#991136 fetch-crl: Install fails on update-rc.d

#991136#5
Date:
2021-07-15 11:22:17 UTC
From:
To:
Dear Maintainer,


   * I tried to uninstall and reinstall fetch-crl because of error
   * messages regarding a non-existing certificate.

   * Packet configuration fails on update-rc.d: No default runlevel.
   This is expected on a systemd based release as far as I can
   understand.
   init-system-helpers is installed.

   * I would expect fetch-crl to run from cron or a systemd timer, not
   * to install anything in rcN.d.

Best regards,
Carl-Fredrik Enell

#991136#10
Date:
2021-08-10 08:49:03 UTC
From:
To:
Hi!

The SysV init script should not be used on a system that is running
systemd. It is there to be used on non-systemd Debian installations
only (kfreebsd, hurd). If you have enabled this on a systemd based
system, please disable it.

On systemd based systems the proper way is to use the fetch-crl systemd
timer unit. This is activated using:

systemctl enable fetch-crl.timer
systemctl start fetch-crl.timer

There is also a fetch-crl systemd service unit. This is only intended
to be run when the timer unit is triggered, and can not be enabled on
its own - the unit files does not have an install section by design.

The issue with missing certificates would better be addressed by
updating the igtf-policy packages (if you are using them).
Unfortunately, due to the freeze for the upcoming release, this package
is not up to date in Debian and still contains references to an old
discontinued CA that was removed from later upstream releases.

If the discontinued CA (INFN-CA-2015) causes issued for you, you can
reconfigure igtf-policy-classic to exclude it.

See /usr/share/doc/igtf-policy-classic/README.Debian

Let me know if this addresses your issues.

Mattias Ellert


tor 2021-07-15 klockan 13:22 +0200 skrev Carl-Fredrik Enell:

#991136#15
Date:
2021-08-17 10:42:48 UTC
From:
To:
Hi,

Thanks for replying. The measures below seems to have solved my issue.

Indeed I had links to init scripts in the usual directories, /etc/rcN.d.
I removed them with update-rc.d <script> remove

This was the main issue: fetch-crl.timer does not exist in the buster
package.
Now that bullseye is stable however, I decided to do a dist-upgrade on
the machine and got it that way.

All the best,