From: mhoellein Date: Wed, 3 Nov 2021 12:44:54 +0000 (+0100) Subject: committing changes in /etc after apt run X-Git-Url: https://git.hoellein.online/?a=commitdiff_plain;h=2791e4c9a99158f87dd5947ba9b77bbdd041a708;p=homeserver committing changes in /etc after apt run Package changes: -bind9 1:9.11.3+dfsg-1ubuntu1.15 amd64 -bind9-host 1:9.11.3+dfsg-1ubuntu1.15 amd64 -bind9utils 1:9.11.3+dfsg-1ubuntu1.15 amd64 +bind9 1:9.11.3+dfsg-1ubuntu1.16 amd64 +bind9-host 1:9.11.3+dfsg-1ubuntu1.16 amd64 +bind9utils 1:9.11.3+dfsg-1ubuntu1.16 amd64 -chromium-codecs-ffmpeg-extra 94.0.4606.81-0ubuntu0.18.04.1 amd64 +chromium-codecs-ffmpeg-extra 95.0.4638.69-0ubuntu0.18.04.1 amd64 -dnsutils 1:9.11.3+dfsg-1ubuntu1.15 amd64 +dnsutils 1:9.11.3+dfsg-1ubuntu1.16 amd64 -firefox 93.0+linuxmint1+tricia amd64 -firefox-locale-de 93.0+linuxmint1+tricia amd64 -firefox-locale-en 93.0+linuxmint1+tricia amd64 +firefox 94.0+linuxmint1+tricia amd64 +firefox-locale-de 94.0+linuxmint1+tricia amd64 +firefox-locale-en 94.0+linuxmint1+tricia amd64 -libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.9 amd64 +libapache2-mod-php7.2 7.2.24-0ubuntu0.18.04.10 amd64 -libbind9-160 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libbind9-160 1:9.11.3+dfsg-1ubuntu1.16 amd64 -libdns-export1100 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libdns-export1100 1:9.11.3+dfsg-1ubuntu1.16 amd64 -libdns1100 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libdns1100 1:9.11.3+dfsg-1ubuntu1.16 amd64 -libirs160 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libirs160 1:9.11.3+dfsg-1ubuntu1.16 amd64 -libisc-export169 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libisc-export169 1:9.11.3+dfsg-1ubuntu1.16 amd64 -libisc169 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libisc169 1:9.11.3+dfsg-1ubuntu1.16 amd64 -libisccc160 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libisccc160 1:9.11.3+dfsg-1ubuntu1.16 amd64 -libisccfg160 1:9.11.3+dfsg-1ubuntu1.15 amd64 +libisccfg160 1:9.11.3+dfsg-1ubuntu1.16 amd64 -liblwres160 1:9.11.3+dfsg-1ubuntu1.15 amd64 +liblwres160 1:9.11.3+dfsg-1ubuntu1.16 amd64 -php7.2 7.2.24-0ubuntu0.18.04.9 all -php7.2-bz2 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-cli 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-common 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-curl 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-fpm 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-gd 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-intl 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-json 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-ldap 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-mbstring 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-mysql 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-opcache 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-readline 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-soap 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-sqlite3 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-xml 7.2.24-0ubuntu0.18.04.9 amd64 -php7.2-zip 7.2.24-0ubuntu0.18.04.9 amd64 +php7.2 7.2.24-0ubuntu0.18.04.10 all +php7.2-bz2 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-cli 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-common 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-curl 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-fpm 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-gd 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-intl 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-json 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-ldap 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-mbstring 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-mysql 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-opcache 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-readline 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-soap 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-sqlite3 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-xml 7.2.24-0ubuntu0.18.04.10 amd64 +php7.2-zip 7.2.24-0ubuntu0.18.04.10 amd64 -tzdata 2021a-2ubuntu0.18.04 all -ubuntu-advantage-tools 27.2.2~18.04.1 amd64 +tzdata 2021e-0ubuntu0.18.04 all +ubuntu-advantage-tools 27.3~18.04.1 amd64 --- diff --git a/.etckeeper b/.etckeeper index 9379daa1..b36831ed 100755 --- a/.etckeeper +++ b/.etckeeper @@ -6772,6 +6772,7 @@ maybe chmod 0644 'letsencrypt/csr/3031_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3032_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3033_csr-certbot.pem' maybe chmod 0644 'letsencrypt/csr/3034_csr-certbot.pem' +maybe chmod 0644 'letsencrypt/csr/3035_csr-certbot.pem' maybe chmod 0700 'letsencrypt/keys' maybe chmod 0600 'letsencrypt/keys/0000_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/0001_key-certbot.pem' @@ -9809,6 +9810,7 @@ maybe chmod 0600 'letsencrypt/keys/3032_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3033_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3034_key-certbot.pem' maybe chmod 0600 'letsencrypt/keys/3035_key-certbot.pem' +maybe chmod 0600 'letsencrypt/keys/3036_key-certbot.pem' maybe chmod 0755 'letsencrypt/live' maybe chmod 0755 'letsencrypt/live/ccu.hoellein.online' maybe chmod 0644 'letsencrypt/live/ccu.hoellein.online/README' diff --git a/letsencrypt/csr/3035_csr-certbot.pem b/letsencrypt/csr/3035_csr-certbot.pem new file mode 100644 index 00000000..97253c37 --- /dev/null +++ b/letsencrypt/csr/3035_csr-certbot.pem @@ -0,0 +1,16 @@ +-----BEGIN CERTIFICATE REQUEST----- +MIICdTCCAV0CAQIwADCCASIwDQYJKoZIhvcNAQEBBQADggEPADCCAQoCggEBAKi0 +0JaCM9OCqaEy4MOg0tzsfdJT/RDl2ssNGBju09NiGL8fwm4eTNesdeBwZsH/p5HW +Y0Fw/gxmZGnnn2JQ60rEDmaRMWRRif4Ad971ZqdZKEzcZYtaz4r2o98LPCxs3r0l +vQ/z151Un2kQywNUM9FvNFDo68oCznsQ2/kE5/ERDDTYd4NcG7iYIaIqNZgoF4EY +xyo3VJPYF4aki8G5fRuR+9VPhKzl68vRd13neJhCH8h4yJuV4PR2RaKRbuwM81QJ +UvlK72akyfzrN6nXHc7s84nQ76ADvfPYvQq6txiShXLBtcTx3QBhXYSrtKu8lRLi +EuC/PN3c5FVd6Db3IokCAwEAAaAwMC4GCSqGSIb3DQEJDjEhMB8wHQYDVR0RBBYw +FIISdHYuaG9lbGxlaW4ub25saW5lMA0GCSqGSIb3DQEBCwUAA4IBAQAHJPYGYzCp +fIJ0VyMQXTH4Wxw6QBafHobOQhCH8R9LAL2zUuIzpr+bS7Gn6MRO0DcKUGGZQWmW +VMN9SU0zxouauSzbAKSjGw76tD0DSGnkzHWuIBltp9fprES7vPnHsa+NvuVnXPAt +fbxhvP/qPoxeV70KUW/gB1YAQf3Mu0A1iCIicbODiV8OI098fQLHVbVz6Sp9aMvi +fTVa3AidpMPZVL1KTTBamtcVY6qC2GSqNYbVKz29PQR0Zi0eUlwXV7P58bbdrLSY +DGg2OmxDhVCUB3s9jYqLbODZsh3OE+0Nw463Yw0MRGs6rJriv3K0b9LrmuMngvkQ +KFb7+66qHFgX +-----END CERTIFICATE REQUEST----- diff --git a/letsencrypt/keys/3036_key-certbot.pem b/letsencrypt/keys/3036_key-certbot.pem new file mode 100644 index 00000000..43a4a4b6 --- /dev/null +++ b/letsencrypt/keys/3036_key-certbot.pem @@ -0,0 +1,28 @@ +-----BEGIN PRIVATE KEY----- +MIIEvQIBADANBgkqhkiG9w0BAQEFAASCBKcwggSjAgEAAoIBAQCotNCWgjPTgqmh +MuDDoNLc7H3SU/0Q5drLDRgY7tPTYhi/H8JuHkzXrHXgcGbB/6eR1mNBcP4MZmRp +559iUOtKxA5mkTFkUYn+AHfe9WanWShM3GWLWs+K9qPfCzwsbN69Jb0P89edVJ9p +EMsDVDPRbzRQ6OvKAs57ENv5BOfxEQw02HeDXBu4mCGiKjWYKBeBGMcqN1ST2BeG +pIvBuX0bkfvVT4Ss5evL0Xdd53iYQh/IeMibleD0dkWikW7sDPNUCVL5Su9mpMn8 +6zep1x3O7POJ0O+gA73z2L0KurcYkoVywbXE8d0AYV2Eq7SrvJUS4hLgvzzd3ORV +Xeg29yKJAgMBAAECggEAPhJxIL99NBhCM2ZV3oSgsNpunOF8HiiELOt/b0UIOSFB +u6iC0CNj4IK6yD5zAHQBAp6f3GcnggZ2caTgNrtRJywlpEVNp/x8SjF/6U/fWjlq +o4T/85sQ+68tshYfKLVR6sQk4Oa18VQ+Ztjf6TSk8Cz7Ub2xa51GvW8BkIjmkgI7 +y5S5li8v+qtioMa0BAqyt7FwZMLysGTHo4D71ju+N3hpy2vU9G1as+G3pH8VQTol +5zxL8AnYvn0EX7jKqJO/BsqvdR9DgeXv3jrAdeCa1B71EQ5OuXrABmbZfq7/uipP +qouUexN6bsvMMxoKlsBaTrZwTK27FyoniWIKqrfK1QKBgQDSj6G1jI446WjojVvT ++1iockTZTu4fBSHSd74AOTPsOr8sT09LgcguBL2amUc3Lg5mXPEFoI8AeTVTU8dh +91bIlP+TY2Zkt8gEA63qlzXlzYJtDcewe4Z+aurCNc8bGXkv6XpL8Io89WPTwhu1 +mtEuvtxAgqft0mUEGKO2hZfFPwKBgQDNHO7DocGkqSmKNlSDv3SfDUFCPxb6Fv5L +ACMDmFLl+rCMPJcq0pHdfLbCV0Q44DEJccrC/NWAQkmBSQ3zazteOIcePDorT8vB +3PilczARvvU9qiE4sJpoJxZuMpCZTFBMaE0KOut9Us9Ncp3Hs8pnBzlwnlfGlEA/ +aPi0YEm+NwKBgB/gwvi7eOTA4bMjg52KVhfahPXpbz+fBUnZ+xgJkQTYuAy7TSP/ +WBEvgo0fW5rNDD0PISZa8ot9zkb5ThxU1/yyIidsSxpAgLWq4O+9SNmrzW05QtxD +N094XGZewyY1KxXH4U4R8rvb4usyXgOWlsje+HWD0my9B7IhENgXTaz9AoGBALvN +b/iD1O/VS4mXMU7oL/mpg0UKyxj1kKRPXb/e6phULu5YU/kLkC8CD7xldru02nFR +VVuvcDTdfLv5jeKBHnyouV6/umsJxwCcOLYUf8Df3WA2s/BaEyamE22WsrsKGsO7 +BD8Hr7Kx7cl11m2RexNWlAs/kBLsjt8AWCefuiWFAoGAHTFI6GFLo2PoRF80JBOP +vgwHABXVL4nKGeG+FZ2EUoecXwzeCMWb5SnneRz9TtK6OgPV1bfhPSAbuiA5H8rJ +E98E5o7nMPv2wyERO0XZic6v2tWHU0WmXEhlwbYPgvnvyQexx39MKR8OJudcvNMM +gUZLOuOBdjxIDwI/jC8LuPU= +-----END PRIVATE KEY----- diff --git a/logrotate.d/ubuntu-advantage-tools b/logrotate.d/ubuntu-advantage-tools index 1dede3f5..76e6b47c 100644 --- a/logrotate.d/ubuntu-advantage-tools +++ b/logrotate.d/ubuntu-advantage-tools @@ -1,4 +1,7 @@ -/var/log/ubuntu-advantage.log { +# use the root group by default, since this is the owning group +# of /var/log/ubuntu-advantage*.log files. +/var/log/ubuntu-advantage*.log { + su root root rotate 6 monthly compress diff --git a/systemd/system/multi-user.target.wants/ua-license-check.path b/systemd/system/multi-user.target.wants/ua-license-check.path new file mode 120000 index 00000000..d0f60ae5 --- /dev/null +++ b/systemd/system/multi-user.target.wants/ua-license-check.path @@ -0,0 +1 @@ +/lib/systemd/system/ua-license-check.path \ No newline at end of file diff --git a/systemd/system/timers.target.wants/ua-messaging.timer b/systemd/system/timers.target.wants/ua-messaging.timer deleted file mode 120000 index a9be21a6..00000000 --- a/systemd/system/timers.target.wants/ua-messaging.timer +++ /dev/null @@ -1 +0,0 @@ -/lib/systemd/system/ua-messaging.timer \ No newline at end of file diff --git a/systemd/system/timers.target.wants/ua-timer.timer b/systemd/system/timers.target.wants/ua-timer.timer new file mode 120000 index 00000000..470cbfa9 --- /dev/null +++ b/systemd/system/timers.target.wants/ua-timer.timer @@ -0,0 +1 @@ +/lib/systemd/system/ua-timer.timer \ No newline at end of file diff --git a/ubuntu-advantage/help_data.yaml b/ubuntu-advantage/help_data.yaml index da222a3a..3c93645a 100644 --- a/ubuntu-advantage/help_data.yaml +++ b/ubuntu-advantage/help_data.yaml @@ -43,7 +43,7 @@ fips: FIPS 140-2 is a set of publicly announced cryptographic standards developed by the National Institute of Standards and Technology applicable for FedRAMP, HIPAA, PCI and ISO compliance use cases. - Note that ‘fips’ does not provide security patching. For fips certified + Note that "fips" does not provide security patching. For fips certified modules with security patches please refer to fips-updates. The modules are certified on Intel x86_64 and IBM Z hardware platforms for Ubuntu 18.04 and Intel x86_64, IBM Power8 and IBM Z hardware platforms for @@ -66,3 +66,21 @@ livepatch: livepatches cannot be enabled on fips-enabled systems. You can find out more about Ubuntu Kernel Livepatch service at https://ubuntu.com/security/livepatch + +ros: + help: | + ros provides access to a private PPA which includes security-related + updates for available high and critical CVE fixes for Robot Operating + System (ROS) packages. For access to ROS ESM and security updates, both + esm-infra and esm-apps services will also be enabled. To get additional + non-security updates, enable ros-updates. You can find out more about the + ROS ESM service at https://ubuntu.com/robotics/ros-esm + +ros-updates: + help: | + ros-updates provides access to a private PPA which includes + non-security-related updates for Robot Operating System (ROS) packages. + For full access to ROS ESM, security and non-security updates, + the esm-infra, esm-apps, and ros services will also be enabled. You can + find out more about the ROS ESM service at + https://ubuntu.com/robotics/ros-esm diff --git a/ubuntu-advantage/uaclient.conf b/ubuntu-advantage/uaclient.conf index 7bf292a3..861ead57 100644 --- a/ubuntu-advantage/uaclient.conf +++ b/ubuntu-advantage/uaclient.conf @@ -7,8 +7,12 @@ data_dir: /var/lib/ubuntu-advantage log_file: /var/log/ubuntu-advantage.log log_level: debug security_url: https://ubuntu.com/security +timer_log_file: /var/log/ubuntu-advantage-timer.log ua_config: apt_http_proxy: null apt_https_proxy: null http_proxy: null https_proxy: null + update_messaging_timer: 21600 + update_status_timer: 43200 + metering_timer: 0