updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187

updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 300 bytes --]

Hi Michael,

The ovpn-crl-updater script was updated to take account of the modified 
location for the ovpn.cnf file but the script was missed of the list of 
files to be shipped with CU186.

The file needs to be included into the CU187 list to be shipped.

Regards,
Adolf.

-- 
Sent from my laptop

Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 967 bytes --]

Hi Michael,

I have been asked in a private forum message (not sure why they made it 
private), about whether CU187 should be made an emergency update just 
for the ovpn-crl-updater due to the numbers of people who might lose 
their OpenVPN connections if the crl cannot be updated.

I pointed out that CU187 was close to being released for Testing and 
that changing everything would probably create more issues and chaos and 
delay CU187 which has quite a few updates related to CVE fixes.

Anyway, I thought I would forward the request to see what you think the 
best approach would be.

Regards,
Adolf.

On 04/07/2024 15:10, Adolf Belka wrote:
> Hi Michael,
>
> The ovpn-crl-updater script was updated to take account of the 
> modified location for the ovpn.cnf file but the script was missed of 
> the list of files to be shipped with CU186.
>
> The file needs to be included into the CU187 list to be shipped.
>
> Regards,
> Adolf.
>

-- 
Sent from my laptop

Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 1412 bytes --]

How many users are we talking about?

I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…

We could also patch the previous update and release a new updater.

Best,
-Michael

> On 4 Jul 2024, at 15:29, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Michael,
> 
> I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
> 
> I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
> 
> Anyway, I thought I would forward the request to see what you think the best approach would be.
> 
> Regards,
> Adolf.
> 
> On 04/07/2024 15:10, Adolf Belka wrote:
>> Hi Michael,
>> 
>> The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
>> 
>> The file needs to be included into the CU187 list to be shipped.
>> 
>> Regards,
>> Adolf.
>> 
> 
> -- 
> Sent from my laptop
> 

Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 2367 bytes --]

Hi Michael,

On 08/07/2024 17:38, Michael Tremer wrote:
> How many users are we talking about?

I don't know. The CRL has a lifetime of one month from what Erik has mentioned on the forum. I found that it had expired on my production system but I tend to only use it when I am visiting family/friends so hadn't noticed.

In the forum I think there have been 5 or 6 people who have flagged up a problem or that red the post and then fed back that they had made the change to the ovpn-crl-updater script and that it had worked.

Since that original number there have been no more mentions.
> 
> I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
I think we should do that anyway.
> 
> We could also patch the previous update and release a new updater.
That would deal with anyone doing an update. That might be good to do.

If I understand correctly any change made won't end up in the released iso/image but any new install that immediately created an OpenVPN connection would then have a month before it needed to be updated and CU187 would then be out.

Regards,
Adolf.
> 
> Best,
> -Michael
> 
>> On 4 Jul 2024, at 15:29, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi Michael,
>>
>> I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
>>
>> I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
>>
>> Anyway, I thought I would forward the request to see what you think the best approach would be.
>>
>> Regards,
>> Adolf.
>>
>> On 04/07/2024 15:10, Adolf Belka wrote:
>>> Hi Michael,
>>>
>>> The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
>>>
>>> The file needs to be included into the CU187 list to be shipped.
>>>
>>> Regards,
>>> Adolf.
>>>
>>
>> -- 
>> Sent from my laptop
>>
> 

Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187

[Michael Tremer]

[-- Attachment #1: Type: text/plain, Size: 2727 bytes --]

Hello,

I have just pushed a rebuild of the last update. So people who upgrade from now on should get the correct script.

Would you like to communicate this with the people (potentially) affected?

Best,
-Michael

> On 8 Jul 2024, at 16:53, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
> 
> Hi Michael,
> 
> On 08/07/2024 17:38, Michael Tremer wrote:
>> How many users are we talking about?
> 
> I don't know. The CRL has a lifetime of one month from what Erik has mentioned on the forum. I found that it had expired on my production system but I tend to only use it when I am visiting family/friends so hadn't noticed.
> 
> In the forum I think there have been 5 or 6 people who have flagged up a problem or that red the post and then fed back that they had made the change to the ovpn-crl-updater script and that it had worked.
> 
> Since that original number there have been no more mentions.
>> I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
> I think we should do that anyway.
>> We could also patch the previous update and release a new updater.
> That would deal with anyone doing an update. That might be good to do.
> 
> If I understand correctly any change made won't end up in the released iso/image but any new install that immediately created an OpenVPN connection would then have a month before it needed to be updated and CU187 would then be out.
> 
> Regards,
> Adolf.
>> Best,
>> -Michael
>>> On 4 Jul 2024, at 15:29, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>> 
>>> Hi Michael,
>>> 
>>> I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
>>> 
>>> I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
>>> 
>>> Anyway, I thought I would forward the request to see what you think the best approach would be.
>>> 
>>> Regards,
>>> Adolf.
>>> 
>>> On 04/07/2024 15:10, Adolf Belka wrote:
>>>> Hi Michael,
>>>> 
>>>> The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
>>>> 
>>>> The file needs to be included into the CU187 list to be shipped.
>>>> 
>>>> Regards,
>>>> Adolf.
>>>> 
>>> 
>>> -- 
>>> Sent from my laptop
>>> 

Re: updated ovpn-crl-updater script was not shipped in CU186. Needs to be added to CU187

[Adolf Belka]

[-- Attachment #1: Type: text/plain, Size: 3015 bytes --]

Hi Michael,

On 09/07/2024 23:32, Michael Tremer wrote:
> Hello,
> 
> I have just pushed a rebuild of the last update. So people who upgrade from now on should get the correct script.
> 
> Would you like to communicate this with the people (potentially) affected?

I have communicated it in the forum post thread on the expiry of the CRL 
and also to the person who privately messaged me.

Regards,
Adolf.

> 
> Best,
> -Michael
> 
>> On 8 Jul 2024, at 16:53, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>
>> Hi Michael,
>>
>> On 08/07/2024 17:38, Michael Tremer wrote:
>>> How many users are we talking about?
>>
>> I don't know. The CRL has a lifetime of one month from what Erik has mentioned on the forum. I found that it had expired on my production system but I tend to only use it when I am visiting family/friends so hadn't noticed.
>>
>> In the forum I think there have been 5 or 6 people who have flagged up a problem or that red the post and then fed back that they had made the change to the ovpn-crl-updater script and that it had worked.
>>
>> Since that original number there have been no more mentions.
>>> I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
>> I think we should do that anyway.
>>> We could also patch the previous update and release a new updater.
>> That would deal with anyone doing an update. That might be good to do.
>>
>> If I understand correctly any change made won't end up in the released iso/image but any new install that immediately created an OpenVPN connection would then have a month before it needed to be updated and CU187 would then be out.
>>
>> Regards,
>> Adolf.
>>> Best,
>>> -Michael
>>>> On 4 Jul 2024, at 15:29, Adolf Belka <adolf.belka(a)ipfire.org> wrote:
>>>>
>>>> Hi Michael,
>>>>
>>>> I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
>>>>
>>>> I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
>>>>
>>>> Anyway, I thought I would forward the request to see what you think the best approach would be.
>>>>
>>>> Regards,
>>>> Adolf.
>>>>
>>>> On 04/07/2024 15:10, Adolf Belka wrote:
>>>>> Hi Michael,
>>>>>
>>>>> The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
>>>>>
>>>>> The file needs to be included into the CU187 list to be shipped.
>>>>>
>>>>> Regards,
>>>>> Adolf.
>>>>>
>>>>
>>>> -- 
>>>> Sent from my laptop
>>>>
> 

-- 
Sent from my laptop