cristau <jcristau@debian.org>
Héctor Orón Martínez [Fri, 1 May 2015 14:22:54 +0000 (16:22 +0200)]
brahms: drop jessie-proposed buildd updates (as it does not exist yet)
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Niels Thykier [Fri, 1 May 2015 12:27:29 +0000 (14:27 +0200)]
lintian.d.o: Relocate comment
Signed-off-by: Niels Thykier <niels@thykier.net>
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Niels Thykier [Fri, 1 May 2015 12:25:25 +0000 (14:25 +0200)]
lintian.d.o: Remove graph directory - no longer used
Lintian now puts the graphs in the resource directory - like other
resources, their name will now change as their content do.
Signed-off-by: Niels Thykier <niels@thykier.net>
Signed-off-by: Peter Palfrader <peter@palfrader.org>
Peter Palfrader [Fri, 1 May 2015 10:39:55 +0000 (12:39 +0200)]
more apache migrations
Peter Palfrader [Fri, 1 May 2015 07:57:57 +0000 (09:57 +0200)]
move bizet to msa
Peter Palfrader [Fri, 1 May 2015 07:51:37 +0000 (09:51 +0200)]
Move bizet iscsi handling to kvm hosts
Peter Palfrader [Fri, 1 May 2015 06:53:31 +0000 (08:53 +0200)]
Fix static hosts on jessie
Julien Cristau [Thu, 30 Apr 2015 09:03:52 +0000 (11:03 +0200)]
Fix chain for new gobby cert
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Thu, 30 Apr 2015 08:55:01 +0000 (10:55 +0200)]
new ssl certificate for gobby.debian.org
Signed-off-by: Julien Cristau <jcristau@debian.org>
Paul Wise [Thu, 30 Apr 2015 00:35:51 +0000 (08:35 +0800)]
Revert "Use the leap-seconds.list file from tzdata on jessie (see #775166)"
This reverts commit
d2e73a9e90b6d671c545ba2c552239bf55e1f20f.
Too early!
Paul Wise [Thu, 30 Apr 2015 00:34:47 +0000 (08:34 +0800)]
Redirect arm64 to the general ARM ports page
Paul Wise [Sun, 26 Apr 2015 23:53:18 +0000 (07:53 +0800)]
Use the leap-seconds.list file from tzdata on jessie (see #775166)
Allows us to get rid of the leap-seconds.list embedded data copy.
Julien Cristau [Tue, 28 Apr 2015 15:33:59 +0000 (17:33 +0200)]
ferm: office ip renumbering
Signed-off-by: Julien Cristau <jcristau@debian.org>
Peter Palfrader [Tue, 28 Apr 2015 11:14:32 +0000 (13:14 +0200)]
Forward port nfs-common.default
Peter Palfrader [Tue, 28 Apr 2015 10:03:13 +0000 (12:03 +0200)]
rename milanollo volumes
Julien Cristau [Mon, 27 Apr 2015 20:17:20 +0000 (22:17 +0200)]
Handle apache 2.4 authz_host config in debian.org template
Julien Cristau [Mon, 27 Apr 2015 19:33:43 +0000 (21:33 +0200)]
Comment out RewriteLog{,Level} from debian.org vhost config
Those options are gone in apache 2.4.
Peter Palfrader [Mon, 27 Apr 2015 14:36:38 +0000 (16:36 +0200)]
apache2.logrotate: rebase onto jessie
Peter Palfrader [Mon, 27 Apr 2015 09:06:40 +0000 (11:06 +0200)]
Add milanollo-lvm2
Peter Palfrader [Mon, 27 Apr 2015 07:47:20 +0000 (09:47 +0200)]
Re-enable ekey on grnet-node01
Peter Palfrader [Sun, 26 Apr 2015 15:32:54 +0000 (17:32 +0200)]
Revert "stretch does not debootstrap right now"
This reverts commit
4868551bb3d417a37199a1f88e19ca77f1786a5d.
Peter Palfrader [Sun, 26 Apr 2015 08:17:30 +0000 (10:17 +0200)]
stretch does not debootstrap right now
Peter Palfrader [Sun, 26 Apr 2015 07:54:25 +0000 (09:54 +0200)]
use the schroot-unpack tmpfs when available
Peter Palfrader [Sun, 26 Apr 2015 07:30:58 +0000 (09:30 +0200)]
debian+=1
Peter Palfrader [Sun, 26 Apr 2015 07:30:41 +0000 (09:30 +0200)]
cruft cleanup
Peter Palfrader [Wed, 22 Apr 2015 05:44:24 +0000 (07:44 +0200)]
Adding !DSS to our CipherSuite does not make an effective difference, but it cuts down on noise in openssl ciphers -v
Peter Palfrader [Tue, 21 Apr 2015 08:26:26 +0000 (10:26 +0200)]
check-libs: Ignore agetty processes
Paul Wise [Tue, 21 Apr 2015 01:34:19 +0000 (09:34 +0800)]
Add redirects for Debian 9 (stretch) and 10 (buster)
Peter Palfrader [Sun, 19 Apr 2015 09:56:02 +0000 (11:56 +0200)]
Add jerea
Peter Palfrader [Sun, 19 Apr 2015 09:52:52 +0000 (11:52 +0200)]
Add jerea
Peter Palfrader [Sat, 11 Apr 2015 09:37:08 +0000 (11:37 +0200)]
service is in usr/sbin, which isn't in PATH
Peter Palfrader [Sat, 11 Apr 2015 08:57:37 +0000 (10:57 +0200)]
anchor string
Peter Palfrader [Sat, 11 Apr 2015 08:56:04 +0000 (10:56 +0200)]
only on stunnel clients
Peter Palfrader [Sat, 11 Apr 2015 08:27:10 +0000 (10:27 +0200)]
redirect output to /dev/null
Peter Palfrader [Sat, 11 Apr 2015 08:26:25 +0000 (10:26 +0200)]
auto-restart broken stunnels
Peter Palfrader [Fri, 10 Apr 2015 07:28:35 +0000 (09:28 +0200)]
Try to make stunnel4 init script work on wheezy
start-stop-daemon in wheezy does not have a --pid yet.
Instead, it interprets it as --pidfile and things become sad.
Peter Palfrader [Thu, 9 Apr 2015 07:28:58 +0000 (09:28 +0200)]
unbound: update debian.org DS
Peter Palfrader [Wed, 8 Apr 2015 12:16:07 +0000 (14:16 +0200)]
grnet-node01 is currently not available - remove as entropy provider
Tollef Fog Heen [Mon, 6 Apr 2015 17:47:33 +0000 (19:47 +0200)]
Reload systemd defs if the stunnel4 init script changes
Tollef Fog Heen [Mon, 6 Apr 2015 17:30:26 +0000 (19:30 +0200)]
Fix syntax
Tollef Fog Heen [Mon, 6 Apr 2015 17:28:03 +0000 (19:28 +0200)]
Use start-stop-daemon for stopping/restarting stunnel4
Martin Zobel-Helas [Fri, 3 Apr 2015 20:46:22 +0000 (20:46 +0000)]
renew certs
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 3 Apr 2015 11:52:44 +0000 (11:52 +0000)]
Revert "try without that first"
This reverts commit
bfc022db0e9eca3c0916e2f1abea84bbc61026a6.
Martin Zobel-Helas [Fri, 3 Apr 2015 11:51:02 +0000 (11:51 +0000)]
try without that first
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Fri, 3 Apr 2015 11:38:09 +0000 (11:38 +0000)]
Revert "no class elasticsearch"
This reverts commit
1a4fc6d887319680dc9504c96a931cf0c0284ecc.
Martin Zobel-Helas [Fri, 3 Apr 2015 11:37:23 +0000 (11:37 +0000)]
no class elasticsearch
Martin Zobel-Helas [Fri, 3 Apr 2015 11:33:40 +0000 (11:33 +0000)]
correct modulepath
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 2 Apr 2015 14:02:20 +0000 (14:02 +0000)]
Add new module elasticsearch for listsearch
We do not want write our own puppet module for elasticsearch. Therefor
we use the one from puppetforge.
This commit invents the use of r10k in an extra 3rdparty module
subdirectory. This way we can pull in new modules from puppetforge
without deleting the old ones. Puppetfile allows us to define which
module in which version is pulled in from puppetforge by running:
r10k puppetfile install
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Thu, 2 Apr 2015 08:05:16 +0000 (08:05 +0000)]
we now use elasticsearch, so adjust ports
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Martin Zobel-Helas [Wed, 1 Apr 2015 11:47:53 +0000 (11:47 +0000)]
new $vcs SSL cert
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Paul Wise [Tue, 31 Mar 2015 01:52:53 +0000 (09:52 +0800)]
Update the alioth wildcard certificate
Paul Wise [Tue, 31 Mar 2015 01:51:51 +0000 (09:51 +0800)]
Move ca-certificates configs to puppet files for maintainability.
Peter Palfrader [Sat, 28 Mar 2015 18:05:22 +0000 (19:05 +0100)]
retire lilburn
Héctor Orón Martínez [Tue, 24 Mar 2015 10:10:06 +0000 (11:10 +0100)]
arm-arm-03: new host
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Peter Palfrader [Tue, 24 Mar 2015 08:04:35 +0000 (09:04 +0100)]
Add dinis-lvm
Peter Palfrader [Mon, 23 Mar 2015 17:58:22 +0000 (18:58 +0100)]
Add plummer to PORTERBOXES
Peter Palfrader [Mon, 23 Mar 2015 17:32:25 +0000 (18:32 +0100)]
Add plummer
Peter Palfrader [Mon, 23 Mar 2015 12:38:19 +0000 (13:38 +0100)]
Allow running dsa-check-stunnel-sanity as root from nagios
Peter Palfrader [Mon, 23 Mar 2015 10:38:34 +0000 (11:38 +0100)]
Set SO_KEEPALIVE, maybe it helps
Peter Palfrader [Mon, 23 Mar 2015 09:53:06 +0000 (10:53 +0100)]
New 29.172.in-addr.arpa trust anchor
Peter Palfrader [Sat, 21 Mar 2015 08:48:56 +0000 (09:48 +0100)]
Add moszumanska to postgres-make-base-backups
Héctor Orón Martínez [Thu, 19 Mar 2015 10:11:32 +0000 (11:11 +0100)]
porterbox: avoid d-i user removal (used for di-autobuilding)
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Paul Wise [Thu, 19 Mar 2015 04:59:06 +0000 (12:59 +0800)]
Do not use the apt-get --force-yes option as it is dangerous and insecure.
This option causes apt's OpenPGP signature checks as well as other errors
to be warned about but ignored.
Paul Wise [Wed, 18 Mar 2015 14:46:43 +0000 (22:46 +0800)]
Fix blacklist entry
Paul Wise [Tue, 17 Mar 2015 09:33:54 +0000 (17:33 +0800)]
Blacklist paytm.com, no opt-in, no opt-out
Stephen Gran [Mon, 16 Mar 2015 20:28:20 +0000 (20:28 +0000)]
AT LAST, SIR TERRY, WE MUST WALK TOGETHER.
Signed-off-by: Stephen Gran <steve@lobefin.net>
Julien Cristau [Mon, 16 Mar 2015 12:20:18 +0000 (13:20 +0100)]
no backups for x86-grnet-01
Signed-off-by: Julien Cristau <jcristau@debian.org>
Héctor Orón Martínez [Sun, 15 Mar 2015 11:14:37 +0000 (12:14 +0100)]
buildd.d.o: update archive key
Signed-off-by: Héctor Orón Martínez <zumbi@debian.org>
Martin Zobel-Helas [Sun, 15 Mar 2015 10:19:26 +0000 (10:19 +0000)]
grnet-node01 has ekey now
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>