Univention Bugzilla – Bug 37541
Optional workaround for java updater
Last modified: 2016-02-16 15:12:33 CET
The windows java updater is unable to use the UCS@school proxy. So an exception for squid has been suggested by a customer. The following ACL allows access for clients with a specific browser string: acl winhttp browser -i ^Microsoft-CryptoAPI http_access allow winhttp
If UCS@school comes with a predefined ACL, this should be disabled by default but be easily activatable via e.g. UCR variables.
Please also check if the Windows Update service is able to automatically fetch windows updates from Microsoft. If this is not the case, please also add an appropriate exception. The implementation/code change should be done via Bug 37543. The configuration (setting UCR variables) should be done in this bug.
(In reply to Sönke Schwardt-Krummrich from comment #2) > Please also check if the Windows Update service is able to automatically > fetch windows updates from Microsoft. If this is not the case, please also > add an appropriate exception. squid/acl/windowsupdater/allow/browser/string: Windows-Update-Agent ∨ squid/acl/windowsupdater/allow/dstdomain-i/regex: ^(.*\.update\.microsoft|download.windowsupdate)\.com$
ucs-school-webproxy (11.0.3-1) unstable; urgency=medium * Add Windows Updater exception ACL (Bug #37541) * Add script to enable Java Updater exception ACLs (Bug #37541)
Changelog r60005
Why is the windowsupdater squid rule hardly set via '=' instead of '?'. @Sönke: Is it okay to set the varaible in the postinst script (for every UCS@school installation) instead of another enable/disable script? See also Bug #37542 comment 4.
ucs-school-webproxy (11.0.4-1) unstable; urgency=medium * Fix Windows Updater exception ACL (Bug #37541) * Fix script to enable Java Updater exception ACLs (Bug #37541) * Fix script to enable Java Applet exception ACLs (Bug #37542)
(In reply to Florian Best from comment #6) > Why is the windowsupdater squid rule hardly set via '=' instead of '?'. > @Sönke: Is it okay to set the varaible in the postinst script (for every > UCS@school installation) instead of another enable/disable script? I think, this should be set hardly via '=' iff - a new installation of ucs-school-webproxy is performed or - an update to UCS@school 4.0R2 is done. (similar to setting squid/forwardedfor in the postinst script)
(In reply to Sönke Schwardt-Krummrich from comment #8) > I think, this should be set hardly via '=' iff > - a new installation of ucs-school-webproxy is performed or > - an update to UCS@school 4.0R2 is done. Otherwise the workaround is reenabled on each update of ucs-school-webproxy.
> > I think, this should be set hardly via '=' iff s/hardly/forcibly/g
(In reply to Sönke Schwardt-Krummrich from comment #8) > (In reply to Florian Best from comment #6) > > Why is the windowsupdater squid rule hardly set via '=' instead of '?'. > > @Sönke: Is it okay to set the varaible in the postinst script (for every > > UCS@school installation) instead of another enable/disable script? > > I think, this should be set hardly via '=' iff > - a new installation of ucs-school-webproxy is performed or > - an update to UCS@school 4.0R2 is done. > > (similar to setting squid/forwardedfor in the postinst script) → ucs-school-webproxy (11.0.6-1)
OK: scripts + rules + restart-instruction OK: UCRV setting OK: Changelog
UCS@school 4.0 R2 v1 has been released: http://docs.univention.de/release-notes-ucsschool-4.0R2v1-de.html If this error occurs again, please use "Clone This Bug".