Question

话题已存档。如果需要帮助请提出新问题。

thunderbird 68 use of json policy

3 个回答
1 人有此问题
1 次查看
最后回复者为 p.v.malkov

4 年前

p.v.malkov

2020/5/26 23:18

json policy was added to TB68 https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/

For company CA installation I have firefox policy: /usr/share/firefox-esr/distribution/policies.json

       {
         "policies": {
           "Certificates": {
             "Install": [ "/etc/ca.pem" ]
           }
         }
       }

It works

What is the path for TB policy and filename? mirrored structure did not help /usr/share/thunderbird/distribution/policies.json TB still warnes about certificate

It worked with trick to use system certs, ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so with /usr/local/share/ca-certificates && update-ca-certificates and lockPref("security.enterprise_roots.enabled", true);

but better to use new solution

UPD: I checked source. And it is correct, it uses distribution/policies.json But it does not apply niether

       {
         "policies": {
           "Certificates": {
             "Install": [ "/etc/ca.pem" ]
           }
         }
       }

nor

       {
         "policies": {
           "Certificates": {
             "ImportEnterpriseRoots": true
           }
         }
       }

json policy was added to TB68 https://www.thunderbird.net/en-US/thunderbird/68.0/releasenotes/ For company CA installation I have firefox policy: /usr/share/firefox-esr/distribution/policies.json { "policies": { "Certificates": { "Install": [ "/etc/ca.pem" ] } } } It works What is the path for TB policy and filename? mirrored structure did not help /usr/share/thunderbird/distribution/policies.json TB still warnes about certificate It worked with trick to use system certs, ln -s /usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so /usr/lib/thunderbird/libnssckbi.so with /usr/local/share/ca-certificates && update-ca-certificates and lockPref("security.enterprise_roots.enabled", true); but better to use new solution UPD: I checked source. And it is correct, it uses distribution/policies.json But it does not apply niether { "policies": { "Certificates": { "Install": [ "/etc/ca.pem" ] } } } nor { "policies": { "Certificates": { "ImportEnterpriseRoots": true } } }

由p.v.malkov于2020年5月31日 -0700 20:22:44修改

被采纳的解决方案

after FF installation link is created

       /usr/lib/firefox-esr/distribution --> ../../share/firefox-esr/distribution

check code why TB does not do it I created link manually and bingo, it started working

       /usr/lib/thunderbird/distribution --> ../../share/thunderbird/distribution

👍 0

Answer 1 · 2020-05-26 23:18:04

Matt

Moderator
Top 10 Contributor

2020/5/29 17:07

Can you install the certificate using the user interface. I am seeing folks with certificates that are simple not suitable either because they are not issues by certifying authorities (self signed in some cases) or are invalid because the provider is not recognized in the CA chain of trust.

Answer 2 · 2020-05-26 23:18:04

p.v.malkov 提问者

2020/5/31 18:46

Manuall installation of cert works fine as well as a mail recieving after. The same action

       with_items:
       - /usr/share/firefox-esr/distribution/policies.json
       - /usr/share/thunderbird/distribution/policies.json

before installing FF and TB, but different result.

由p.v.malkov于2020年5月31日 -0700 18:46:42修改

Answer 3 · 2020-05-26 23:18:04

p.v.malkov 提问者

2020/5/31 20:22

选择的解决方案

after FF installation link is created

       /usr/lib/firefox-esr/distribution --> ../../share/firefox-esr/distribution

check code why TB does not do it I created link manually and bingo, it started working

       /usr/lib/thunderbird/distribution --> ../../share/thunderbird/distribution

搜索 | 用户支持

thunderbird 68 use of json policy

被采纳的解决方案

所有回复 (3)

选择的解决方案

按产品浏览

按产品浏览

选择产品

按主题浏览所有论坛帖子

获取下列产品帮助

搜索 | 用户支持

thunderbird 68 use of json policy

被采纳的解决方案

所有回复 (3)

选择的解决方案