Overview
Request 1200694 accepted
- Moved /etc/traefik/acme.json to /var/lib/traefik/acme.json to allow traefik
running with "ProtectSystem=full" write access to the certificate store.
The acme.json file will be automatically moved and the configuration will be
updated accordingly.
- Added /usr/lib/sysctl.d/90-itraefik.conf to increase UDP Buffer sizes as explained
at https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
- Created by weberho
- In state accepted
- Package maintainers: avicenzi, pgeorgiadis, and weberho
Request History
weberho created request
- Moved /etc/traefik/acme.json to /var/lib/traefik/acme.json to allow traefik
running with "ProtectSystem=full" write access to the certificate store.
The acme.json file will be automatically moved and the configuration will be
updated accordingly.
- Added /usr/lib/sysctl.d/90-itraefik.conf to increase UDP Buffer sizes as explained
at https://github.com/quic-go/quic-go/wiki/UDP-Buffer-Sizes
weberho accepted request
Everything works nicely, so I accept the request. I'll request the above mentioned audits, too.
Note the following - should I request the verifications?
[ 281s] traefik.x86_64: E: sysctl-file-unauthorized (Badness: 10) /usr/lib/sysctl.d/90-traefik.conf (sha256 file digest default filter:d415ec01e165111e6684b1e3a01308734c5c8e07d7b1018b65ceba3dba4b79c6 shell filter:fa6168516d46bc00f6d0cccc4470fa0e2beea74396490d3466b1640f8e312bd2 xml filter:<failed-to-calculate>)
[ 281s] Packaging sysctl.d drop-in configuration files requires a review and whitelisting by the SUSE security team. If the package is intended for inclusion in any SUSE product please open a bug report to request review of [ 281s] the package by the security team. Please refer to https://en.opensuse.org/openSUSE:Package_security_guidelines#audit_bugs for more information. ...
[ 281s] traefik.x86_64: W: non-standard-uid /etc/traefik traefik ...
[ 281s] A file in this package is owned by an unregistered user id. To register the user, please make a pull request to the rpmlint config file configs/openSUSE/users-groups.toml in the rpmlint repository.
[ 281s] traefik.x86_64: W: non-standard-gid /etc/traefik traefik ...
Factory has its own checks, they might help you in case these are not allowed. I'm not entirely sure what to do here.
I have created https://bugzilla.suse.com/show_bug.cgi?id=1230555