Any views expressed within media held on this service are those of the contributors, should not be taken as approved or endorsed by the University, and do not necessarily reflect the views of the University in respect of any particular issue.

LCFG Project

LCFG Project

Recent Activity for the LCFG project

Weekly Changes – 20/05/2024

This week sees some noteworthy changes, here are all the details…


The lcfg/options/video_nvidia.h header now ensures the correct Xorg nvidia driver package is installed (e.g. xserver-xorg-video-nvidia-535-server) so that you can use the card for graphical output. If graphical output is not required then the lcfg/options/nvidia-driver.h header may be included instead.

On Ubuntu Jammy the nvidia package list has been fixed to ensure that the release part of the version string for the user-space packages is always correct.

EdLAN Subnets

The ed/options/edlan-subnets.h header has had comma separated lists of subnets added which can be used in iptables component resources where you would normally provide a single IP address. The space separated lists are retained because Apache cannot accept comma separated lists of IP addresses. Tcpwrappers conveniently accepts either and indeed a mixture of both!

UoE Certificate Authority Root Certificates

The ed/options/sslcerts.h header now installs the most recent versions of the packages that install the root certificates for the EdUni CA 2 and ED.AC.UK MS Active Directory domain CA (used for LDAP queries). These add a new root certificate for the Active Directory domain which it will start using on 12 June. The current root certificate will be removed in an update shortly thereafter.

Note that Informatics’ Scientific Linux clients will have following redundant(?) certificate files removed

  • /etc/pki/tls/certs/LCFG_Automatic_Signing_CA.crt
  • /etc/pki/tls/certs/QuoVadis_EV_SSL_ICA_G1.crt
  • /etc/pki/tls/certs/QuoVadis_EV_SSL_ICA_G3.crt
  • /etc/pki/tls/certs/QuoVadis_Europe_EV_SSL_CA_G1.crt
  • /etc/pki/tls/certs/QuoVadis_Global_SSL_ICA_G2.crt
  • /etc/pki/tls/certs/QuoVadis_Global_SSL_ICA_G3.crt

Scientific Linux clients of the IS Devolved LCFG service will not be affected by this update even if they are including this header as an MDP fixes header is pinning the package at a much older version which does not have the Active Directory CA root certificate at all.

Compliant SSH Server

The ed/options/ssh-server.h has had some syntax and spelling errors fixed so that profiles that include it will now compile.

aptly keyrings

The latest GPG keyring files for the Mozilla packaging team and “Simulation of Urban MObility” (sumo) package repositories have been added to the aptly-keyrings package.

TFTP Server

The lcfg/options/tftp-server.h header supports a new LCFG_OPTIONS_TFTP_USER macro which makes it easier to change the user that the service runs as, the default remains as tftp


There is a new LCFG_OPTIONS_XORG_CORE package option for Ubuntu which may be used to include the xserver-xorg-core package and its dependencies. A couple of options were tweaked to use the new option as a dependency.

Changes to headers and package lists

Members of the Informatics Computing team can browse all the changes to the headers and package lists.

Leave a reply

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>


Report this page

To report inappropriate content on this page, please use the form below. Upon receiving your report, we will be in touch as per the Take Down Policy of the service.

Please note that personal data collected through this form is used and stored for the purposes of processing this report and communication with you.

If you are unable to report a concern about content via this form please contact the Service Owner.

Please enter an email address you wish to be contacted on. Please describe the unacceptable content in sufficient detail to allow us to locate it, and why you consider it to be unacceptable.
By submitting this report, you accept that it is accurate and that fraudulent or nuisance complaints may result in action by the University.