Peter Palfrader [Mon, 7 Nov 2016 10:18:48 +0000 (11:18 +0100)]
retire powell
Peter Palfrader [Mon, 7 Nov 2016 07:55:28 +0000 (08:55 +0100)]
Stop taking backups from franck
Aurelien Jarno [Sun, 6 Nov 2016 22:34:34 +0000 (23:34 +0100)]
setup-all-dchroots: powerpc/stretch is gone
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Fri, 4 Nov 2016 09:42:18 +0000 (10:42 +0100)]
do not set terminal type
Peter Palfrader [Fri, 4 Nov 2016 09:35:06 +0000 (10:35 +0100)]
ship a tmux.conf
Peter Palfrader [Thu, 3 Nov 2016 14:24:12 +0000 (15:24 +0100)]
Remove leap second config for debian <= 7
Peter Palfrader [Thu, 3 Nov 2016 13:37:56 +0000 (14:37 +0100)]
Comment out security linux -> cdn redirect
Aurelien Jarno [Tue, 1 Nov 2016 11:51:57 +0000 (12:51 +0100)]
weblogsync: Synchronize public logs in additions of debian.org logs
Commit
b8a50b04 has broken the synchronisation of non www.debian.org
public logs. Fix that.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sun, 30 Oct 2016 19:24:30 +0000 (20:24 +0100)]
Give projectb access to usper
Requested by Joerg Jaspert for the deferred queue overview.
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 29 Oct 2016 21:11:41 +0000 (23:11 +0200)]
Move backports-debian.org redirection from fasolo to static
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 29 Oct 2016 13:38:48 +0000 (15:38 +0200)]
fasolo is a static master and source
Julien Cristau [Sat, 29 Oct 2016 13:36:42 +0000 (15:36 +0200)]
fasolo is master for backports / incoming / metadata.ftp-master
Peter Palfrader [Sat, 29 Oct 2016 07:26:54 +0000 (09:26 +0200)]
remove dacs
Peter Palfrader [Thu, 27 Oct 2016 18:42:56 +0000 (20:42 +0200)]
add comment
Peter Palfrader [Thu, 27 Oct 2016 18:41:38 +0000 (20:41 +0200)]
Update leap-seconds.list
Peter Palfrader [Tue, 25 Oct 2016 11:38:26 +0000 (13:38 +0200)]
raise max-age for HTTP Public Key Pins from 3 days to 2 weeks
Peter Palfrader [Tue, 25 Oct 2016 08:18:10 +0000 (10:18 +0200)]
rename ubc-enc2b9 to ubc-enc2bl09
Peter Palfrader [Tue, 25 Oct 2016 08:11:38 +0000 (10:11 +0200)]
rename ubc-enc2b2 to ubc-enc2bl02
Peter Palfrader [Tue, 25 Oct 2016 07:53:49 +0000 (09:53 +0200)]
rename ubc-enc2b1 to ubc-enc2bl01
Julien Cristau [Mon, 24 Oct 2016 16:46:24 +0000 (18:46 +0200)]
No more ftpd on franck
Aurelien Jarno [Sat, 22 Oct 2016 20:21:30 +0000 (22:21 +0200)]
Add ftp.upload and ssh.upload roles to usper.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 22 Oct 2016 16:44:35 +0000 (18:44 +0200)]
Add usper.d.o
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 22 Oct 2016 12:32:57 +0000 (14:32 +0200)]
Add fasolo as ftp-master
Julien Cristau [Sat, 22 Oct 2016 12:18:57 +0000 (14:18 +0200)]
Get rid of "release" role
The web bits moved to static.d.o.
Peter Palfrader [Fri, 21 Oct 2016 11:21:23 +0000 (11:21 +0000)]
split out apt config into own class. use multi-suite site::aptrepo
Peter Palfrader [Fri, 21 Oct 2016 11:12:30 +0000 (11:12 +0000)]
support an array of mirrors for site::aptrepo
Peter Palfrader [Fri, 21 Oct 2016 07:02:32 +0000 (09:02 +0200)]
let dak signal buildd pool update
Peter Palfrader [Fri, 21 Oct 2016 06:02:38 +0000 (08:02 +0200)]
Export debian-security-buildd-pool
Peter Palfrader [Fri, 21 Oct 2016 05:04:59 +0000 (07:04 +0200)]
get backports from fastly as well
Julien Cristau [Thu, 20 Oct 2016 18:29:48 +0000 (20:29 +0200)]
Force type for *.debdiff.html.gz on release.d.o
Serve them as html rather than gzip.
Julien Cristau [Thu, 20 Oct 2016 17:47:00 +0000 (19:47 +0200)]
Fixup apache config syntax error
Julien Cristau [Thu, 20 Oct 2016 17:43:54 +0000 (19:43 +0200)]
Don't redirect on security for cloudfront and tor hidden service
Redirecting from https or .onion to plain http is probably a bad plan.
Peter Palfrader [Thu, 20 Oct 2016 07:41:41 +0000 (09:41 +0200)]
redirect linux updates to fastly
Peter Palfrader [Tue, 18 Oct 2016 19:13:10 +0000 (21:13 +0200)]
push ~/.selected_editor
Julien Cristau [Tue, 18 Oct 2016 17:40:52 +0000 (19:40 +0200)]
Add deb.debian.org https vhost
A bit special: no HPKP, and redirects are currently different from the
HTTP vhost.
Peter Palfrader [Sun, 16 Oct 2016 07:22:40 +0000 (09:22 +0200)]
move deprecated modulepath so it is only set on the master
Peter Palfrader [Sun, 16 Oct 2016 07:20:39 +0000 (09:20 +0200)]
Do not have production and staging section in puppet.conf on all clients
Aurelien Jarno [Sat, 15 Oct 2016 12:54:11 +0000 (14:54 +0200)]
Decommission jenko
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Peter Palfrader [Sat, 15 Oct 2016 08:38:29 +0000 (10:38 +0200)]
add acker
Peter Palfrader [Fri, 14 Oct 2016 18:36:48 +0000 (20:36 +0200)]
add aagaard
Peter Palfrader [Fri, 14 Oct 2016 06:14:50 +0000 (08:14 +0200)]
raise pin age to 3d
Luca Filipozzi [Thu, 13 Oct 2016 17:38:29 +0000 (17:38 +0000)]
add new host for luca
Peter Palfrader [Thu, 13 Oct 2016 07:06:39 +0000 (09:06 +0200)]
remove double slashes on metadata.ftp-debian.org
Peter Palfrader [Thu, 13 Oct 2016 06:58:53 +0000 (08:58 +0200)]
Revert "remove double slashes on metadata.ftp-debian.org"
This reverts commit
5d598f2a486bfb7619f294eeb606aa114f183349.
Peter Palfrader [Thu, 13 Oct 2016 06:56:39 +0000 (08:56 +0200)]
remove double slashes on metadata.ftp-debian.org
Peter Palfrader [Wed, 12 Oct 2016 13:04:30 +0000 (15:04 +0200)]
raise pin age to 1d
Peter Palfrader [Wed, 12 Oct 2016 13:01:57 +0000 (15:01 +0200)]
LE cert for buildd
Peter Palfrader [Wed, 12 Oct 2016 13:00:20 +0000 (15:00 +0200)]
LE cert for ftp-master
Peter Palfrader [Wed, 12 Oct 2016 12:43:29 +0000 (14:43 +0200)]
LE cert for munin
Peter Palfrader [Wed, 12 Oct 2016 12:41:01 +0000 (14:41 +0200)]
LE cert for nagios
Peter Palfrader [Wed, 12 Oct 2016 12:37:14 +0000 (14:37 +0200)]
LE cert for nm, contributors
Peter Palfrader [Wed, 12 Oct 2016 12:29:49 +0000 (14:29 +0200)]
LE cert for rt
Peter Palfrader [Wed, 12 Oct 2016 12:28:03 +0000 (14:28 +0200)]
LE cert for security-tracker
Peter Palfrader [Wed, 12 Oct 2016 12:24:31 +0000 (14:24 +0200)]
LE cert for sso
Peter Palfrader [Wed, 12 Oct 2016 12:23:35 +0000 (14:23 +0200)]
LE cert for vote
Peter Palfrader [Wed, 12 Oct 2016 07:23:48 +0000 (09:23 +0200)]
set TLSA port to 0 in preparation of cert roll for buildd, contributors, ftp-master, munin, nagios, nm, rt, security-tracker, sso, vote
Julien Cristau [Sun, 9 Oct 2016 16:14:27 +0000 (18:14 +0200)]
Move udd.d.o cert to letsencrypt
Julien Cristau [Sun, 9 Oct 2016 16:07:43 +0000 (18:07 +0200)]
Switch lists.d.o to letsencrypt
Signed-off-by: Julien Cristau <jcristau@debian.org>
Julien Cristau [Sun, 9 Oct 2016 15:43:55 +0000 (17:43 +0200)]
Switch to letsencrypt for api.ftp-master.d.o
Peter Palfrader [Sun, 9 Oct 2016 11:31:21 +0000 (13:31 +0200)]
disable TLSA for api.ftp-master, lists, and udd
Peter Palfrader [Sun, 9 Oct 2016 11:12:07 +0000 (13:12 +0200)]
HPKP for dgit
Peter Palfrader [Sun, 9 Oct 2016 11:09:58 +0000 (13:09 +0200)]
HPKP for debtags
Peter Palfrader [Sun, 9 Oct 2016 11:03:30 +0000 (13:03 +0200)]
Enable HTTP PKP for syncproxy vhosts
Peter Palfrader [Sun, 9 Oct 2016 07:15:00 +0000 (09:15 +0200)]
raise life-time of HPKP to 3hrs
Luca Filipozzi [Fri, 7 Oct 2016 06:47:00 +0000 (06:47 +0000)]
remove fubar.emyr.net from luca's list of hosts
Julien Cristau [Thu, 6 Oct 2016 18:06:14 +0000 (20:06 +0200)]
Decommission pkgmirror-1and1
Luca Filipozzi [Wed, 5 Oct 2016 04:00:14 +0000 (04:00 +0000)]
add IPv4 address for luca's new jumphost
Julien Cristau [Tue, 4 Oct 2016 18:28:12 +0000 (20:28 +0200)]
Restrict vsftpd to the security.d.o IPs on mirror-anu
Peter Palfrader [Tue, 4 Oct 2016 06:35:52 +0000 (08:35 +0200)]
raise max-age for HTTP Public Key Pins from 5 min to 1 hour
Martin Zobel-Helas [Mon, 3 Oct 2016 09:58:59 +0000 (11:58 +0200)]
add addresses to blacklist
Signed-off-by: Martin Zobel-Helas <zobel@debian.org>
Julien Cristau [Wed, 28 Sep 2016 17:13:30 +0000 (19:13 +0200)]
rsync on gretchaninov
Julien Cristau [Wed, 28 Sep 2016 16:52:50 +0000 (18:52 +0200)]
HPKP for jenkins
Julien Cristau [Tue, 27 Sep 2016 21:05:16 +0000 (23:05 +0200)]
Switch to LE cert for jenkins
Peter Palfrader [Tue, 27 Sep 2016 12:07:41 +0000 (14:07 +0200)]
no need to ignore these maskings
Peter Palfrader [Tue, 27 Sep 2016 06:44:46 +0000 (08:44 +0200)]
Mask proc-sys-fs-binfmt_misc.automount
Julien Cristau [Tue, 27 Sep 2016 06:10:29 +0000 (08:10 +0200)]
Temporarily disable tlsa for jenkins
Peter Palfrader [Mon, 26 Sep 2016 20:08:54 +0000 (22:08 +0200)]
samhain: also accept changes in etc/apache2/conf-available
Peter Palfrader [Mon, 26 Sep 2016 17:50:11 +0000 (19:50 +0200)]
ubc autofs update
Peter Palfrader [Mon, 26 Sep 2016 17:44:05 +0000 (19:44 +0200)]
It appears we do not use nameserver or searchpath info from hoster.yaml
Peter Palfrader [Mon, 26 Sep 2016 17:42:35 +0000 (19:42 +0200)]
Fix ubc searchpath: use priv.ubc instead of ubc.priv
Peter Palfrader [Mon, 26 Sep 2016 17:40:42 +0000 (19:40 +0200)]
Revert "why do we have two places for hosters?"
This reverts commit
8c754dd0bea9537082a5a71dcbb1367a45af4a94.
Peter Palfrader [Mon, 26 Sep 2016 17:38:59 +0000 (19:38 +0200)]
retire brainfood as hoster
Peter Palfrader [Mon, 26 Sep 2016 17:37:24 +0000 (19:37 +0200)]
why do we have two places for hosters?
Peter Palfrader [Mon, 26 Sep 2016 17:35:17 +0000 (19:35 +0200)]
replace ubc bl[268] with ubc-enc2bl{2,9,10} as recursors
Peter Palfrader [Mon, 26 Sep 2016 17:33:30 +0000 (19:33 +0200)]
remove ubcece as a hoster - the definition is identical to ubc
Peter Palfrader [Mon, 26 Sep 2016 17:13:58 +0000 (19:13 +0200)]
add ubc autofs rules
Peter Palfrader [Mon, 26 Sep 2016 17:07:53 +0000 (19:07 +0200)]
make pin macros conditional on mod_macro being present
Luca Filipozzi [Mon, 26 Sep 2016 01:40:10 +0000 (01:40 +0000)]
new cable modem
Aurelien Jarno [Sat, 24 Sep 2016 19:39:28 +0000 (21:39 +0200)]
Update buxtehude IP on sonntag firewall
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Aurelien Jarno [Sat, 24 Sep 2016 19:17:11 +0000 (21:17 +0200)]
Update ullmann IPs on bmdb1 firewall
Signed-off-by: Aurelien Jarno <aurelien@aurel32.net>
Julien Cristau [Sat, 24 Sep 2016 17:07:39 +0000 (19:07 +0200)]
Remove extra .conf from apache config file
apache2::config already adds .conf to the file name.
Peter Palfrader [Sat, 24 Sep 2016 09:52:51 +0000 (11:52 +0200)]
Enable HPKP for all static sites
Peter Palfrader [Sat, 24 Sep 2016 09:42:04 +0000 (11:42 +0200)]
ship keys for d-i, dsa, and rtc
Peter Palfrader [Sat, 24 Sep 2016 09:19:27 +0000 (11:19 +0200)]
replace certs for d-i, dsa, and rtc with LE
Peter Palfrader [Sat, 24 Sep 2016 09:05:22 +0000 (09:05 +0000)]
change pin thing
Peter Palfrader [Fri, 23 Sep 2016 20:42:53 +0000 (22:42 +0200)]
ignore changes to /etc/apache2/conf-available/puppet-ssl-key-pins.conf
Peter Palfrader [Fri, 23 Sep 2016 20:40:10 +0000 (20:40 +0000)]
set pins always
Peter Palfrader [Fri, 23 Sep 2016 20:37:27 +0000 (20:37 +0000)]
ship pin set for people.debian.org
Peter Palfrader [Fri, 23 Sep 2016 20:36:54 +0000 (20:36 +0000)]
reload apache2 on pinset change
Peter Palfrader [Fri, 23 Sep 2016 20:35:09 +0000 (20:35 +0000)]
A gen_hpkp_pin function
projects / mirror / dsa-puppet.git / log