This reverts commit 7637ce6464bc28c3651b5884c3fbf2fac6ed5b66.
Revert "add missing file"
This reverts commit 7599e35af893ad9d8b544a05d5289da4093749e4.
We've switched to Let's Encrypt.
postinst configure: run update-ca-certificates if the
previous version is <= 5.0-23.
(cherry picked from commit 088597a355c9af240d764aa1262b393e8716e0f0)
backported version check to 4.4-15
(cherry picked from commit 7637ce6464bc28c3651b5884c3fbf2fac6ed5b66)
and added file StartCom_Certification_Authority_2.crt
(cherry picked from commit 7599e35af893ad9d8b544a05d5289da4093749e4)
having our ceph.service pulled in by ceph.target does not
work anymore, because "systemctl start ceph.target" hangs
forever on ceph-common upgrades. multi-user.target seems to
work as well, and we are ordered after pve-cluster anyway.
only replace the old ceph.service if it is an exact match.
Signed-off-by: Fabian Grünbichler <f.gruenbichler@proxmox.com>
The actual 4.3-12 release is done in a separate
branch "hotfix-4.3-12", because we cannot release
commit a94749851 now (requires updated pve-cluster
package).
Instead we will the use the CA certificate provided by the
ca-certificates packages, which is now a mandatory depency of
pve-manager since 067d24db98 and
pve-manager 4.2-17. This change allows us in the future to
use different CA for our https repositories.
This changed has been tested OK with the following combination:
* https repository using a StartCom certificate: works
* https repository using a Let's encrypt certificate: works
User visible changes:
* none : the new configuration file 75pveconf silently
overwrites the olderone, except if local changes were made
in which case you're presented with the traditional debian menu
(keep local/ use packager version/ diff / open a shell)
ca-certificates provides the necessary root ca certificates
to connect to the PVE enterprise repositories
The package was always installed since pve-manager 3.1-13 as an indirect
'Depends:' via liblwp-protocol-https, but could have been missing in previous
versions of pve.
Adding this dependency directly makes it sures that it's available
in each PVE installs no matter what Debian packagers do.
With this package installed we no longer need to ship
our own server CA cert.
