Hi Michael,
The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
The file needs to be included into the CU187 list to be shipped.
Regards, Adolf.
Hi Michael,
I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
Anyway, I thought I would forward the request to see what you think the best approach would be.
Regards, Adolf.
On 04/07/2024 15:10, Adolf Belka wrote:
Hi Michael,
The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
The file needs to be included into the CU187 list to be shipped.
Regards, Adolf.
How many users are we talking about?
I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
We could also patch the previous update and release a new updater.
Best, -Michael
On 4 Jul 2024, at 15:29, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
Anyway, I thought I would forward the request to see what you think the best approach would be.
Regards, Adolf.
On 04/07/2024 15:10, Adolf Belka wrote:
Hi Michael,
The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
The file needs to be included into the CU187 list to be shipped.
Regards, Adolf.
-- Sent from my laptop
Hi Michael,
On 08/07/2024 17:38, Michael Tremer wrote:
How many users are we talking about?
I don't know. The CRL has a lifetime of one month from what Erik has mentioned on the forum. I found that it had expired on my production system but I tend to only use it when I am visiting family/friends so hadn't noticed.
In the forum I think there have been 5 or 6 people who have flagged up a problem or that red the post and then fed back that they had made the change to the ovpn-crl-updater script and that it had worked.
Since that original number there have been no more mentions.
I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
I think we should do that anyway.
We could also patch the previous update and release a new updater.
That would deal with anyone doing an update. That might be good to do.
If I understand correctly any change made won't end up in the released iso/image but any new install that immediately created an OpenVPN connection would then have a month before it needed to be updated and CU187 would then be out.
Regards, Adolf.
Best, -Michael
On 4 Jul 2024, at 15:29, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
Anyway, I thought I would forward the request to see what you think the best approach would be.
Regards, Adolf.
On 04/07/2024 15:10, Adolf Belka wrote:
Hi Michael,
The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
The file needs to be included into the CU187 list to be shipped.
Regards, Adolf.
-- Sent from my laptop
Hello,
I have just pushed a rebuild of the last update. So people who upgrade from now on should get the correct script.
Would you like to communicate this with the people (potentially) affected?
Best, -Michael
On 8 Jul 2024, at 16:53, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
On 08/07/2024 17:38, Michael Tremer wrote:
How many users are we talking about?
I don't know. The CRL has a lifetime of one month from what Erik has mentioned on the forum. I found that it had expired on my production system but I tend to only use it when I am visiting family/friends so hadn't noticed.
In the forum I think there have been 5 or 6 people who have flagged up a problem or that red the post and then fed back that they had made the change to the ovpn-crl-updater script and that it had worked.
Since that original number there have been no more mentions.
I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
I think we should do that anyway.
We could also patch the previous update and release a new updater.
That would deal with anyone doing an update. That might be good to do.
If I understand correctly any change made won't end up in the released iso/image but any new install that immediately created an OpenVPN connection would then have a month before it needed to be updated and CU187 would then be out.
Regards, Adolf.
Best, -Michael
On 4 Jul 2024, at 15:29, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
Anyway, I thought I would forward the request to see what you think the best approach would be.
Regards, Adolf.
On 04/07/2024 15:10, Adolf Belka wrote:
Hi Michael,
The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
The file needs to be included into the CU187 list to be shipped.
Regards, Adolf.
-- Sent from my laptop
Hi Michael,
On 09/07/2024 23:32, Michael Tremer wrote:
Hello,
I have just pushed a rebuild of the last update. So people who upgrade from now on should get the correct script.
Would you like to communicate this with the people (potentially) affected?
I have communicated it in the forum post thread on the expiry of the CRL and also to the person who privately messaged me.
Regards, Adolf.
Best, -Michael
On 8 Jul 2024, at 16:53, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
On 08/07/2024 17:38, Michael Tremer wrote:
How many users are we talking about?
I don't know. The CRL has a lifetime of one month from what Erik has mentioned on the forum. I found that it had expired on my production system but I tend to only use it when I am visiting family/friends so hadn't noticed.
In the forum I think there have been 5 or 6 people who have flagged up a problem or that red the post and then fed back that they had made the change to the ovpn-crl-updater script and that it had worked.
Since that original number there have been no more mentions.
I would like to close the update now anyways and release it into testing this week. That being said, we are probably looking at a release in the last week of July or later…
I think we should do that anyway.
We could also patch the previous update and release a new updater.
That would deal with anyone doing an update. That might be good to do.
If I understand correctly any change made won't end up in the released iso/image but any new install that immediately created an OpenVPN connection would then have a month before it needed to be updated and CU187 would then be out.
Regards, Adolf.
Best, -Michael
On 4 Jul 2024, at 15:29, Adolf Belka adolf.belka@ipfire.org wrote:
Hi Michael,
I have been asked in a private forum message (not sure why they made it private), about whether CU187 should be made an emergency update just for the ovpn-crl-updater due to the numbers of people who might lose their OpenVPN connections if the crl cannot be updated.
I pointed out that CU187 was close to being released for Testing and that changing everything would probably create more issues and chaos and delay CU187 which has quite a few updates related to CVE fixes.
Anyway, I thought I would forward the request to see what you think the best approach would be.
Regards, Adolf.
On 04/07/2024 15:10, Adolf Belka wrote:
Hi Michael,
The ovpn-crl-updater script was updated to take account of the modified location for the ovpn.cnf file but the script was missed of the list of files to be shipped with CU186.
The file needs to be included into the CU187 list to be shipped.
Regards, Adolf.
-- Sent from my laptop
-
Adolf Belka -
Michael Tremer