[Bug 1483762] [NEW] [SRU] ship new public cert
Dustin Kirkland
dustin.kirkland at gmail.com
Tue Aug 11 14:15:33 UTC 2015
Public bug reported:
Pollinate ships entropy.ubuntu.com's public certificate for tighter
security.
This certificate has been updated and pollinate needs to be updated.
The previous certificate is expiring at Thursday, October 15, 2015 at
11:10:53 AM.
[Impact]
Any new 14.04 (Trusty) cloud instance with a down-level version of pollinate will fail to seed their PRNG from entropy.ubuntu.com, after Thursday, October 15, 2015 at 11:10:53 AM.
[Test Case]
Run:
$ sudo pollinate -r
to reseed your PRNG. If you have the old version of pollinate, you'll get certificate errors (See Comment #1), and it will exit non-zero. If you have the new version (already uploaded to ppa:pollinate/ppa, utopic, trusty-proposed), it will work again and exit zero (see Comment #2).
[Regression Potential]
Negligible. A single file is updated with a new public SSL certificate for https://entropy.ubuntu.com, in /etc/pollinate/entropy.ubuntu.com.pem
** Affects: pollinate (Ubuntu)
Importance: High
Assignee: Dustin Kirkland (kirkland)
Status: In Progress
** Affects: pollinate (Ubuntu Trusty)
Importance: High
Assignee: Dustin Kirkland (kirkland)
Status: In Progress
** Affects: pollinate (Ubuntu Vivid)
Importance: High
Assignee: Dustin Kirkland (kirkland)
Status: In Progress
** Affects: pollinate (Ubuntu Wily)
Importance: High
Assignee: Dustin Kirkland (kirkland)
Status: In Progress
** Description changed:
Pollinate ships entropy.ubuntu.com's public certificate for tighter
security.
This certificate has been updated and pollinate needs to be updated.
+ The previous certificate is expiring at Thursday, October 15, 2015 at
+ 11:10:53 AM.
[Impact]
- Any new 14.04 (Trusty) cloud instance with a down-level version of pollinate will fail to seed their PRNG from entropy.ubuntu.com.
+ Any new 14.04 (Trusty) cloud instance with a down-level version of pollinate will fail to seed their PRNG from entropy.ubuntu.com, after Thursday, October 15, 2015 at 11:10:53 AM.
[Test Case]
Run:
- $ sudo pollinate -r
+ $ sudo pollinate -r
to reseed your PRNG. If you have the old version of pollinate, you'll get certificate errors (See Comment #1), and it will exit non-zero. If you have the new version (already uploaded to ppa:pollinate/ppa, utopic, trusty-proposed), it will work again and exit zero (see Comment #2).
[Regression Potential]
Negligible. A single file is updated with a new public SSL certificate for https://entropy.ubuntu.com, in /etc/pollinate/entropy.ubuntu.com.pem
** Changed in: pollinate (Ubuntu)
Importance: Undecided => High
** Changed in: pollinate (Ubuntu)
Status: New => In Progress
** Also affects: pollinate (Ubuntu Trusty)
Importance: Undecided
Status: New
** Also affects: pollinate (Ubuntu Wily)
Importance: High
Status: In Progress
** Also affects: pollinate (Ubuntu Vivid)
Importance: Undecided
Status: New
** Changed in: pollinate (Ubuntu Trusty)
Status: New => In Progress
** Changed in: pollinate (Ubuntu Vivid)
Status: New => In Progress
** Changed in: pollinate (Ubuntu Trusty)
Importance: Undecided => High
** Changed in: pollinate (Ubuntu Vivid)
Importance: Undecided => High
** Changed in: pollinate (Ubuntu Trusty)
Assignee: (unassigned) => Dustin Kirkland (kirkland)
** Changed in: pollinate (Ubuntu Vivid)
Assignee: (unassigned) => Dustin Kirkland (kirkland)
** Changed in: pollinate (Ubuntu Wily)
Assignee: (unassigned) => Dustin Kirkland (kirkland)
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to pollinate in Ubuntu.
https://bugs.launchpad.net/bugs/1483762
Title:
[SRU] ship new public cert
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/pollinate/+bug/1483762/+subscriptions
More information about the Ubuntu-server-bugs
mailing list