We're calling on all EU-based Mozillians with iOS or iPadOS devices to help us monitor Apple’s new browser choice screens. Join the effort to hold Big Tech to account!

ძიება მხარდაჭერაში

ნუ გაებმებით თაღლითების მახეში მხარდაჭერის საიტზე. აქ არასდროს მოგთხოვენ სატელეფონო ნომერზე დარეკვას, შეტყობინების გამოგზავნას ან პირადი მონაცემების გაზიარებას. გთხოვთ, გვაცნობოთ რამე საეჭვოს შემჩნევისას „დარღვევაზე მოხსენების“ მეშვეობით.

ვრცლად

thunderbird 68 use of json policy

  • 3 პასუხი
  • 1 მომხმარებელი წააწყდა მსგავს სიძნელეს
  • 1 ნახვა
  • ბოლოს გამოეხმაურა p.v.malkov

json policy was added to TB68 https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/

For company CA installation I have firefox policy: /usr/share/firefox-esr/distribution/policies.json

       {
         "policies": {
           "Certificates": {
             "Install": [ "/etc/ca.pem" ]
           }
         }
       }

It works

What is the path for TB policy and filename? mirrored structure did not help /usr/share/thunderbird/distribution/policies.json TB still warnes about certificate

It worked with trick to use system certs, ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so with /usr/local/share/ca-certificates && update-ca-certificates and lockPref("security.enterprise_roots.enabled", true);

but better to use new solution

UPD: I checked source. And it is correct, it uses distribution/policies.json But it does not apply niether

       {
         "policies": {
           "Certificates": {
             "Install": [ "/etc/ca.pem" ]
           }
         }
       }

nor

       {
         "policies": {
           "Certificates": {
             "ImportEnterpriseRoots": true
           }
         }
       }
json policy was added to TB68 https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ For company CA installation I have firefox policy: /usr/share/firefox-esr/distribution/policies.json { "policies": { "Certificates": { "Install": [ "/etc/ca.pem" ] } } } It works What is the path for TB policy and filename? mirrored structure did not help /usr/share/thunderbird/distribution/policies.json TB still warnes about certificate It worked with trick to use system certs, ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so with /usr/local/share/ca-certificates && update-ca-certificates and lockPref("security.enterprise_roots.enabled", true); but better to use new solution UPD: I checked source. And it is correct, it uses distribution/policies.json But it does not apply niether { "policies": { "Certificates": { "Install": [ "/etc/ca.pem" ] } } } nor { "policies": { "Certificates": { "ImportEnterpriseRoots": true } } }

ჩასწორების თარიღი: , ავტორი: p.v.malkov

გადაწყვეტა შერჩეულია

after FF installation link is created

       /usr/lib/firefox-esr/distribution --> ../../share/firefox-esr/distribution

check code why TB does not do it I created link manually and bingo, it started working

       /usr/lib/thunderbird/distribution --> ../../share/thunderbird/distribution
პასუხის ნახვა სრულად 👍 0

ყველა პასუხი (3)

Can you install the certificate using the user interface. I am seeing folks with certificates that are simple not suitable either because they are not issues by certifying authorities (self signed in some cases) or are invalid because the provider is not recognized in the CA chain of trust.

Manuall installation of cert works fine as well as a mail recieving after. The same action

       with_items:
       - /usr/share/firefox-esr/distribution/policies.json
       - /usr/share/thunderbird/distribution/policies.json

before installing FF and TB, but different result.

ჩასწორების თარიღი: , ავტორი: p.v.malkov

შერჩეული გადაწყვეტა

after FF installation link is created

       /usr/lib/firefox-esr/distribution --> ../../share/firefox-esr/distribution

check code why TB does not do it I created link manually and bingo, it started working

       /usr/lib/thunderbird/distribution --> ../../share/thunderbird/distribution