From mboxrd@z Thu Jan 1 00:00:00 1970 From: Michael Tremer To: development@lists.ipfire.org Subject: Re: [PATCH] CRL updater: Update script for OpenVPN CRL Date: Tue, 06 Feb 2018 16:34:12 +0000 Message-ID: <1517934852.21272.90.camel@ipfire.org> In-Reply-To: <34F195E4-7AE9-4DD9-9C5F-9F0B4E9640E4@ipfire.org> MIME-Version: 1.0 Content-Type: multipart/mixed; boundary="===============1587472641500505045==" List-Id: --===============1587472641500505045== Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable Hi, On Tue, 2018-02-06 at 10:24 +0100, ummeegge wrote: > Hello, >=20 > > > In case machines are off while the script performs his weekly check (no > > > 24/7er) the next check will be made one/two week(s) later which might b= e a > > > long time if you do not know where the problem is. > > > I would do make there possibly a daily check and would also set the UPD= ATE > > > to > > > a week or 5 days instead of the current 2 before expiration date so more > > > days > > > can be grabbed even the check should be a fast one. > >=20 > > Cron will take care of this. It will automatically perform the cron jobs a > > little while after the system has been booted and when the cron jobs shou= ld > > have > > been executed while it was shut down. > >=20 > > https://git.ipfire.org/?p=3Dipfire-2.x.git;a=3Dblob;f=3Dconfig/cron/cront= ab;h=3D4561 > > f4a2 > > 43239b8b5bd3525c067dc6a70395489c;hb=3DHEAD#l13 > >=20 > > It's the "bootrun" argument there. >=20 > Thanks for clarification haven=C2=B4t had that in mind. Will deliver the up= dater > then to 'frcon.weekly'. Will also set the update before expiration interval= to > 10 days before, 8 might be also OK for a weekly cronjob but possibly better= to > have 2 days + ?! I think daily is better. That makes things more predictable and it does not h= urt to renew every 14 days to never get close to the expiration date. >=20 > > > if successful: > > > Feb 3 17:56:41 ipfire-server crl_updater[18998]: Using configuration f= rom > > > /var/ipfire/ovpn/openssl/ovpn.cnf > > >=20 > > > which equals to the OpenSSL command output ( 2>&1 | logger ).=20 > >=20 > > Do we need to log the output of OpenSSL? A line that says something like > > "Could > > not update the OpenVPN CA CRL" should do, shouldn't it? People should run > > the > > script themselves then and see what is going wrong. >=20 > No i don=C2=B4t think so, lines in messages looks even better then. Did tha= t now > like you suggested. >=20 > > > Otherwise all other quested changes has been made and are ready so far, > > > might > > > be nice to push the remaining CGI changes soon i think :-) . > >=20 > > Cool. > >=20 > > Let me know if I can be of any more help. >=20 > Great thanks for your offer and your help. If there is no veto for the above > changes i will deliver the patch today in the evening. >=20 > Have also fetched the actual openssl-11 branch with all needed changes, tha= nks > for keeping this up to date :-) . >=20 > All the best, >=20 > Erik >=20 -Michael --===============1587472641500505045== Content-Type: application/pgp-signature Content-Transfer-Encoding: base64 Content-Disposition: attachment; filename="signature.asc" MIME-Version: 1.0 LS0tLS1CRUdJTiBQR1AgU0lHTkFUVVJFLS0tLS0KCmlRSXpCQUFCQ2dBZEZpRUU1L3JXNWwzR0dl Mnlwa3R4Z0hudy8yK1FDUWNGQWxwNTJRUUFDZ2tRZ0hudy8yK1EKQ1FmdGRRLy9Sc2J3VCttVUF5 Sm9nNktSTDZCMVpCNFJoTGwrZ1pLczJhK2ZPZkUvUGE5UFBtYW1PSnZuN0xvWQpkRTducG1FN29G TVNJZ3V6Z0V5T0FqcHpVaytDbUZpZVZkQ2xZclBMSUx5cEdHWU5JRHJVdktOeURCQ2tla3VRClhq R0dqT0lQRytBYVRSeDJjNEpvR3VSTjlqd3JwUTRqOHp2Mnl5Zm9xTzhJMmU4YkxYdWtVSnROUSt0 c05wZ3UKM1FKWVFaV29Ea0VmQ0tkeUk5c0lMdXppK1R5T1ZmcmM3S0QydjhpK3VWZ0s4ckRucC8x MS9TYUgwWTA5eUZSNQpUQTFweDVZN20wUy9tSzZQWFFpMldRc0hWVW05RCt0ZjhiKytVektUZVds TEVmak1qTXdRUThzOVJSOWpNYWpMCjJDblJ4d2cxdVV4RVRCb1lKZCtJMEdnSXhLOFRoaFZMaG1H SlRzMzdOcmJmSTNCSmlwcGJkL3E0Rmx6QnZOQjkKd1ZFWUY0RnJKTkViaXpIaXlpNWpReGhlSm9Q bjRwNitUcHdKODFDQjNteVZPRGFNcXI5NWxsamRQRzlzZzJnTwpiT3YwdFAwTkdBY0QyekcxSWEr V20xZy9oUE1CVEJxcUVhYVVmaDFpVTlzY0Z6dnRrQmRzZkJ4VHB6TjZyanhNCmhSTmhjNEgyQlNo REU1UG9LQk9aRm92eTVwZXY1aGhuYTJmaklyS2lXWkdrWDdvRlVLaXRsaHBWVWRjemNPMWEKbTZv OHFMdzFYRWlUWEJBQWMvbnZpQ2ZBYk9tQTRqeUVIVXhGdFpmT0ZQM2JPcVdXNWpZWGgrNUFsNGtD eWZQQwpJSWZDcDRidjUrYUhJV0FHdnBuZGpNcG9LQ1loMjR6SHdLZjlNbXMvWVdxcWRHSjJvalU9 Cj1kcTZPCi0tLS0tRU5EIFBHUCBTSUdOQVRVUkUtLS0tLQo= --===============1587472641500505045==--