debian-edu-config (2.12.45) unstable; urgency=medium * share/debian-edu-config/tools/gosa-sync: + From password TMPFILE, strip newline character from end-of-file. The LDAP whoami call for verifying the correctness of the passed-in user password requires a password file without trailing newline to succeed. * share/debian-edu-config/gosa.conf.template: + Various white-space fixes. + Don't (single-)quote placeholders in plugin hooks. GOsa² will add single- quotes around placeholder variables when generating hook commands. Esp. when using single quotes around placeholders, they will be duplicated and thus eliminate eacher other. This problem occurred for users with space characters in their DN while changing the user's password. (The hook would only operate on a partial DN string, split at first space char occurrence in the DN string). -- Mike Gabriel Thu, 25 Jul 2024 09:52:14 +0200 debian-edu-config (2.12.44) unstable; urgency=medium * share/debian-edu-config/tools/wpad-extract: + Update IP of www.debian.org. + Don't use the proxy for accessing wpad. * share/debian-edu-config/tools/fetch-rootca-cert: + Don't use the proxy for accessing wwww.intern. * debian/debian-edu-config.maintscript: + Remove stray /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert. Should have been removed with 2.12.34 already. (Closes: #1061560). + Use version numbers as recommended on the dpkg-maintscript-helper man page (the current upload version suffixed by '~'). -- Mike Gabriel Wed, 31 Jan 2024 15:07:09 +0100 debian-edu-config (2.12.43) unstable; urgency=medium [ Holger Levsen ] * d/changelog: - add missing Closes: for #1021688, #1024033 and #1039461 in previous entries to ease future debugging. - fix too long line in previous entry. -- Holger Levsen Mon, 25 Dec 2023 11:56:02 +0100 debian-edu-config (2.12.42) unstable; urgency=medium * share/debian-edu-config/tools/update-proxy-from-wpad: Ignore missing dconf command. (Closes: #1057777). It might be missing on main-server installations where no desktop environment is installed. -- Mike Gabriel Sat, 09 Dec 2023 08:15:45 +0100 debian-edu-config (2.12.41) unstable; urgency=medium [ Guido Berhoerster ] * gosa-sync: Decode the user password which GOsa substitutes base64 encoded. This fixes a bug where the user password could not be set or changed. (related to #1052159). -- Mike Gabriel Fri, 01 Dec 2023 21:44:38 +0100 debian-edu-config (2.12.40) unstable; urgency=medium * share/debian-edu-config/gosa.conf.template: + Deploy GOsa² based on its classic theming, the Materialize CSS theme is too immature to be used in production. -- Mike Gabriel Thu, 30 Nov 2023 08:32:34 +0100 debian-edu-config (2.12.39) unstable; urgency=medium * ldap-bootstrap/root.ldif: Fix gosaAclEntry of BaseDN object. -- Mike Gabriel Sun, 19 Nov 2023 09:56:39 +0100 debian-edu-config (2.12.38) unstable; urgency=medium [ Wolfgang Schweer ] * Fix main server network setup. Closes: #1055647. -- Holger Levsen Fri, 10 Nov 2023 16:42:11 +0100 debian-edu-config (2.12.37) unstable; urgency=medium [ Guido Berhoerster ] * Discard excessive nullmailer logging. Filter out log messages coming from a client running nullmailer since it is very verbose and can easily fill up the filesystem under /var/log. (Closes: #1003728). * ldap-createuser-krb5: fix password prompt. * Disable cfengine3 systemd service. Disabling only cf-execd in 75b4e3f7 (see #1041323) did not work as it gets pulled in as a dependency of cfengine3. Thus disable the cfengine3 service instead. * Rewrite testsuite/filesystems, add exception for /boot Rewrite for clarity and robustness. Add exception for /boot which may use ext2. * testsuite/ldap-{server,client}: Fix invocation of ldapsearch. The -h command line option has been removed, ldapsearch now only accepts a LDAP URI via the -H option. Also do not use the deprecated egrep and get rid of unnecessary wc. Use dig and awk instead of host and interpret the SRV record properly. * testsuite/ldap-client: Improve error message on PAM modules. * Fix remaining invocations of ldapsearch. * Disable using the LDAP PAM module (we use pam_krb5.so instead). * setup-freeradius-server: Set commonName and subjectAltNames on the server cert. (Closes: #1010159). * setup-freeradius-server: Improve robustness Use update-ini-file for OpenSSL config files. Use more precise sed substitutions which do not rely on example values. Increase password length from 8 to 16 characters. * Change minimum UID/GID for LDAP user to 2000 (Closes: #1003192) With this change local user accounts now use the UID/GID range 1000-1999 instead of 500-999 whereas LDAP user accounts use 2000-59999 instead of 1000-59999. This is to reserve UID/GID 0-999 for system users which is the default in Debian and not conforming to it is increasingly problematic as packages are beginning to use systemd-sysusers for creating system user accounts which does not obey /etc/addusers.conf or /etc/login.defs by default. The first user account created during installation now has UID/GID 2000 instead of 1000. Configure gosa and adjust ldap-createuser-krb5 accordingly. -- Mike Gabriel Wed, 27 Sep 2023 09:57:06 +0200 debian-edu-config (2.12.36) unstable; urgency=medium [ Mike Gabriel ] * ldap-bootstrap/gosa.ldif: + Provide ou=incoming potentially used by GOsa²'s class 'newArpDevice'. This is esp. to silence GOsa² error messages but might be useful at a later point of time. [ Guido Berhoerster ] * Update proxy settings in dconf. This adds support in update-proxy-from-wpad for setting the proxy default values in dconf (used by e.g. GNOME components). The values are added to a site database, it also packages an empty local database in order to obviate the need to modify the user profile. (Closes: #955702) * Remove use of obsolete grep aliases. These have been obsolete forever and have been removed from GNU grep upstream. * Use command -v builtin over external which command * Do not solely rely on the presence of init scripts in maintainer scripts. Check also for systemd service files. * Remove direct invocation of wlan init script. This no longer exists in Debian. * Replace invocation of fetch-ldap-cert init script in DHCP hooks and rename. dhclient hook in Makefile. This has been replaced by fetch-rootca-cert (see #971780). * Silence exim4 warnings in logfile. The lack of keep_environment in the exim4 configuration for clients leads to continuous warnings in the logfile: 'Warning: purging the environment. Suggested action: use keep_environment.' Setting it to an empty value (which is the default) silences that. * Ship PAM group.conf for workstations. LDAP users should be members of several system groups on networked (roaming) workstations. * Add missing dependency on iptables This is required by debian-edu-update-netblock (Closes: #1051446). -- Mike Gabriel Sat, 09 Sep 2023 23:04:46 +0200 debian-edu-config (2.12.35) unstable; urgency=medium [ Guido Berhoerster ] * Remove configure-edu-gateway. (Closes: #1043407). The script is obsoleted by the more sophisticated configuration abilities provided by the debian-edu-router-config package. * Do not hardcode X2Go desktop to Xfce. (Closes: #1049396). Add a commandline option --x2go_desktop for specifying the default desktop and make a best effort finding a usable desktop if none is specified. * Disable cf-execd on installation. (Closes: #1041323). Currently cf-execd is enabled by default if systemd is used (see #1043353) but the agent should only be run on installation. * Do not attempt to fetch the rootCA cert outside of a DebianEdu network An error should only be reported if the machine is inside a DebianEdu network, i.e. www.intern is resolvable, but the download fails. (Closes: #1008599). [ Mike Gabriel ] * debian/tests/control: Remove configure-edu-gateway from list of tests. Script and testscript are now gone. (Related to closure of #1043407, see above). * Silence lintian warnings of type 'bash-term-in-posix-shell' by using variable names that lintian can't confuse with bash-only pre-set variables (e.g. $HOSTNAME or $UID). -- Mike Gabriel Sat, 19 Aug 2023 17:00:36 +0200 debian-edu-config (2.12.34) unstable; urgency=medium [ Mike Gabriel ] * Start 2.12.34 development. * debian/debian-edu-config.lintian-overrides: + Update existing overrides (line numbers and such). + Drop missing-systemd-service-for-init.d-script overrides. Systemd service files are now provided. + Drop init.d-script-does-not-implement-status-option override for fetch-ldap-cert. Init script is now gone. * testsuite: Install to pkglibexecdir rather than libexecdir. Thanks lintian. * Makefile: Adjust white-spacing in variable declarations. * Makefile: Use $(NULL) variable at end of file lists. Allow for better git- patch readability. * Convert CRON configuration to systemd timers. * sbin/*-for-netgroup-hosts: Some noop + white-spacing beautifications. * Move d-e-c-*-for-netgroup-hosts scripts to pkglibexecdir. * debian/debian-edu-config.postinst: + Assure runlevel de-registering of init script fetch-ldap-cert. * debian/debian-edu-config.maintscript: + Assure removal of /etc/init.d/fetch-ldap-cert conffile. * debian/debian-edu-config.cron.*: + Only run scripts if they exist. Thanks piuparts. [ Daniel Teichmann ] * etc/dhcp/dhcp-debian-edu.conf: + ldap-server. 'ldap' -> 'ldap.intern'. (Closes: #1039966). * share/debian-edu-config/tools/gosa-remove: + Fix kadmin.local, Use '-force' to disable interaction via stdin. [ Guido Berhoerster ] * ldap-tools/ldap-createuser-krb5: + Fix user creation. (Closes: #1042456). Remove Samba NT4 domain support, add samba user using smbpasswd. Add root CA for new users (copied from gosa-create). + Fix new UID/GID selection. Exclude special users (UID/GID >= 10000) when looking for the highest UID/GID. + Add CLI options for uid/gid/department. Also ensure script is run as root. + Add additional attributes based on template users. + Add support for additional groups. + Send welcome email in order to create maildir. Without this the maildir in /var/mail/ will not exist and Dovecot will refuse to let the user log in as it cannot create this directory. + Set LDAP password when creating users. This allows users to use GOsa² to change their password. * Add systemd services for configuring Chromium/Firefox from LDAP. Factor out logic from init script into separate script which are then called from both the init script and systemd services. * Add systemd service enabling NAT for thin clients. * Add systemd service for fetching the RootCA file from the main server. * Drop init script for fetching LDAP SSL public key from legacy main servers. This drops support for clients running behind a main server based on Debian Edu stretch. (Closes: #1030116). * Update debian/rules for init scripts and systemd services. (Closes: #1039166). * Generate a random password for the icinga/icingaweb databases. (Closes: #1040015). * update-dlw-krb5-keytabs: Handle missing/empty diskless-workstation-hosts. * Followup fixes for ntpsec transition. * Add systemd support to debian-edu-restart-services: This uses a list of service units which was compiled on a main server + ltsp installation. Uses stop and start to force restart reverse-dependencies. It also makes sure that drop in files are recognized. (Closes: #1042940). * Configure gosa not to use STARTTLS since TLS is already used. ldapTLS configures the use of STARTTLS, not TLS per se which is enabled by the use of ldaps: protocol in URLs. (Closes: #1041322). * Allow root access to cups via SystemGroups. 'root' access is allowed in the default configuration and e.g. necessary for services like debian-edu-cups-queue-autoflush.service to work. (Closes: #1043397). * cf3/promises.cf: fix typo and allow connections from localhost and network. -- Mike Gabriel Thu, 10 Aug 2023 16:47:59 +0200 debian-edu-config (2.12.33) unstable; urgency=medium [ Guido Berhoerster ] * Adapt ntp configuration for ntpsec. Closes: #1038881. ntpsec has replaced ntp in bookworm, adapt configuration and add a drop-in file instead of editing the configuration file. Drop insserv overrides for ntp, the ntpsec systemd unit has an ordering dependency on nss-lookup.target equivalent to the "$named" facility. * Set up database for icingaweb2 Starting with version 2.11 user preferences must be stored in the DB. * Fix permissions issue preventing icingaweb2 from reading the backend config The /etc/icingaweb2/modules directory ends up with "drwxrwSrwx" permissions, missing the "x" bit preventing icingaweb2 from reading the monitoring backend configuration in /etc/icingaweb2/modules/monitoring/. Instead of adjusting single files and directories, enforce sensible permissions on all directories and configuration files. Closes: #1039475. * cf3/cf.samba: fix samba usershares permissions: Setting the group ownership of /var/lib/samba/usershares/ to "students" fails during the installation because this group is defined in LDAP and the slapd is not running at the time the samba promise bundle is evaluated. Thus use the numeric GID instead. The group is defined in ldap-bootstrap/{samba.ldif,gosa.ldif}. Closes: #1039461. -- Mike Gabriel Sat, 01 Jul 2023 05:41:56 +0200 debian-edu-config (2.12.32) unstable; urgency=medium * debian-edu-ltsp-install: fix failure with absent BD iso images. Patch thanks to Wolfgang Schweer. Closes: #1033451. -- Holger Levsen Mon, 27 Mar 2023 20:40:47 +0200 debian-edu-config (2.12.31) unstable; urgency=medium * sbin/debian-edu-pxeinstall: adjust for memtest86+ 6.10-4, thanks to Wolfgang Schweer. * Turkish debconf translation update, thanks to Atila KOÇ. Closes: #1031668. -- Holger Levsen Sun, 26 Feb 2023 10:10:43 +0100 debian-edu-config (2.12.30) unstable; urgency=medium d-i/finish-install: fix typo, thanks to Wolfgang Schweer. -- Holger Levsen Wed, 15 Feb 2023 15:14:02 +0100 debian-edu-config (2.12.29) unstable; urgency=medium * d-i/finish install: remove first local user (and kdc and ldap if set) passwords from debconf after setting them in the system. Thanks to Wolfgang Schweer. Closes: #1029077. * d-i/pre-pkgsel: only set kdc and ldap passwords on main-server, thanks to Wolfgang Schweer. -- Holger Levsen Mon, 13 Feb 2023 17:48:44 +0100 debian-edu-config (2.12.28) unstable; urgency=medium [ Mike Gabriel ] * ldap-bootstrap/gosa.ldif: Adjust gosaAclTemplate to GOsa² 2.8 (all -> all/all). -- Holger Levsen Mon, 06 Feb 2023 21:22:46 +0100 debian-edu-config (2.12.27) unstable; urgency=medium * debian-edu-pxeinstall: adopt to recent changes in memtest86+. Thanks to Wolfgang Schweer. * gosa.conf.template: use LDAPS instead of LDAP to access tjener. Closes: #1030348. Thanks to Daniel Teichmann for the bug report and Wolfgang Schweer for the patch. -- Holger Levsen Mon, 06 Feb 2023 11:39:05 +0100 debian-edu-config (2.12.26) unstable; urgency=medium * tools/create-debian-edu-certs: use chown with colon instead of a dot, thanks lintian. * Explicitly use bash for ldap-tools/ldap-createuser-krb5, sbin/debian-edu-ltsp-chroot and testsuite/ldap-server, thanks lintian. * d/control: - drop obsolete depends on lsb-base, thanks lintian. - bump standards version to 4.6.2, no changes needed. * d/source/lintian-overrides: override some very-long-line-length-in-source-file warnings. * d/debian-edu-config.lintian-overrides: - convert to new syntax. - override a bunch of unused-debconf-template warnings. - override init.d-script-does-not-implement-status-option for internal init scripts. - override some bash-term-in-posix-shell where I confirmed those are false positive. -- Holger Levsen Mon, 30 Jan 2023 14:37:19 +0100 debian-edu-config (2.12.25) unstable; urgency=medium [ Wolfgang Schweer ] * sbin/debian-edu-ltsp-install: Install firefox-esr l10n package conditionally in case the minidesktop thin client type has been chosen. Closes: #1024033. -- Holger Levsen Sun, 13 Nov 2022 14:57:03 +0100 debian-edu-config (2.12.24) unstable; urgency=medium [ Mike Gabriel ] * debian/control: + Change D (d-e-c) on libpam-python to a versioned dependency (>= 1.1.0~git20220701.1d4e111-0.3~). Starting with this version, libpam-python has fully been ported to Python3. (Closes: #1020928). -- Holger Levsen Mon, 24 Oct 2022 23:28:55 +0200 debian-edu-config (2.12.23) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/isc-dhcp-server.service.eth1_only: Use nslcd instead of slapd as required service. Otherwise the DHCP service on a separate or additional LTSP server fails to start if it has been stopped before. * ldap-tools/ldap-debian-edu-install: After the move to MDB the slapd package recently stopped shipping the BDB related DB_CONFIG example file. Trying to copy the file breaks LDAP setup. * cf3/cf.finalize: Replace connman with network-manager-gnome in case the LXQt desktop environment is used during an installation including the Main server or LTSP server profile. (In these cases, ConnMan as the preferred LXQt network manager doesn't work well with the Debian Edu specific way network interfaces are set up.) Closes: #1021688. -- Holger Levsen Mon, 17 Oct 2022 21:56:43 +0200 debian-edu-config (2.12.22) unstable; urgency=medium * d/postinst: do not call update-mime anymore. Closes: #1010432. * d/control: bump standards version to 4.6.1. -- Holger Levsen Mon, 13 Jun 2022 12:39:42 +0200 debian-edu-config (2.12.21) unstable; urgency=medium * Replace dependency on mime-support with one on media-types, thanks to Charles Plessy for the bug report and all the work on this in the first place. Closes: #1010102 -- Holger Levsen Mon, 25 Apr 2022 17:22:41 +0200 debian-edu-config (2.12.20) unstable; urgency=medium * Regression fix upload. * debian/changelog: + Update missing changelog item in 2.12.18 upload stanza (for commit 0e3432df). * debian/debian-edu-config.preinst: + Make .keytab file moval more robust/idempotent. Don't attempt moving .keytab files if /etc/debian-edu/host-keytabs is already a symlink. * debian/debian-edu-config.postinst: + Fix some typos (follow-up for 0e1df64b, v2.12.16). * share/debian-edu-config/tools/update-proxy-from-wpad: - Really send warnings from this script to stderr (follow-up for f827feba, v2.12.18). * share/debian-edu-config/tools/gosa-remove-host: - Fix path in comment (follow-up fix for dd2a1c79, v2.12.18). -- Mike Gabriel Wed, 23 Mar 2022 13:26:35 +0100 debian-edu-config (2.12.19) unstable; urgency=medium * Regression fix upload. * Makefile: - Install script share/debian-edu-config/tools/update-dlw-krb5-keytabs into bin:pkg. -- Mike Gabriel Tue, 22 Mar 2022 10:31:36 +0100 debian-edu-config (2.12.18) unstable; urgency=medium * etc/cups/cups-browsed-debian-edu.conf: - Let TJENER's print queues appear on Debian Edu clients, use same print queue names on clients as on TJENER. (Closes: #1005841). * sbin/debian-edu-pxeinstall: - Don't append 'ipappend 2' to the kernel boot cmdline anymore as it confuses systemd when booting into the installed system. This resolves the graphical.target not coming up on Debian Edu workstations that got installed via the PXE/network based Debian Installer method. (Closes: #1006362). - Silence stderr output if the artwork theme lacks a plymouth subfolder. This can be silently ignored and should not trouble Debian Edu admins. * sbin/update-hostname-from-ip: - Simply if-then-else-clauses, reduce number of exit calls, don't exit with non-zero exitcode. Improve syslog messages if things fail. (Closes: #1006604). * share/debian-edu-config/squid.conf: - Prefer DNSv4 lookups over DNSv6. Debian Edu does not yet fully support IPv6 and many schools still use IPv4 primarily. This gives a great performance boost to squid installations if IPv6 internet is not fully available for whatever reason. (Closes: #1006375). * share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}: - Don't fail if proxy update is not possible, only send warnings to stderr and syslog. Don't source wpad-extra script, execute it instead and capture stdout. (Closes: #1008067). - White-space clean-up (use only tabs for indentation). * Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/ and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes: #1002019). * Makefile: Re-arrange installation of some files that are scripts and need exec filesystem permissions. Adjust lintian overrides for these, too. * lintian: Update some override phrases (adjustments to the most recent lintian version). -- Mike Gabriel Tue, 22 Mar 2022 09:53:57 +0100 debian-edu-config (2.12.17) unstable; urgency=medium [ Mike Gabriel ] * share/debian-edu-config/tools/clean-up-host-keytabs: - Don't fail on Kerberos principal removal. - Set executable bits of this file. * debian/control: + Add D (debian-edu-config): libsitesummary-perl (available starting with sitesummary 0.1.50). (Closes: #815695, #968268). -- Holger Levsen Sun, 13 Feb 2022 09:45:45 +0100 debian-edu-config (2.12.16) unstable; urgency=medium [ Wolfgang Schweer ] * etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal network sent to root@. (Closes: #1003727). [ Mike Gabriel ] * share/glib-2.0/schemas/31_debian-edu+mate.gschema.override: Add various long-term-used MATE settings overrides (some from Ubuntu MATE). * MATE screensaver: Offer "logout user" button on screensaver dialog after 40min of inactivity and allow other users to salvage a workstation from an idle user (session). * share/debian-edu-config/tools/setup-freeradius-server: Fix integer comparison in run-by-root check. Script was not executable fully (not even as root). * etc/apache2/mods-available/debian-edu-userdir.conf: - White-space cleanup (tabs and spaces mixed). - CVE-2021-20001: Disable built-in PHP engine. - Add warning to not re-enable PHP interpretation in user dirs (with reference to our README). * README.public_html_with_PHP-CGI+suExec.md: - Provide documentation on how to enable suExec support in Apache2 userdirs (i.e. ~/public_html). * debian/NEWS: + Add file, inform about PHP being disabled in Apache2 user directories. * debian/debian-edu-config.fetch-ldap-cert: Drop retrieval of Debian-Edu_rootCA from this script. This now is the task of the fetch-rootca-cert script. (Closes: #971780). * debian/debian-edu-config.fetch-rootca-cert: Ensure proper symlinking of Debian-Edu_rootCA.crt in /usr/local/share/ca-certificates/ to Debian-Edu_rootCA.crt in /etc/ssl/ca-certificates. Forced symlinking is required, because earlier versions of the fetch-ldap-cert init script put Debian-Edu_rootCA.crt into /etc/ssl/ca-certificates/ as a file. Forced symlinking replaces files by the wanted symlink. The -n option (no- dereference) is required to make sure we don't follow any already existing symlink. (This relates to #971780). * Support krb5i on Diskless Workstations (aka LTSP FAT Clients): - ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup during LDAP bootstrap. - debian/debian-edu-config.{postinst,postrm}: Create non-privileged debian-edu system user account on Debian Edu mainserver (for distribution of host keytabs to diskless workstations aka LTSP fat clients). - share/debian-edu-config/tools/: Add new update-dlw-krb5-keytabs script and call it (with delay) from gosa-modify-host and gosa-remove-host hook scripts. - (Closes: #613167, #1002018). * debian/control: + Add D: adduser. * share/debian-edu-config/tools/update-proxy-from-wpad: - Fix typo (wrong protocol) in APT proxy config creation. - Create a Debian Edu specific proxy configuration in /etc/apt/apt.conf.d/ named 03debian-edu-config rather than meddling with /etc/apt/apt.conf directly. Clean up any earlier meddling from apt.conf, as well. (Closes: #1003560). * share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed on Roaming Workstation. (Closes: #1004605). * share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user templates and ignore them. (Closes: #815042). * ldap-schemas/: Update schema files from Debian's latest GOsa² list of schemas. (Closes: #1004949). * debian/debian-edu-config.postinst: + Replace calling 'service' by calling 'invoke-rc.d'. Thanks, lintian. * debian/debian-edu-config.lintian-overrides: + Adjust line number references in lintian overrides. -- Mike Gabriel Fri, 04 Feb 2022 13:06:25 +0100 debian-edu-config (2.12.15) unstable; urgency=medium [ Mike Gabriel ] * share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service principals if they don't yet exist. (Closes: #1002014). * share/d-e-c/tools/copy-host-keytab: Restart nfs-common/rpc-gssd after having copied over /etc/krb5.keytab. This avoids rebooting for applying the copied over changes. * share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment. [ lintian-brush ] * Add missing build dependency on dh addon. -- Holger Levsen Wed, 29 Dec 2021 18:15:27 +0100 debian-edu-config (2.12.14) unstable; urgency=medium [ Wolfgang Schweer ] * Create the SquashFS image by default for LTSP chroots: - sbin/debian-edu-ltsp-install: Adjust option setting accordingly. - share/man/man8/debian-edu-ltsp-install.8: Update and improve content. * Don't delete the /var/cache/apt directory after X2Go client chroot creation, adjust sbin/debian-edu-ltsp-install accordingly. * share/debian-edu-config/tools/ltsp-addfirmware: Improve usage information. -- Holger Levsen Sat, 20 Nov 2021 12:28:45 +0100 debian-edu-config (2.12.13) unstable; urgency=medium [ Wolfgang Schweer ] * Improve LTSP related maintenance: - sbin/debian-edu-ltsp-initrd: New tool. This is a wrapper script for the 'ltsp initrd' command. It makes sure that a use case specific initrd (/srv/tftp/ltsp/ltsp.img) is generated and moved to the right location. - share/man/man8/debian-edu-ltsp-initrd.8: New manual page. - share/man/man8/debian-edu-ltsp-ipxe.8: Improve manual page content. -- Holger Levsen Sat, 13 Nov 2021 14:30:28 +0100 debian-edu-config (2.12.12) unstable; urgency=medium [ Wolfgang Schweer ] * Improve LTSP related tools: - sbin/debian-edu-ltsp-install: Care for sitesummary-client installation and LTSP client type specific configuration. - sbin/debian-edu-ltsp-ipxe: Care for PXE installation related menu items. -- Holger Levsen Wed, 10 Nov 2021 01:49:02 +0100 debian-edu-config (2.12.11) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.lintian-overrides: Adjust overrides for 'possibly-insecure-handling-of-tmp-files-in-maintainer-script'; actually, 'mktemp -d' is used in debian/debian-edu-config.postinst, tmp file handling is secure. * cf3/cf.ntp: Make sure ntp replaces systemd-timesyncd * cf3/promises.cf: Adjust bundlesequence to ensure ntp configuration happens after ntp has been installed. -- Holger Levsen Wed, 03 Nov 2021 09:57:40 +0100 debian-edu-config (2.12.10) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/{improve-desktop-l10n,install-task-pkgs}: - Don't rely on package availability for each arch autopkgtest is run on. -- Holger Levsen Mon, 25 Oct 2021 11:54:11 +0200 debian-edu-config (2.12.9) unstable; urgency=medium [ Wolfgang Schweer ] * Deal with networking related issues in the autopkgtest environment: - share/debian-edu-config/tools/configure-edu-gateway: Drop services start, stop and restart actions, leave it to the user, add related comment. - debian/tests/configure-edu-gateway: Use 'no' instead of 'yes' for the firewall option to avoid a possible pitfall in the test environment. -- Holger Levsen Sat, 23 Oct 2021 22:54:50 +0200 debian-edu-config (2.12.8) unstable; urgency=medium [ Wolfgang Schweer ] * Fix and improve autopkgtest: - debian/tests/control: Add locales to Depends. - debian/tests/{improve-desktop-l10n,install-task-pkgs}: Actually generate the wanted locale for a more useful test, simplify code. - debian/tests/configure-edu-gateway: Simplify code. - share/debian-edu-config/tools/configure-edu-gateway: Deal with network interfaces in case of virtual setup to fix related test. -- Holger Levsen Sat, 23 Oct 2021 09:27:56 +0200 debian-edu-config (2.12.7) unstable; urgency=medium [ Wolfgang Schweer ] * Add autopkgtest, providing these tests: - configure-edu-gateway (turn a minimal system into a dedicated gateway). - improve-desktop-l10n (install additional packages for $LANG). - install-task-pkgs (install additional packages concerning education desktop packages for $LANG). * debian/debian-edu-config.postinst: - Fix code to remove the /etc/smbldap-tools directory. * cf3/promises.cf: - Remove the debian-edu/cf.ldapscripts entry from the inputs list. -- Holger Levsen Fri, 22 Oct 2021 14:29:35 +0200 debian-edu-config (2.12.6) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.maintscript: Drop /etc/ldap/slapd-debian-edu.conf removal; this also affects preinst which is too early if upgrading from bullseye, breaking the LDAP data base conversion. * debian/debian-edu-config.postinst: Conditionally remove the now obsolete /etc/slapd-debian-edu.conf file. * debian/debian-edu-config.lintian-overrides: Fix entries to avoid mismatched overrides, thanks lintian. * Remove Samba PDC setup related files, obsolete since bullseye: - etc/smbldap-tools/{smbldap.conf,smbldap_bind.conf}, cf3/cf.ldapscripts, share/debian-edu-config/debian-edu.addmachine.template and share/debian-edu-config/debian-edu.ldapscripts.passwd. * debian/control: Drop ldapscripts from Depends. * Adjust files to deal with above changes: - Makefile, cf3/promises.cf - debian/debian-edu-config.{maintscript,postinst,postrm}. -- Holger Levsen Thu, 21 Oct 2021 09:21:44 +0200 debian-edu-config (2.12.5) unstable; urgency=medium [ Mike Gabriel ] * share/debian-edu-config/tools/pxe-addfirmware: Fix TFTP server path (/var/lib/tftpboot-> /srv/tftp). (Closes: #995610) [ Wolfgang Schweer ] * Use the etc/ldap directory for the dedicated slapd.conf file instead of using cf-agent to copy the file; this makes the setup more robust: - Remove share/debian-edu-config/slapd-debian-edu-mdb.conf. - Add etc/ldap/slapd-debian-edu-mdb.conf. - Adjust share/debian-edu-config/tools/move-ldap-bdb-to-mdb, Makefile and cf3/cf.ldapserver accordingly. * debian/debian-edu-config.maintscript: - Care for removal of obsolete ldap/slapd-debian-edu.conf file. - Drop no longer needed entries. * debian/debian-edu-config.postinst: - Use 'command -v' instead of deprecated 'which'. - Adjust LDAP data base related entry. - Cleanup from no longer needed versioned edits/removals. * debian/debian-edu-config.lintian-overrides: Adjust after postinst changes. * share/debian-edu-config/testsuite-lib.sh: - Use /Status:/ instead of /Status\:/ in awk command. (Avoids logs to be spoiled with warnings.) * share/debian-edu-config/d-i/finish-install: - Run cf-agent in verbose mode to improve log message readability. * cf3/cf.dhcpserver: Ensure proper rights for systemd service files. * sbin/debian-edu-ltsp-chroot: - Use last edit date to improve version information. - Minor fixes, thanks shellcheck. * sbin/debian-edu-ltsp-install: - Use last edit date to improve version information. - Minor fixes (typos and copy paste errors). * share/debian-edu-config/tools/ltsp-addfirmware: - Adjust script to be usable with re-written LTSP and add it to the binary package. Also, exclude firmware-microbit-micropython{-dl} and packages requiring interactive EULA acceptance. * share/debian-edu-config/tools/pxe-addfirmware: - Also exclude unusable package(s) firmware-microbit-micropython{-dl}. -- Holger Levsen Wed, 13 Oct 2021 13:43:37 +0200 debian-edu-config (2.12.4) unstable; urgency=medium [ Wolfgang Schweer ] * Add LTSP related tools and manual pages: - sbin/debian-edu-ltsp-chroot: Used for chroot maintenance. - sbin/debian-edu-ltsp-ipxe: Wrapper for 'ltsp ipxe' command. - share/man/man8/debian-edu-ltsp-chroot.8 - share/man/man8/debian-edu-ltsp-ipxe.8 * Improve sbin/debian-edu-ltsp-install concerning chroots: - Relocate and keep X2Go thin client chroots. - Unset temporary directory variables instead of manually creating directories and mounting tmpfs. - Add/adjust iPXE menu item names. - Care for complete sources list in chroots. - Use 'no' as default for the --diskless_workstation option. * Adjust to match above changes: - share/debian-edu-config/tools/run-at-firstboot - share/man/man8/debian-edu-ltsp-install.8 - share/debian-edu-config/tools/copy-host-keytab * share/debian-edu-config/tools/{improve-desktop-l10n,install-task-pkgs}: - Check if package is already installed. Avoids useless noise if cf-agent is also run after system installation, e.g. upgrades. - Whitespace cleanup. * debian/debian-edu-config.postrm: Remove cruft. * debian/debian-edu-config.lintian-overrides: Cleanup, thanks lintian. * debian-edu-config.postinst: Don't run LDAP data base conversion inside d-i. -- Holger Levsen Thu, 30 Sep 2021 12:00:04 +0200 debian-edu-config (2.12.3) unstable; urgency=medium [ Wolfgang Schweer ] * Improve sbin/debian-edu-ltsp-install: - Add LTSP diskless workstation chroot installation as additional option. - Add some more inline documentation. * Adjust share/d-e-c/tools/debian-edu-bless to be easier usable with the 'debian-edu-ltsp-install' script: - Update the list of supported desktop environments, use xfce as default. - Support 'none' as an option to above list just in case someone decides to not install a desktop environment by default (modular installation). - Use cf-agent in verbose mode for better readable logging. * Update share/man/man8/debian-edu-ltsp-install.8 to match the changes. * Use mktemp instead of deprecated tempfile, adjust: - etc/X11/Xsession-debian-edu - sbin/debian-edu-update-netblock - share/debian-edu-config/tools/gosa-sync - testsuite/postoffice -- Holger Levsen Thu, 23 Sep 2021 00:17:27 +0200 debian-edu-config (2.12.2) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust sbin/debian-edu-ltsp-install. (Closes: #993935) Thanks to Dominik George for spotting and reporting the issue. - Extend main server related exclude list. - Add slapd and xrdp-sesman to the list of masked services. - Ensure home directory access after above changes. -- Holger Levsen Wed, 15 Sep 2021 00:38:42 +0200 debian-edu-config (2.12.1) unstable; urgency=medium [ Wolfgang Schweer ] * Start on 2.12.1 as Debian 12 (bookworm) is targeted. * Restrict Icinga web GUI administration using a dedicated group. - ldap-bootstrap/gosa.ldif: Add group icinga-admins. - tools/edu-icinga-setup: Adjust configuration files (HERE documents) to use icinga-admins group for administrator role. * Move LDAP database backend from deprecated BDB to default MDB one: - Add share/debian-edu-config/slapd-debian-edu-mdb.conf (configuration). - Adjust cf3/cf.ldapserver to copy/link configuration file conditionally. - Adjust debian/debian-edu-config.postinst to handle the migration upon upgrades. - Add separate tool share/debian-edu-config/tools/move-ldap-bdb-to-mdb (just in case the migration should be done earlier). * Adjust Makefile. * Adjust debian/debian-edu-config.lintian-overrides, thanks Lintian. * Use 'command -v' instead of 'which' in debian/debian-edu-config.prerm and testsuite/samba. * Bump standards version to 4.6.0, no changes needed. -- Holger Levsen Sat, 04 Sep 2021 01:21:58 +0200 debian-edu-config (2.11.56) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust workaround for isc-dhcp-server-ldap bug #971275. (Closes: #989340) - share/debian-edu-config/isc-dhcp-server.{service,service.eth1_only}: Use ExecStartPre command inspired by the isc-dhcp-server init script instead of a sleep command. * Adjust Exim configuration on client systems. (Closes: #989338) - cf3/cf.exim: Use exim-ldap-client-v4.conf file as exim4.conf on client machines instead of preseeded configuration. This way sending system emails to the main server is working again after the exim4 4.94 changes. * Adjust sbin/debian-edu-ltsp-install. (Closes: #989342) - Drop line containing the cp command (/var/cache/apt doesn't contain .bin files in all use cases and the benefit is minimal if they exist; also, the pkgcache.bin and srcpkgcache.bin files might contain outdated data). - Use the BD ISO image to setup X2Go thin client support only if the script is run inside the Debian Installer environment. There are too many ways to install a combined server (with or without Internet connection, with or without adjusting the sources list, with or without running apt update) to cover all these cases. -- Holger Levsen Sat, 05 Jun 2021 00:06:13 +0200 debian-edu-config (2.11.55) unstable; urgency=medium [ Wolfgang Schweer ] * Create first user's Samba account at first boot of a main server when all required information is available via LDAP and debconf. Closes: #987632. - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the required password from debconf and let tools/run-at-firstboot create the Samba account. * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634. - Fix LTSP Initrd specific path component construction in case a 32-bit combined server is installed. - Provide a full name for diskless workstation to show up in the iPXE menu. - Use BD ISO image as mirror to enable complete offline installations of a combined server. -- Holger Levsen Thu, 29 Apr 2021 15:27:17 +0200 debian-edu-config (2.11.54) unstable; urgency=medium [ Wolfgang Schweer ] * share/glib-2.0/schemas/31_debian-edu+mate.gschema.override: Set existing mate-panel layout file for the panel to show up. Closes: #986448. -- Holger Levsen Wed, 07 Apr 2021 01:03:15 +0200 debian-edu-config (2.11.53) unstable; urgency=medium [ Wolfgang Schweer ] * Improve GOsa² hooks: explicitly create Samba account using gosa-create (before changing the password via gosa-sync). Closes: #986122. - tools/gosa-create: Add code to create the user's Samba account. - tools/gosa-sync: Adjust log message accordingly. -- Holger Levsen Wed, 31 Mar 2021 10:44:04 +0200 debian-edu-config (2.11.52) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust internal web page related files. (Closes: #985902) - www/index.html.en: Use pt-pt for European Portuguese, adjust PO files, generate language specific index files. - www/{es-es,nb-no,pt-br}.po: Fix blends page link and related translation. -- Holger Levsen Sun, 28 Mar 2021 11:04:27 +0200 debian-edu-config (2.11.51) unstable; urgency=medium [ Wolfgang Schweer ] * cf3/cf.dhcpserver: Make sure the dhcpd.leases file exists. Closes: #984596. (Without a leases file, isc-dhcp-server remains in starting stage forever.) -- Holger Levsen Fri, 05 Mar 2021 19:58:03 +0100 debian-edu-config (2.11.50) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postinst: Adjust to really fix bug ##982448. -- Holger Levsen Tue, 16 Feb 2021 15:39:04 +0100 debian-edu-config (2.11.49) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postinst: Adjust condition. Closes: #982448. - Avoid upgrade failure in case /etc/debian-edu/config happens to be empty. * sbin/debian-edu-pxeinstall: Copy the debian-installer directories (d-i-n-i packages) instead of symlinking them. This allows tftpd-hpa to access them. -- Holger Levsen Tue, 16 Feb 2021 11:00:13 +0100 debian-edu-config (2.11.48) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postinst: Care for a proper /etc/network/interfaces file in case of a plain main server. * share/debian-edu-config/tools/configure-edu-gateway: Adjust execution condition to reflect recent changes, improve feedback for users. * sbin/debian-edu-ltsp-install: Make it easier to configure the iPXE menu and to describe the needed steps in the manual. - Improve /etc/ltsp/ltsp.conf content (here document). - Rework Debian Edu specifíc iPXE menu setup. * Workaround X2Go bug #890517 to prevent killer from kicking out users: - Add share/debian-edu-config/killer.cron file. The modified cron job will only run if no X2Go user is logged in on the related LTSP-Server. - Add code to cf3/cf.workarounds to replace the existing killer cron job on systems with LTSP-Server profile. -- Holger Levsen Sun, 07 Feb 2021 11:45:44 +0100 debian-edu-config (2.11.47) unstable; urgency=medium [ Wolfgang Schweer ] * Cope with issues found during recent installations. - share/debian-edu-config/tools/gosa-sync: Add TERM=linux. Without this explicit setting a password can't be set or modified any longer. - share/debian-edu-config/d-i/finish-install: Make script more robust to avoid a totally broken installation in case modprobe fails inside target. - cf3/cf.dhcpserver: Correct class statement for several profile cases. - share/debian-edu-config/isc-dhcp-server.service and share/debian-edu-config/isc-dhcp-server.service.eth1: Make sure the slapd.service is available before the DHCP server tries to fetch the configuration from LDAP. -- Holger Levsen Sun, 31 Jan 2021 18:39:57 +0100 debian-edu-config (2.11.46) unstable; urgency=medium [ Wolfgang Schweer ] * Rework DHCP setup. Editing /etc/default/isc-dhcp-server can be dropped this way and the pitfall due to bug #971275 is also avoided: - Add share/debian-edu-config/isc-dhcp-server.service and share/debian-edu-config/isc-dhcp-server.service.eth1_only. These files are used for conditional configuration addressing three cases: plain main server, combined (main and LTSP) server, and separate LTSP server. - Adjust cf3/cf.dhcpserver accordingly. -- Holger Levsen Mon, 25 Jan 2021 17:47:02 +0100 debian-edu-config (2.11.45) unstable; urgency=medium [ Wolfgang Schweer ] * Cope with issues found during a Buster main server upgrade. - cf3/cf.squid: Copy additional configuration file instead of symlinking it. - postinst: Add code to remove symlinks that point to already removed files (previously used for workarounds). [ Holger Levsen ] * postinst: use 'rm -f' instead 'rm -rf' where appropriate. -- Holger Levsen Tue, 19 Jan 2021 16:25:46 +0100 debian-edu-config (2.11.44) unstable; urgency=medium [ Wolfgang Schweer ] * Improve freeRADIUS server setup: - etc/samba/smb-debian-edu.conf: Use TJENER instead of SKOLELINUX as workgroup name to match the Samba server 'standalone' role; this way TJENER will be used as domain name for freeRADIUS automatically. As an additional benefit the wbinfo command is working to check users. - Move the 'ntlm auth' entry from share/debian-edu-config/smb.conf.edu-site to etc/samba/smb-debian-edu.conf (and enable it) to avoid a possible pitfall in case manual adjustment is forgotten. - share/debian-edu-config/tools/setup-freeradius-server: + Configure EAP-TTLS/PAP authentication (via Kerberos) in addition to PEAP-MSCHAPV2 to provide EAP methods for various end user devices. + Keep all configuration adjustments inside the tool itself so that it can be used standalone. + Add/improve inline documentation. - Drop no longer needed files (share/debian-edu-config/freeradius-*), adjust Makefile and debian/debian-edu-config.postinst accordingly. -- Holger Levsen Tue, 12 Jan 2021 12:35:54 +0100 debian-edu-config (2.11.43) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/kerberos-kdc-init: - Delay clearing the debconf database from passwords until the first user's Samba account has been created. * share/debian-edu-config/tools/edu-icinga-setup: - Cope with recent mariadb-server package changes. Some leftover occurencies of 'mysql' have been replaced with 'mariadb'. * sbin/debian-edu-pxeinstall: - Determine the Debian Edu artwork theme via the desktop-base active theme alternative instead of hardcoding it. -- Holger Levsen Thu, 07 Jan 2021 12:42:49 +0100 debian-edu-config (2.11.42) unstable; urgency=medium [ Wolfgang Schweer ] * sbin/debian-edu-pxeinstall: Use the Homeworld theme also for syslinux. * Drop CUPS related workaround now that bug #977198 has been fixed: - Remove share/debian-edu-config/cups.service. - Adjust Makefile and cf3/cf.workarounds. - Add code to debian/debian-edu-config.postinst to remove systemd override directory and file. Thanks to Petter Reinholdtsen for the hint. * Adjust testsuite/{cups,dnsd,ldap-client,ntp,samba} to reflect recent changes to related services. -- Holger Levsen Fri, 01 Jan 2021 13:59:08 +0100 debian-edu-config (2.11.41) unstable; urgency=medium [ Wolfgang Schweer ] * Add script share/debian-edu-config/tools/setup-freeradius-server. This tool allows one to setup freeRADIUS with a basic configuration suited for the Debian Edu network after installing required packages (winbind, freeradius). (Still needs to be documented in the manual). * Add example configuration files used by the 'setup-freeradius-server' tool: - share/debian-edu-config/freeradius-authorize (user related configuration). - share/debian-edu-config/freeradius-clients.conf (AP configuration). - share/debian-edu-config/freeradius-eap.conf (TLS configuration). - share/debian-edu-config/freeradius-mschap.conf (ntlm_auth configuration). * cf3/cf.{grub,pxeinstall}: Only run commands inside Debian Installer to avoid superfluous execution if cf-agent is called manually. -- Holger Levsen Sun, 27 Dec 2020 14:43:52 +0100 debian-edu-config (2.11.40) unstable; urgency=medium [ Wolfgang Schweer ] * Rework sssd configuration, thanks to Mike Gabriel. (Closes: #977462) - share/debian-edu-config/tools/sssd-generate-config: Cleanup the included HERE documents (configuration snippets) from entries that are either default ones (like excluding the root user), obsolete, no longer in use or non-existent; also correct the wrong AD related one. As systemd is used, sssd services are now activated via sockets. The 'service' configuration stanza needs to be empty to avoid starting permanently running processes. this also aviods spamming syslog with error messages. - Adjust the static etc/sssd/sssd-debian-edu.conf file accordingly. * Adjust sbin/debian-edu-ltsp-install: - Improve IP address determination for the dedicated LTSP network. - Add nameserver stanza to /etc/network/interfaces. * share/debian-edu-config/d-i/finish-install: Only run debian-edu-ltsp-install in case of a combined server. Leave it up to the local admin what type of LTSP clients should be supported. (Still needs to be documented.) * share/debian-edu-config/cups.service: Cleanup from superfluous entries, thanks to Didier 'OdyX' Raboud. * cf3/cf.workarounds: Create missing GOsa² related directory to avoid confusion in case an admin is setting up a system of type printer. -- Holger Levsen Sun, 20 Dec 2020 09:47:45 +0100 debian-edu-config (2.11.39) unstable; urgency=medium [ Wolfgang Schweer ] * Add bin/debian-edu-copy-pki targeting roaming workstations (Closes: #951071) The issues mentionend in the bug report are now cared for via policy files for Firefox ESR, Thunderbird and Chromium. The self signed Debian Edu server certificate has been the only problem left for roaming workstations (in case a program uses the PKI infrastructure). * Add man page share/man/man1/debian-edu-copy-pki.1. * Improve sbin/debian-edu-ltsp-install: - Add one more explanation to the script header, thanks Holger. - Replace condition for NFS export configuration in case of a combined server. This will fix the setup if the script is executed inside the Debian Installer. * share/man/man8/debian-edu-ltsp-install: Correct image type description. * sbin/debian-edu-pxeinstall: use the now available homeworld theme. * Workaround CUPS bug (#977198, cups service fails randomly after reboot): - Add override file share/debian-edu-config/cups.service. - Adjust cf3/cf.workarounds to activate the override file. This makes sure the cups service starts after the nslcd one (needed because the Debian Edu cups-files.conf refers to an LDAP group). -- Holger Levsen Sun, 13 Dec 2020 10:56:48 +0100 debian-edu-config (2.11.38) unstable; urgency=medium [ Wolfgang Schweer ] * Improve LTSP related setup and management framework. (Closes: #969935). - Remove LTSP5 related tool sbin/debian-edu-ltsp. - Move share/debian-edu-config/tools/edu-ltsp-install to sbin/debian-edu-ltsp-install as tool for the re-written LTSP and improve it further: + Add example how to support 32-bit thin client. + Extend Firefox ESR configuration for the thin client 'desktop' variant. + Care for iPXE menu completion after adding additional chroots. - Add man page share/man/man8/debian-edu-ltsp-install.8. - Adjust share/debian-edu-config/d-i/finish-install, Makefile, share/debian-edu-config/tools/run-at-firstboot and debian/debian-edu-config.lintian-overrides to reflect the changes. * Adjust etc/dovecot/local.conf to match a recent Dovecot change. Now the IMAP server name needs to be set (instead of the hostname of the system the service is running on) for the Kerberos ticket to be accepted. * Add various man pages: - share/man/man8/debian-edu-fsautoresize.8 - share/man/man1/debian-edu-ldapserver.1 - share/man/man8/debian-edu-pxeinstall.8 - share/man/man8/debian-edu-update-netblock.8 - share/man/man1/ldap-debian-edu-install.1 - share/man/man1/ldap2netgroup.1 - share/man/man1/sitesummary2ldapdhcp.1 - share/man/man8/update-hostname-from-ip.8 * Makefile: Fix typo from years ago to get LDAP related man pages installed. -- Holger Levsen Sat, 05 Dec 2020 01:31:54 +0100 debian-edu-config (2.11.37) unstable; urgency=medium [ Wolfgang Schweer ] * Rework CUPS configuration, thanks to Mike Gabriel. (Closes: #944347). Base Debian Edu specific configuration on recent CUPS configuration files: - etc/cups/cupsd-debian-edu.conf: Use ipp.intern as central print server, restrict access to preconfigured internal networks. - etc/cups/cups-files-debian-edu.conf: Add LDAP group 'printer-admins' as additional CUPS @SYSTEM group. - etc/cups/cups-browsed-debian-edu.conf: New file. Configure all other machines on the internal networks as clients using driverless printing. - cf3/cf.cups: Adjust to conditionally activate CUPS configuration. - www/*: Use FQDN for the print server, adjust PO and index files. * Move over configuration (i.e. non-artwork) related files from d-e-artwork for the sake of consistency. (Use different filenames to avoid conflicts.) - share/glib-2.0/schemas/21_debian-edu+gdm.gschema.override - share/glib-2.0/schemas/31_debian-edu+mate.gschema.override - share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override - share/mate-panel/layouts/debian-edu-mate.layout * Adjust Makefile and debian/control to reflect the changes. -- Holger Levsen Mon, 23 Nov 2020 22:31:27 +0100 debian-edu-config (2.11.36) unstable; urgency=medium [ Wolfgang Schweer ] * Set DuckDuckGo as default search provider for both Firefox-ESR and Chromium. This setting isn't forced, users are allowed to change it, compare #955707: - Adjust share/firefox-esr/distribution/policies.json, - Add etc/chromium/policies/recommended/search_provider.json. * Improve homepage and startup page setup and newtab content for both Firefox-ESR and Chromium: - Adjust etc/firefox-esr/debian-edu.js, - Adjust share/debian-edu-config/tools/update-chromium-homepage. [ Holger Levsen ] * Update standards version to 4.5.1, no changes needed. -- Holger Levsen Wed, 18 Nov 2020 12:10:46 +0100 debian-edu-config (2.11.35) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/edu-ltsp-install: - Use http instead of https (debootstrap) to avoid a possible pitfall if a proxy isn't configured to use https. - Fix typo to avoid breaking home directory mounting (combined server). * share/debian-edu-config/tools/improve-desktop-l10n: - Also care for debian-edu-doc legacy packages. * Rework internal network time synchronization. This avoids to edit the ntp conffile on clients: - Add share/debian-edu-config/debian-edu-timesyncd.conf as override file for networked clients (with the exception of roaming workstations). - Adjust Makefile, cf3/cf.ntp and cf3/edu.cf accordingly. * debian/control: Move libpam-python back from Suggests to Recommends now that the package is available in testing again. (Not yet ported to Python3, but the Python2 related dependency chain doesn't fail any longer). -- Holger Levsen Mon, 09 Nov 2020 09:49:21 +0100 debian-edu-config (2.11.34) unstable; urgency=medium [ Wolfgang Schweer ] * Improve Samba configuration to support using PEAP-MSCHAPv2 with FreeRADIUS: - Add 'netbios name = tjener' in etc/samba/smb-debian-edu.conf (the value will be used as domain name). - Add ntlm auth stanza to share/debian-edu-config/smb.conf.edu-site (case restricted setting 'ntlm auth = mschapv2-and-ntlmv2-only'). * share/debian-edu-config/tools/gosa-sync: Adjust Samba account related code introduced in d-e-c 2.11.33. -- Holger Levsen Thu, 29 Oct 2020 17:41:06 +0100 debian-edu-config (2.11.33) unstable; urgency=medium [ Wolfgang Schweer ] * Don't mix LDAP and system groups to enable Samba usershares, use the already existing LDAP group 'students'. Thanks to Mike Gabriel for the hint. Adjust related files and configuration: - ldap-bootstrap/gosa.ldif: Add the first user to the 'students' group. This way all users belonging to the 'teachers' group will also be 'students'. - cf3/cf.samba: Use 'students' instead of 'sambashare' for the group ownership of the /var/lib/samba/usershares/ directory. (Running 'chown root:teachers /var/lib/samba/usershares' would disable usershares for 'students'; this needs to be documented in the manual.) - Drop code used to add sambashare group membership from: + share/debian-edu-config/tools/kerberos-kdc-init, + share/debian-edu-config/tools/edu-ldap-from-scratch, + share/debian-edu-config/tools/gosa-create and + share/debian-edu-config/tools/gosa-sync. * Remove Samba account along with POSIX account removal: - Adjust share/debian-edu-config/tools/gosa-remove. * Improve order of entries and comments in Samba related files: - Adjust etc/samba/smb-debian-edu.conf and share/debian-edu-config/smb.conf.edu-site. * Cleanup files from no longer needed Samba related entries: - ldap-bootstrap/netgroup.ldif, - ldap-bootstrap/root.ldif, - ldap-bootstrap/gosa.ldif and - share/debian-edu-config/gosa.conf.template * debian/control: Move libpam-python from Recommends to Suggests (until the package has been ported to Python3) to fix the src:debian-edu autopkgtest. See bug #967194 for details. -- Holger Levsen Sun, 25 Oct 2020 15:17:06 +0100 debian-edu-config (2.11.32) unstable; urgency=medium [ Mike Gabriel ] * debian/fetch-rootca-cert: Re-try rootCA retrieval if previous retrievals ended up with an empty Debian-Edu_rootCA.crt file in /usr/local/share/ca-certificates/. (Closes: #971775). [ Wolfgang Schweer ] * debian/debian-edu-config.fetch-rootca-cert: - Avoid execution on the main server where things are already in place. - Adjust code to let the Debian-Edu_rootCA.crt file show up in the /etc/ssl/certs/ directory more reliably. (Closes: #971767). - Fix logging messages. * debian/control: - Lower Depends on libpam-python to Recommends. This way the src:debian-edu autopkgtest might succeed (until libpam-python3 becomes available). - Adjust Description field. - Use https://blends.debian.org/edu as homepage. * Move from deprecated, unusable Samba NT4-style PDC role to standalone server one to be compatible with OpenLDAP, MIT Kerberos and GOsa²: - Drop all domain related files. - Add code to debian/debian-edu-config.postinst to get those files removed. - Adjust etc/samba/smb-debian-edu.conf accordingly (also with support for non-root user usershares and override file included). - Add share/debian-edu-config/smb.conf.edu-site as override template file. * Re-work LDAP bootstrap and configuration file. - Move entries from ldap-bootstrap/samba.ldif to ldap-bootstrap/gosa.ldif and ldap-bootstrap/root.ldif respectively, now that Samba isn't contained in LDAP anymore. - etc/ldap/slapd-debian-edu.conf: Cleanup from Samba related entries. * share/debian-edu-config/gosa.conf.template: - Remove Samba related tab to prevent it from showing up in the GUI. - Add sambaHashHook="" to prevent Samba password hashes showing up in LDAP for security reasons. * Manage Samba accounts and sambashare group membership using GOsa² hooks. - share/debian-edu-config/tools/gosa-create: Add user to sambashare group. - share/debian-edu-config/tools/gosa-sync: Create a user Samba account and keep Samba and POSIX passwords in sync. - share/debian-edu-config/tools/gosa-lock-user: Also disable Samba account. - share/debian-edu-config/tools/gosa-unlock-user: Also enable Samba account. - share/debian-edu-config/tools/kerberos-kdc-init: Add samba account and - sambashare group membership for the special case 'first user'. * Use Avahi to publish Samba shares in the local network. This will also improve support for macOS using systems: - Add share/debian-edu-config/avahi.smb.service configuration file. - cf3/cf.samba: Conditionally copy the service file to the right place. (Also create the Samba usershares directory with proper rights.) * share/debian-edu-config/tools/edu-ldap-from-scratch: - Adjust to reflect the Samba related changes. * share/debian-edu-config/passwords_stub.dat: - Drop obsolete entries now that icinga2-classicui is gone. -- Holger Levsen Mon, 19 Oct 2020 14:14:47 +0200 debian-edu-config (2.11.31) unstable; urgency=medium [ Wolfgang Schweer ] * www/index.html.en: - Stop linking to http://www.linuxiskolen.no/slxdebianlabs/donations.html; the foundation has been shut down and the leftover money given to Debian. * www: update files after running 'make all'. * ldap-tools/ldap-debian-edu-install: - Drop Samba related code (deprecated NT4-style domain) to fix LDAP setup. * debian/NEWS: Drop file to avoid confusing users while upgrading from Buster; the related information has already been shown via security update d-e-c 2.10.65+deb10u3 (or point release 10.3 at the latest). -- Holger Levsen Sat, 03 Oct 2020 10:26:49 +0200 debian-edu-config (2.11.30) unstable; urgency=medium [ Wolfgang Schweer ] * Remove NBD tools and related configuration file: The re-written LTSP doesn't use nbdswapd, so drop now obsolete files share/debian-edu-config/tools/nbdquery, share/debian-edu-config/tools/nbdswap and etc/nbd-server/conf.d/debian-edu.conf. Adjust Makefile. * d/control: Drop Depends on netcat. (Closes: #969239) The last tool using 'nc' has now been removed. Thanks to Chris Hofstaedtler. * Cleanup debian/debian-edu-config.lintian-overrides from unused entries, thanks Lintian. -- Holger Levsen Mon, 31 Aug 2020 10:43:55 +0200 debian-edu-config (2.11.29) unstable; urgency=medium [ Wolfgang Schweer ] * Fix loss of dynamically allocated v4 IP address. (Closes: #966129) - Drop etc/network/if-up.d/wpad-proxy-update. This script fails to work due to changed behaviour of the ifupdown/dhclient/systemd combination and now also causes the loss of a dynamically allocated ipv4 IP address about 30 minutes after booting. - Add code to d/debian-edu-config.postinstall to implement the intended proxy setting update after a WPAD change just after rebooting the system. (It would otherwise happen at first DHCP lease renewal ~15 minutes later.) - Adjust Makefile and debian/dirs. -- Holger Levsen Thu, 23 Jul 2020 15:30:33 +0200 debian-edu-config (2.11.28) unstable; urgency=medium [ Wolfgang Schweer ] * etc/exim4/exim-ldap-server-v4.conf: - Fix after Exim 4.94 security improvements. Don't use tainted data from sender information for delivery path construction, gather data from the 'check_local_user' directive (routers section) instead and use $local_part_data (tranports section) to construct the path. * testsuite/doc: Grab suite value for both testing and stable release cases. -- Holger Levsen Sat, 27 Jun 2020 12:20:06 +0200 debian-edu-config (2.11.27) unstable; urgency=medium [ Wolfgang Schweer ] * Modify LTSP setup related configuration to support both separate and additional LTSP servers. - ldap-bootstrap/gosa-server.ldif: Adjust LTSP related DHCP options and statements for both subnet00 and subnet01 to be compliant with iPXE. - cf3/cf.dhcpserver: link dhcpd.conf to the Debian Edu specific one. - debian/debian-edu-config.enable-nat: use /srv/ltsp as new LTSP base dir. - share/debian-edu-config/tools/edu-ltsp-install: + Configure local excludes and services to be masked. + Use static entry for the primary network interface and configure it. + Configure NFS exports conditionally. + Also set NAT for clients behind eth1 via LTSP. - share/debian-edu-config/tools/run-at-firstboot: Exclude separate LTSP servers from SquashFS image generation; the host specific krb5.keytab file needs to be included in the image but isn't yet available. -- Holger Levsen Wed, 17 Jun 2020 17:39:49 +0200 debian-edu-config (2.11.26) unstable; urgency=medium [ Wolfgang Schweer ]. * Improve LTSP client setup, provide a full iPXE menu for both the backbone and the dedicated LTSP network, use ISC DHCP server instead of dnsmasq. - ldap-bootstrap/gosa-server.ldif: Adjust LTSP related DHCP options and statements (root-path, filename). - ldap-bootstrap/autofs.ldif: Drop deprecated NFS4 mount option 'intr'. - share/debian-edu-config/tools/edu-ltsp-install: + Improve inline documentation. + Drop dnsmasq package installation and setup. + Adjust interfaces configuration to match the use of ISC DHCP server. + Use FQDN for the main server to enable LTSP diskless client use on the backbone network. -- Holger Levsen Tue, 26 May 2020 10:22:19 +0200 debian-edu-config (2.11.25) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/run-at-firstboot: Make script more robust (just in case the LTSP SquashFS image for diskless workstations has already been created, but xdebian-edu-firstrun failed due to some other reason). [ Holger Levsen ] * Bump debhelper-compat to 13. -- Holger Levsen Wed, 13 May 2020 15:10:01 +0200 debian-edu-config (2.11.24) unstable; urgency=medium [ Mike Gabriel ] * share/debian-edu-config/tools/clean-up-host-keytabs: Add script. Move host keytabs cleanup code out of gosa-modify-host into a standalone script, but still call it from there (for now). Major script improvement: Reduce LDAP calls to a single ldapsearch query which greatly improves the execution speed of the code. (Closes: #935080). -- Holger Levsen Sat, 02 May 2020 13:38:52 +0200 debian-edu-config (2.11.23) unstable; urgency=medium [ Wolfgang Schweer ] * Cope with recent bind9 package changes (bind9 -> named at various places) to fix initial LDAP setup during installation and other broken configuration scripts and files. - ldap-tools/ldap-debian-edu-install - cf3/cf.bind - etc/resolvconf/update.d/bind-debian-edu - share/debian-edu-config/tools/edu-ltsp-install * Adjust testsuite components to reflect LTSP, Icinga2 and PXE installation related changes: - testsuite/{icinga,ldap-client,pxeinstall} * Adjust testsuite/samba to check if Samba is fully functional. * Adjust share/debian-edu-config/tools/install-task-pkgs now that the Cinnamon desktop environment is also supported. -- Holger Levsen Mon, 27 Apr 2020 07:18:20 +0200 debian-edu-config (2.11.21) unstable; urgency=medium [ Wolfgang Schweer ] * Add share/debian-edu-config/tools/configure-edu-gateway. This script allows one to configure a system with two network interfaces and profile 'Minimal' as a gateway and optionally as a firewall (shorewall). * LTSP changes related issues: - cf3/cf.grub: Re-add accidently removed grub-update command execution. - cf3/edu.cf: Cleanup from LTSP5 related entry. * Adjust Makefile. -- Holger Levsen Sun, 19 Apr 2020 09:47:59 +0200 debian-edu-config (2.11.20) unstable; urgency=medium [ Wolfgang Schweer ] * Improve Icinga 2, LTSP and iPXE installation and setup. - share/debian-edu-config/tools/edu-icinga-setup: + Adjust for execution within the Debian Installer environment. - share/debian-edu-config/tools/edu-ltsp-install: + Determine dist and arch values from the server system instead of using fixed ones. + Make resolv.conf generation inside the SquashFS image more robust. + Also mask the cfengine3 servive. + Adjust for execution within the Debian Installer environment. + Improve inline documentation. - share/debian-edu-config/d-i/finish-install: + Don't generate the diskless workstation SquashFS image within the Debian Installer environment, it doesn't work. Let the xdebian-edu-firstboot init script (shipped with the debian-edu-install package) do this job instead (via running tools/run-at-firstboot). All re-configuration needing daemons are running then and all needed information is available. - share/debian-edu-config/tools/run-at-firstboot: + Generate the diskless workstation SquashFS image conditionally. + Cleanup from outdated, LTSP5 related code. + Whitespace fixes. - sbin/debian-edu-pxeinstall: + Determine dist value for both testing and stable release cases from different, release specific sources. -- Holger Levsen Mon, 13 Apr 2020 13:08:30 +0200 debian-edu-config (2.11.19) unstable; urgency=medium [ Wolfgang Schweer ] * Fix Thunderbird TLS/SSL setup: (Closes: #955978). - Add lib/thunderbird/distribution/policies.json to make sure that the Debian-Edu_rootCA.crt file gets installed as trusted certificate. - Cleanup and adjust Makefile accordingly. -- Holger Levsen Sun, 05 Apr 2020 20:12:31 +0200 debian-edu-config (2.11.18) unstable; urgency=medium [ Wolfgang Schweer ] * Setup and configure the Icinga 2 monitoring system now that the icinga2-classicui package has been dropped. The setup follows a more complex approach involving databases and authentication against LDAP. The first user is enabled to log into the web interface as Icinga Administrator. (Closes: #793677). - Add new script share/debian-edu-config/tools/edu-icinga-setup. - Add cf3/cf.icinga file for setting up Icinga via cfengine. - Rework all files in the www/ directory to reflect the changes. - Adjust Makefile and cf3/promises.cf accordingly. - Add a related line to debian/debian-edu-config.lintian-overrides because the new tool uses debconf to fetch the first user uid value. * share/debian-edu-config/tools/edu-ltsp-install: - Also mask the mariadb service now that Icinga is using it. - Drop no longer needed workaround for the tftpd-hpa package. - Add workaround for resolv.conf if the tool is run on a combined server. -- Holger Levsen Thu, 26 Mar 2020 00:28:17 +0100 debian-edu-config (2.11.17) unstable; urgency=medium [ Wolfgang Schweer ] * Rework PXE installation setup to be compliant with re-written LTSP. These changes have the additional benefit to provide network booting for both BIOS and UEFI based systems due to the change to iPXE. - ldap-bootstrap/gosa-server.ldif: + Add DHCP options to provide an iPXE related config space. + Add system architecture related DHCP option. + Add DHCP statement to be able to conditionally hand out the correct boot file. This also makes sure that both PXE and iPXE capable systems are supported via chainloading iPXE. - sbin/debian-edu-pxeinstall: + Switch to iPXE to provide the installation menu. + Modify the existing iPXE menu in case of a combined server, i.e. main server and LTSP server. + Generate an iPXE menue in case of a plain main server. + Cleanup from outdated and obsolete comments and code. + Whitespace fixes. - etc/debian-edu/pxeinstall.conf: + Use the graphical installer by default. + Adjust entries and comments to reflect the changes. -- Holger Levsen Mon, 16 Mar 2020 14:22:30 +0100 debian-edu-config (2.11.16) unstable; urgency=medium [ Wolfgang Schweer ] * Rework welcome page and localization: - ldap-bootstrap/root.ldif: + Use https://www/ instead of http://www/. + Cleanup file from 10 year old commented entries, also adjust outdated comment concerning the gosa ldap admin. - tools/show-welcome-webpage: + Only query the internal webserver for localized files and store the base URL instead of the whole welcome URL. (Closes: #952665) + Use the localized blends web page for the 'Standalone' profile. + Whitespace fixes. - www/: + Set correct language identifier in localized files (es-es,pt-br,zh-tw). + Rename existing localization variants {es-es,nb-no,pt-br,zh-tw} to give the web server's Multiviews feature a better chance to choose the right file when the web browser is asking for content negotiation. + Link index.html.nb-no to index.html.no to let the correct page be found just in case [no] is added as favourite language to a web browser. + Use the localized blends web page. + Remove link to no longer existing linuxsignpost.org website. + Adjust related Makefile. + Trivial unfuzzy for all PO files. + Updated after running 'make' in the www directory. * Rework LTSP setup to cope with re-written ltsp changes. These are requirements for easier working on LTSP integration: - Add new tool share/debian-edu-config/tools/edu-ltsp-install to be able to provide LTSP diskless workstation and thin client support. The tool contains basic usage instructions, more needs to go into the manual once everything has been integrated and is actually working like expected. - Use kerberized NFS for mounting home directories: + Replace sec=sys with sec=krb5i in ldap-bootstrap/autofs.ldif file. + Use dedicated edu.exports file shipped in the etc/exports.d/ directory, avoiding to modify the /etc/exports file as a benefit. - Drop now obsolete LTSP5 related files: + etc/ltsp/ltsp-build-client.conf + etc/ltspfs/mounter.d/edu-notify + share/debian-edu-config/ltspfs-mounter-kde + share/debian-edu-config/udisks2.patch + share/initramfs-tools/scripts/nfs-bottom/before-ltsp + share/ltsp/get-ldap-ltsp-config + share/ltsp/init-ltsp.d/08-edu-hostname + share/ltsp/init-ltsp.d/09-edu-ldap-config + share/ltsp/init-ltsp.d/60-edu-client + share/ltsp/plugins/ltsp-build-client/Debian-custom/001-ltsp-settings + share/ltsp/plugins/ltsp-build-client/Debian-custom/020-rootpath + share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs + share/ltsp/plugins/ltsp-build-client/Debian-custom/098-etckeeper + testsuite/ltsp - share/debian-edu-config/d-i/finish-install: + Add code to set up LTSP client support during installation of systems with profile 'LTSP-Server'. + Whitespace fixes. * Drop no longer needed cf3/cf.tftpd file. * Adjust cfengine related files: - cf3/cf.{chromium,firefox-esr} (http -> https related) - cf3/cf.homes (Kerberized NFS related) - cf3/cf.{finalize,ntp,pxeinstall,squid] and cf3/edu.cf (LTSP related) - cf3/cf.workarounds (no workarounds needed atm) * ldap-bootstrap/{gosa,samba}.ldif: Drop generation of outdated LanManager password and cleanup the files from 10 year old commented entries. * Drop outdated (and obsolete) lib/mime/packages/debian-edu-mailcap file. * Adjust debian/{dirs,debian-edu-config.links,debian-edu-config.postinst}, cf3/promises.cf and Makefile to reflect the changes. * debian/debian-edu-config.preinst: - Drop Stretch related conditional removal, add LTSP related new one. * Adjust debian/debian-edu-config.lintian-overrides. Thanks lintian. -- Holger Levsen Sat, 07 Mar 2020 09:50:16 +0100 debian-edu-config (2.11.15) unstable; urgency=medium [ Mike Gabriel ] * share/d-e-c/tools/create-server-cert: Add script. This script is useful for creating server certificates for additional servers (other than the mainserver) and having these certificates signed against Debian-Edu_rootCA.{crt,key}. [ Wolfgang Schweer ] * Adjust ldap-tools/ldap-debian-edu-install to fix the recently broken LDAP setup. (The sample DB_CONFIG file has moved from /usr/share/slapd/ to the new location /usr/share/doc/slapd/examples/.) [ Holger Levsen ] * Wrap long lines in changelog entries: 1.450, 1.443, 1.424, 1.416+svn39828, 0.411. Thanks lintian-brush. -- Holger Levsen Wed, 26 Feb 2020 18:38:22 +0100 debian-edu-config (2.11.14) unstable; urgency=medium [ Wolfgang Schweer ] * Make Debian-Edu_rootCA available on client systems via the system-wide CA bundle in /etc/ssl/certs/ca-certificates.crt: - Add debian/debian-edu-config.fetch-rootca-cert (Closes: #951070) * Adjust debian/rules to reflect the change. -- Holger Levsen Thu, 20 Feb 2020 15:50:52 +0100 debian-edu-config (2.11.13) unstable; urgency=medium [ Mike Gabriel ] * etc/mklocaluser.d/20-debian-edu-config: - Additionally create GTK-3-stylem 'places' bookmarks. (Closes: #951069). - Detect user's SMB domain correctly and add that to SMBPATH. - Indentation clean-up. -- Holger Levsen Fri, 14 Feb 2020 12:49:32 +0100 debian-edu-config (2.11.12) unstable; urgency=medium [ Wolfgang Schweer ] * Fix LDAP setup, broken as of autofs-ldap version 5.1.6: - Add ldap/schema/autofs-debian-edu.schema - Adjust etc/ldap/slapd-debian-edu.conf and Makefile. As the schema file shipped with autofs-ldap is no longer compatible with ldap-bootstrap/autofs.ldif, the Buster version (5.1.2) schema file is used. The schema file has been changed upstream in v. 5.1.3 with this comment: "The schema was corrected somewhere along the line but the autofs distribution copy was never updated. The schema has now been updated but it is not recommended for use as the schema for autofs map information." [ Holger Levsen ] * Bump standards version to 4.5.0, no changes needed. -- Holger Levsen Wed, 29 Jan 2020 13:10:48 +0100 debian-edu-config (2.11.11) unstable; urgency=medium [ Dominik George ] * Amend last changelog entry with CVE. * debian/control: Reference Debian Edu in binary package description * Follow-up for CVE-2019-3467: - Add NEWS to warn administrators with possible local changes. * Keep proxy settings on client if wpad is unreachable (Closes: #941001) - Remove use of eval `...` while at it to minimise security risks [ Holger Levsen ] * Close #936375 in 2.11.7 changelog entry. -- Holger Levsen Tue, 14 Jan 2020 15:06:22 +0100 debian-edu-config (2.11.10) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/kerberos-kdc-init: - Set proper rights for users in kadm5.acl file. (Closes: #946797) - Security fix for CVE-2019-3467 * Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades. * Use secure URI in Homepage field. * Use canonical URL in Vcs-Git. [ Holger Levsen ] * Improve debian/debian-edu-config.postinst fix to only run once on upgrades. -- Holger Levsen Mon, 16 Dec 2019 16:56:24 +0100 debian-edu-config (2.11.9) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/kerberos-kdc-init: - Update kdc.conf content from template shipped with the krb5-kdc package. This fixes the recently broken Kerberos setup. * Replace workaround for rootCA certificate integration (both firefox-esr and thunderbird 68.2.x) with a nowadays recommended setup: (Closes: #944450) - Add policy file share/firefox-esr/distribution/policies.json. This makes sure that the Debian-Edu_rootCA.crt file gets installed as trusted certificate for firefox-esr and thunderbird. The policy also forces the Debian Edu startpage to be shown (instead of the Firefox one) at first launch; the Firefox privacy page is available via a second tab. - Drop share/debian-edu-config/{installs.ini,profiles.ini,profiles.ini.ff}. These files are no longer required. - Adjust related tools: + share/debian-edu-config/tools/gosa-create + share/debian-edu-config/tools/create-user-nssdb + share/debian-edu-config/tools/update-cert-dbs + ldap-tools/ldap-debian-edu-install - Adjust Makefile. * Drop workaround now that Squid bug #911325 has been fixed: - Remove share/debian-edu-config/squid.resolvconf - Adjust Makefile and cf3/cf.workarounds. -- Holger Levsen Wed, 13 Nov 2019 10:07:29 +0100 debian-edu-config (2.11.8) unstable; urgency=medium [ Wolfgang Schweer ] * Drop workaround for NFS related bug #930125 (fixed in firefox-esr 68.2.x): - Remove share/debian-edu-config/edu-firefox-nfs. - Adjust cf3/cf.workarounds and Makefile. * Adjustments for changed education menu re-structuring: - cf3/edu.cf: Re-define class 'Workstation' condition. - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs and debian/debian-edu-config.postinst: Drop desktop-profiles related code. - cf3/cf.finalize: Remove desktop-profiles related editing. - d/control: Drop Depends on desktop-profiles. * Cope with Firefox-ESR ini files that need to be different (as of version 68.2.0esr) to further allow centralized configuration: (Closes: #944013) - Add share/debian-edu-config/profiles.ini.ff (Firefox-ESR profiles.ini). - Add share/debian-edu-config/installs.ini (now needed in addition for users that don't have a Firefox-ESR profile, i.e. new users). - Adjust share/debian-edu-config/tools/gosa-create which is used to copy the related Firefox-ESR ini files. - Ajust Makefile. - Adjust ldap-tools/ldap-debian-edu-install (fix for the first user). -- Holger Levsen Mon, 04 Nov 2019 18:22:46 +0800 debian-edu-config (2.11.7) unstable; urgency=medium [ Wolfgang Schweer ] * etc/ltspfs/mounter.d/edu-notify: Adjust for using notify2 instead of pynotify. * debian/control: Replace python-notify with python3-notify2. Closes: #943573 Thanks to Jeremy Bicha. * debian/control: Add Depends on python3, thanks Lintian. Closes: #936375 [ Holger Levsen ] * share/debian-edu-config/pam-nopwdchange.py: converted to python3 with python-modernize. * debian/control: Drop Depends on python. -- Holger Levsen Mon, 28 Oct 2019 13:10:12 +0100 debian-edu-config (2.11.6) unstable; urgency=medium [ Wolfgang Schweer ] * cf3/cf.workarounds: Fix syntax. * testsuite/icinga: Adjust for moving from icinga to icinga2 and icinga2-classicui. * testsuite/ltsp: Adjust for reworked LDAP certificate setup. * testsuite/cups: Adjust for central ipp server. -- Holger Levsen Wed, 23 Oct 2019 13:26:45 +0200 debian-edu-config (2.11.5) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/passwords_stub.dat: - adjust after replacing icinga with icinga2 and icinga2-classicui. * Improve usage information and comments: - ldap-tools/debian-edu-ldap-install - share/debian-edu-config/tools/edu-ldap-from-scratch -- Holger Levsen Sun, 13 Oct 2019 13:06:16 +0200 debian-edu-config (2.11.4) unstable; urgency=medium [ Wolfgang Schweer ] * www/index* and www/*.po: - Adjust files after replacing icinga with icinga2 and icinga2-classicui. [ Holger Levsen ] * etc/ltsp/ltsp-build-client.conf: target bullseye, not buster. * share/debian-edu-config/tools/debian-edu-bless: remove remaining references to EDUSUITE which were forgotten in a code cleanup in commit c6ef9d69 in 2016. * README: update reference to point to bullseye, not buster. * cf.workarounds: drop workaround for #922718 as the fixed xfce4-session package has made it into bullseye. * cf3/cf.squid: drop workaround for stretch -> buster upgrades as skipping a release when upgrading is not supported. * Drop share/debian-edu-config/tools/password-fix-squeeze-r0 for the same reason. * Drop stuff commented out in 2012 in ldap-bootstrap/root.ldif. * Drop (some) code for upgrades from before buster in debian/debian-edu-config.postinst and debian/debian-edu-config.maintscript. -- Holger Levsen Tue, 08 Oct 2019 14:47:06 +0200 debian-edu-config (2.11.3) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust share/debian-edu-config/d-i/finish-install: (Closes: #941574) - Use 'dpkg-reconfigure -u --no-reload debian-edu-config' to add post-up stanza to /etc/network/interfaces eth0 entry conditionally. [ Holger Levsen ] * Bump standards version to 4.4.1, no changes needed. -- Holger Levsen Thu, 03 Oct 2019 08:15:19 +0100 debian-edu-config (2.11.2) unstable; urgency=medium [ Wolfgang Schweer ] * Drop workaround scripts for bugs that got fixed in xfce4 4.14.0: - share/debian-edu-config/edu-xfce4-panel.xml - share/debian-edu-config/55xfce4-session-debian-edu * Adjust cf3/cf.workarounds and Makefile. -- Holger Levsen Sat, 28 Sep 2019 13:04:00 +0100 debian-edu-config (2.11.1) unstable; urgency=medium * d/control: - depend on wget. Closes: #940698. - make dependency on lsb-base unversioned. - bump dependency on debhelper-compat=12. * Drop etc/NetworkManager/dispatcher.d/02debian-edu-config. Closes: #872154. * Drop share/debian-edu-config/tools/jrpasswd to fix #936375 eventually. We have GOsa² now, while this script was never documented, comes from Sarge times and uses python2. -- Holger Levsen Thu, 19 Sep 2019 15:30:11 +0200 debian-edu-config (2.10.67) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust debian/debian-edu-config.fetch-ldap-cert. (Closes: #934380) - Use independent conditions to make sure that the LDAP server certificate is only downloaded once for both host and LTSP chroot. - Add code to validate the LDAP server certificate in case the Debian Edu RootCA certificate is available for download. [ Mike Gabriel ] * Code review debian-edu-config.fetch-ldap-cert: - White-space-only change: Fix broken and inconsistent indentations. - Fully inline-document fetch-ldap-cert script. - Add "-f" option to all curl calls that don't have it set so far. This assures that curl bails out with a non-zero exit code, if anything goes wrong while retrieving certificate files. - Also report a successful certificate verification if we verified the LDAP server certificate using the Debian Edu RootCA. - Really check that the LDAP server uses a certificate issued by the "Debian Edu RootCA", not just by (some) "RootCA". - Add 2x FIXME about BUNDLECRT file removal from host and from LTSP chroots. - LTSP chroot certificate copying: only log those actions, if they are actually about to happen.. - Silence curl stderr and gnutls-cli stdout+stderr. - Certificate retrieval: Fix upgrade path for RootCA deployment. Re-run CERTFILE (and ROOTCACRT retrieval) until we have both on the client. This will lead to repetitive downloads of the CERTFILE on system boot. To get rid of this, people must upgrade their TJENERs from Debian Edu 10.0 to 10.1. Then it will stop. This hack is necessary to assure distribution of the RootCA to all clients that don't have it, yet. - Detach dependency of ROOTCACRT chroot copying and BUNDLECRT chroot copying from chroot copying of the CERTFILE. The chroot may have the CERTFILE, but not the ROOTCACRT, yet. This assures a smooth upgrade path from Debian Edu 10.0 to Debian Edu 10.1. - Do a simple validity check if a directory under /opt/ltsp really is a chroot (and e.g. not the SquashFS images' directory). -- Holger Levsen Thu, 15 Aug 2019 16:20:50 +0200 debian-edu-config (2.10.66) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust ltsp-build-client/Debian-custom/001-ltsp-setting. (Closes: #928756) - Use PXE option 'ipappend 2' for LTSP client boot. This option makes sure that all DHCP server information is getting through to LTSP clients. (LTSP used this option before, but switched to 'ipappend 3' during the Buster development cycle to ease setups with ProxyDHCP.) * Adjust share/debian-edu-config/sudo-ldap.conf. (Closes: #929964) - Fix sudo-ldap configuration. (The LDAP URI is needed on LDAP clients.) * Set environment variable to deal with Firefox profile. (Closes: #930122) This is a workaround for bug #930125, preventing firefox-esr startup issues if the mozilla profile is on an NFS share). - Ship share/debian-edu-config/edu-firefox-nfs with NSS_SDB_USE_CACHE="yes" as content. Thanks to Mike Gabriel for spotting the issue and providing this information. - Add instructions to cf3/cf.workarounds to link the 'edu-firefox-nfs' file to appropriate files below '/etc/X11/Xsession.d' and '/etc/profile.d'. * Adjust cf3/cf.homes: Set correct LTSP chroot path. (Closes: #931680) - While the reported arch is i686, LTSP uses i386. Set arch accordingly. * Adjust share/debian-edu-config/tools/kerberos-kdc-init. (Closes: #931366) - Remove outdated (and now wrong) logging section. * Add LDAP server certificate to the initial LTSP NBD image. (Closes: #932828) - etc/ltsp/ltsp-build-client.conf: Don't create the image by default. - cf3/edu.cf: Define new class 'ltspimages'. - cf3/cf.finalize: Add code to include the LDAP server certificate for all possible use cases, to generate the image and to adjust various rights. * Provide Debian Edu RootCA certificate for download. (Closes: #933183) - Adjust share/debian-edu-config/tools/create-debian-edu-certs to copy the rootCA file to the web server directory at certificate generation time. - Adjust cf3/cf.finalize to care for the rootCA file as well. - Adjust cf3/cf.workarounds to copy the rootCA file to the web server directory upon main server upgrade. * Fix loss of dynamically allocated v4 IP address. (Closes: #933580) - Drop etc/network/if-up.d/hostname. This script doesn't work anymore due to changed behaviour of the ifupdown/dhclient/systemd combination and now also causes the loss of a dynamically allocated ipv4 IP address after 20 to 30 minutes after booting. - Add code to d/debian-edu-config.postinstall to implement the intended hostname update just after rebooting the system after a change. - Adjust Makefile. [ Mike Gabriel ] * debian/debian-edu-config.fetch-ldap-cert: Make the script (and with it Debian Edu buster workstations) work in a Debian Edu environment where the main server (TJENER) is still on Debian Edu 8 or 9. (Closes: #926933) * debian/debian-edu-config.fetch-ldap-cert: Retrieve TJENER's PKI server certificate only once per host to improve security. This re-introduces the behaviour of fetch-ldap-cert in stretch and earlier. (Closes: #931413). [ Holger Levsen ] * Drop obsolete code in d-i/finish-install now that d-i uses haveged (via a newly introduced udeb) or a hardware RNG. (See #923675). * Bump standards version to 4.4.0, no changes needed. -- Holger Levsen Sat, 10 Aug 2019 11:41:47 +0200 debian-edu-config (2.10.65) unstable; urgency=medium [ Wolfgang Schweer ] * Depend on gnutls-bin. (Closes: #926949) -- Holger Levsen Fri, 12 Apr 2019 22:13:55 +0200 debian-edu-config (2.10.64) unstable; urgency=medium [ Wolfgang Schweer ] * etc/ltsp/ltsp-build-client.conf: Add DIST="buster". (Closes: #926183) - Make sure the LTSP chroot installation works for all possible scenarios. * cf3/cf.finalize: Use XDG instead of desktop-profiles. (Closes: #926184) - Make sure desktop-profiles are disabled and use XDG as a more general approach. This is needed for LXQt to work without user interaction. * tools/gosa-sync-dns-nfs: Make tool more robust. (Closes: #926186) - Invalidate the nscd netgroup cache to make NFS homedir mount more robust. -- Holger Levsen Tue, 02 Apr 2019 10:54:26 +0200 debian-edu-config (2.10.63) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust sbin/debian-edu-pxeinstall. (Closes: #924927) - Set d-i version to 10, now that debian-installer-10-netboot is in Buster. -- Holger Levsen Thu, 21 Mar 2019 11:57:41 +0000 debian-edu-config (2.10.62) unstable; urgency=medium * get-ldap-ltsp-config: Fix detection of MAC address. * get-ldap-ltsp-config: Fix extraction of ltspConfig from LDAP. * update-hostname-from-ip: Always print hostname if -n is used. * Add myself as Uploader. -- Dominik George Fri, 01 Mar 2019 12:50:01 +0100 debian-edu-config (2.10.61) unstable; urgency=medium [ Wolfgang Schweer ] * cf3/cf.workarounds: - Provide Xfce screensaver for LTSP clients (workaround for bug #922718, fixed in experimental but unlikely to be fixed in Buster). * Improve LDAP server certificate check: - tools/create-debian-edu-certs: Make /etc/debian-edu/www/debian-edu-bundle.{crt,pem} downloadable. - debian-edu-config.fetch-ldap-cert: Verify the LDAP server cert using the downloaded Debian-Edu_rootCa one. * testsuite/{ldap-client,ldap-server,sudo,webcache,webserver}: - Fix scripts to match the recent configuration changes. [ Holger Levsen ] * www/index* and www/*.po: replace http://popcon.skolelinux.org with https://popcon.debian.org as the former is unmaintained. -- Holger Levsen Sun, 24 Feb 2019 18:28:43 +0100 debian-edu-config (2.10.60) unstable; urgency=medium [ Wolfgang Schweer ] * debian-edu-config.chromium-ldapconf: Remove slapd start requirement. -- Holger Levsen Tue, 12 Feb 2019 15:00:57 +0100 debian-edu-config (2.10.59) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.fetch-ldap-cert: - Adjust condition now that ldap.conf isn't modified any longer. * etc/debian-edu/pxeinstall.conf and etc/debian-edu/pxeinstall.conf: - Adjust PXE installation settings; prefer amd64 i386 order over i386 amd64 for the PXE menu, use nbd0 instead of nfs as LTSP root device value. * etc/ltsp/ltsp-build-client.conf: - Add commented option for the sources.list file. * cf3/cf.workarounds: - Remove LXQt related workaround now that bug #914345 has been fixed. -- Holger Levsen Tue, 05 Feb 2019 01:18:59 +0100 debian-edu-config (2.10.58) unstable; urgency=medium [ Wolfgang Schweer ] * Improve share/ltsp/plugin/ltsp-build-client/Debian-custom/032-edu-pkgs: - Generate list of actually installed packages intended to be purged. - Purge selected packages to make LTSP clients work. [ Holger Levsen ] * 032-edu-pkgs: minor refactoring. -- Holger Levsen Tue, 29 Jan 2019 15:02:50 +0100 debian-edu-config (2.10.57) unstable; urgency=medium * 032-edu-pkgs: fix typo. -- Holger Levsen Mon, 28 Jan 2019 02:23:45 +0100 debian-edu-config (2.10.56) unstable; urgency=medium [ Wolfgang Schweer ] * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: - Don't let apt-get fail in case a package isn't installed. * Improve share/debian-edu-config/tools/update-cert-dbs: - Extend the script's scope; there might be more home dirs than just home0. - Let the script provide more useful logging information. [ Holger Levsen ] * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: - Merge those ten apt-get purge calls into one. -- Holger Levsen Sun, 27 Jan 2019 18:02:03 +0100 debian-edu-config (2.10.55) unstable; urgency=medium [ Dominik George ] * update-cert-dbs: Check user existence. -- Holger Levsen Tue, 15 Jan 2019 15:54:12 +0100 debian-edu-config (2.10.54) unstable; urgency=medium [ Wolfgang Schweer ] * Fix NTP setup for profile 'Standalone'. - cf3/cf.ntp: Don't disable timesyncd on standalone systems. * Improve the script used by the src:debian-edu autopkg test. - share/debian-edu-config/tools/debian-edu-bless: Add the '-I' parameter to let cf-agent output more information. Prevent the script from exiting if the last etckeeper call should fail. Thanks to Holger Levsen for the hint. * Improve menu reorder setup. - Move code for the Standalone profile from cf3/cf.homes to cf3/cf.finalize as a better place. - Make sure the menus are reordered in each installation scenario case. - Adjust cf3/promises.cf to reflect the change. * Rework LDAP client configuration now that nslcd preseeding is working. - Add share/debian-edu-config/sudo-ldap.conf file to provide the last bit of information for clients (besides those contained in nslcd.conf). - Adjust cf3/cf.ldapclient accordingly. - Adjust Makefile. -- Holger Levsen Wed, 09 Jan 2019 15:43:59 +0100 debian-edu-config (2.10.53) unstable; urgency=medium [ Wolfgang Schweer ] * Some amendments. - debian/debian-edu-config.postinst: Don't run the cert tool inside d-i; the installation will break because requisites are not yet ready. - share/debian-edu-config/tools/install-task-pkgs: Drop superfluous last apt call; the task-desktop package gets already installed before. - share/debian-edu-config/tools/improve-desktop-l10n: Fix special case en; thunderbird-l10n-en-gb exists, but thunderbird-l10n-en doesn't. -- Holger Levsen Mon, 31 Dec 2018 12:33:26 +0100 debian-edu-config (2.10.52) unstable; urgency=medium [ Wolfgang Schweer ] * Final step for the improved desktop localization. - Add share/debian-edu-config/tools/install-task-pkgs. The tool makes sure that a localized Debian Edu desktop based upon a vanilla Debian one is available. The improved localization will allow to remove all lang-* packages from src:debian-edu and to cleanup the desktop-* packages. - Adjust cfengine setup (cf3/cf.finalize): call the install-task-pkgs tool. * Rework LTSP client setup configuration now that official Debian ISO images are available and bugs have been fixed (mostly thanks to ltsp 5.18.12-1). - Drop no longer needed plugins (workarounds): + share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection + share/ltsp/plugins/ltsp-build-client/Debian-custom/011-http-nopipeline + share/ltsp/plugins/ltsp-build-client/Debian-custom/015-edu-apt-source + share/ltsp/plugins/ltsp-build-client/Debian-custom/095-squashfs-image - Adjust etc/ltsp/ltsp-build-client.conf to match ltsp 5.18.12-1 settings. * Adjust Makefile to reflect the changes. [ Holger Levsen ] * Bump standards version to 4.3.0, no changes needed. -- Holger Levsen Wed, 26 Dec 2018 14:18:53 +0100 debian-edu-config (2.10.51) unstable; urgency=medium [ Wolfgang Schweer ] * Add components for a more flexible and improved desktop localization. - share/debian-edu-config/lightdm-gtk-greeter.conf: + Enable language chooser in the lightdm panel. - etc/X11/Xsession.d/55lightdm_gtk-greeter-rc: + Create environment variables, needed to let the chosen language take effect everywhere. - share/debian-edu-config/tools/improve-desktop-l10n: + Evaluate configured locales and install related localization packages. * Add class definition to cf3/edu.cf to be able to conditionally configure the lightdm-gtk-greeter. * Adjust Makefile and cf3/finalize to reflect the changes. -- Holger Levsen Thu, 20 Dec 2018 10:19:28 +0100 debian-edu-config (2.10.50) unstable; urgency=medium [ Mike Gabriel ] * etc/shutdown-at-night/clients-generator: Support recent output of ifconfig (where the MAC address comes in the second row of one's interface output and is prefixed by "^ether ...". [ Wolfgang Schweer ] * Generate slapd certificate the same way as all other server certificates. - Extend server certificate configuration to include ldap as well. - Drop now obsolete slapd-cert.cnf configuration file. - Drop tool mkslapdcert now that all server certificates are generated in one place. - Rename ldap/slapd-squeeze_debian-edu.conf -> ldap/slapd-debian-edu.conf - Adjust related files and tools: + init script debian/debian-edu-config.fetch-ldap-cert + cfengine configuration files cf3/cf.{ldapserver,ldapclient} + share/debian-edu-config/tools/{create-debian-edu-certs,update-cert-dbs} + debian/debian-edu-config.postinst + Makefile * cf3/edu.cf: Don't fail in case squid failed to initialize within d-i; update related comment. * Use FQDN (www.intern) as server name in Apache configuration files. * Remove start related parts from init scripts configuration as these are no longer supported (actually: since quite some time). -- Holger Levsen Thu, 13 Dec 2018 14:09:15 +0100 debian-edu-config (2.10.49) unstable; urgency=medium [ Wolfgang Schweer ] * Add share/debian-edu-config/tools/copy-host-keytab: - Kerberos host key management made easy. * Add share/debian-edu-config/tools/create-user-nssdb: - User account certificate management upon upgrade from Stretch. * Add share/debian-edu-config/55xfce4-session-debian-edu: - This file has previously been shipped by the 'debian-edu-artwork' package. Moved to d-e-c because it's configuration, not artwork related. * Adjust cf3/cf.workarounds and Makefile to reflect the changes. * d/debian-edu-config.lintian-overrides: - Add 'uses-dpkg-database-directly' entry for etc/cron.d/debian-edu-config. * Fix spelling error in previous changelog entry (XFCE -> Xfce). -- Holger Levsen Thu, 29 Nov 2018 15:51:26 +0100 debian-edu-config (2.10.48) unstable; urgency=medium [ Wolfgang Schweer ] * Work around some bugs (squid, Xfce, LXQt): - Add cf3/cf.workarounds. - Add related variable definitions to cf3/edu.cf to be able to conditionally apply the workarounds. - Adjust cf3/promises.cf to reflect the changes. - Add share/debian-edu-config/{squid.resolvconf,edu-xfce4-panel.xml}. - Adjust Makefile. * Adjust cf3/cf.grub to show the proper plymouth theme. -- Holger Levsen Fri, 23 Nov 2018 16:03:10 +0100 debian-edu-config (2.10.47) unstable; urgency=medium [ Wolfgang Schweer ] * Fix debian/debian-edu-config.postinst to avoid failing upon upgrades: - Make wpad-proxy-update related code conditional. - Don't complain about non-existing wpad-proxy-update file. -- Holger Levsen Sun, 18 Nov 2018 12:48:05 +0100 debian-edu-config (2.10.46) unstable; urgency=medium [ Wolfgang Schweer ] * Workaround for mounting removable media on diskless workstations, see LDM bug #913774. Due to missing session registering with wtemp and utemp, media mounting gets denied. - Add share/debian-edu-config/udisks2.patch. - Use code in share/ltsp/init-ltsp.d/60-edu-client to apply the patch (this happens only on-the-fly for each session in the overlay filesystem). * Adjust Makefile. * Install task 'standard' (system utilities) inside the LTSP chroot. It should ensure the installation is put on top of a stock Debian system with nothing missing. * Switch back to NDB as default for the LTSP root filesystem as the performance in real world deployments seems to be better. Using NFS can be configured in /etc/ltsp/ltsp-build-client.conf; this might come in handy during development and testing. * Improve handling of Debian packages. (Closes: #913886). - share/debian-edu-config/squid.conf: Add settings proposed by Mike Gabriel. -- Holger Levsen Sun, 18 Nov 2018 11:45:23 +0100 debian-edu-config (2.10.45) unstable; urgency=medium [ Wolfgang Schweer ] * sbin/debian-edu-pxeinstall: - Add code to enable the replacement of the stock Debian Installer logo with the Debian Edu one in case the graphical installer has been chosen. - Drop test builds related leftover cruft. * share/debian-edu-config/tools/debian-edu-bless: - Switch TESTINSTALL variable setting as test distributions are gone since years, but a status report might still be useful; reword related comment. * testsuite/doc: - Use secure URL for wiki.debian.org. - Adjust the FIXME: count code to report a proper number. * debian/debian-edu-config.postinst - Drop wpad-proxy-update (via ifup) for the main server. -- Holger Levsen Tue, 13 Nov 2018 14:26:04 +0100 debian-edu-config (2.10.44) unstable; urgency=medium [ Wolfgang Schweer ] * Rework squid configuration now that custom configuration files can be put into the /etc/squid/conf.d/ directory. - share/debian-edu-config/squid.conf: + Ship only Debian Edu specific options. - cf3/cf.squid: + Link the Debian Edu specific squid.conf file as additional configuration /etc/squid/conf.d/debian-edu.conf. - share/debian-edu-config/tools/squid-update-cachedir: + Use Debian Edu specific add-on configuration file. + Add additional logging statement. - share/debian-edu-config/tools/run-at-firstboot: + Adjust to use the new file location. * d/debian-edu-config.lintian-overrides: - Add script-not-executable entries for etc/network/if-up.d/hostname and etc/network/if-up.d/wpad-proxy-update -- Holger Levsen Tue, 06 Nov 2018 14:43:30 +0100 debian-edu-config (2.10.43) unstable; urgency=medium [ Wolfgang Schweer ] * Add etc/network/if-up.d/{hostname,wpad-proxy-update}. (Closes: #780461) These scripts make sure that hostname and wpad.dat changes take effect immediately after reboot. The existing dhclient-exit hook scripts are only executed in the case of DHCP lease renewals which happen in intervals of random length (between 600 and 900 seconds). * Adjust Makefile and debian/dirs to reflect the changes. * Adjust share/ltsp/init-ltsp.d/60-edu-client: - Ensure /etc/environment is set correctly on diskless workstations. * debian/debian-edu-config.enable-nat: - Adjust path to iptables binary (/sbin -> /usr/sbin). While Buster still ships symlinks, those are planned to be removed in Bullseye. * Fix incomplete sentence in previous changelog entry. -- Holger Levsen Thu, 01 Nov 2018 12:26:21 +0100 debian-edu-config (2.10.42) unstable; urgency=medium [ Mike Gabriel ] * update-chromium-homepage: - Don't complain about non-existing config file when attempting its removal. - Don't statically set http://www as homepage, use detected homepage instead. (Closes: #911790) * update-firefox-homepage: - Don't complain about non-existing config file when attempting its removal. [ Wolfgang Schweer ] * Improve cfengine configuration file management during upgrades: - Adjust debian/debian-edu-config.postinst to copy related files. - Add cf-agent related entries to debian/cron.d, but leave them commented. * Use NFS again (instead of NBD) to mount the LTSP client root filesystem: - Add share/ltsp/plugins/ltsp-build-client/Debian-custom/095-squashfs-image to enable setting it; see #904427 (LTSP) why this is needed. - Add etc/ltsp/ltsp-build-client.conf with settings for NFS. - Adjust sbin/debian-edu-pxeinstall and etc/debian-edu/pxeinstall.conf accordingly to be able to use NFS on the main network as well. - Rework cf3/cf.homes: + Write /etc/export file with profile and architecture dependent values. + Drop no longer needed nfs-{common,kernel-server} configuration edits. * Improve PXE installation setup: - Rework sbin/debian-edu-pxeinstall (make modular installation desktop, d-i download URL and installer type configurable). - Adjust etc/debian-edu/pxeinstall.conf accordingly. * share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection: - Use /etc/debian_version to determine the DIST value; this is needed as a workaround for #911382 (LTSP). - Drop no longer needed code (related to mirror and proxy setup). * share/debian-edu-config/tools/edu-ldap-from-scratch: - Don't fail in case host keytab files are missing. * Adjust Makefile and debian/dirs to reflect the changes. [ Holger Levsen ] * update-chromium-homepage: Drop mkdir for target dir of $etcfile as its created via debian/dirs. * update-firefox-homepage: Drop mkdir for target dir of $etcfile as its created via debian/dirs. * debian/dirs: Add /etc/chromium/policies/managed. -- Holger Levsen Fri, 26 Oct 2018 17:15:13 +0200 debian-edu-config (2.10.41) unstable; urgency=medium [ Mike Gabriel ] * etc/apache2/mods-available/debian-edu-userdir.conf: Make config snippet more generic, let it work on all hosts on the Debian Edu network by default. [ Holger Levsen ] * Use the new debhelper-compat(=11) notation and drop d/compat. -- Holger Levsen Wed, 24 Oct 2018 15:50:15 +0200 debian-edu-config (2.10.40) unstable; urgency=medium [ Wolfgang Schweer ] * ldap-tools/sitesummary2ldapdhcp: Use 'workstations' as default system type. Change the default type from 'netdevices' to 'workstations' to avoid a possible pitfall. (For hosts of type 'netdevices' Krb5 principals and a related keytabfile can't be created due to missing attributes.) Also, 'workstations' is supposed to be the wanted type in most cases. * share/debian-edu-config/tools/gosa-modify-host: Improve logging text. * share/debian-edu-config/tools/gosa-remove-host: Add logging statement. -- Holger Levsen Wed, 10 Oct 2018 18:06:10 +0100 debian-edu-config (2.10.39) unstable; urgency=medium [ Wolfgang Schweer ] * ldap-tools/mkslapdcert: Remove obsolete (random-seed related) workaround. * cf3/edu.cf: Add class definition for profile 'Minimal'. * cf3/cf.grub: Adjust configuration for systems with profile 'Minimal'. Keep legacy interface names to ensure easier configuration as a gateway; don't run 'plymouth-set-default-theme', plymouth isn't used on a minimal system. * Improve scripts needed for kerberized NFS. (Closes: #649854, #649856). - share/debian-edu-config/tools/gosa-remove-host: + Make host principals and keytab file removal conditional; this is needed in case a system accidentally added via sitesummary2ldapdhcp is removed without any modification applied. - share/debian-edu-config/tools/gosa-modify-host: + Also create nfs principal for the modified host. + Remove leftover principals and keytab file belonging to modified host. + Add logging statement. -- Holger Levsen Thu, 04 Oct 2018 10:51:01 +0100 debian-edu-config (2.10.38) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/run-at-firstboot: - Remove obsolete LTSP related workaround. - Drop no longer needed Squid setup related fix. - Replace nagios3 with icinga. * sbin/debian-edu-ltsp: - Remove obsolete workaround. - Adjust code now that the LTSP chroot arch matches the server arch. -- Holger Levsen Fri, 28 Sep 2018 23:37:21 +0200 debian-edu-config (2.10.37) unstable; urgency=medium [ Wolfgang Schweer ] * Fix squid configuration now that systemd support has been added to squid and /etc/default/squid isn't used anymore: - cf3/cf.squid: Link our configuration as /etc/squid/squid.conf, adjust the squid-update-cachedir call. - share/debian-edu-config/tools/squid-update-cachedir: Stop sourcing /etc/default/squid, adjust the code to be systemd compliant. * www/index.html.*: Use relative links whenever possible. (Closes: #906467). * cf3/cf.desktop-networked: Replace 'apt' with 'apt-get' in shell command. * Drop etc/apt/apt.conf.d/90squid: - The workaround is obsolete, the related bug has been fixed in 2015. - Adjust d/debian-edu-config.maintscript and Makefile. -- Holger Levsen Sun, 23 Sep 2018 10:41:09 +0200 debian-edu-config (2.10.36) unstable; urgency=medium [ Mike Gabriel ] * debian/{rules,gconf-defaults}: stop using dh_gconf. Simply remove gconf stuff entirely. (Closes: #908880). -- Holger Levsen Mon, 17 Sep 2018 16:38:46 +0200 debian-edu-config (2.10.35) unstable; urgency=medium [ Frans Spiesschaert ] * share/debian-edu-config/firefox-networked-prefs.js: adjust deprecated lockPref entry. lockPref will no longer be supported after version 67. [ Holger Levsen ] * Bump standards version to 4.2.1, no changes needed. * Remove empty line at the end of d/rules, thanks lintian. -- Holger Levsen Mon, 10 Sep 2018 12:53:55 +0200 debian-edu-config (2.10.34) unstable; urgency=medium [ Wolfgang Schweer ] * Add new cfengine file cf3/cf.tftpd; the '--secure' option (tftpd-hpa) needs to be disabled to provide both PXE menu and LTSP. (tftpd-hpa is now used instead of atftpd to match the ltsp-server package recommends). * Adjust cf3/promises.cf to enable the tftpd configuration file. * Adjust Makefile to reflect cfengine changes. * testsuite/network: fix log message (nmap path). * testsuite/webserver: Drop etc/skel test; the test is obsolete, now that the firefox ini file is no longer generated. [ Holger Levsen ] * Bump standards version to 4.2.0, no changes needed. -- Holger Levsen Sun, 12 Aug 2018 14:57:04 +0200 debian-edu-config (2.10.33) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postrm: - Fix cfengine3 related cleanup code (remove and purge cases). -- Holger Levsen Fri, 27 Jul 2018 10:57:35 +0800 debian-edu-config (2.10.32) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postrm: - Move cfengine3 related cleanup code from remove to purge case. Thanks to Andreas Beckmann. (Closes: #904516). -- Holger Levsen Wed, 25 Jul 2018 10:01:51 +0000 debian-edu-config (2.10.31) unstable; urgency=medium [ Wolfgang Schweer ] * debian/control: Remove unneeded Suggests: atftpd | tftpd-hpa. * ltsp/init-ltsp.d/60-edu-client: Disable desktop-autoloader for thin clients. The desktop-autoloader needs site specific configuration (and activation); this code makes sure to only run it on diskless workstations. (Closes: #895020). -- Holger Levsen Wed, 18 Jul 2018 18:42:47 +0000 debian-edu-config (2.10.30) unstable; urgency=medium [ Wolfgang Schweer ] * Drop unused etc/samba/smb-debian-edu-client.conf file; content is wrong anyway. Also, tools/setup-ad-client generates a proper smb.conf on the fly. * d/control: Use dependency order tftp-hpa | tftp to avoid possible conflicts. [ Holger Levsen ] * Bump standards version to 4.1.5, no changes needed. -- Holger Levsen Wed, 11 Jul 2018 16:38:57 +0000 debian-edu-config (2.10.29) unstable; urgency=medium [ Wolfgang Schweer ] * Generate NetBIOS compliant hostname; this allows one to keep the hostname in case the MATE desktop is configured to use file sharing via Samba. Same applies if a roaming workstation is configured to connect to an active directory DC (via tools/setup-ad-client). Instead of e.g. 'auto-mac-11-22-33-44-55-66', now 'am-112233445566' is generated. (Closes: #900629). -- Holger Levsen Fri, 06 Jul 2018 12:40:08 +0000 debian-edu-config (2.10.28) unstable; urgency=medium [ Wolfgang Schweer ] * Improve kerberized NFS: - Adjust share/debian-edu-config/tools/gosa-create-host: + Fix code to also generate Kerberos Principals for systems of type netdevices. + Use /etc/debian-edu/host-keytabs/ as $fqdn.keytab file location. - Add new script share/debian-edu-config/tools/gosa-remove-host: + Remove principals and host keytab. - Add new script share/debian-edu-config/tools/gosa-modify-host: + This is needed to generate principals and host keytab also for hosts added via sitesummary2ldapdhcp. - ldap-bootstrap/sudo.ldif: + Add 'gosa-remove-host' command. + Add 'gosa-modify-host' command. - share/debian-edu-config/gosa.conf.template: Adjust postremove and postmodify hooks. * Adjust share/debian-edu-config/tools/edu-ldap-from-scratch: - Remove host keytab files, too. * Add new Cfengine configuration file cf3/cf.sshd: - Adjust /etc/ssh/sshd_config to allow kerberized ssh. (The ssh client config allows this by default.) * cf3/cf.finalize: Fix typo. * Adjust Makefile and cf3/promises.cf file. [ Holger Levsen ] * d/control: Update Vcs: headers to point to salsa.debian.org. -- Holger Levsen Wed, 30 May 2018 12:26:44 +0000 debian-edu-config (2.10.27) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/d-i/pre-pkgsel: - Leave network configuration to NetworkManager also on workstations. This should ensure that NetworkManager.wait-online.service works like expected. Thanks to Mike Gabriel. (Closes: #887861) * cf3/cf.finalize: Move shell command for networked desktops into own file cf3/cf.desktop-networked. * cf3/promises.cf: Include cf.desktop-networked at an early execution stage. * Prepare kerberized NFS for systems of type servers, workstations, terminals: - Adjust share/debian-edu-config/tools/gosa-create-host + Add code to generate host/$fqdn and nfs/$fqdn Kerberos Principals. + Add code to generate /etc/$fqdn.keytab file. - ldap-bootstrap/sudo.ldif: Add 'gosa-create-host' command. - share/debian-edu-config/gosa.conf.template: Adjust postcreate hooks. [ Mike Gabriel ] * ldap-schemas/kerberos.schema: Update from krb5-kdc-ldap 1.16-1. -- Holger Levsen Fri, 25 May 2018 17:25:18 +0000 debian-edu-config (2.10.26) unstable; urgency=medium [ Wolfgang Schweer ] * Prepare for a modular installation scenario (updated d-e-task files from src:debian-edu 2.10.23 needed). - cf3/edu.cf: Add class desktopintern. This class matches a stationary workstation with the meta-package education-desktop-other installed. - cf3/cf.finalize: Add shell command for class desktopintern. This allows one to install some packages suited only for networked machines in addition to those installed via the education-desktop-other meta-package for all workstations. With these changes it would be possible to uncouple services infrastructure setup (including LTSP) and desktop setup by removing the 'desktop=xxxx' kernel parameter at installation time. It would make site specific setups easier and would have the benefit to speed up basic test installations. [ Holger Levsen ] * Bump standards version to 4.1.4, no changes needed. -- Holger Levsen Wed, 09 May 2018 12:37:13 +0000 debian-edu-config (2.10.25) unstable; urgency=medium [ Wolfgang Schweer ] * share/debian-edu-config/tools/debian-edu-bless: Use cfengine3 tool. Replace no longer available tool cfengine-debian-edu (cfengine2) with cf-agent. Thanks to debci debian-edu autopkgtest log. * debian/cron.d: Drop cfengine2 related (already commented) entry. * README: Reflect cfengine2 -> cfengine3 and KDE kiosk related changes. [ Holger Levsen ] * Depend on libproxy1-plugin-webkit instead of libproxy1-plugin-mozjs. Closes: #894087. -- Holger Levsen Wed, 28 Mar 2018 16:13:38 +0000 debian-edu-config (2.10.24) unstable; urgency=medium [ Holger Levsen ] * postinst: instead of testing with [ -x /usr/bin/etckeeper ] use "which etckeeper" and drop lintian.overrides for command-with-path-in-maintainer-script. Thanks lintian. [ Wolfgang Schweer ] * Cleanup share/debian-edu-config/gosa.conf.template: - Remove opsi and fai items; the related packages gosa-plugin-opsi and gosa-plugin-fai are no longer available. * Remove oudated doc/examples/smb-roaming-profiles-(de|en|nb|nl).conf files. Last release these were useful: Lenny. * Remove outdated winbind related configuration files and tools. - etc/samba/smb-winbind-debian-edu.conf - doc/debian-edu-winbind - share/debian-edu-config/tools/debian-edu-winbind tools/setup-ad-clients is available since a long time to replace it. * Remove outdated pam_mount related files, unused since ages. - etc/security/pam_mount-stateless-debian-edu.conf - etc/security/pam_mount-winbind-debian-edu.conf * Remove etc/samba/smbaddclient.pl from git. (Unused and not shipped since ages). * Adjust Makefile to reflect the cleanup changes. -- Holger Levsen Thu, 22 Mar 2018 16:37:28 +0000 debian-edu-config (2.10.23) unstable; urgency=medium [ Wolfgang Schweer ] * Drop non-functional KDE configuration framework. (Closes: #777039). - Remove etc/desktop-profiles/debian-edu-config.listing and share/debian-edu/*. - Adjust various files to reflect the KDE framework related changes. + Makefile + debian/debian-edu-config.lintian-overrides + debian/debian-edu-config.maintscript + debian/debian-edu-config.postinst + debian/debian-edu-config.postrm + debian/dirs * sbin/debian-edu-fsautoresizetab: - Raise value for the /usr partition. - Add entries for /opt and /var/log partitions. * debian/po/pl.po: - Fix PO file, thanks i18n.d.o; the translation appears to have been done using an outdated POT file (see commit ab6322ed). * share/ltsp/init-ltsp.d/60-edu-client: Fix typo. -- Holger Levsen Thu, 15 Feb 2018 17:11:13 +0000 debian-edu-config (2.10.22) unstable; urgency=medium [ Wolfgang Schweer ] * Replace smbldap-tools fork with customized ldapscripts. (Closes: #718865). - Drop etc/samba/smbldap-machineadd-gosa (very old smbldap-tools fork). - Replace depends on smbldap-tools with one on ldapscripts. - Add share/debian-edu-config/debian-edu.addmachine.template and share/debian-edu-config/debian-edu.ldapscripts.passwd; the last one is modified and both are copied to /etc/ldapscripts at LDAP setup time. - Add cf3/cf.ldapscripts to customize ldapaddmachine. - Adjust cf3/promises.cf to include cf.ldapscripts. * Use share/debian-edu-config/gosa.conf.template (Closes: #848347). - Ship the gosa.conf template explicitly as such and copy the modified file at LDAP setup time to /etc/gosa to don't confuse users upon upgrades. * Avoid to show users non-functional GOsa² action buttons. - gosa.conf.template: Set enableSnapshots="false" and copyPaste="false". * Adjust ldap-tools/ldap-debian-edu-install. - Add code to set generated password for gosa.conf.template and ldapscripts. - Update comments; cleanup whitespace. * Add tool to set up LDAP from scratch (useful for tests and upgrades). - Add share/debian-edu-config/tools/edu-ldap-from-scratch - Add share/debian-edu-config/passwords_stub.dat * Adjust d/debian-edu-config.(postinst|postrm|lintian-overrides) and Makefile. -- Holger Levsen Sat, 10 Feb 2018 10:36:23 +0000 debian-edu-config (2.10.21) unstable; urgency=medium [ Wolfgang Schweer ] * Use LTSP server architecture for LTSP chroot by default (no amd64 specials). - Don't hardcode 'i386' in DHCPD configuration (filename, rootpath). + Replace i386 with $LTSPARCH in ldap-bootstrap/gosa-server.ldif. - Replace $LTSPARCH with actual arch during LDAP setup. + Adjust ldap-tools/ldap-debian-edu-install. (Closes: #888626). - Adjust various related files to use the new LTSP chroot default: + sbin/debian-edu-pxeinstall and etc/debian-edu/pxeinstall.conf + share/debian-edu-config/tools/ltsp-addfirmware + share/debian-edu-config/tools/subnet-change + share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection + testsuite/ldap-client * Cleanup no longer needed code and files from LTSP client build environment. - share/ltsp/plugins/ltsp-build-client/Debian-custom/015-edu-apt-source: + Don't use /var/lib/apt/lists/ internals. (Closes: #874770). LTSP doesn't use COPY_SOURCES_LIST by default anymore (for more details see #874775); also, the dropped code was needed in case of 'amd64/i386'. + Drop obsolete 'local' component in sources.list. + Drop gpg verification workaround. + Don't append sources.list from server to avoid duplicate entries. - share/ltsp/plugins/ltsp-build-client/Debian-custom/ + Remove 010-set-resolver, 025-bootprompt-opts, 045-remove-udev-net-rules, 050-nbdquery and 095-umount-error. - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: + Remove runlevel related code. (Closes: #872151). - share/ltsp/init-ltsp.d/60-edu-client: + Adjust to cope with services previously managed using 032-edu-pkgs. * testsuite/: - Drop unused (and nowadays useless) keyboard-console script. - Adjust cups, webcache and webserver scripts to be compliant with HTTPS. [ Holger Levsen ] * Bump to debhelper compat level 11. -- Holger Levsen Mon, 05 Feb 2018 12:03:56 +0000 debian-edu-config (2.10.20) unstable; urgency=medium [ Wolfgang Schweer ] * Reorganize Firefox and Thunderbird configuration: - Instead of shipping the related directories in /etc/skel, create these at the time a user account is created (for both first and regular user). + Ship the previously generated 'profiles.ini' file as share/debian-edu-config/profiles.ini and copy it on account creation. + Adjust cf3/cf.firefox-esr and remove the now unneeded config file cf3/cf.thunderbird. + Adjust ldap-tools/ldap-debian-edu-install as well as share/debian-edu-config/tools/gosa-create. * Avoid shipping /etc/skel/.pki/nssdb, needed for Chromium, Konqueror et al. - Move creation and permission adjustment for ~.pki/nssdb to the respective user account generation scripts. - Remove the now unneeded config file cf3/cf.pki. * Stop shipping etc/skel/.local/share/ - This seems to be unneeded since almost 5 years; see closed bug #655243. * Adjust various files to reflect the changes. - debian/dirs, cf3/promises.cf, debian/debian-edu-config.maintscript, debian/debian-edu-config.lintian-overrides and Makefile. * Makefile: Fix man page installation related typo that caused a bogus file to be shipped in addition since a long time. (Closes: #887990) * Add removal code for the bogus file to debian/debian-edu-config.postinst and adjust debian/debian-edu-config.lintian-overrides. * Avoid to use the ltsp-arch-debian-edu binary. - cf3/edu.cf: Drop unused variable 'ltsp_arch'. - testsuite/ltsp: Extend LTSP chroot installation check to work with both amd64 and i386 archs. * Drop editing nonexistent file '/etc/default/grub' for class 'ltspclient'. [ Holger Levsen ] * Build manpage for debian-edu-fsautoautorresize, ldap-createuser-krb5, ldap-add-user-to-group and ldap-add-host-to-netgroup using help2man. * Add help2man and libfilesys-df-perl to build-depends-indep. * ldap-tools/ldap-add-host-to-netgroup and ./ldap-add-user-to-group: modify help output to match help2man's expectations. * debian/changelog: fix trailing whitespaces. * debian/control, thanks lintian: - remove duplicate depends on lsb-base. - Vcs-Git: use more secure URL. * Drop bin/ltsp-arch-debian-edu and replace its last usage debian-edu-config.postinst with $(dpkg --print-architecture). -- Holger Levsen Mon, 29 Jan 2018 00:58:12 +0100 debian-edu-config (2.10.19) unstable; urgency=medium [ Holger Levsen ] * Bump package version to 2.10.19, to mark this as the 19th upload of src:debian-edu-config in the Debian 10 (Buster) development cycle. [ Wolfgang Schweer ] * Adjust cfengine3 related code in debian/debian-edu-config.postrm: - Add additional condition for the generated file. - Move code block from purge) to remove) to avoid a purge order related conflict. (Closes: #887726) * Avoid to show error messages on LTSP client boot. - share/ltsp/init-ltsp.d/60-edu-client: Fix condition to work in all cases. * Adjust PXE menu generation to handle also the case for 64-Bit-PC. - Replace hardcoded i386 arch with 'ltsparch' variable with i386 default. - Add code to discover a diskless workstation LTSP chroot installation. - Add configuration file /etc/debian-edu/pxeinstall.conf with examples. -- Holger Levsen Tue, 23 Jan 2018 13:46:38 +0000 debian-edu-config (1.947) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postrm: Also remove a generated cfengine3 config file. Thanks to Holger Levsen. (Closes: #887726). * Amend wording in two previous changelog entries. * Fix typo debian-debian-edu-config.postinst (cfengine log file removal). [ Mike Gabriel ] * debian-edu-config/tools/gosa-*: White-space cleanups. [ Holger Levsen ] * Add lintian overrides for package-contains-file-in-etc-skel as we do this since more than a decade. -- Holger Levsen Sun, 21 Jan 2018 17:29:19 +0000 debian-edu-config (1.946) unstable; urgency=medium [ Wolfgang Schweer ] * Add Depends on e2fsprogs. Thanks to Helmut Grohne. (Closes: #887195). * Improve Cfengine3 behaviour in case of upgrades: - cf3/edu.cf: Add classes 'di' and 'squidcache'. - cf3/cf.ldapserver: Use class 'di' to avoid running LDAP setup upon upgrades. - cf3/cf.squid: Use class 'squidcache' to run 'dpkg-reconfigure' only if needed. - Add cfengine3 setup code to debian-edu-config.postinst. * Adjust debian/debian-edu-config.lintian-overrides. [ Holger Levsen ] * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: don't try to remove consolekit and openvpn as they aren't installed anymore. (Closes: #872152) -- Holger Levsen Thu, 18 Jan 2018 10:49:39 +0000 debian-edu-config (1.945) unstable; urgency=medium [ Mike Gabriel ] * etc/gosa/gosa.conf: Properly single-quote '%dn' in password hook scripts. This fixes failing password syncs / locks / unlocks if user DNs have blanks in the DN string. (Closes: #886749). * etc/gosa/gosa.conf: Support pwreset plugin and schoolmanager plugin by default. [ Wolfgang Schweer ] * Properly remove cfengine2 related files upon upgrades. - Drop conffile remove statements from debian/debian-edu-config.maintscript (wildcards don't make sense). - Add removal code to debian/debian-edu-config.postinst. * Use apache2-maintscript-helper for apache2 mod debian-edu-userdir in debian/debian-edu-config.postinst, avoiding two lintian warnings. * Adjust debian/debian-edu-config.lintian-overrides. -- Holger Levsen Sat, 13 Jan 2018 02:36:47 +0100 debian-edu-config (1.944) unstable; urgency=medium [ Wolfgang Schweer ] * Move from Cfengine2 to Cfengine3. (Closes: #883468). - Rewrite configuration files for the Cfengine3 setup. While at it: drop no longer needed modifications and configuration files. - Add a tool to setup Cfengine3; this is called when the Debian Installer runs (and also when an LTSP chroot is set up). - Drop Cfengine2 related configuration files and tools. * Adjust TLS related configuration issues found during testing. - Exclude *.dat files from http -> https rewriting. - Add wpad and wpad.intern as valid names for the server certificate. - Remove share/man/man8/snakeoil-on-ice.8 manpage. * Rewrite/adjust several scripts to work after the TLS/Cfengine changes. - Rewrite wpad extract tool to be independent from KDE related files. Now 'pactester' (package libpacparser1) is used instead of 'proxy'. - Adjust various testsuite scripts. * Depends: Replace cfengine2 with cfengine3 and libproxy-tools with libpacparser1. * Adjust d/debian-edu-config.(maintscript|manpages|postrm|lintian-overrides) and Makefile to reflect the changes. [ Holger Levsen ] * Bump standards version to 4.1.3, no changes needed. * Stop recommending ddccontrol as it's not used by testsuite/hardware since 1.927 released in May last year. -- Holger Levsen Sun, 07 Jan 2018 16:59:59 +0000 debian-edu-config (1.943) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust LTSP related configuration and scripts to work with ltsp 5.5.10: - Replace /var/cache/ltsp with /run/ltsp in share/ltsp/get-ldap-ltsp-config because lts.conf is now generated in /run/ltsp. - Calling 'hostname -f' in share/ltsp/get-ldap-ltsp-config doesn't work at the time the script runs; use 'update-hostname-from-ip' instead to generate the hostname. - Add new lts.conf variable TIMESERVER to ldap-bootstrap/ltsp.ldif; using TIMESERVER=ntp will allow one to drop ntp.conf modification for class 'ltspclient' during installation. Drop 'NBD_SWAP=Y' because LTSP cares for it already depending on the client's amount of RAM. - Replace ugly workaround 'share/ltsp/init-ltsp.d/70-edu-client-core' with 'share/ltsp/init-ltsp.d/09-edu-ldap-config' to fetch configuration stored in LDAP. * share/ltsp/init-ltsp.d: - Drop superfluous shebang lines from all code snippets and ship them as data files. * ldap-tools/ldap-debian-edu-install: - Make sure smbd service isn't running before the initial setup is done; otherwise 'ldap admin dn' is missing and Samba fails to work. * Adjust Makefile and debian/debian-edu-config.postinst to reflect the changes. * lintian-overrides: - Correct linenumber for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper in postinst. -- Holger Levsen Mon, 01 Jan 2018 16:19:17 +0000 debian-edu-config (1.942) unstable; urgency=medium [ Wolfgang Schweer ] * Avoid possible mime type error for the internal Spanish web page. - Move www/index.html.es -> www/index.html.es_ES, adjust content. - Adjust all other related files in the www directory. - Drop now obsoleted workarounds from the Apache configuration files etc/apache2/sites-available/debian-edu-default.conf and etc/apache2/sites-available/debian-edu-ssl-default.conf. - Adjust Makefile. - Add conditional remove statements to d/debian-edu-config.postinst. * Re-enable sitesummary uploads via HTTP-POST. - etc/apache2/sites-available/debian-edu-default.conf: Move http -> https rewrite directives; now these are restricted to the web pages directory (and this way excluding the cgi one). * lintian-overrides: - Correct linenumber for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper in postinst. * etc/apache2/sites-available/debian-edu-ssl-default.conf: - Fix munin alias directory. [ Holger Levsen ] * Drop dbus-1/system.d/hal-debian-edu.conf, as Wheezy was the last Debian version including hal, so since Jessie this file was without any effect. (See #839124 for more information.) * debian/control: - Add "Rules-Requires-Root: no" to support building as non-root. (I've also confirmed that the build output is bit by bit identical with and without this.) -- Holger Levsen Tue, 19 Dec 2017 14:20:18 +0000 debian-edu-config (1.941) unstable; urgency=medium [ Wolfgang Schweer ] * Improve TLS related scripts; configure mail also for the first user: - share/debian-edu-config/tools/create-debian-edu-certs: + On a plain main server xrdp isn't installed by default, so only add xrdp conditionally to the 'ssl-cert' group. - share/debian-edu-config/tools/update-cert-dbs: + Drop output to standard out, add home directory location to logging information. - share/debian-edu-config/tools/run-at-firstboot: + Send an email to the first user to avoid a Dovecot pitfall. Unlike other users, this account is set up at installation time when Exim isn't yet able to look up user information in LDAP. * Close some bugs (which were really closed in 1.940), now that TLS is working like expected: - CUPS IPP URL (Closes: #655282). - Users' public HTML pages (Closes: #725844). - Homepage URL (Closes: #845306, #845307). -- Holger Levsen Thu, 14 Dec 2017 11:38:49 +0000 debian-edu-config (1.940) unstable; urgency=medium [ Wolfgang Schweer ] * Use trusted SSL/TLS secured connections in the internal network. Create a Debian Edu rootCA certificate and a signed certificate that can be used for Apache, Cups, Exim, Dovecot and Xrdp. Firefox ESR, Chromium, Konqueror and Thunderbird will be configured accordingly so that users will no longer be bothered with certificate issues. - Add 'share/debian-edu-config/tools/create-debian-edu-certs' along with the configuration files for the rootCA certificate: + share/debian-edu-config/sslCA.cnf + share/debian-edu-config/v3CA.cnf and the server certificate: + share/debian-edu-config/ssl.cnf + share/debian-edu-config/v3.cnf - Add 'share/debian-edu-config/tools/update-cert-dbs', a tool allowing to create/update nssdb files in the users' home directories (old style dbm ones for Firefox/Thunderbird and newer sql ones for Chromium, Konqueror and maybe other applications). - Add empty directories to /etc/skel as required places for the nssdb files in the users' home directories (via debian/dirs): + etc/skel/.pki/nssdb + etc/skel/.thunderbird/debian-edu.default - Add cfengine configuration files to configure the skeleton directories: + cf/cf.pki + cf/cf.thunderbird - Add cfengine configuration file to set xrdp certificate links: + cf/cf.xrdp - Adjust related cfengine configuration files: + cf/cf.apache2 + cf/cf.chromium + cf/cf.cups + cf/cf.exim + cf/cf.firefox-esr + cf/cf.imap + cf/cf.ldapserver + cf/cfengine.conf - Adjust related configuration files resp. tools: + etc/apache2/sites-available/debian-edu-ssl-default.conf + etc/exim4/exim-ldap-server-v4.conf + share/debian-edu-config/tools/update-firefox-homepage + share/debian-edu-config/tools/update-chromium-homepage - Remove no longer needed tools: + share/debian-edu-config/tools/exim4-create-cert + sbin/snakeoil-on-ice (now that cert_override.txt is obsolete) - Remove /etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt upon upgrades. - Make sure user accounts created using GOsa² get the nssdb files: + Adjust the 'share/debian-edu-config/tools/gosa-create' tool. - Make sure the special first user account is generated with trusted certificates configured: + Adjust the 'ldap-tools/ldap-debian-edu-install' script. - Adjust debian/debian-edu-config.postinst and Makefile. * Use https for all internal web resources and links to wiki.debian.org. - etc/apache2/sites-available/debian-edu-default.conf: + Add http -> https rewrite directives. - www: + Replace http with https (index.html.* files). + Run 'make all' to generate index.pot and *.po files. + Apply trivial unfuzzy to *.po files. + Rename nb.po -> no_NB.po and index.html.nb -> index.html.no_NB as the .nb extension now seems to be the mime type for Mathematica Notebook files and as such the file is downloaded (Firefox, Chromium) or shown as plain text (Konqueror). + Replace pt_BR with pt-BR in pt_BR.po (html language name tag). + Adjust Makefile accordingly. + Run 'make all' again to generate index files. - Adjust Makefile to reflect the changes. * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: - Don't disable /etc/cron.d/debian-edu-config as this breaks the execution of 'debian-edu-update-netblock' on diskless workstations. Thanks to Mike Gabriel for spotting the bug. [ Holger Levsen ] * Bump standards version to 4.1.2, no changes needed. * lintian-overrides: - Correct linenumber for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper in postinst. -- Holger Levsen Sun, 03 Dec 2017 00:07:45 +0000 debian-edu-config (1.939) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postinst: Fix typo causing a syntax error. [ Holger Levsen ] * debian/debian-edu-config.postinst: Fix typo causing a logic error. * lintian-overrides: - Correct linenumber for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper in postinst. -- Holger Levsen Mon, 27 Nov 2017 11:51:54 +0000 debian-edu-config (1.938) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust IMAP SSL/TLS configuration now that dovecot uses snakeoil certs. Keeping the existing setup breaks default openssl-snakeoil certs, so - remove share/debian-edu-config/tools/debian-edu-dovecot-create-cert, - remove script call from cf/cf.imap, - reflect changes in Makefile and d/debian-edu-config.postinst. * Improve ldap server SSL/TLS connection security. - etc/ldap/ssl/slapd-cert.cnf: generate 2048 instead of 1024 bit key. - ldap-tools/mkslapdcert: use sha256 instead of sha1 algorithm. * d/control: depend on libnss3-tools. -- Holger Levsen Sat, 25 Nov 2017 13:27:52 +0000 debian-edu-config (1.937) unstable; urgency=medium [ Wolfgang Schweer ] * Enable Chromium homepage setting at installation time and via LDAP. - Add cf/cf.chromium (cfengine). - Add debian/debian-edu-config.chromium-ldapconf (init script). - Add share/debian-edu-config/tools/update-chromium-homepage (used by both cfengine and the init script). - Adjust Makefile and debian/rules. [ Holger Levsen ] * lintian-overrides: - Correct linenumber for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper in postinst. -- Holger Levsen Fri, 27 Oct 2017 12:09:21 +0200 debian-edu-config (1.936) unstable; urgency=medium [ Wolfgang Schweer ] * Re-enable partial offline installation (combi server, LTSP chroot for only thin clients via kernel param 'edu-skip-ltsp-make-client'): - 015-edu-apt-source: fix apt-get options to be able to use a repo of type 'file://'. As 'media/cdrom/' in the LTSP chroot is treated as such a repo, add 'acquire::check-valid-until=0' to APT_GET_OPTS; otherwise installation fails because the Release file is expired. * Re-enable offline installation of a combi server including diskless workstation support: - 032-edu-pkgs: Move all diskless workstation installation parts to the finalization stage of LTSP chroot installation. [ Holger Levsen ] * lintian-overrides: - Correct linenumber for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper in postinst. * Replace dependency on (removed transitional package) host with one on bind9-host. * Make dependencies on education-tasks and smbldap-tools unversioned, as the required versions were already part of oldstable (e-t) and oldoldstable. * Drop Breaks: and Replaces: on ldap2zone (<< 0.2-8~) and sitesummary (<< 0.1.26) as those are pre-stable versions and we don't support upgrades skipping a release. -- Holger Levsen Fri, 20 Oct 2017 13:23:07 +0200 debian-edu-config (1.935) unstable; urgency=medium * postinst: - Only try to remove asound.conf if it exists. - Drop code needed for upgrades from oldoldstable to oldstable, as we don't support skipping an upgrade, we can drop this legacy code now. -- Holger Levsen Sat, 07 Oct 2017 17:18:22 +0200 debian-edu-config (1.934) unstable; urgency=medium [ Wolfgang Schweer ] * Drop /etc/asound.conf as Pulseaudio cares for ALSA at least since Jessie. -- Holger Levsen Thu, 05 Oct 2017 22:41:16 +0200 debian-edu-config (1.933) unstable; urgency=medium * Bump Standards-Version to 4.1.1, no changes needed. * lintian-overrides: - Correct linenumber for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper in postinst. -- Holger Levsen Sun, 01 Oct 2017 17:36:44 +0200 debian-edu-config (1.932) unstable; urgency=medium [ Wolfgang Schweer ] * cf/cf.homes: Set 755 permissions for /skole. This is needed if manual partitioning of type 'atomic' is used. (Closes: #742100) [ Holger Levsen ] * lintian-overrides: - Add "remove-of-unknown-diversion usr/bin/gtick" as we did introduce this diversion. - Correct linenumbers for "command-with-path-in-maintainer-script" for /usr/bin/etckeeper. * Bump Standards-Version to 4.1.0, no changes needed. * Bump debian/compat to 10 and build-depend on debhelper >= 10.2.5~. * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: Don't try to remove xfs which was last present in Wheezy. (See #872152) -- Holger Levsen Fri, 15 Sep 2017 16:08:11 +0200 debian-edu-config (1.931) unstable; urgency=medium [ Mike Gabriel ] * Chromium: Pre-configure Chromium Webbrowser system-wide to auto-detect the http proxy settings via WPAD (plus locking the proxy settings dialog for users). (Closes: #858338). [ Holger Levsen ] * Drop pre-depends on initscript and use /bin/hostname in share/debian-edu-config/d-i/pre-pkgsel instead. Thanks to Michael Biebl for the bug report and patch! (Closes: #866587) * Bump Standards-Version to 4.0.1, change priority from extra to optional. * Drop /usr/share/debian-edu-config/tools/debian-edu-ltsp-audiodivert because gtick (metronome) was the only program that still needed it due to the OSS use; now oss-compat takes care of this. Also remove the line containing ESPEAKER in /etc/desktop-profiles/debian-edu-config.listing. (Closes: #870874) * Drop share/debian-edu/thin-client/share/config/kcmartsrc as it's only use was configuration for esound. * debian-edu-config/tools/debian-edu-bless: fetch packages from Buster instead of Stretch. * Drop share/ltsp/plugins/ltsp-build-client/Debian-custom/080-eatmydata as it is obsolete since LTSP version 5.5.4-1 and should have been removed for Stretch already. * cf/cf.apt: replace all occurrances of stretch with buster. * Drop share/debian-edu-config/tools/migrate-squid-to-squid3 and drop (commented out) reference in cf/cf.squid as squid is back since Stretch. * testsuite/cups: drop now useless reference to Jessie in comment. * Drop share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy. * Drop sbin/debian-edu-nscd-netgroup-cache as it's obsolete since Stretch. See #791562. -- Mike Gabriel Mon, 21 Aug 2017 14:29:58 -0400 debian-edu-config (1.930) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust Samba configuration. (Closes: #864663). - Add 'server max protocol = NT1' to be able to join recent clients. * Fix configuration of personal web pages. (Closes: #866228). - Set right order of linking in cf/cf.apache2. - Add conditional code to d/d-e-c.postinst to fix the wrong configuration generated via the cfengine run during main server installation (introduced in version 1.926). -- Holger Levsen Sun, 23 Jul 2017 17:04:34 +0200 debian-edu-config (1.929) unstable; urgency=medium [ Wolfgang Schweer ] * Fix exim4 environment configuration. (Closes: #863657). - The cfengine exim4-create-environment shellscript is executed too early, the Kerberos SMTP keytab isn't yet available. Use the fifth pass of the cfengine run to be on the safe side. -- Holger Levsen Wed, 31 May 2017 21:21:14 +0200 debian-edu-config (1.928) unstable; urgency=medium [ Wolfgang Schweer ] * Fix Makefile, include exim4 tools. (Closes: #863176). - Add share/debian-edu-config/tools/exim4-create-cert. - Add share/debian-edu-config/tools/exim4-create-environment. -- Holger Levsen Wed, 24 May 2017 15:04:36 +0200 debian-edu-config (1.927) unstable; urgency=medium [ Wolfgang Schweer ] * Fix broken exim4 configuration, enable security. (Closes: #862652). - Add usr/share/debian-edu-config/tools/exim4-create-cert. - Add usr/share/debian-edu-config/tools/exim4-create-environment. - Adjust cf/cf.exim to use both scripts. - Adjust etc/exim4/exim-ldap-server-v4.conf. + Make it work after the exim4 security fix for CVE-2016-1531. + Improve security: create certificate to enable TLS, re-enable identity check via Kerberos; now only system mail to postmaster is enabled unconditionally; see #794602. * Fix typo in testsuite/network to use the correct LTSP-Server profile name. * Drop ddcprobe and ddccontrol related code from testsuite/hardware. - ddcprobe is part of the package xresprobe, not available in stretch. - ddccontrol belongs to package ddccontrol (monitor database unmaintained since > 10 years) which isn't installed by default. -- Holger Levsen Mon, 15 May 2017 18:15:45 +0200 debian-edu-config (1.926) unstable; urgency=medium [ Holger Levsen ] * etc/firefox-esr/debian-edu.js: set mailto handler to thunderbird instead of icedove. [ Wolfgang Schweer ] * Remove userdir.load symlink from d/debian-edu-config.links, use cf/cf.apache to provide it. Thanks to Andreas Beckmann. (Closes: #859809) * Fix typo in testsuite/taskpkgs to use the correct profile name. -- Holger Levsen Thu, 27 Apr 2017 19:23:11 +0200 debian-edu-config (1.925) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust sbin/update-hostname-from-ip to work with changed ifconfig output. (Closes: #859405) -- Holger Levsen Mon, 03 Apr 2017 20:01:19 +0200 debian-edu-config (1.924) unstable; urgency=medium [ Wolfgang Schweer ] * Use debian-edu-config.maintscript to remove obsolete conffiles. * debian/debian-edu-config.postinst: Remove unneeded code. Thanks to Andreas Beckmann for the hints. (Closes: #856682) -- Holger Levsen Sun, 05 Mar 2017 17:30:00 +0100 debian-edu-config (1.923) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust Debian-custom/001-ltsp-settings to enable LTSP installation in case the usbstick ISO image is used. (Closes: #854203). [ Holger Levsen ] * Switch to native source format 3.0, to easily avoid including .git into the source package. -- Holger Levsen Fri, 17 Feb 2017 17:37:41 +0100 debian-edu-config (1.922) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust web pages to match the Icinga2 -> Icinga change. [ Holger Levsen ] * Adjust testsuite to match the Icinga2 -> Icinga change. -- Holger Levsen Tue, 17 Jan 2017 21:49:18 +0100 debian-edu-config (1.921) unstable; urgency=medium [ Wolfgang Schweer ] * Fix apache userdir configuration: - cf/apache2.cf: replace userdir with debian-edu-userdir. - Adjust debian-edu-userdir.conf to work with apache 2.4. -- Holger Levsen Fri, 13 Jan 2017 13:27:47 +0100 debian-edu-config (1.920) unstable; urgency=medium [ Wolfgang Schweer ] * sbin/update-hostname-from-ip: Adjust to fit new output of ifconfig. * cf/cf.homes: Adjust akonadi configuration file location. Thanks Petter. * Remove workarounds from Debian-custom/001-ltsp-settings as #839154 and #840667 have been fixed in ltsp-server 5.5.9-1. * ldap-tools/sitesummary2ldapdhcp: Apply patch from Petter Reinholdtsen to make the script work with old and new output of ifconfig. (Closes: #846847). * Add breaks to sitesummary (<< 0.1.26), thanks Petter. * sbin/debian-edu-pxeinstall: Use new location for the link to the PXE background image, adjust vertical position of menu entries. -- Holger Levsen Sun, 18 Dec 2016 00:09:13 +0100 debian-edu-config (1.919) unstable; urgency=medium * Make changes needed for renaming the thin-client-server profile to ltsp-server-profile (see #588510). Some occurrences of Thin-Client-Server are still left in the code to support upgrades of systems installed before Stretch. -- Holger Levsen Sat, 03 Dec 2016 16:05:19 +0100 debian-edu-config (1.918) unstable; urgency=medium [ Wolfgang Schweer ] * Use deb.debian.org instead of httpredir.debian.org as mirror redirector, now that deb.debian.org is the default for debootstrap; adjusted files: - cf/cf.apt - sbin/debian-edu-ltsp - sbin/debian-edu-pxeinstall -- Holger Levsen Mon, 14 Nov 2016 12:10:39 +0100 debian-edu-config (1.917) unstable; urgency=medium [ Wolfgang Schweer ] * Rename testsuite/xfree86 -> testsuite/xorg and adjust code to match Xorg. * Add squid fix to share/debian-edu-config/tools/run-at-firstboot. * sbin/debian-edu-pxeinstall: Adjust path / filename for PXE background image. * Remove trailing dots for subnet(00|01).intern zone setup and files. - Adjust ldap-bootstrap/gosa-server.ldif - Rename etc/bind/db.subnet00.intern. -> etc/bind/db.subnet00.intern - Rename etc/bind/db.subnet01.intern. -> etc/bind/db.subnet01.intern - Adjust etc/bind/named.conf.ldap2zone These changes will allow consistent innetgr() usage also in subnets. -- Holger Levsen Thu, 03 Nov 2016 13:29:23 +0100 debian-edu-config (1.916) unstable; urgency=medium [ Holger Levsen ] * cf.grub: configure plymouth on all installations except servers and LTSP clients to show a nice bootsplash. (Closes: #582571) [ Wolfgang Schweer ] * Fix cf/cf.grub: - Use two editfiles sections to avoid syntax error. - Replace non existent group 'ltsp-client' with 'ltspclient'. - Adjust kernel command line settings to match groups correctly. - Use absolute path name for plymouth command as this is required. [ Holger Levsen ] * cf/cf.grub: use three editfiles sections to make sure roaming and standalone get plymouth splash but no legacy device names. Thanks to Wolfgang for yet another patch! -- Holger Levsen Sat, 22 Oct 2016 10:32:12 +0200 debian-edu-config (1.915) unstable; urgency=medium [ Wolfgang Schweer ] * sbin/debian-edu-pxeinstall: Add instructions how to fetch daily d-i netboot images to ease testing during development. * share/ltsp/plugins/ltsp-build-client/Debian-custom/001-ltsp-settings: Add workarounds for LTSP bugs #839154 and #840667 so that the chroot installation can succeed. -- Holger Levsen Mon, 17 Oct 2016 14:34:12 +0200 debian-edu-config (1.914) unstable; urgency=medium * Add depends to lsb-base (>= 3.0-6), thanks lintian. -- Holger Levsen Mon, 10 Oct 2016 21:09:30 +0200 debian-edu-config (1.913) unstable; urgency=medium [ Holger Levsen ] * Drop debian-edu-hwsetup, we are going to use isenkram-cli instead. (See #839724) * Add .gitignore file to be able to ignore .nobackup. [ Wolfgang Schweer ] * Fix some tools now that debian-edu-current-codename has been dropped. Replace 'debian-edu-current-codename' with 'lsb_release -sc'in: - sbin/debian-edu-ltsp - sbin/debian-edu-pxeinstall - share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection - testsuite/doc Drop share/ltsp/plugins/ltsp-build-client/Debian-custom/000-default-dist as it would be redundant after the same replacement. * share/ltsp/plugins/ltsp-build-client/Debian-custom/002-default-apt-keyring isn't compatible with the latest LTSP release and isn't needed any more, now that the debian-edu-archive-keyring package is gone; so it can be dropped. * Adjust Makefile. * Set d-i version to 9 in sbin/debian-edu-pxeinstall so that the daily d-i images are fetched. -- Holger Levsen Tue, 04 Oct 2016 16:21:38 +0200 debian-edu-config (1.912) unstable; urgency=medium * Translation updates: - Catalan, thanks to René Mérou. * Move ldap-tools/ldappasswd2 to share/debian-edu-config/tools/ so it ends up in /usr/share/debian-edu-config/tools/ and not in /usr/bin/. -- Holger Levsen Mon, 19 Sep 2016 02:00:28 +0200 debian-edu-config (1.911) unstable; urgency=medium * Update line number in debian/debian-edu-config.lintian-overrides. * Remove unused (and outdated) files etc/ldap/slapd-debian-edu.conf and etc/ldap/slapd-lenny_debian-edu.conf and add code in postinst to remove the now obsolete conffiles. (Thanks to Wolfgang Schweer.) * Drop bin/debian-edu-current-codename workaround which was only used by auto-addfirmware which was replaced by isenkram-autoinstall-firmware in debian-edu-config 1.810. -- Holger Levsen Sun, 11 Sep 2016 15:02:07 +0200 debian-edu-config (1.910) unstable; urgency=medium * Stop using our own apt archive on ftp.skolelinux.org, see #836375: - sbin/debian-edu-pxeinstall: remove workaround for Wheezy and stop configuring our old archive for PXE installs. - share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection: don't configure our old repo. - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: don't install the old keyring package. - share/debian-edu-config/tools/debian-edu-bless: stop using the old repo. - cf/cfengine.conf: test whether internet is reachable using ftp.debian.org. -- Holger Levsen Sat, 03 Sep 2016 16:24:51 +0200 debian-edu-config (1.909) unstable; urgency=medium [ Frans Spiesschaert ] * Fix some typos in smb-roaming-profiles-en.conf. * Add new file doc/examples/smb-roaming-profiles-nl.conf. [ Holger Levsen ] * Makefile: include doc/examples/smb-roaming-profiles-nl.conf. [ Wolfgang Schweer ] * Replace 'systemctl' with 'service' in ldap-tools/ldap-debian-edu-install. At least for some daemons (like slapd and bind9) the start/stop calls using systemctl don't work any longer inside the Debian-Installer target. * ldap-bootstrap/sudo.ldif: Replace tjener with tjener.intern cause sudoHost now needs the FQDN as value for sudo-ldap to work. * Fix testsuite/samba to actually report success if 'net time' is working. * Adjust testsuite/pxeinstall now that atftpd isn't available and tftpd-hpa is used. * cf/cf.ltsp: Move tftpd related code to debian.server|ltspserver just in case a pure main server is used for installations via PXE. * cf/cf.squid: Reconfigure squid. This is needed if squid has already been started using the default configuration; a cache dir isn't used in this case, storage uses memory. The reconfiguration initializes the cache_dir. * Adjust cf/cf.apache2: Restarting apache2 is needed after enabling cgi. * Adjust www/index.html.en to reflect the replacement of nagios3 with icinga2-classicui. * Update files below /www after running 'make'. * testsuite: Drop nagios test, add one for icinga2. [ Translation updates for index.html ] * German (and all other languages) by Wolfgang Schweer. -- Holger Levsen Sat, 27 Aug 2016 12:30:53 +0200 debian-edu-config (1.908) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust share/config/kickoffrc to match the changed locations and / or names of KDE desktop files (systemsettings and Dolphin). * etc/samba/smb-debian-edu.conf: fix typo, thanks to Victory. * debian/debian-edu-config.postinst: - Add condition for removal of /etc/insserv/overrides/kdm. -- Holger Levsen Thu, 18 Aug 2016 13:02:16 +0200 debian-edu-config (1.907) unstable; urgency=medium [ Holger Levsen ] * testsuite/hardware and debian/control: remove code depending on removed xresprobe package. * Move debian-edu-ltsp-audiodivert, which is only used by our maintainer scripts, from /usr/bin to /usr/share/debian-edu-config/tools/. * Remove Andreas B. Mundt from uploaders - thanks for all your work, Andi! * Remove Alexander Alemayhu from uploaders - thank you too, Alexander! [ Wolfgang Schweer ] * Adjust ldap-tools/ldap-debian-edu-install now that /var/lib/maildirs has been removed from the binary package. * Add package initscripts to Pre-Depends, as share/d-e-c/d-i/pre-pkgsel relies on /etc/init.d/hostname.sh. * kdm isn't available anymore; remove or adjust related files. Removed files: - cf/cf.kdm, etc/insserv/overrides/kdm, testsuite/kdm. Adjusted files: - cf/cfengine.conf, - debian/debian-edu-config.postinst, - sbin/debian-edu-restart-services, - share/ltsp/init-ltsp.d/60-edu-client, - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs, - README, - Makefile. [ Translation updates ] * Czech by Miroslav Kure. (Closes: #833597) * Italian by Claudio Carboncini. -- Holger Levsen Mon, 15 Aug 2016 15:26:34 +0200 debian-edu-config (1.906) unstable; urgency=medium [ Mike Gabriel ] * Iceweasel -> Firefox transition: system-wide, non-configurable browser defaults now go into /usr/share/firefox-esr/browser/defaults/, not /usr/share/firefox/defaults/. * Rename cf.firefox to cf.firefox-esr and make sure it operated on /etc/firefox-esr. * firefox-networked-prefs.js: Fix configuration folder in comment. * sbin/snake-on-ice: Rename /etc/firefox to /etc/firefox-esr. Only declare OVERRIDE_FILE once and then use it accordingly (instead of hard-coding /etc/firefox(-esr) several times. Use more quotes. * debian/dirs: We ship /etc/firefox-esr, not /etc/firefox. * kickoffrc: Use firefox-esr.desktop, rather than firefox.desktop. * testsuite/ltsp and testsuite/webserver: Check presence of cert_override.txt in /etc/firefox-esr/, rather than /etc/firefox/. [ Wolfgang Schweer ] * Adopt Makefile for firefox-esr. * Add code to cleanup iceweasel and firefox-esr related conffiles in postinst and preinst scripts. * Adjust testsuite/ltsp and testsuite/webserver as /etc/firefox-esr/cert_override.txt is no longer useful. * Adjust sbin/snakeoil-on-ice as only the /etc/skel location on the main server seems to be useful for the certificate override file. * Move debian-edu.js -> etc/firefox-esr/debian-edu.js as this is the location for syspref now. [ Holger Levsen ] * Cleanup postinst, preinst and prerm scripts which pre-jessie code. * Remove /var/lib/maildirs from binary package and code related to it. (Closes: #801776) * Drop undocumented script debian-edu-hd-warn which is much better replaced with munin or other monitoring. The script was also not run from cron. * Move ldap-server-getcert, which is only used by one of our scripts, from /usr/bin to /usr/share/debian-edu-config/tools/. * lintian-overwrites: - overwrite warning about non-standard apache2 configuration name, as we maintain those configurations here for several Debian Edu packages. - overwrite warnings that debconf is not a registry as we have chosen those questions with care and really need them. * Add manpage for /usr/bin/update-ini-file. -- Holger Levsen Thu, 21 Jul 2016 10:38:55 +0200 debian-edu-config (1.905) unstable; urgency=medium [ Wolfgang Schweer ] * Replace firefox with firefox-esr to set the default browser via update-alternatives. * Make sure ethX style network interface names are used on networked systems upon upgrade from Jessie: - add cf/cf.grub. - adjust cf/cfengine.conf to use cf.grub. - adjust Makefile. [ Holger Levsen ] * Add manpage for snakeoil-on-ice. -- Holger Levsen Wed, 06 Jul 2016 13:16:50 +0200 debian-edu-config (1.904) unstable; urgency=medium [ Wolfgang Schweer ] * cf/cf.ldapclient: don't purge libnss-mdns cause now cups needs mdns for automatic printer detection. (Closes: #825919) * dhclient-exit-hooks.d/hostname: adjust for the case of a dedicated LTSP server. (Closes: #783087). * Adjust ldap-tools/ldap-debian-edu-install to be compliant with systemd now that unit samba.service is masked (see #769714). (Closes: #826201). [ Holger Levsen ] * cf/cf.ldapclient: - remove workaround for #706434 (purging winbind) which is fixed since Jessie. - remove workaround (which was commented out and not used even in Jessie) modifying /etc/nslcd.conf. * Cleanup debian/changelog which in 1.903 was accidentally polluted by cherry-picking without resolving all conflicts. * Add debian/debian-edu-config.lintian-overrides for ignoring harmless warnings about files in etc/dhcp/dhclient-exit-hooks.d/ not being executable. * Override four command-with-path-in-maintainer-script warnings as the path is only used to test the existence of the tools and the suggested workaround in https://www.debian.org/doc/manuals/developers-reference/ \ ch06.en.html#bpp-debian-maint-scripts is 12 times as big. * Drop unused files skolelinux-test-install.8 and skolelinux-restart-services.8 from git. * Mark internal templates in debian-edu-config.templates as such, thanks lintian. -- Holger Levsen Sat, 04 Jun 2016 01:11:32 +0200 debian-edu-config (1.903) unstable; urgency=medium [ Wolfgang Schweer ] * Add script sbin/debian-edu-nscd-netgroup-cache (workaround for #791562). * Remove no longer provided file cf/cf.ldap2zone from cf/cfengine.conf. -- Holger Levsen Sat, 28 May 2016 21:15:11 +0200 debian-edu-config (1.902) unstable; urgency=medium * debian/control: - add Breaks and Replaces: ldap2zone (<< 0.2-8~), thanks to Andreas Beckmann! (Closes: #824802) - remove Breaks on packages versions older than Jessie and on non-existant packages. * Drop bin/debconf-set-selections-edu workaround and use debconf's debconf-set-selections as both #636219 and #711693 are fixed since Jessie. * Drop share/debian-edu-config/tools/workaround-udev-bug-765577 as this has been fixed in udev in Jessie. -- Holger Levsen Fri, 20 May 2016 01:12:26 +0200 debian-edu-config (1.901) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust cf/cf.krb5client to avoid overwriting /etc/krb5.conf on the main server during upgrades. This way cfengine should be idempotent in its operation as it is expected to be. (Closes: #779642). * Adjust cf.squid (squid3 has been renamed to squid). * Adjust cf.homes to make sure that autofs doesn't run on the main server. * Adjust cf.dhcpserver (configuration has been split into ipv4 and ipv6). * cups-files-debian-edu.conf: The replacement (d-e-c 1.818) of 'lpadmin' with 'printer-admins' breaks cups-daemon on profile 'standalone'. It will break cups-daemon on upgraded networked systems as well if the new LDAP entry for printer-admins isn't added manually. So go back to the default and leave the decision about the SystemGroup to the local admin. * cf.ltsp: - Adjust setting for isc-dhcp-server. - Make tftpd-hpa work with multiple subdirs in tftp root dir. * Adjust apt-get autoremoval operation. Don't act globally to avoid possible loss of configuration data, use it only package related: - remove 'apt-get autoremove -y' from cf/cf.apt. - add param '--auto-remove' to all apt-get purge commands in cf/cf.ldapclient (Closes: #779646). * Fix /var/lib/dovecot removal code in postrm purge. (Closes: #820075). * squid3 to squid renaming: - replace share-/d-e-c/squid3.conf with share-/d-e-c/squid.conf. - adjust share-/d-e-c/tools/webcache/squid-update-cachedir. - adjust Makefile. * Move from Iceweasel to Firefox ESR: - rename several files containing iceweasel and also the directory share/iceweasel. - replace iceweasel with firefox in various files. - use '/etc/firefox-esr' as place for firefox preference files. - update Makefile. * Adjust sbin/debian-edu-pxeinstall to use NBD for LTSP clients; this is now the LTSP default, usage of NFS is broken atm (see #786925). * Add file Debian-custom/001-ltsp-settings. This fixes LTSP chroot installation in case that ltsp-client-builder doesn't look up another mirror if cdrom is still mounted. * Fix ldap2zone configuration, now that upstream changed the defaults and dropped the file /etc/default/ldap2zone; adjust Makefile. * PHP 7.0 transition: - Move php-debian-edu.ini from etc/php5/ to etc/php/. - Adjust cf/cf.apache2. - Adjust Makefile. * Use httpredir.debian.org instead of http.debian.net as mirror redirector. [ Holger Levsen ] * debian/control: - bump standards version to 3.9.8. - Vcs-Browser: use /git/ URL instead of /cgit/. -- Holger Levsen Thu, 19 May 2016 01:01:09 +0200 debian-edu-config (1.900) unstable; urgency=medium [ Wolfgang Schweer ] * Start on 1.900 as Debian 9 is targeted. * Fix XML syntax error in gosa.conf. (Closes: #820551). * Remove non existent packages readahead and readahead-fedora from apt purge list to not break LTSP chroot installation. * cf.squid: Remove squid-to-squid3 shell command, obsolete in stretch. -- Petter Reinholdtsen Mon, 11 Apr 2016 12:18:51 +0200 debian-edu-config (1.819) unstable; urgency=medium [ Petter Reinholdtsen ] * Translation updates: - Updated Brazilian Portuguese translation for debconf questions (Closes: #785467). Translated by Adriano Rafael Gomes. * Remove workaround for bug #585966 in init.d/fetch-ldap-cert, now that we no longer use pdns. * Replace 'jessie' with 'stretch' everywhere to prepare for the next release. * Split the setup of the diskless workstation envionment in LTSP into three parts to get some more progress bar movement during installation. [ Mike Gabriel ] * Add quotes around DNs when evoking kadmin.local in gosa-create and gosa-create-host. (Closes: #792042). * WoL for Debian Edu clients: Make shutdown and wake-up procedure of Debian Edu clients configurable separately. (Closes: #801741). We now have four NIS netgroups available that allow configuration of wake-up and shutdown behaviour: - shutdown-at-night-hosts: hosts to wake-up and shutdown. - no-shutdown-at-night-hosts: blacklist of hosts not to wake-up nor to shutdown. - wakeup-in-the-morning-hosts: hosts to wake-up in the morning, overrides hostlist given via shutdown-at-night-hosts NIS netgroup, this also expects host blacklisting to be handled via the below NIS netgroup. - no-wakeup-in-the-morning-hosts: blacklist of hosts that are not to be woken up in the morning. * shutdown-at-night/client-generator: Use same NIS netgroup "namespace" for all shutdown-at-night NIS netgroups: - shutdown-at-night-hosts (unchanged) - shutdown-at-night-hosts-blacklist (renamed) - shutdown-at-night-wakeup-hosts (renamed) - shutdown-at-night-wakeup-hosts-blacklist (renamed) * Chmod a+x on all scripts in share/debian-edu-config/tools/. * debian-edu-fsautoresize: Always use mapper names instead of kernel names when detecting supported mount points. (Closes: #800651). Thanks to Wolfgang Schweer and Giorgio Pioda. * gosa-sync: Test if a given user account actually is a Kerberos account. If not, don't try to set the Kerberos password for this account. (Closes: #798435). * gosa-sync: Fix escaping double quotes and semicolons. (Closes: #794000). * Drop deprecated README.ldap file. (Closes: #621787). * exim4 mainserver configuration: Allow Debian Edu clients on the default Debian Edu network to directly send mails to the main server (by white- listing the 10./8 network). This fixes console mailing and system mails on Debian Edu clients (Closes: #794602). * Following Holger Levsen's suggestion about dropping share/debian-edu-config/tools/qemu-test-network. (Closes: #766192). * Remove qemu-test-network from Makefile. Fix FTBFS of d-e-c. * debian/debian-edu-config.postrm: + Remove directory /var/lib/dovecot (which we create in d-e-c.postinst), if empty (Closes: #722937). * Set configVersion="Managed-by-Debian-Edu" in gosa.conf. (Closes: #794189). This requires gosa (>= 2.7.4+reloaded2-1+deb8u2~) to be installed on the main server. * Add LDAP posixGroup "printer-admins" to LDAP bootstrap and make this group the system group in CUPS. (Closes: #793678). * Apache2+LDAP: Add /etc/apache2/include/debian-edu-ldapauth.inc containing a working include block that eases setting up LDAP authentication in Apache2. * Create shutdown-at-night-wakeup-hosts-blacklist NIS netgroup during LDAP bootstrap. * etc/gosa/gosa.conf: Typo fix in comment. * LDAP bootstrap: Create generic host (CNAME record for tjener) ipp.intern. * wpad.dat: Use DIRECT connects for URL hosts being in network 127./8 and for hosts being in the .local domain. (Closes: #803911). * GOsa: Add POSTLOCK and POSTUNLOCK hooks for GOsa password locking. These hook scripts (gosa-lock-user, gosa-unlock-user) take care of locking/ unlocking the Kerberos part of user accounts. (Closes: #804207). * Adapt to a code injection prevention fix in GOsa (starting with Debian package gosa 2.7.4+reloaded2-1+deb8u2): Don't mention the sambaHashHook parameter in gosa.conf anymore (as hashed passwords now have to be base64 encoded). Already existing gosa.conf files on deployed servers should drop the sambaHashHook from the gosa.conf file, as well, once gosa is updated to the above referenced GOsa version. * CUPS: Do hostname lookups, so https redirects are done to the FQDN of the CUPS server instead of to its IP address. (Closes: #805402). * Improve gosa-lock-user, gosa-unlock-user: When logging success/failure, differentiate between non-existent and non-kerberized accounts. * Don't create home dir and Kerberos principal for GOsa user template account. (Closes: #815040). * shutdown-at-night/clients-generator: Empty NIS netgroups for s-a-n-wakeup-hosts and s-a-n-wakeup-hosts-blacklists are now recognized as empty lists. Thus, all systems can be blocked from waking-up by placing an empty NIS netgroup s-a-n-wakeup-hosts into LDAP. -- Petter Reinholdtsen Mon, 28 Mar 2016 18:26:23 +0000 debian-edu-config (1.818) unstable; urgency=high [ Holger Levsen ] * testsuite/taskpkgs, kdm and network: drop tests for the Sugar profile as Sugar has been removed from Jessie, see #782504. [ Wolfgang Schweer ] * Remove Debian-custom/099-mount-cdrom cause this script might possibly conflict with ltsp-client-builder.udeb postinst. (Closes: #780740). * Add Debian-custom/080-eatmydata to enable the usage of eatmydata as default for all possible LTSP installation methods. Partially addresses #781515. * Add support for squid to squid3 migration: - Add share/debian-edu-config/tools/migrate-squid-to-squid3. - Adjust cf/cf.squid to run this script. (Closes: #779649). -- Holger Levsen Tue, 14 Apr 2015 19:49:34 +0200 debian-edu-config (1.817) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust sbin/debian-edu-pxeinstall to work with debian-installer-8: - replace 8.0 with 8 as di version number. - replace '--' with '---' as param delimiter. (Closes: #776763). -- Holger Levsen Tue, 03 Feb 2015 12:57:38 +0100 debian-edu-config (1.816) unstable; urgency=medium [ Wolfgang Schweer ] * Adjust etc/X11/Xsession.d/09debian-edu-missing-home to make the script work with kdm now setting $HOME=/ if the user's home directory isn't available at login time (and before the script is executed). (Closes: #774392). * etc/ldap/slapd-squeeze_debian-edu.conf: unset 'dbnosync' to avoid possible data loss. (Closes: #774610). -- Holger Levsen Tue, 06 Jan 2015 00:36:14 +0100 debian-edu-config (1.815) unstable; urgency=medium [ Debconf translation updates ] * Spanish by Manuel "Venturi" Porras Peralta (Closes: #772143) [ Wolfgang Schweer ] * Configure dovecot-core SSL support: - cf/imap: Add shellcommand to create dovecot SSL certificate. - share/debian-edu-config/tools: Add a script named debian-edu-dovecot-create-cert which does what the name tells and configures SSL support. The script is based upon code from debian-lan-config, thanks to Andreas B. Mundt. The package dovecot-core used to setup SSL support but dropped it recently (Closes: #772163, #772162). -- Holger Levsen Fri, 26 Dec 2014 18:41:44 +0100 debian-edu-config (1.814) unstable; urgency=low [ Petter Reinholdtsen ] * Extend grub workaround to automatically handle /dev/vd*, /dev/hd* and /dev/xvd* in addition to /dev/sd*, allowing virtual machines using virtio, Xen and the old device names to install automatically too (Closes: #769559). * Add new dhclient hook to work around bug #710490 where a race in autofs make it fail with slow DHCP servers (Closes: #769561). * In LTSP setup, allow the purging of openvpn to fail (which happen if it is unknown to apt), to get LTSP installation working using the usbstick ISO (Closes: #770312). [ Wolfgang Schweer ] * testsuite/network: cover case that udev persistent network card rules file isn't written at all. * Provide slbackup-php configuration file etc/slbackup-php/config.php. Without a proper configuration the backupserver default 'localhost' leads to errors if 'https://backup/slbackup-php' isn't called on the backupserver. (Previously the default was 'backup'; it was changed to 'localhost' some time ago to make the package useable on vanilla Debian systems, but a config file for Debian Edu wasn't provided.) (Closes: #769806). * sbin/debian-edu-pxeinstall: add 'mirror/http/mirror' (select entry) from the installed system to the preseed file to avoid manual selection during PXE installations. (Closes: #770302). [ Petter Reinholdtsen ] * Also set mirror/http/mirror when installing from DVD/USB stick. -- Holger Levsen Tue, 02 Dec 2014 12:53:53 +0100 debian-edu-config (1.813) unstable; urgency=medium * Make LTSP mirror editing more robust. Do not add corrupt APT source when no dist value is set and only add our local mirror if it exist. * Add 30 second timeout and the number of tries to 3 in debian-edu- bless and ltsp script 000-arch-detection, to make sure blocked networks do not cause the installation to hang forever. * Reduce the versioned dependency on education-tasks from (>= 1.808) to (>= 1.806), avoiding a LTSP installation problem when installing i386 packages with our test repository. * Adjust 000-arch-detection LTSP script to set http_proxy from the APT setup before calling wget, in case the proxy is needed to reach the Internet. * Correct check for bug #765577 (duplicate udev rules for network card) to also work when more than one network card is present in the machine. * Implement script to remove duplicate udev network rules, to work around bug #765577. This avoid complete network failure on machines affected by this bug. * Remove unused variable RUNXSERVER from the pre-pkgsel script. * Tell grub in our pre-pkgsel script to use the disk device used by /boot, to work around bug #712907. -- Petter Reinholdtsen Fri, 24 Oct 2014 15:06:02 +0200 debian-edu-config (1.812) unstable; urgency=low [ Petter Reinholdtsen ] * Try to detect if bug #765577 cause network interfaces to get the wrong name in the network testsuite check. * Raise dependency on education-tasks to (>= 1.808), to ensure we get the Jessie tasks. * Use isenkram instead of discover to report packages to install for the current hardware in the hardware check in the test suite. Drop discover from dependencies. [ Holger Levsen ] * Drop debian-edu-config-gosa-netgroups binary package as our fork is now obsolete as the gosa-plugin-netgroups source package provides it. gosa-plugin-netgroups is depended upon in the relevant task in the debian-edu package. * Drop debian/TODO.Squeeze, the content was obsolete anyway. * Drop cf/cf.pdns, we switched backed to bind9. Cleanup the installed file in postinst too. * Drop classes lenny and pdns in cf/cfengine.conf and lenny in cf/cf.kdm. * Drop kde3 handling in cf/cf.kdm. * Drop code from debian-edu-config.(preinst|postinst) handling upgrades from lenny area packages and earlier. Kept the squeeze stuff for people skipping a release. (Which is still unsupported but we can still be helpful.) * Drop share/debian-edu-config/default-ltsp-client-setup which only consisted of a comment saying "Settings moved to /usr/share/ltsp/ltsp_config.d/. The content was removed for Squeeze on 2010-08-18, and the file should be dropped for squeeze+1." * Drop dependency on base-files, which is of Priority: required. * Drop (/etc/)insserv.conf.d/debian-edu-config which only modified pdns init and (/etc/)powerdns/pdns.d/pdns-debian-edu.conf. Add cleanup code in postinst for upgrades from previous versions. * Remove kde3 handling code from share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs. * Drop the following files from ldap-bootstrap: dhcp.ldif, dhcp_hosts.ldif, dns_arpa.ldif, dns_ranges.ldif and dns_skole.ldif. As described in ldap-bootstrap/README.unused-ldifs (also removed from SCM now) they have been unused since January 2012. (Closes: #766200) [ Wolfgang Schweer ] * sbin/debian-edu-ltsp: add '--eatmydata' to ltsp-client-builder options. -- Petter Reinholdtsen Wed, 22 Oct 2014 22:50:57 +0200 debian-edu-config (1.811) unstable; urgency=high [ Wolfgang Schweer ] * ltsp-build-client/Debian-custom/032-edu-pkgs: - Purge package cups cause the package isn't needed for printing on thin clients and diskless workstations. - Purge all packages with status 'rc' by adding '--purge' to apt-get -y autoremove'. [ Petter Reinholdtsen ] * Adjust LTSP check in testsuite, to mount using hostname and not IP, now that libnss-myhostname is installed on the machines. This fixes the check result on machines not yet added to DNS. -- Petter Reinholdtsen Mon, 20 Oct 2014 13:18:35 +0200 debian-edu-config (1.810) unstable; urgency=high [ Wolfgang Schweer ] * Fix LDAP dataloss if the system is powered down or rebooted by unsetting 'dbnosync' in slapd-debian-edu.conf. * share/ltsp/init-ltsp.d/60-edu-diskless-ws: - Use systemd tool to disable ltsp client services. - Disable useless cups browse service on thin clients. - Disable other dm services if ldm is used. * Rename 60-edu-diskless-ws to 60-edu-client to better match the script's purpose. * share/ltsp/init-ltsp.d/60-edu-client: Add more services (autofs, inetd, rpcbind, ntp, nfs-common, nscd, nclcd) to the remove list for thin clients. * ltsp-build-client/Debian-custom/032-edu-pkgs: - Purge package modemmanager after checking that this has no side effects. - Purge package samba to get rid of it completely (already rc). - Purge package consolekit as systemd-logind does the job. * etc/apache2/*: Adjust conf files to use new directives. [ Petter Reinholdtsen ] * Enable the auto flag in the PXE installation, to allow more settings to be fetched from the preseed file. * Add new tool package-disk-usage to list how much disk space the installed packages uses. * Adjust PXE installation arguments to put all d-i arguments before the -- on the kernel argument line. * Add partial fix for incorrect Nagios configuration, calling dpkg-reconfigure sitesummary after nagios3 is guaranteed to be installed. * Make sure to restart nagios during first boot after the new config is generated on the main server. * Add more logging in first boot script to know what is going on. * Change wpad-extract to use IP when testing, instead of www.debian.org which require access to the global DNS system. * Move our squid3.conf to the correct Makefile block to avoid installing it with the execute bit. Thank you, lintian! * Add new web page translations (da, id, pt_BR) to the binary package. * Add PAM module to reject Kerberos password changes and point users to the Gosa web page instead to try to keep the password databases in sync (Closes: 704461). Depend on libpam-python for this. * Correct filesystem testsuite check to warn if less then 20% is free on the file systems and only check the /skole/tjener/home0 and /skole/backup file system on the main server profile. * Fix typo in the nfs-server testsuite check, reporting error on all non-server installations. * Adjust exim config on the main server to be closer to the default in Debian, and explain why the kerberos id is checked when using SMTP. * Improve messages from dnsd testsuite check, making it more obvious that the DNS server name is hardcoded. * Adjust cf.squid, make sure to run squid-update-cachedir on the squid3 config file. * Drop our redundant auto-addfirmware script and use the equivalent isenkram-autoinstall-firmware from the isenkram-cli package instead. * Drop exim4 config on client machines. The default in Debian work fine with the preseeding we do in debian-edu-install version 1.811. Break on versions before 1.811. [ Holger Levsen ] * debian/rules: Convert to dh9 style rules. * debian/control: use https for Alioth cgit URL. [ Debconf translation updates ] * Dutch by Frans Spiesschaert (Closes: #763639) [ Petter Reinholdtsen ] * Rewrite init-ltsp.d/60-edu-client to disable all services the same way, reduce duplicate code and work with sysv-rc based systems too. * share/ltsp/init-ltsp.d/60-edu-client: Add more services (anacron, avahi-daemon, bluetooth, lirc, minidlna and timidity) to the remove list for thin clients. -- Petter Reinholdtsen Thu, 16 Oct 2014 13:52:46 +0200 debian-edu-config (1.809) unstable; urgency=high * Make sure to install our default squid3 configuration for cfengine to find it (Closes: #763839). * Log an error if cfengine return failure, to make it easier to discover if it ever happen. * Adjust debian-edu-bless to only enable our local mirror if it exist, to fix broken debian-edu test. -- Petter Reinholdtsen Tue, 07 Oct 2014 11:51:38 +0200 debian-edu-config (1.808) unstable; urgency=high * Fix typo in cf.apt breaking the installation. -- Petter Reinholdtsen Tue, 07 Oct 2014 07:59:27 +0200 debian-edu-config (1.807) unstable; urgency=high [ Wolfgang Schweer ] * Fix domain-name settings for subnet00.intern and subnet01.intern. The invalid names caused ltsp clients to get a wrong /etc/resolv.conf generated by the ltsp init script ('search bad'). * Adjust testsuite/timezone to accept Europe/Berlin as timezone for Germany. [ Petter Reinholdtsen ] * Rewrite squid configuration handling to work with squid3. Use our own /etc/squid3/squid-debian-edu.conf (copied from /usr/share/ on demand) instead of rewriting the file included in the squid package, to make upgrades easier and avoid a conffile question if the defaults change. * Adjust squid-update-cachedir to work with squid3. * Drop ftp source from our cfengine rules to update apt sources.list. It is more robust to only use http. * Run apt-get autoremove at the end of the installation to get rid of no longer needed dependencies. * Add new SMTP test to check that the SMTP server is accepting email. Depend on swaks to get a tool to do this. -- Petter Reinholdtsen Fri, 03 Oct 2014 16:41:43 +0200 debian-edu-config (1.806) unstable; urgency=high [ Wolfgang Schweer ] * sbin/debian-edu-pxeinstall: replace d-i version 7.0 with 8.0 to fix pxe installations. * Fix configuration file location in cfengine rule for squid; now located in /etc/squid3/. [ Petter Reinholdtsen ] * Extend testsuite/taskpkgs to also check that the correct desktop task was activated. * Correct cfengine rule for apache, disable default site using new name 000-default.conf, instead of old and now obsolete name default. * Move code updating resolv.conf in the LTSP chroots from the resolvconf update.d fragment to our tools directory, and call it on first boot too, to get a working resolv.conf in the LTSP chroots also on the combined server. * Add code in run-at-firstboot to commit /etc/ changes in LTSP chroots using etckeeper. * Rewrite LTSP test to use nc instead of telnet. Telnet is not installed by default any more. Depend on netcat to get a nc implementation. * Extend LTSP test to report error if no LTSP NFS mount point exist. * Add new test testsuite/nfs-server checking if the NFS subsystem is working. * Adjust dnsd testsuite check to not print an error if /var/mail/root do not yet exist. * Refactor ldap-client testsuite check to return an error code for every error, not just most of them. * Add Wolfgang Schweer as uploader. -- Petter Reinholdtsen Sun, 28 Sep 2014 08:25:32 +0200 debian-edu-config (1.805) unstable; urgency=high * Remove redundant code to divert the tasksel tests and use a common implementation in /usr/lib/education-tasks/edu-tasksel-setup from the education-tasks package instead. * Fix bug in debian-edu-bless failing to clean up the tasksel test diverts if the installation succeeds. * Use debian-edu-current-codename instead of lsb_release -cs in auto- addfirmware and testsuite/doc too. -- Petter Reinholdtsen Thu, 25 Sep 2014 23:35:31 +0200 debian-edu-config (1.804) unstable; urgency=high * Fix typo in d-i/finish-install, replace non-existing error function with the log function. * Change default suite for debian-edu-bless from wheezy-test to jessie. * Update standards-version from 3.9.5 to 3.9.6. No changes needed. * Remove obsolete code in postrm removing the /usr/share/pam- configs/krb5 divert. It is now removed in the postinst during upgrades instead. -- Petter Reinholdtsen Mon, 22 Sep 2014 22:34:06 +0200 debian-edu-config (1.803) unstable; urgency=high [ Wolfgang Schweer ] * share/ltsp/init-ltsp.d/60-edu-diskless-ws: Stop using update-rc.d to disable the automounter if the homedir is mounted via sshfs as this isn't stable. Do it the way ltsp does. [ Petter Reinholdtsen ] * Adjust debian-edu-pxeinstall to sort the preseeding values, to get predictable ordering and avoid bogus changes reported by etckeeper. * Add dependency on libproxy1-plugin-networkmanager, libproxy1-plugin-mozjs and libproxy1-plugin-kconfig to improve how libproxy behaves. Restructure dependency list to make future changes easier to spot in the diff. * Add hack to wpad-extract using KDE kioslaverc settings as global settings to be able to extract proxy setup from http://wpad/wpad.dat. * Add debian-edu-bless script to binary package, now that it is working well. * Ease debugging by showing the tasksel selected tasks in debian-edu- bless. -- Petter Reinholdtsen Mon, 22 Sep 2014 06:50:47 +0200 debian-edu-config (1.802) unstable; urgency=medium [ Wolfgang Schweer ] * share/ltsp/plugins/ltsp-build-client/Debian-custom: Remove 010-mount-sys. This is now done by ltsp Debian/010-mount-sys. * sbin/debian-edu-ltsp: Drop setting the local repo in extramirror cause it doesn't exist. * Fix typo in debian-edu-pxeinstall to reenable menu. [ Petter Reinholdtsen ] * Call 'apt-get autoremove -y' at the end of setup-roaming, to remove the packages we no longer need. * Fix fatal typo in setup-roaming trying to chown the wrong file. * Extend testsuite/pxeinstall to also look for syslinux/ldlinux.c32 on the tftp server, to verify that the syslinux modules are available via tftp. -- Petter Reinholdtsen Wed, 17 Sep 2014 07:57:55 +0200 debian-edu-config (1.801) unstable; urgency=high [ Wolfgang Schweer ] * Drop local repo entry for jessie in cf/cf.apt. [ Jürgen Leibner ] * Add check if the filesystems on the mountpoints support acls in the testsuite filesystem. [ Petter Reinholdtsen ] * Change from aptitude to apt-get in setup-roaming, to make sure we only depend on one such tool. -- Petter Reinholdtsen Sun, 14 Sep 2014 23:50:12 +0200 debian-edu-config (1.800) unstable; urgency=high [ Petter Reinholdtsen ] * Start on 1.800 as we are targeting Debian 8. * Improve log messages from run-at-firstboot, to make it clearer what is going on. * Add signal trapping in run-at-firstboot script to log an error: string if it terminates unexpectedly. * Fix a few typos in comments in ltsp-build-client/Debian-custom/032-edu-pkgs. * Fix typo in debian-edu-ltsp script, breaking when --arch is used. * Add new testsuite check to check if /skole/tjener/home0 /skole/backup file systems have the acl and user_xattr options enabled, to see if bug #638822 is present or not. [ Wolfgang Schweer ] * Replace wheezy with jessie in cf/cf.apt. -- Petter Reinholdtsen Sun, 14 Sep 2014 16:53:38 +0200 debian-edu-config (1.727) unstable; urgency=high * Remove apt-get-update-files-download script from source package. Its purpose is better handled by unattended-upgrades, and it is not included in the binary package. * Add cfengine rule to enable apache module cgi and configuration sitesummary.conf on the server. Workaround for bug #760084. * Improve the text of the email sent by the test suite. * Update setup-roaming, adjust nsswitch.conf file generated to be closer to the one installed by Debian by default. Use compat instead of files for passwd, group and shadow, add gshadow and switch sssd for the sudoers database. Drop unused append_if_missing() function. * Made setup-roaming a bit more robust and the comments more clear. * Add autofs to set of handled sssd services in generated configuration. * Correct service name for squid in squid-update-cachedir, now called squid3. * Reinsert diverted /usr/share/pam-configs/krb5 and drop our override file now that bug #656309 is fixed. -- Petter Reinholdtsen Thu, 11 Sep 2014 20:30:31 +0200 debian-edu-config (1.726) unstable; urgency=high * Correct PXE setup generated by debian-edu-pxeinstall, symlink from /var/lib/tftpdir/syslinux/ to /usr/lib/syslinux/modules/bios/ to find required pxelinux modules. * Extend testsuite/pxeinstall to test TFTP download of pxelinux.0 to check if the server is working and the required file is available. * Add _pgpkey-http and _pgpkey-https SRV records to allow GnuPG users to find keyservers automatically. Point them to pool.sks-keyservers.net. -- Petter Reinholdtsen Tue, 09 Sep 2014 23:52:23 +0200 debian-edu-config (1.725) unstable; urgency=high [ Petter Reinholdtsen ] * Extend testsuite/ldap-client to check if the local users are present in LDAP. * Make testsuite/timezone more predictable by sorting list of possible time zones. * Adjust testsuite/timezone to accept Europe/Oslo and Arctic/Longyearbyen as timezones in Norway, to match values used in Wheezy and Jessie. * Update new message in testsuite/nagios to include script name. [ Mike Gabriel ] * Fix wrong parameter name (loglevel -> log level) in the main server's Samba configuration file. -- Petter Reinholdtsen Sat, 06 Sep 2014 21:22:45 +0200 debian-edu-config (1.724) unstable; urgency=high * Change cups test to only expect port 631 listening on localhost. * Correct Roaming Workstation setup, call uuid in chroot, as it is missing in d-i. -- Petter Reinholdtsen Mon, 01 Sep 2014 08:56:25 +0200 debian-edu-config (1.723) unstable; urgency=high * Fix typo in shell test in sssd-generate-config. * Update auto-addfirmware from changes done in isenkram, fix bug #729438 also found in isenkram. -- Petter Reinholdtsen Sat, 30 Aug 2014 09:01:06 +0200 debian-edu-config (1.722) unstable; urgency=high [ Wolfgang Schweer ] * Adjust testsuite/backup to reflect the changed cron location. * Samba: go back to wheezy behaviour (NT4-style PDC) as opposed to the jessie default (AD DC) just for testing: - adjust /etc/samba/smb.conf. - adjust /usr/bin/ldap-debian-edu-install. * Adjust configuration files to make apache2 work. - /etc/apache2/sites-available/debian-edu-default.conf: + add 'Require all granted' to allow access to /etc/debian-edu/www/. + treat all options the same way (leading +/-). - /etc/apache2/sites-available/debian-edu-ssl-default.conf: + remove deprecated 'NameVirtualHost' statement. + treat all options the same way (leading +/-). * /usr/bin/ldap-debian-edu-install: - Use temporary smb.conf file to get SAMBASID value and make Samba/LDAP/Kerberos bootstrap complete. - Remove setting bogus sid. - Make failed fetching of SAMBASID fatal again. - Adjust error message if bootstrapping fails. * Fix cups issue (not listening on www:631) by adding this listen statement to /etc/cups/cupsd-debian-edu.conf. [ Petter Reinholdtsen ] * Mention possible cause of the failing webcache test in the error line. * Move uuid to depends from recommends where it was placed by mistake. [ Mike Gabriel ] * Enforce sec=sys option on NFSv4 autofs mounts from the Skolelinux client machines. -- Petter Reinholdtsen Wed, 27 Aug 2014 14:30:47 +0200 debian-edu-config (1.721) unstable; urgency=high [ Petter Reinholdtsen ] * Update Standards-Version from 3.9.4 to 3.9.5. No changes needed. * Updated web page translations: - Rename Brasilian Portuguese file from pt.po to pt_BR.po and adjust all translations to refer to the new name. - Add new Portuguese translation done by Américo Monteiro (Closes: 757532). * Drop unused python-support build dependency. Depend directly on python instead for /etc/ltspfs/mounter.d/edu-notify. * Change default network configuration for Roaming Workstation to tell network manager to activate eth0 by default. This is needed to get LDAP and Kerberos access when registering the initial user. Depend on uuid to be able to generate an UUID for the eth0 configuration for network manager. * Switch Vcs-Browser URL to the cgit interface. [ Wolfgang Schweer ] * Adjust testsuite/webcache cause squid3 replaces squid. * Extend testsuite/samba: - report if 'net time' segfaults. - test if 'net maxrids' reports the highest RID. -- Petter Reinholdtsen Sun, 24 Aug 2014 16:35:34 +0200 debian-edu-config (1.720) unstable; urgency=high * Upload with urgency high to fix hanging Main Server installation. [ Petter Reinholdtsen ] * Updated Norwegian Bokmål debconf translation. Translated by Petter Reinholdtsen. * Add Alexander Alemayhu as uploader. * Adjust the ldap-debian-edu-install script to stop named also when failing to get a Samba SID. This avoid hanging the installer when unable to set up LDAP and Kerberos for the the Main Server. * Migrate setup to Apache 2.4 (Closes: #669762). Rename conffiles /etc/apache2/conf.d/debian-edu-config-doc, /etc/apache2/sites-available/debian-edu-default and /etc/apache2/sites-available/debian-edu-ssl-default to /etc/apache2/conf-available/debian-edu-config-doc.conf, /etc/apache2/sites-available/debian-edu-default.conf and /etc/apache2/sites-available/debian-edu-ssl-default.conf. Update Apache 2 cfengine rules to enable configuration on fresh installs. * Update from debhelper version 7 to 9 to get the support needed for the Apache 2.4 migration. * Extend nagios test to detect if nagsio3 is completely missing. * Adjust ldap-debian-edu-install to log the error when failing to get the samba sid. [ Alexander Alemayhu ] * debian/control: - Update the Vcs-* fields for the git migration. [ Wolfgang Schweer ] * Update setup instructions in ldap-debian-edu-install to enable password storage in secrets.tdb (new location: /var/lib/samba/private/). * Fix path to secrets.tdb in ldap-debian-edu-install. * Make failing SAMBASID fetch non-fatal in ldap-debian-edu-install. * Adjust testsuite/cups; the daemon is now called cups-browsed. [ Petter Reinholdtsen ] * Set samba sid to 'bogus-sid' when continuing the ldap-debian-edu-install script. * Extend testsuite/webcache to detect if the squid binary is missing. -- Petter Reinholdtsen Fri, 22 Aug 2014 18:34:53 +0200 debian-edu-config (1.719) unstable; urgency=high * Upload with urgency high to get rid of boot hang in testing. * Adjust network testsuite check to use new path to rpcinfo (Closes: #758190). * Change dhcp exit hook fetch-ldap-cert to not try to call init.d/fetch-ldap-cert start before the network is up during boot, to avoid dependency loop when using systemd (Closes: #757767). * Update debian-edu-fsautoresize to handle ext4 the same way it handle ext3, thus supporting the current file system (Closes: 742131). * Adjust debian-edu-pxeinstall to use new pxelinux/syslinux-common package structure (Closes: #758568). * Introduce new program debian-edu-current-codename used everywhere to get the current Debian codename, to avoid hardcoding the fallback codename in several scripts. Update all scripts with hardcoded codenames to use debian-edu-current-codename. * Translation updates: - Updated German translation for debconf questions (Closes: #737297). Translated by Chris Leick. -- Petter Reinholdtsen Tue, 19 Aug 2014 13:22:15 +0200 debian-edu-config (1.718) unstable; urgency=low [ Petter Reinholdtsen ] * Drop Vagrant Cascadian as uploader, on his request. * Add Indonesian web page translation from Kurniawan Haikal. [ Wolfgang Schweer ] * Fix sssd-create-config to write a working Kerberos config file during installation w/o network connection (Closes: #743383). -- Petter Reinholdtsen Thu, 24 Apr 2014 13:53:21 +0200 debian-edu-config (1.717) unstable; urgency=low * Improve error message from sitesummary2ldapdhcp when serveral host LDAP objects have the same MAC address, to make the problem easier to debug. * Adjust sitesummary2ldapdhcp to trim trailing newline from DNS names generated by update-hostname-from-ip. * Make debian-edu-bless more robust on flaky networks, by trying several times to download packages while installing. * Document in debian-edu-bless that xfce is a desktop option. * Make debian-edu-bless abort if the current locale is not working, instead of asking ldap and autofs to use a bogus LDAP server. * Set SUDO_FORCE_REMOVE=yes in debian-edu-bless to allow it to automatically replace sudo with sudo-ldap on Raspbian and others like it. * Fix typo in ldap-migrate-squeeze-wheezy and improve error reporting. Add more details on migration of kerberos passwords. Avoid trying to migrate OpenLDAP internal attributes that are impossible to set. * Drop Patrick Winnertz as uploader. Thank you for your good work! -- Petter Reinholdtsen Sun, 02 Mar 2014 19:23:22 +0100 debian-edu-config (1.716) unstable; urgency=low [ Petter Reinholdtsen ] * Only set owner for /var/opt/ltsp/swapfiles to the nbd user if the user exist. Fixes installation problem. -- Petter Reinholdtsen Fri, 13 Sep 2013 09:25:56 +0200 debian-edu-config (1.716~svn82345) unstable; urgency=low [ Wolfgang Schweer ] * Fix nbd server setup: - cf/cf.ltsp: Adjust swapfile directory ownership to user and group nbd. - Add configuration snippet debian-edu.conf to nbd-server/conf.d: setting default swap file size 64MB, allow all clients to connect by omitting value for 'authfile' as wildcards like 10.0.0.0/8 don't seem to be allowed in such a file. * Remove filesize statement from nbd-server/conf.d/debian-edu.conf, cause the default LTSP swap file size (512MB) should be kept. [ Petter Reinholdtsen ] * Make sure to fix permission of /var/opt/ltsp/swapfiles on upgrades too. -- Petter Reinholdtsen Fri, 13 Sep 2013 08:05:35 +0200 debian-edu-config (1.715) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust auto-addfirmware to make the apt source file readable for everyone. Nothing secret there, and apt refuse to run for non-root users if some source lists are unreadable. * Start on migration system from Squeeze to Wheezy. New tool ldap-migrate-squeeze-wheezy added to source. When it is more robust it should be part of the binary package. -- Petter Reinholdtsen Mon, 02 Sep 2013 18:24:58 +0200 debian-edu-config (1.714) unstable; urgency=low * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82279: [ Petter Reinholdtsen ] * Adjust LTSP build to mount /sys in LTSP chroot during built, to fix problem with oss-compat installation on some machine, where modprobe snd-seq calls itself recursively. * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82272: [ Petter Reinholdtsen ] * Fix typo in show-welcome-webpage, and quiet down script. [ Holger Levsen ] * debian-edu-config.postrm: rm -f /etc/default/enable-nat, /etc/kderc, /etc/kde-user-profile and /var/lib/dovecot/auth_success. * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82256: [ Wolfgang Schweer ] * Fix cf/cf.ntp to make line matching work. * Remove cf/cf.lwat, cause lwat is no longer installed. * Remove cf.lwat from Makefile and cf/cfengine.conf. * Update postinst to reflect the change. * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82243: [ Wolfgang Schweer ] * init-ltsp.d/08-edu-hostname: fix typos. * init-ltsp.d/60-edu-diskless-ws: - set proxies by calling 'update-proxy-from-wpad' directly instead of using dhclient. - remove all internet connectivity needing ntp servers from /etc/ntp.conf to avoid useless lookups. [ Petter Reinholdtsen ] * Rewrite code finding the localized welcome page to handle the fact that $LANGCODE can contain multiple values separated by colon. * Rewrite code to show welcome page to show http://www.skolelinux.org/ if no URL is found in LDAP. * Move code to remove unwanted NTP servers from the NTP setup on LTSP clients from init-ltsp.d/60-edu-diskless-ws to cf/cf.ntp, to make sure it is only done once during installation and not every time a client boot. * Move code to update proxy settings in the LTSP chroot from init-ltsp.d/60-edu-diskless-ws to resolvconf/update.d/ltsp-chroots, to do it when DNS settings change instead of every client boot. * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82232: [ Petter Reinholdtsen ] * Fix typos blocking the init-ltsp.d/08-edu-hostname from working. * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82224: [ Petter Reinholdtsen ] * Make sure LTSP host name setting work properly by calling ltsp-init-ltsp.d/10-resolv-conf before 08-edu-hostname, thus allowing DNS lookups to determine host name and shave 10 seconds from the boot time. Thanks to Wolfgang Schweer for discovering the problem. * Add code in postrm to remove the files /etc/default/enable-nat, /var/lib/dovecot/auth_success, /etc/kde-user-profile and /etc/kderc during purge, to remove all traces of our package. Thank you piuparts for discovering the issue. * Stop using absolute path to update-alternatives in /etc/apt/apt.conf.d/99-edu-prefer-iceweasel (Closes: #720575). Thanks to Sharon Kimble for noticing and Guillem Jover for finding the cause. * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82213: [ Wolfgang Schweer ] * Fix KDE proxy settings by changing ioslaverc to use http://wpad/wpad.dat for proxy settings (ProxyType=2) instead of depending on KDE to find the proxy on its own (ProxyType=3). * Show localized welcomepage for supported languages by checking www/index.html.$LANGCODE in share/tools/show-welcome-page. [ Petter Reinholdtsen ] * Make sure gosa-create ignore errors from nscd, as the calls will fail if nscd isn't running, and in that case we do not need to invalidate the caches (Closes: #720396). -- Petter Reinholdtsen Sat, 31 Aug 2013 13:15:53 +0200 debian-edu-config (1.713) unstable; urgency=low [ Petter Reinholdtsen ] * Rewrite ldap-debian-edu-install to use 'net getdomainsid' instead of 'net getlocalsid' to get the domain SID, based on feedback from Mike Gabriel. It should give separate SIDs for tjener and the domain. * Uploaded to the Debian Edu archive as debian-edu-config 1.713~svn82149: [ Petter Reinholdtsen ] * Wrap long comment lines in ldap-debian-edu-install. * Get samba working again by changing ldap-debian-edu-install to make sure the SID stored in LDAP is the SID generated by samba when samba is first set up with the temporary configuration. -- Petter Reinholdtsen Tue, 20 Aug 2013 18:36:19 +0200 debian-edu-config (1.712) unstable; urgency=low [ Petter Reinholdtsen ] * Purge pam-configs settings in prerm using one call to pam-auth- update, as two calls ignore the first and onlyi the second call take effect (Closes: #678931). * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82071: [ Petter Reinholdtsen ] * Make debian-edu-ldapserver more robust, and make sure it fall back to looking in /etc/resolv.conf if dnsdomainname do not return a sensible value. * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82056: [ Mike Gabriel ] * Fix Samba LDAP bootstrap during main-server installation. The Samba2LDAP connection now uses ldapi:/// during bootstrap. As a result the sambaDomainName=SKOLELINUX object will now be created during bootstrap rather than during first boot. The recently introduced samba-domain-policy.ldif will be kept for reference and possible later customizations (by site admins). [ Petter Reinholdtsen ] * Add dhclient-exit-hooks.d script fetch-ldap-cert to fetch the LDAP server certificate when the network is up, in case it is down on first boot. * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82049: [ Wolfgang Schweer ] * Remove option 'only user' from etc/samba/smb-debian-edu.conf, which is only useful with 'security = shared'. (Setting this will prevent a user to connect even to his own home share using smbclient.) * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82034: [ Petter Reinholdtsen ] * Disable the automatic proxy configuration on LTSP boot, as the default setup is already correct and not calling wpad-proxy-update shave 3 seconds from the boot. [ Mike Gabriel ] * Remove obsolete options from the main-server's smb(-debian-edu).conf file. * Disable the cross-home-dir access for users in Samba. (So now we deny that User A can access home of user B if not restricted by file permissions). * Adapt sambaHashHook in /etc/gosa/gosa.conf in a way so that it works for GOsa² 2.7.x. Fixes failures when trying to set the password through GOsa²'s change-password-dialog. * Set a default domain policy on LDAP bootstrap during main-server installation. Fixes erroneous Samba log messages that complain about failures in incrementing users' bad password counters. * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn81960: [ Petter Reinholdtsen ] * Change smbldap-machineadd-gosa to call user_next_uid() instead of get_next_id(), to work with the version of smbldap-tools in Wheezy. Not sure when get_next_id() disappeared, but it is missing in version 0.9.7-1 and was present in version 0.9.5. Depend on smbldap-tools (>= 0.9.7-1) to document the updated requirement. * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn81948: [ Mike Gabriel ] * Explicitly set LDAP server hostname in D-E's smbldap-tools/smbldap.conf to make sure the SSL certificate used matches the server name of the connection. -- Petter Reinholdtsen Sat, 17 Aug 2013 17:39:55 +0200 debian-edu-config (1.711) unstable; urgency=low [ Petter Reinholdtsen ] * Remove SystemGroup block from cupsd-debian-edu.conf, as this option now is in cups-files.conf and modifying it in our cupsd.conf file have no effect (Closes: #718484). Thanks to Mike Gabriel for discovering this. Also remove all the other options now moved to cups-files.conf (AccessLog, DataDir, DocumentRoot, ErrorLog, FontPath, PageLog, Printcap, PrintcapFormat, RequestRoot, RemoteRoot, ServerBin, ServerRoot, ServerCertificate, ServerKey, User, Group and TempDir). -- Holger Levsen Tue, 06 Aug 2013 00:49:32 +0200 debian-edu-config (1.710) unstable; urgency=low [ Petter Reinholdtsen ] * Update comment in update-iceweasel-homepage to reflect the new realities. * Fix typo in sitesummary2ldapdhcp, add missing $ in front of variable making it impossible to run the script. * Uploaded to the Debian Edu archive as debian-edu-config 1.710~svn81733: [ Petter Reinholdtsen ] * Fix typo in postinst causing installation failure. * Uploaded to the Debian Edu archive as debian-edu-config 1.710~svn81731: [ Petter Reinholdtsen ] * Add new script init-ltsp.d/08-edu-hostname to adjust LTSP boot to set hostname based on reverse DNS or MAC address like we do for the other machines. * Fix argument parsing in get-default-homepage. * Rewrite update-iceweasel-homepage to work with Iceweasel in Wheezy, and add code in the postinst to remove the now obsolete divert of /usr/share/iceweasel/browserconfig.properties. (Closes: #717263) * Uploaded to the Debian Edu archive as debian-edu-config 1.710~svn81721: [ Petter Reinholdtsen ] * Rewrite /etc/shutdown-at-night/clients-generator to list hostname and MAC address the way wakeupclients now expect it (Closes: #662868). * Fix code avoiding several nbdswap-cleanup processes to run at once, making sure the script to not consider itself as a conflicting cleanup process (Closes: #662843). * Remove code in /etc/NetworkManager/dispatcher.d/02debian-edu-config to update hostname from DHCP, as it is redundant thanks to the code in /etc/dhcp/dhclient-exit-hooks.d/hostname called by the dispatcher.d script, and it was activated on roaming workstations where it should not update the hostname. * Adjust our system for setting default hostname to set a unique generated hostname during installation, fetched either from reverse DNS lookups or using the MAC address of the interface used by the default route. Adjust all code setting the hostname to use the update-hostname-from-ip script for generating the name. [ Holger Levsen ] * debian/rules: stop calling (obsolete) dh_pysupport, we don't have any python modules anyway. * debian-edu-config.postrm+prerm: call debian-edu-ltsp-audiodivert without path, it's located in /usr/sbin. -- Petter Reinholdtsen Sat, 20 Jul 2013 21:20:00 +0200 debian-edu-config (1.709) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust timesone test suite check to report the locale used when detecting the incorrect time zone, to make it easier to understand its reasoning. * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81506: [ Petter Reinholdtsen ] * Adjust auto-addfirmware and debian-edu-hwsetup to cope with the fact that apt-cache do not return an error code if a package is missing but listed as a virtual package. * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81487: [ Petter Reinholdtsen ] * Adjust locale check in test suite to the fact that locale is no longer set in /etc/environment. * Adjust update-proxy-from-wpad to not set proxy in /etc/environment on Standalone and Roaming Workstation installations, as the value inherited to user processes from this file will get quickly out of date as the machine move from network to network. Only APT setup will be updated on these machines when connecting to a new network. * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81467: [ Petter Reinholdtsen ] * Add workaround to make sure machines using Network Manager also call the dhclient hooks, to get the correct proxy and hostname set during boot, as well as the clock synced using NTP when connecting to a network. * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81459: [ Petter Reinholdtsen ] * Correct webserver test suite, only check file permissions of profiles.ini on the Main Server where it exist. * Adjust setup-ad-client and locate-syslog-collector to handle dns domain localdomain as no domain the same way sssd-generate-config do. * Change code to set hostname on Workstation, Thin-Client-Server and Minimal installations, to fall back to unique name generated from the MAC address, to make it possible to uniquely identify machines using the login screen after installation/boot. * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81436: [ Petter Reinholdtsen ] * In sssd-generate-config, tread dns domain localdomain as no domain to look in resolv.conf for the domain to use instead. * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81434: [ Petter Reinholdtsen ] * Extend setup-roaming to also generate krb5.conf dynamically, to make sure kerberos work properly independent of where the client is located and what it is named. * Switch kerberos setup (/etc/krb5.conf) to be generated during installation using the SRV and TXT entries in DNS, to get krb5-auth-dialog working on diskless workstations. -- Holger Levsen Sun, 14 Jul 2013 17:07:02 +0200 debian-edu-config (1.708) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust comments in generated /etc/network/interfaces file to look more like the one created by d-i in Wheezy. [ Holger Levsen ] * Bump standards version to 3.9.4. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81397: [ Petter Reinholdtsen ] * Adjust network setup for Standalone and Roaming-Workstation to work with Network Manager in Wheezy, which ignore all interfaces listed in /etc/network/interfaces. * Reintroduce /usr/sbin/update-hostname-from-ip which was dropped in r73306 and r73313, to make sure machines get their hostname set from DNS during installation. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81383: [ Holger Levsen ] * Translation updates: - Swedish, thanks to Martin Bagge. (Closes: #714645) [ Petter Reinholdtsen ] * Add test suite test to detect if /etc/skel/.mozilla/firefox/profiles.ini have the wrong file permissions (600 instead of 644). * Correct cfengine rules creating /etc/skel/.mozilla/firefox/profiles.ini to make sure the file is given mode 644. * Remove cfengine code to purge network-manager on roaming workstations, as we now use it. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81319: [ Petter Reinholdtsen ] * Disable debug code in auto-addfirmware. * Adjusted auto-addfirmware to only add contrib and non-free APT sources if it can't find the package it want to install. * Fix typo in sitesummary2ldapdhcp, making it fail unless -t was specified. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81308: [ Wolfgang Schweer ] * ldap-tools/sitesummary2ldapdhcp: - Fix configuration for 'netdevices'. - Modify help message to fit the code after last cleanup. [ Petter Reinholdtsen ] * Remove cfengine rule to modify the mplayer.conf file, as we now use mplayer2 where this file no longer is included and the BTS report #491403 do not seem relevant for us any more. This get rid of the mplayer test suite failure for some desktop types, as the test is no longer relevant. * Fix typo in cf.syslog. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81297: [ Petter Reinholdtsen ] * Update debian-edu-pxeinstall to use the new keymap boot option to set the default keymap. This changed between Squeeze and Wheezy. * Make debian-edu-pxeinstall more robust, make sure it find the desktop preseeding also when doing PXE installations of the main server. * Teach debian-edu-pxeinstall to use short forms locale and keymap as boot parameters to make the parameter list shorter. * Correct cfengine setup to set files.secondpass on the second files pass. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81287: [ Wolfgang Schweer ] * ldap-bootstrap/root.ldif: Add entries for systems of type workstation, terminal and printer as these should be setup already during installation of the main server. * Try to enhance ldap-tools/sitesummary2ldapdhcp, now that more types for systems are available in LDAP/GOsa²: - Add option -t TYPE, where TYPE could be servers, workstations, terminals, printers. If this option is omitted, systems are added as netdevices by default. - Add code for these options to write the appropriate LDAP entries, set time server to tjener and activate the system if needed. [ Petter Reinholdtsen ] * Adjust cfengine setup to do a 'files' pass at the end too, to make sure file permissions are correct when cfengine exits. This fixes the file permissions of /etc/rsyslog.d/debian-edu-client.conf. * Clean up ldap-tools/sitesummary2ldapdhcp a bit, avoid some code duplication and make sure 'ntp' is used as the DNS name for the local NTP server. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81240: [ Petter Reinholdtsen ] * Quiet down run-at-firstboot, avoid lots of messages from munin automatic configuration failures. * Correct rsyslog test suite check to no look for the client configuration on the Main Server. * Correct path to d-i PXE boot images used by our PXE setup when using the debian-installer-7.0-netboot-i386 and debian-installer-7.0-netboot-amd64 packages. * Adjust auto-addfirmware and make sure to add contrib and non-free when trying to install the firmware-b43-installer package on machines needing it. Also make sure it check the Contents files for contrib and non-free looking for firmware. * Move code in 032-edu-pkgs removing the force-unsafe-io dpkg flag to after the workstation is configured, to ensure it have effect for most of the LTSP installation period. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81225: [ Wolfgang Schweer ] * ltsp/init-ltsp.d/60-edu-diskless-ws: Disable autofs to reenable login on diskless workstations when ldm is used. Drop code to fix nsswitch.conf, as this is already done otherwise. [ Petter Reinholdtsen ] * Make sure the setup-ad-client script is included in the package. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81203: [ Petter Reinholdtsen ] * Add d-i preseeding for netcfg/dhcp_ntp_servers in PXE setup, as d-i/netcfg/clock-setup do not seem to notice the ntp-server DHCP option passed to clients (BTS #714288), to make sure clients have correct clock during installation even when installing behind a blocking firewall. [ Wolfgang Schweer ] * Add entry to ltspConfig in LDAP to whitelist lightdm, just in case someone will use it with diskless workstations. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81197: [ Petter Reinholdtsen ] * Move kernel option set by debian-edu-hwsetup from /etc/grub.d/ to /etc/default/grub, where it actually have effect. * Add Xsession.d script to warn about missing home directory and suggest that this might be fixed by adding the host to the workstation-hosts NIS netgroup using GOsa². * Purge the plasma-widget-networkmanagement package on stationary clients, as the users there can't change the network setup anyway and all the package do is show a red warning icon on the desktop. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81185: [ Petter Reinholdtsen ] * Add i915.invert_brightness=1 hardware quirk for Acer Aspire V3-771G model VA70, to avoid the black screen of death. * Drop NFS package size settings (rsize/wsize=32768) from NFSv4 automount rules, as the default kernel setting is ok. * Rewrite debian-edu-hwsetup quirk for Packard Bell EasyNote LV to use acpi_backlight=vendor instad of i915.invert_brightness=1, as this stop KDE from turning off the screen during login. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81184: [ Petter Reinholdtsen ] * Adjusted DHCP hook to set hostname, to make sure it set FQDN and not the short name, to make sure Kerberos know which domain to use to find the realm and the Kerberos server. * Made DHCP hook to set hostname more robust. * Update munin-node.conf file to the version used in Wheezy, and add our allow line to grant access to the main server. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81168: [ Petter Reinholdtsen ] * Remove code from debian-edu-hwsetup to install firmware packages, as this is also done better in auto-addfirmware. * Add testsuite code to report an error if /etc/rsyslog.d/debian-edu-client.conf only is readable by root. * Add cfengine rule to set file mode 644 on the rsyslog.d file. * Adjust DHCP hook used to set hostname based on reverse DNS lookup, to only set hostname if there is a name in DNS. This avoid setting the hostname to '3(NXDOMAIN)'. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81154: [ Petter Reinholdtsen ] * Add dependency on lsb-release to make sure the lsb_release program is available when scripts try to figure out the release code name. * Updated debian-edu-hwsetup, rewrote PCI device detection system to use modalias and added quirk for Packard Bell EasyNote LV to avoid black screen after boot. * Updated auto-addfirmware to fetch from http.debian.net. * Call auto-addfirmware at the end of debian-edu-hwsetup, to get all required firmware installed during installation. * Rewrite auto-addfirmware to look up all firmware used by all loaded kernel modules instead of looking at the dmesg content, to make it more robust. * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81140: [ Petter Reinholdtsen ] * Make locate-syslog-collector more robust when finding DNS domain, to increase the chance of correct syslog setup on clients. * Recommend binutils for ar(1) needed by the pxe-addfirmware script. (Closes: #684861) * Update debian-edu-hwsetup, remove obsolete entries and update the entry for iwlwifi network cards to install firmware-iwlwifi during installation. * Add debian-edu-hwsetup workaround for b43 wifi cards, installing the firmware-b43-installer package. -- Holger Levsen Sat, 06 Jul 2013 18:22:38 +0200 debian-edu-config (1.707) unstable; urgency=low * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn81085: [ Petter Reinholdtsen ] * Adjust debian-edu-pxeinstall paths to be compatible with debian-installer-7.0-netboot-i386 and debian-installer-7.0-netboot-amd64. * Debconf translation updates: - add Polish, thanks to Michał Kułach. (Closes: #712723) * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80889: [ Petter Reinholdtsen ] * Teach sssd-generate-config and setup-ad-client to ignore the output from 'hostname -d' when it is '(null)'. This make the scripts more robust. * Correct timezone testsuite check to look for new timezone name for the *_ES locale. Need updates for the other locales too. * Make sure we include the new index.html.ro file in the binary package. [ Holger Levsen ] * Update timezone testsuite checks for all other languages based on /usr/share/zoneinfo on my wheezy system. * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80617: [ Petter Reinholdtsen ] * Avoid hardcoded path in setup-roaming, to make it easier to move the scripts around. Made setup-roaming more robust and capable of running outside the Debian Edu environment. * Made sssd-generate-config more robust, able to handle DNS lookups which fall back to TCP. * Made setup-ad-client more self contained, robust and get it working out of the box in an Active Directory environment, also on non Debian Edu machines. * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80573: [ Holger Levsen ] * debian/control, Vcs* headers: Replace svn.debian.org with anonscm.debian.org. [ Petter Reinholdtsen ] * Move code in sssd-generate-config to detect DNS domain name into its own function, to make it easier to share that code with setup-ad-client. * Make setup-ad-client more automatic, flexible and robust. * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80562: * Switch default APT source, fallback LTSP mirror and fallback PXE mirror from ftp.skolelinux.org, ftp.debian.org and cdn.debian.net to http.debian.net, to pick a nearby mirror in the most efficient way available today. * Update sssd-generate-config with the change done to sssd.conf in version 1.704~svn79934, and generate sssd.conf with checking og the TLS certificate, now that it is working as it should. * Make sssd-generate-config more robust, to not fail when hostname do not understand the -d argument. * New script setup-ad-client to set up a roaming workstation as a Active Directory client and adjust sssd-generate-config to allow this to work. * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80551: * Adjust webcache testsuite check, and remove now obsolete argument sendt to wpad-extract. * Add libwebkitgtk-1.0-0 as a dependency of debian-edu-config next to libproxy-tools, as the webkit shared library is needed for libproxy to handle WPAD files. * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80547: [ Petter Reinholdtsen ] * Replicate how d-i is operating, and add code in LTSP setup script 032-edu-pkgs to run dpkg with the force-unsafe-io flag when creating the LTSP chroot, to try to speed up the process. * Adjust run-at-first-boot to call update-proxy-from-wpad on the Main Server, to try to get the proxy setup working. The automatic proxy setup only run from dhcp, which the Main Server do not use. * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80497: [ Petter Reinholdtsen ] * Add postinst code to purge the leftover passwords from the debconf database when debian-edu-config is upgraded from a vulnerable version (Closes: #711251). -- Petter Reinholdtsen Sun, 23 Jun 2013 23:31:16 +0200 debian-edu-config (1.706) unstable; urgency=low * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80452: [ Petter Reinholdtsen ] * Change our edu-krb5 pam-configs setup to not provide PAM support for changing the password, to ensure password changes need to change using Gosa (Partly fixes #704461). * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80414: [ Petter Reinholdtsen ] * Activate new web page translation for Romanian added by Victor Nițu in version 1.705. * Correct a few inaccurate paths in the web page translations in da.po, ja.po and pt.po. * Debconf translation updates: - Swedish, thanks to Anders Jonsson. (Closes: #711688) * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80395: [ Petter Reinholdtsen ] * Add new test case to detect and report passwords lingering in the debconf database (bug #711251). * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80374: [ Petter Reinholdtsen ] * Made sure subnet-change warn those trying to switch to one of the problematic subnets, while allowing them to continue by adding option -f. * Changing debconf-set-selections-edu to not set the debconf template default value for passwords, to avoid storing the root and first user passwords in templates.dat (Closes: #711251). * Make internal password type debconf templates translatable again, as making the non-translatable did not affect bug #711251. * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80357: * Translation updates: - Indonesian, thanks to T. Surya Fajri. (Closes: #710293) - Russian, thanks to Yuri Kozlov. (Closes: #710300) - Japanese, thanks to . - Portuguese, thanks to Américo Monteiro. (Closes: #711106) - Danish, thanks to Joe Dalton. (Closes: #711185) - French, thanks to Guilhelm Panaget. [ Petter Reinholdtsen ] * Made subnet-change complete, teach it how to update /etc/munin/debian-edu-munin-node.conf and /etc/hosts.allow. * Report the files that need a manual update at the end of the subnet-change script run, to make the text easier to see. * Make internal password type debconf templates non-translatable to try to work around bug #711251. -- Holger Levsen Sun, 09 Jun 2013 18:14:02 +0200 debian-edu-config (1.705) unstable; urgency=low [ Holger Levsen ] * Add #!/bin/sh headers to share/ltsp/init-ltsp.d/*. * Add #!/bin/sh header to etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update and make the scripts in that directory executable. * debian/debian-edu-config.templates: Make questions about KDC and LDAP passwords translatable. [ Victor Nițu ] * Add initial Romanian translation. * uploaded to the Debian Edu archive as debian-edu-config 1.705~svn80173 [ Holger Levsen ] * debian/rules: add build-arch and build-indep targets. [ Petter Reinholdtsen ] * Make sssd-generate-config more robust, by looking for DNS domain in resolv.conf if hostname is not FQDN. * Rewrite ping/ping6 testsuite check to only try ping6 if IPv6 address is available for the local hostname. * uploaded to the Debian Edu archive as debian-edu-config 1.705~svn80138 [ Petter Reinholdtsen ] * Make debian-edu-bless more robust and make it possible to adjust parameters using environment variables. Document in a comment at the top how to do this. * Adjust Iceweasel setup in debian-edu.js based on : - Disable location-bar suggestion feature that is sludgy on thin-clients. - Tell Iceweasel to not look for upgrades. - Allow it to look for new extentions. - Use LANG environment variable to choose locale. - Disable default browser checking. * Make locate-syslog-collector and ltsp-arch-debian-edu more robust by always running them in the C locale. -- Holger Levsen Tue, 28 May 2013 18:47:40 +0200 debian-edu-config (1.704) unstable; urgency=low [ Wolfgang Schweer ] * Remove /etc/gosa/desktoprc, as the package gosa-desktop is now configured using debconf preseeding. [ Holger Levsen ] * debian/control: remove obsolete XS-DM-Upload-Allowed: field. [ Petter Reinholdtsen ] * Make debian-edu-bless more robust by trying twice to download packages before installing them, in case the network is flaky. Change its default locale from nb_NO.UTF-8 to en_US.UTF-8. * Adjust Iceweasel setup in debian-edu.js to also disable the offline disk cache, and enable memory cache with size adjusted according to the available memory on the machine. * Adjust Iceweasel setup to save X memory by setting MOZ_DISABLE_IMAGE_OPTIMIZE=1 for thin clients in /etc/Xsession.d/06debian-edu-iceweasel-ltsp during login. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn80050 [ Petter Reinholdtsen ] * Adjust ldap-client testsuite check to accept the new roaming workstation configuration. * Fix typo in error reporting in the taskpkgs testsuite check, and add support for checking the Minimal profile there. * Add new tool/example bless-debian, demonstrating how to transform a Debian machine into a Debian Edu machine. * etc/sssd/sssd-debian-edu.conf: Replace krb5_kdcip with krb5_server based on change done to sssd-generate-config by Wolfgang Schweer. [ Wolfgang Schweer ] * Add /etc/gosa/desktoprc, needed to configure gosa-desktop with the right URL. [ Holger Levsen ] * Rename tools/bless-debian to debian-edu-bless. [ Wolfgang Schweer ] * Remove file pwdchange.desktop, cause there seems to be no simple way to integrate it into the LXDE menu -- besides possible problems, that might occur, if someone installs several desktop environments. The package gosa-desktop now provides the same menu entry for KDE, GNOME and LXDE. * Add script /etc/dhcp/dhclient-exit-hooks.d/hostname, which will set the client's hostname. [ Petter Reinholdtsen ] * Rewrite dhclient-exit-hooks.d/hostname to only trigger on profiles Workstation, Thin-Client-Server and Minimal, and to only print messages and syslog when the host name is changed. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn80012 [ Petter Reinholdtsen ] * Add new filesystem testsuite check to report too full file systems, meaning file systems with less than 10% left. * Disable automounting on roaming workstation, that was enabled by mistake, as it confuses libpam-mklocaluser. Change cfengine rule to not configure autofs, and change test suite to not check autofs on this profile. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn80003 [ Petter Reinholdtsen ] * Updates for roaming workstation: - Fix typo in tools/setup-roaming causing nsswitch.conf update to fail. Make the generated nsswitch.conf closer to the one generated automatically by debian packages, to make it easier to see which lines we have to change to get profile working. - Add missing automount line to nsswitch.conf to get automounting working. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79994 [ Wolfgang Schweer ] * tools/sssd-generate-config: According to man 5 sssd-krb5, the option 'krb5_kdcip' is still valid, but deprecated and should be replaced with 'krb5_server'. (After this change related log file entries would no longer be added.) [ Petter Reinholdtsen ] * Rewrite LTSP testsuite check again, this time to force IPv4 as IPv6 NFS mount hang at least when using localhost as the server name. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79965 [ Petter Reinholdtsen ] * Ask apt-xapian-index to reconfigure at first boot to avoid having to wait a week before golearn start working. * Rewrite LTSP testsuite check to use 'getent hosts' instead of 'host' to look up the local hostname, and adjust the code to handle the IPv6 localhost address returned by default. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79964 [ Petter Reinholdtsen ] * Improve roaming workstation setup and adjust for newer sssd. Use libnss-sss for netgroup lookup and make sure libnss-myhostname is enabled. [ Wolfgang Schweer ] * ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkg: Don't call update-locale-config in the LTSP chroot, which is no longer available. It belongs to the package localization-config, which is no longer of any use and not installed in the chroot. (The LTSP chroot installation is supposed to fail, if update-locale-config is still called.) * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79934 [ Petter Reinholdtsen ] * Switch sssd.conf to check the TLS certificate, now that it is working as it should. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79894 [ Petter Reinholdtsen ] * Fix automount check, make sure it is skipped for Main-Server and Standalone profiles. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79878 [ Petter Reinholdtsen ] * Make sure to call pam-auth-update before db_stop in postinst to avoid hanging during installation. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79873 [ Petter Reinholdtsen ] * Make d-i hook to increase entropy when running low more robust and get it to log any error messages to syslog. Also make sure it check the entropy level more often. * Add new testsuite test automount, to make it easier to debug autofs problems on clients. * Call pam-auth-update during installation and removal, to make sure PAM setup is properly handlet (Closes: #678931). * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79859 [ Petter Reinholdtsen ] * Extend ldap-client testsuite check to detect if winbind or libpam-winbind is active. We do not want nor need them. [ Wolfgang Schweer ] * cf/cf.ldapclient: Get rid of packages winbind, libpam-winbind, and libnss-winbind for all profiles (cifs-utils is kept installed). * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79805 [ Petter Reinholdtsen ] * Adjust wpad-extract to only accept http and https URLs from the proxy tool, to avoid direct:// style URLs that are useless as values of http_proxy and ftp_proxy. * Extend the filesystems test suite check to accept ext4 as well as ext3 file system type. [ Wolfgang Schweer ] * ltsp/init-ltsp.d/60-edu-diskless-ws: Add 'dhclient -nw' to fix the proxy setting in /etc/environment, cause the proxy setting hook scripts expect dhclient to run. * sbin/debian-edu-pxeinstall: Set distribution string to wheezy to let pxe installations take the right udebs while doing test-installs. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79804 [ Wolfgang Schweer ] * ldap-tools/ldap-debian-edu-install: update the instructions for bootstrapping LDAP manually. [ Petter Reinholdtsen ] * Extend network testsuite to detect if BTS report #705900 is present. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79734 * Correct rdp-server testsuite check to only run on Thin Client Servers, not Main Servers. I used the wrong condition originally. * Change finish-install for d-i to not try to submit to sitesummary when installing a Main-Server. It will become its own collector after installation. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79733 [ Wolfgang Schweer ] * gosa.conf: Change structure of content to comply with the bootstrap scripts. Replace erroneously contained password hashes with GOSAPWD. Logging into gosa should now be possible again. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79660 * Fix RDP testsuite check to look for the correct TCP ports (3389 and 3350), instead of some random PIDs I inserted by mistake in the first draft. * Rewrite CUPS testsuite check to use wget --no-check-certificate instead of HEAD, to be able to check that the HTTP server is working while ignoring that the SSL certificate name do not match the URL we use to check it. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79650 * New testsuite test to verify that the RDP server is running and accepting TCP connections. * Correct timezone testsuite check to look for new timezone name for the *_BE, *_DE, *_DK and *_NO locales. Need updates for the other locales too. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79644 * Make sure LTSP change to 032-edu-pkgs regarding runlevel changes comment out the entire lines, not just part of the lines to disable. Fixes change done by Wolfgang Schweer in version 1.704~svn79603 and Holger Levsen in version 1.704~svn79638. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79638 [ Wolfgang Schweer ] * Configure the GOsa gui stripped down to those menu items, tabs, and options, that seem to be useful and usable. (Closes: #655274). - Clean up gosa.conf for the sake of clarity. (A full version can be found in /usr/share/doc/gosa.) - Add ldif and csv import tabs to in gosa.conf, as this will show 'temporary disabled' in GOsa² as long as the add-on isn't available -- and will be needed if it is. - Change GOsa admin acl in ldap-bootstrap/root.ldif to disable unusable options in Posix and Samba accounts. - Add sambaAccount restrictions to jradmin-role acl in ldap-bootstrap/gosa.ldif. - Change description of admin-role to document restrictions. * Set debug level back to '0' in gosa.conf. * Make diskless workstations comply with ltsp 5.4.2-6: - Remove 60-edu-nsswitch.conf - Add 60-edu-diskless-ws, to change /etc/nsswitch and enable services (autofs, nfs-common, nscd, nslcd) disabled by LTSP. * Edit Makefile to reflect the changes. [ Holger Levsen ] * ltsp-build-client/Debian-custom/032-edu-pkgs: Replace portmap with rpcbind. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79603 [ Mike Gabriel ] * Use my @debian.org mail address in Uploaders: field. * Fix passwd sync in Samba. (Closes: #656296). * The change-over to using an aufs overlay on diskless workstations fixes observed failures of the udisks daemon. (Closes: #629054, #629055). [ Wolfgang Schweer ] * Some more steps to get both thin and fat LTSP client setup working: - Correct type error in debian-edu-pxe-install. - Remove duplicate code from 60-edu-nsswitch. - Comment out most lines concerning runlevels in 32-edu-pkgs, cause there's no need to change the runlevel defaults anymore. Now the default runlevel for both client types is 2, the init-ltsp process will start processes depending from the client type chosen. (Client type: LTSP_FATCLIENT=True is set by default, for thin clients this has to be set to 'False' via kernel command line, lts.conf or LDAP entry.) * Changelog: Remove useless whitespace. * Don't edit lts.conf provided by package ltsp-server, cause now required changes can be set on-the-fly: - Remove lts.conf.dist. - Remove 35-default-lts-conf. - Edit Makefile to reflect the above changes. - Remove line SCREEN_07=ldm from ltsp.ldif, cause this is now done during the init-ltsp process. * 70-edu-client-core: Edit ltsp-client-core without using line dependency. * Enable more types to choose from when adding systems: - Remove restriction from acl in root.ldif to provide non locked system type 'server'. - Add GOsa object classes goNtpServer and goLdapServer for tjener entry in gosa-server.ldif, required if adding systems of type workstation. - Add description for tjener in gosa-server.ldif including a warning. (Though the object tjener is still locked by default, it could be set to 'active' and then be modified.) (Closes: #629367). * debian-edu-restart-services: Replace portmap with rpcbind. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79534 [ Wolfgang Schweer ] * testsuite/ltsp: Replace /etc/ltsp_chroot with /etc/lts.conf to test if the ltsp chroot exists, as ltsp_chroot seems to have been dropped. * debian-edu-pxeinstall: - Change kernel command lines to reflect new ltsp init process. - Append ipappend 2 (syslinux) to define network boot interface. - Change target distribution from squeeze to wheezy. - Testing for diskless ws support now requires arch dependent path to security so files. * etckeeper is now located in /usr/bin instead of /usr/sbin: - Correct path in tools/run-at-firstboot. - Correct path in debian-edu-config.postinstall. * LTSP now uses an aufs overlay filesystem (whole rootfs), so things have changed considerably as it is possible to change almost all configuration on-the-fly: - Add share/ltsp/get-ldap-ltsp-config. - Add share/ltsp/init-ltsp.d/70-edu-client-core. This snippet modifies /etc/init.d/ltsp-client-core to get config stored in LDAP for Debian Edu ltsp clients (thin and fat) by calling get-ldap-ltsp-config. - Add share/ltsp/init-ltsp.d/60-edu-nsswitch. For Debian Edu diskless workstations: Modify priority to make KERBEROS work. - Remove now obsolete files: + share/debian-edu-config/ltsp_set_runlevel + share/debian-edu-config/ltsp_local_mount + share/ltsp/ltsp_config.d/debian-edu-config-rwbind + share/ltsp/ltsp_config.d/debian-edu-config-ldap - Comment out lines in 032-edu-pkgs concerning obsoleted files. * Change Makefile to reflect these changes. * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79463 [ Wolfgang Schweer ] * ltsp-build-client (used by d-i ltsp-client-builder.udeb). Change configuration to fix ltsp chroot installation: - Preseed dictionaries-common/default-wordlist and default-ispell in /usr/share/ltsp/plugins/Debian-custom/032-edu-pkgs with values taken from the server side debconf data base. - Replace aptitude (in 032-edu-pkgs) by apt-get to avoid failure due to missing aptitude. * testsuite/ltsp: Use IP for NFS mount just in case only a hostname but not a fqdn has been set in GOsa. -- Holger Levsen Fri, 17 May 2013 20:10:30 +0200 debian-edu-config (1.703) unstable; urgency=low * uploaded to the Debian Edu archive as 1.703~svn79344: [ Wolfgang Schweer ] * debian-edu-ltsp: - Change target distribution from squeeze to wheezy. - Add workaround to fix ltsp chroot installation by calling /usr/share/debconf/fix_db.pl and dpkg --configure -a after ltsp-build-client if ltsp-build-client fail. * uploaded to the Debian Edu archive as 1.703~svn79150: [ Wolfgang Schweer ] * Drop setting "allow_weak_crypro = true" in /etc/krb5.conf. Thanks to Andreas B. Mundt for the hint. * Fix some ltsp related scripts: path of etckeeper, release name. * Fix dovecot setup: - Don't modify configfiles - Put Debian Edu specific settings into /etc/dovecot/local.conf - Add dovecot/local.conf [ Petter Reinholdtsen ] * Switch wpad-extract to use libproxy-tools instead of libjavascript-perl which is no longer available in Squeeze. This remove the ability to override the WPAD url in /etc/debian-edu/config. Patch from Mike Gabriel (Closes: #660257). * uploaded to the Debian Edu archive as 1.703~svn78957: [ Wolfgang Schweer ] * Add nameserver entry in main-server network interfaces file to get at least one nameserver entry for resolvconf. * Add cf.ldap2zone to cfengine config file. [ Petter Reinholdtsen ] * Insert code fixing the network setup during installation written by Wolfgang Schweer in debian-edu-install to the /usr/share/debian-edu-config/d-i/finish-install file where it belong. * uploaded to the Debian Edu archive as 1.703~svn78931: [ Petter Reinholdtsen ] * Reintroduce debian-edu-config-gosa-netgroups package and undo fix for BTS report #662967 using commit r77645 and the svn content of share/debian-edu-config/netgroups, as the package is still needed because the netgroup package did not make it into wheezy. [ Wolfgang Schweer ] * Add missing quote character in cf.ldap2zone * Remove code from d-e-c/d-i/finish-install, now obsolete due to the debian-edu-config-gosa-netgroups package. * Make Conflicts: for debian-edu-config-gosa-netgroups fit gosa version. * uploaded to the Debian Edu archive as 1.703~svn78902 [ Wolfgang Schweer ] * Fix error in gosa.conf file. * Make cf.ldap2zone work. * uploaded to the Debian Edu archive as 1.703~svn78886: [ Petter Reinholdtsen ] * Change KDE default favorite list in kickoffrc to use Libreoffice instead of OpenOffice, as the latter is no longer installed in Wheezy. [ Wolfgang Schweer ] * cf/cf.apt: avoid double entry in sources.list * /etc/gosa/gosa.conf: - adopt for gosa 2.7.4 and make it compatible with ldap-debian-edu-install - make gosa-sync work on passwords (This is a workaround for #698544) * cf/cf.network: - do not restart networking, this breaks d-i - split into cf.bind and cf.ldap2zone * cf/cf.ldap2zone: fix BIND_DATA location in /etc/default/ldap2zone * ldap-bootstrap/gosa.ldif: add entry to make netgroup member names visible * Provide gosa netgroups plugin in (/usr/)share/d-e-c/netgroups and install it using update-gosa in target in finish-install. * gosa-sync: Let Kerberos policy password violations be reported in GOsa and prevent setting such an unsynced password in GOsa. Script provided by Andreas B. Mundt (debian-lan project). * gosa.conf: drop postmodify entry in admin section, obsoleted by gosa-sync. -- Holger Levsen Sat, 16 Mar 2013 15:18:14 -0700 debian-edu-config (1.702) unstable; urgency=low [ Mike Gabriel ] * In gosa-create script: Invalidate libnss cache before applying chown on new home directories. Fixes multiple failures during mass user import into GOsa². * password-fix-squeeze-r0: allow home[0-9] as home directory. * Fix smbaddclient.sh, use ,,set +e'' instead of non-bash-syntax ,,unset -e''. -- Petter Reinholdtsen Sun, 02 Dec 2012 12:20:39 +0100 debian-edu-config (1.701) unstable; urgency=low * Drop start-wlan initscript, which is disabled since 2007 and has seen it's last development in 2005. (Closes: #602621) * Drop report-reboot initscript which is disabled since years and which just duplicates (but not matches) logchecks functionality. (Closes: #602622) * Update README to refer to architecture design of Squeeze at least. -- Holger Levsen Sat, 23 Jun 2012 00:52:18 +0200 debian-edu-config (1.700) unstable; urgency=medium * Bump version number to 1.700 to make obvious this is targeted for wheezy. * Drop debian-edu-config-gosa-netgroups package and make debian-edu-config replace it. (Closes: #662967) -- Holger Levsen Sun, 10 Jun 2012 15:37:14 +0200 debian-edu-config (1.456) squeeze-test; urgency=low [ Petter Reinholdtsen ] * Changing debconf-set-selections-edu to not set the debconf template default value for passwords, to avoid storing the root and first user passwords in templates.dat (Closes: #711251). Copied from Wheezy version. * Add new test case to detect and report passwords lingering in the debconf database (bug #711251). Copied from Wheezy version. * Add postinst code to purge the leftover passwords from the debconf database when debian-edu-config is upgraded from a vulnerable version. * Fix automount check, make sure it is skipped for Main-Server, Roaming Workstation and Standalone profiles. Copied from Wheezy version. * Add new filesystem testsuite check to report too full file systems, meaning file systems with less than 10% left. Copied from Wheezy version. * Fix typo in error reporting in the taskpkgs testsuite check, and add support for checking the Minimal profile there. Copied from Wheezy version. * Extend network testsuite to detect if BTS report #705900 is present. Copied from Wheezy version. -- Petter Reinholdtsen Mon, 10 Jun 2013 10:03:01 +0200 debian-edu-config (1.455) squeeze; urgency=low [ Wolfgang Schweer ] * Fix /etc/hosts for LTSP diskless workstations. (Closes: #699880) * Make ltsp_local_mount script work for multiple devices. [ David Prévot ] * Fix some typos in old changelog entries. [ Petter Reinholdtsen ] * Add new testsuite test automount, to make it easier to debug autofs problems on clients. -- Holger Levsen Sun, 24 Feb 2013 09:43:14 +0000 debian-edu-config (1.454) unstable; urgency=low [ Petter Reinholdtsen ] * Add new tool password-fix-squeeze-r0 to correct users with only two days password expiration time in Kerberos, cleaning up after bug #664596. * Change creation of first user to use the same Kerberos policy as all other users. * Make sure to quote handling of clear text passwords when setting up LDAP and Kerberos during installation, in case they include some shell special characters. Partly solve #664976. * Add a copy of debconf-set-selections called debconf-set-selections-edu from debconf version 1.5.36.1 to fix #636219 and allow us to handle '#' characters in the root or first users password. * Use our own debconf-set-selections-edu when passing passwords from d-i to /target/, to make sure '#' is allowed in the passwords (Closes: #664976). * Fixes for gosa-sync (updating Kerberos password): - Make sure all variables are quoted, to make script more robust. Thanks to Steven Chamberlain for the suggestion. - Make sure script doesn't fail if the password contains the " character. Based on patch from Samuel Krempp. Partly fixes #665696. The rest need to be fixed in the GOsa² code. - Stop syslogging the new password string when changing password in GOsa². * Fix typo in output from debian-edu-update-netblock. * Make sure to send output from debian-edu-update-netblock cron job to /dev/null, to avoid emails every 5 minutes. Syslogging should be enough output from the cron job. [ David Prévot ] * index.html.en: Fix starting uppercase in language name (respect localized typographic rules). [ Wolfgang Schweer ] * tools/gosa-create: Fix email address for new user's welcome mail. * Correct Kerberos user policy, make sure to not expire password after 2 days, but instead use default [none] (Closes: #664596). [ Mike Gabriel ] * In gosa-create script: Invalidate libnss cache before applying chown on new home directories. Fixes multiple failures during mass user import into GOsa². * password-fix-squeeze-r0: allow home[0-9] as home directory. * In gosa-netgroups plugin: make sure that assigning a system to a NIS netgroup using the NIS netgroups tab of a GOsa² system object does not erase entries of attribute type "memberNisNetgroup" from the NIS netgroup object. Closes: #687256. * Fix smbaddclient.sh, use ,,set +e'' instead of non-bash-syntax ,,unset -e''. * Translation updates: - Add Danish web page from Joe Hansen. (Closes: #664790) -- Petter Reinholdtsen Fri, 30 Nov 2012 21:28:21 +0100 debian-edu-config (1.453) unstable; urgency=low * Team upload. [ David Prévot ] * Fix missing last entries in PXE boot menu. (Closes: #661392) * Fix typo in web page (spotted by Nigel Barker). [ Petter Reinholdtsen ] * Make sure ltspfs-mounter-kde do nothing when using Gnome, and make it more robust. * Update debian-edu-pxeinstall, use ln -sf when updating d-i image symlinks to make it possible to run the script again to update the PXE setup. [ Mike Gabriel ] * Fix Samba domain logon script for teachers. Also map Windows drives provided in netlogon/config/standarddrives-teachers.bat. * Translation updates: - Updates for German web page from Wolfgang Schweer. - Updates for Portuguese web page from André Lasfargues. (Closes: #661612) - Add Japanese web page from Nigel Barker. -- Holger Levsen Sat, 03 Mar 2012 12:32:15 +0100 debian-edu-config (1.452) unstable; urgency=low [ Petter Reinholdtsen ] * Make sure to syslog when ldapdump.sh is starting and stopping slapd, to make it easier to figure out what caused it if slapd fail to start. Related to bug #659667. * Add locking in ldapdump.sh using lockfile-progs, to make sure only one such process is running at a given time (Solves Skolelinux bug #1213). * Make sure ldapdump.sh try 5 times to stop and start slapd, to reduce the chance of ending up without an LDAP server (Closes: #659667). * Log when setting up network interface, to try to figure out why it sometime is wrong. * Increase timeout for the ltspfs mount notification to 5 seconds, to give the user more time to read it. Patch from Wolfgang Schweer. * Add new script /usr/share/debian-edu-config/ltspfs-mounter-kde which can be symlinked into /etc/ltspfs/mounter.d/ for those that want to load the freshly mounted LTSPFS directory into dolphin. Based on code from Wolfgang Schweer. * Translation updates: - Updates for Chinese web page from Andrew Lee. - Fix lang tag for Chinese, Norwegian and Portuguese. -- Petter Reinholdtsen Thu, 23 Feb 2012 13:27:01 +0100 debian-edu-config (1.451) unstable; urgency=low [ Petter Reinholdtsen ] * Remove no longer active developers Finn-Arne Johansen, Morten Werner Forsbring, Steffen Joeris and Klaus Ade Johnstad from uploaders list. * Add depend on ${python:Depends} for /etc/ltspfs/mounter.d/edu-notify, build-depend on python-support and add dh_pysupport to rules to get it working. Thank you lintian for discovering this. * Fix typo in gosa-create, make sure #! is first on the first line. Thank you lintian for discovering the problem. * Improve first-user related debconf template text and flag them as only for internal use, to keep lintian happy. * Mention which arguments for subnet-change are autodetected. * Make sure cups-queue-autoreenable talk to CUPS using the loopback interface to be allowed to re-enable print queues, and improve error reporting if cupsenable fail. * Make sure cups-queue-autoflush talk to CUPS using the loopback interface to be allowed to flush all print queues. * Rewrite sitesummary2ldapdhcp to create GOsa netdevices instead of servers, to make sure the objects can be removed. * Adjust sitesummary2ldapdhcp to not create new LDAP objects if a object with the same MAC address alrady exist. [ Mike Gabriel ] * Set copyPaste flag to true in /etc/gosa/gosa.conf. * Translation updates: - Updates for French web page from David Prévot. - Updates for Spanish web page from Hector Oron. - Updates for Catalan web page from Hector Oron. - Fixed orthographic error in spanish web page from José L. Redrejo Rodríguez. - Fix typo in German web page from Holger Levsen. -- Holger Levsen Sat, 11 Feb 2012 21:59:19 +0100 debian-edu-config (1.450) unstable; urgency=low [ Petter Reinholdtsen ] * Document that debian-edu-munin-node.conf need to change when using subnet-change. * Move libjavascript-perl from depends to recommends, to see if it still is installed and to get our packages to propagate to wheezy while we figure out a solution for #631045. * Raise versioned dependency on education-tasks from (>= 0.842~svn60380) (>= 0.853), to ensure we get the current one and detect when only the old version is available. * Translation updates: - Updates Indonesian debconf translation from Kurniawan Haikal (Closes: #658563). -- Petter Reinholdtsen Sun, 05 Feb 2012 13:36:01 +0100 debian-edu-config (1.449) unstable; urgency=low [ Petter Reinholdtsen ] * Remove obsolete mimelnk/applnk/msword.desktop file, as Squeeze handle doc files just fine without it. * Change password hash for the 'admin' LDAP user from {CRYPT} to {SSHA}, to get a hash type understood by GOsa and allow the password to be changed from within GOsa. Both work with LDAP bind. * Add new tool auto-addfirmware to automatically detect firmware needed by kernel modules and install them from non-free. * Add new tool ltsp-addfirmware to make it easier to add required firmware to the LTSP initrd. Based on code from Wolfgang Schweer. * In kerberos-kdc-init, give slapd 5 seconds to start to make sure slapd is operational when kerberos try to talk to it. * Make sure all gosa hook scripts syslog with the script name in the syslog tag. * Make sure the output from kadmin.local in gosa-sync is syslogged when changing password, to make it possible to figure out why when it fail. * Rewrite gosa-sync to avoid exposing the new password in the process list for every local user to see. * Disable workaround for #656309 in libpam-krb5 on Roaming Workstations, as they use libpam-sss and not libpam-krb5. * Re-enable cfengine rules for nslcd.conf and ldap.conf on Roaming Workstation, which was disabled by mistake to drop rule to edit nsswitch.conf. * Rewrite sitesummary2ldapdhcp to present the changes it want to do before activating the changes. * First user related: - Make sure single word full name for first user do not break the installation by setting given and family name to the same word when this happen. - Make sure gecos field for first user in LDAP is ASCII, to match schema constraint. - Move LDAP definition for first user to separete ldif, to make it easier to figure out when loading it fail during installation. - Add more logging when creating the first user, to notice when it fail. * Remove obsolete cfengine rule calling /usr/share/doc/kaffeine/install-css.sh when Internet connectivity is available during installation. The script is no longer present in Squeeze. * Adjust nsswitch check in ldap-client testsuite test to not report incorrect problem on Roaming Workstation. * Add wicd preconnect hook set_wireless_mac_from_eth0 to use the same MAC address for both wired and wireless interfaces, to allow one static DHCP entry to work with both. Based on code from José L. Redrejo Rodríguez. * Add cfengine rule to remove network-manager on Roaming Workstation to give wicd a chance to do its job uninterrupted. * Remove obsolete powerdns code from run-at-firstboot, as we now use bind9. * New tool ldap2bind-updatezonelist to generate /etc/bind/named.conf.ldap2zone, to make sure it is updated when new DNS zones are added to LDAP. * Updates for subnet-change: - Add more debug output. - Add code to edit /etc/exports, /etc/network/interfaces, /etc/samba/smb-debian-edu.conf and /etc/squid/squid.conf. - Add code to update goServer and ipHost LDAP objects. - Adjust code to update DNS to handle A records used by ldap2zone. - Add code to handle moving to smaller subnets by scaling down IP range. - Make sure to update dhcpSharedNetwork LDAP objects too, and complete DHCP part of LDAP update. - Run /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs after updating LDAP to generate new DNS zone files for bind. - Add code to update reverse DNS entries in LDAP. - Call new tool ldap2bind-updatezonelist to make sure /etc/bind/named.conf.ldap2zone list the new reverse IP range. * Fix two perl warnings in our Debian::Edu perl module. * Make sure /etc/wicd/scripts/preconnect/set_wireless_mac_from_eth0 is installed with execute bit set to get it working. * Remove redundant empty attribute macAddress for gatway ipHost object in LDAP. * Call sitesummary-client at the end of the installation, to try to save one reboot when setting up new machines. * Make sure squid-update-cachedir run with a predictable locale, and make it more robust. * Update list of active munin plugins at first boot, to make sure all services present are monitored. [ Andreas B. Mundt ] * Add 'permitted_enctypes = des-cbc-crc' to krb5.conf. Needed for latest squeeze point release (see #657802) to get NFSv4 with kerberos working. [ Petter Reinholdtsen ] * Add encryption types used by sssd in the Kerberos setup of the KDC to get Roaming workstations working. Setting 'permitted_enctypes = des-cbc-crc rc4-hmac des3-cbc-sha1-kd aes128-cts-hmac-sha1-96 aes256-cts-hmac-sha1-96', as des-cbc-crc is not used by sssd. This fixes regression introduced trying to fix BTS report #657802. * Translation updates: - Updates for Dutch web page from Jeroen Schot (Closes: #658076). -- Petter Reinholdtsen Thu, 02 Feb 2012 23:14:09 +0100 debian-edu-config (1.448) unstable; urgency=low [ Petter Reinholdtsen ] * Add forgotten script /usr/share/debian-edu-config/tools/pxe- addfirmware to the binary package. Make script more robust. Thanks to Wolfgang Schweer for discovering the problems and proposing fixes. * Move the code inserted by cfengine into the network-manager dispatcher.d hook into its own file, to avoid upgrade problem. The code is used to update the hostname from DNS. Add code in postinst to remove the now obsolete conffile /etc/cfengine/debian-edu/cf.network-manager during upgrades. * Move pre-pkgsel and finish-install code to adjust tasksel and set up network from debian-edu-install to debian-edu-config, to make it easier to change the network configuration, avoid problems with updating the PXE installation and bringing all related configuration into the debian-edu-config package. Add breaks debian-edu-install (<< 1.521) to ensure a new version of the debian-edu-install package is used. * Make sure finish-install script do not exit too early if the entropy gathering job has exited early. * Change default gateway from 10.0.2.1 to 10.0.0.1 and update DNS A and PTR records to reflect this. * Add GOsa netdevices object for the default gateway to make it easier to change its DNS entry from GOsa. * Enable our menu overrides on standalone installations by adding MENUREORDER=true in /etc/debian-edu/config. * Extend the dynamic DHCP range on the thin client network from 200- 253 to 20-243, to handle more thin clients without any configuration. * Remove redundant and non-changable loopbacknet ipNetwork from LDAP. It is already in /etc/network, and hardwired in the kernel. * Add empty directory /etc/skel/.local/share in package as a workaround for kdelibs bug #655243. * Get rid of hardcoded IP addresses in CUPS configuration. Use @LOCAL instead of 10.0.0.0/8 and tjener instead of 10.0.2.2, to make it easier to change IP setup. * Extend the dynamic DHCP range on the backbone network from 10.0.2.100-10.0.3.242 to 10.0.16.20-10.0.31.254 (aka 10.0.16.0/20), to handle more clients without any changes to the configuration. This allow around 4k clients to get IP addresses out of the box. * Add new netgroup cups-queue-autoreenable-hosts used to re-enable stopped CUPS print queues every hour for the members of that group. Uses new tool cups-queue-autoreenable. Make tjener a member by default. * Add new netgroup cups-queue-autoflush-hosts used to get CUPS servers to flush the queue every night. Uses new tool cups-queue-autoflush to call 'cancel -a'. Enable this on the Main-server by default. * Purge network-manager in the LTSP chroot, now that bug #592479 is fixed. * Updated sitesummary2ldapdhcp: - Use the new LDAP subtree for DHCP objects. Report error and continue when failing to create DHCP object. Teach it to create GOsa server objects for new hosts. - Adjust it to search for its LDAP administrator objects instead of hardcoding the DN, and allow any admin user to be used. - Change it to only update by default, and to add new server objects when -a is used. * Add nb translation for the gosa-netgroups module. * Network blocking / exam mode: - Rewrite debian-edu-update-netblock to set new rules using iptables-restore to do this as an atomic operation to get it working on LTSP clients. - Add netgroup netblock-hosts in LDAP to list machines that should activate the network blocking and file group nonetblk used by debian-edu-update-netblock to exclude selected users from network blocking. - Add cron job to consult LDAP every 5 minutes to see if network blocking should be enabled or not. - Add /sbin to PATH in debian-edu-update-netblock to get the script working from cron. - Allow system users nslcd, openldap, xrdp, www-data, avahi, dovecot, statd and daemon full Internet access also when network blocking is in effect, to make sure system services keep working as they should. * Add --previous to msgmerge call in www/Makefile to keep previous strings when updating tranlations. Patch from David Prévot. * Rewrite build rule for the welcome page to use po4a (Closes: #655516). Patch from David Prévot. * Remove obsolete script /usr/share/debian-edu-config/tools/ldap-users.pl. * Make sure all sambaSIDs are bootstrapped using $SAMBASID and fix typo causing duplicate sambaSid. * Add backup testsuite test to detect bug #626884. * Remove closing of file descriptors when starting bind from ldap-debian-edu-install which was introduced to try to solve the problem before we understood the entropy hang. * Adjust www/index.html.en to become valid XHTML. Patch from David Prévot. * Migrate 'localadmin' user from /etc/passwd to the first LDAP user. Make first LDAP user a member of the teachers group to enable the KDE menu overrides. If user-setup-udeb ask for information on the first user on the Main-Server installs, use this information when setting it up the first LDAP user instead of using 'localadmin' as the username. * Add new pwdchange.desktop KDE menu option for networked profiles to make it easier for users to figure out where to change the password (Closes: #653912). Include many translations for the password changing menu entry using patch from Wolfgang Schweer. * Add workaround for #656309 in libpam-krb5 by replacing /usr/share/pam-configs/krb5 with our own version, to get passwd and all tools using it to change the kerberos password. Using PAM to change the password do not change the LDAP and Samba passwords, and should in general be avoided. Call 'pam-auth-update --package' after updating /usr/share/pam-configs/ to activate the change. * Remove the ldap-auth group intended to force users to authenticate using Kerberos. It is not used yet, and probably can't be used for its intended purpose for Squeeze as GOsa uses LDAP bind to authenticate users. * Remove now obsolete traces of super-admin user. [ Mike Gabriel ] * Additionally to the README.unused-ldifs file all LDAP bootstrap files that are not used in D-E squeeze anymore are marked as obsolete in their file header. * Remove obsolete ldif files (files not LDAP-bootstrapped anymore on main server installation) during package upgrades. * Add global GOsa² ACL to LDAP's BaseDN that disables to manipulate gotoMode, userPassword and faiState via GOsa². Consequences: (a) The Mode and the Actions drop-down menus become inactive (read-only) for server systems. (b) Setting of root accounts on server's gets disabled. (c) FAI is not in use on a D-E network by default. All three functionalities are broken with the D-E version of GOsa² (2.6.11), so it is better to disable those options. * A host within a netgroup should always be represented by two nisNetgroupTriple values, one for (,,), one for (,,), as different netgroup clients handle these differently. The GOsa² netgroups plugin also supports this. Fixing this for the netgroups in LDAP bootstrap. * Add main-server (aka tjener) to fsautoresize-hosts netgroup during LDAP bootstrap to enable automatic LVM file system resizing by default. * Set minimum password length to 5 characters (GOsa², Kerberos via policy). For Samba the default is 5, libpam-krb5 also uses 5 by default. * Replace super-admin DN by administrative group DN gosa-admins. Add initial user to this gosa-admins group. * Add Kerberos policy ,,hosts'' on main server installation. * Add gosa-create-host script as possible post-create hook for GOsa² system creation (not activated in GOsa² yet). * Translation updates: - Updates for Italian debconf templates from Claudio Carboncini. - Updates for French web page from David Prévot. - Updates for Russian web page from Yuri Kozlov (Closes: #656752). -- Petter Reinholdtsen Sat, 21 Jan 2012 20:31:28 +0100 debian-edu-config (1.447) unstable; urgency=low [ Mike Gabriel ] * Fix of usage check in ldap-add-host-to-netgroup script. * Search Debian Edu code for ldapsearch statements and remove line breaks from DN search results (by piping the output through perl -p0e 's/\n //g'). Several ldapsearch commands had their output already piped through the named Perl expression, but for a few (more recent) scripts this had not been applied yet. Closes: #650366. * Add LTSP client builder script that removes 70-persistent-net.rules from /etc/udev/rules.d. * Call gosa-sync-dns-nfs as postcreate, postremove and postmodify hooks from GOsa² whenever a GOsa² system is touched. * Make the netgroupAccount tab visible for user accounts. [ Petter Reinholdtsen ] * Add donation link on the start web page. * Change Nagios description on the start web page to reflect the fact that we now set up predefined password for the nagiosadmin user. This calls for updated translations. * Raise trigger point for adding entropy from 100 to 130, and log the new pool size after adding entropy. * Kill entropy gathering background job when cfengine is done, to avoid blocking umount at the end of the installation. * Update cfengine rules for iceweasel to ensure created file /etc/skel/.mozilla/firefox/profiles.ini is readable by everyone and not only the root user. * Fix incorrect package name credited for the divert in update-iceweasel-homepage. * Add cfengine rule to change default start page for iceweasel. For standalone profiles, use http://www.skolelinux.org/, while for all other profiles fetch the URL from LDAP the same way the default welcome page is fetched from LDAP. Make sure to use double quotes and escape : in shellcommands. Restructure how cf.iceweasel is included to set up default page also on standalone profiles. Syslog when the default start page is changed. Make sure everybody can read /etc/iceweasel/browserconfig.properties. * Adjust show-welcome-webpage to make sure first time users on Standalone profiles also get to see a welcoming web page. Also change it to only fetch page URL from LDAP for Networked profiles, to ensure Standalone installations get http://www.skolelinux.org/ also when booted for the first time in a network where the DNS name ldap exist and provide start page information. * Add init.d script iceweasel-ldapconf to update Iceweasel default start page at boot, to make it possible to update the default by rebooting instead of having to reinstall. Only execute it on networked profiles to not change Standalone setups. Make sure init.d/iceweasel-ldapconf do not run on LTSP clients (Closes: #654529). * Check that /opt/ltsp/i386/etc/ldap/ssl/ldap-server-pubkey.pem is readable by everyone, to detect problem reported by Klaus Ade Johnstad. * Make sure the /opt/ltsp/i386/etc/ldap/ssl/ldap-server-pubkey.pem file is readable by everyone when it is copied in place using the fetch-ldap-cert init.d scripts. * Make code checking permissions for /etc/resolv.conf report the current permission when it is wrong. * Add LDAP indexes for zoneName, relativeDomainName and sudoUser to avoid warnings in syslog and speed up LDAP searches. * Increase LDAP server file descriptor limit from 1024 to 32768, to raise the number of clients working out of the box from ~110 to ~5500. * Print something when setting up kerberos, to be able to find the script run in the log. * Log processes using mount points below /target/ from finish-install, to detect leftover processes. Tried to kill them but this seem to kill more than it should. Report an error if there any such processes, while ignoring mount points and paths that can not be opened.. * Move pre-pkgsel code to create localadmin user the debian-edu-install package. Add breaks debian-edu-install (<< 1.521~svn74617) to ensure a new version of the debian-edu-install package is used. * Move pre-pkgsel code to pass root password to the kerberos setup process to the debian-edu-install package. * Fix standalone installation by making sure missing ldap-password and kerberos-password templates are ignored in the finish-install script. * Do not add the localadmin user to the groups audio, video, cdrom, floppy and plugdev, as device access should be handled using policykit these days. * Change mkslapdcert to save the public certificate in /etc/ldap/ssl/ldap-server-pubkey.pem to ensure samba and kerberos find it when they look for it, and removing the need to download it on the main-server at first boot. This fixes the kerberos setup. Also avoid problem when installing Main-Server via PXE on a network with the ldap DNS name defined (Closes: #570773). * To reduce the default home directory footprint for users and reduce the IO strain on the file server when a classroom full of new users log in, reduce the akonadi disk usage by changing the mysql innodb log file size from 64 to 4 MiB. * debian-edu-ltsp-audiodivert: Drop audacity from diverted audio applications as it seem to work with PulseAudio now. Add FIXME to remind us to review the application list regularly. * Add new tool gosa-sync-dns-nfs to update DNS from LDAP and re-export NFS exports when a host is added to DNS and netgroups. * Partly revert NTP change introduced by Mike Gabriel in version 1.446~svn73330. Reintroduce local clock on the main-server to ensure clients can sync with the main-server even when all the machines are disconnected from the Internet. When they are on the Internet, all will sync with pool.ntp.org machines. Add comment in cf.ntp explaining the purpose of the change. * Adjust default PXE menu, lift menu entries higher on the screen to allow all lines to show on the default screen resolution. * Update PXE setup on the Main-Servers first boot, to make sure proxy settings show up in /etc/debian-edu/www/debian-edu-install.dat. * Quiet down sbin/debian-edu-pxeinstall by removing 'set -x'. The script is working well and do not always need debug output. * Avoid editing nsswitch.conf on roaming workstations, as the default setup with sssd should be working fine. * Remove obsolete readahead tuning code in run-at-first-boot. We no longer use a readahead implementation where it is relevant. * Update from Lenny to Squeeze our PXE installation workaround used to ensure our updated udebs are used. * Fix fallback code for setting up roaming workstations to avoid crashing when symlinking our static sssd configuration in place. * Test suite: - Correct DNS lookup test to find ltsp servers at new FQDN. - Extend LDAP server test to verify that search work also before flodding the server with LDAP connections. - Tried to extend the flood test to use use 33000 connections instead of 1200, to test the new limit, but this caused too much load, needed too much memory and extending file-max, so the change was undone. Keeping the test to check 1200 connections, to ensure the server do not have the original limit on 1024 file descriptors. - Make sure to increase /proc/sys/fs/file-max before flodding the LDAP server with connections, to avoid running out. - Extend LDAP server test to report number of connections per client. - Add kerberos test to check for network services kerberos/udp, kpasswd/tcp and kerberos-adm/tcp. - Move common test code from individual test scripts to /usr/share/debian-edu-config/testsuite-lib.sh. - Add DNS test to detect if ldap2zone still send email every hour (BTS #653053). - Add new test reporting the number of FIXMEs in the documentation. - Add new test to verify that etckeeper is installed and active. - Add LTSP tests to verify that the LTSP chroot is NFS exported and working as it should. - Remove xfs testsuite test, as xfs is no longer used by LTSP clients and will be removed from our task list. [ Holger Levsen ] * www/index.html.en: - add "GOsa²" to all "LDAP administration" strings - mention that GOsa² can also be used to add+edit machines. - move "local services" section in the right menu above "debian-edu" section. - improve grammar. - improve ordering of local services. * www/*.po: - update to reflect changes in english source. - add "GOsa²" to many "LDAP administration" strings. - update german .po file for the "add+edit machines" addition. * www/Makefile: accept translations with 70% translation rate (down from default 80%). [ Petter Reinholdtsen ] * www/Makefile: Move translation rate limit to a variable to make it easier to change. * www/index.html.en: Convert Debian-edu, debian-edu and variations to Debian Edu to be consistent with the project documentation and the official web pages. * Translation updates (from before the last rewrite): - Updates for www/zh.po from Andrew Lee (李健秋). * Translation updates (after the last rewrite): - Updates for www/nb.po from Petter Reinholdtsen. - Updates for www/ca.po from Hector Oron (Closes: #654024). - Updates for www/es.po from Hector Oron (Closes: #654023). - Updates for www/de.po from Jürgen Leibner and Holger Levsen. - Updates for www/it.po from Claudio Carboncini. -- Petter Reinholdtsen Fri, 06 Jan 2012 10:39:54 +0100 debian-edu-config (1.446) unstable; urgency=low * Release of thirty-nine prereleases done in Debian Edu to Debian sid, aimed at Debian squeeze. See below for exact list of changes. * debian-edu-config (1.446~svn74353) squeeze-test; urgency=low [ Petter Reinholdtsen ] * Change approach to increase entropy in /usr/share/debian-edu-config/d-i/finish-install to trigger disk IO instead of trying to increase the entropy amount by adding to /dev/urandom. * Reintroduce file descriptor closing when starting bind9, as it seem to solve part of the problem. * debian-edu-config (1.446~svn74336) squeeze-test; urgency=low [ Petter Reinholdtsen ] * Undo change to close file descriptor 3 when starting bind9. It did not really address the problem, which is running out of entropy during installation. * Add code in /usr/share/debian-edu-config/d-i/finish-install to try to add more entropy when running low. * debian-edu-config (1.446~svn74325) squeeze-test; urgency=low [ Petter Reinholdtsen ] * Disable browser.safebrowsing.malware.enabled and browser.safebrowsing.enabled in Iceweasel, to avoid excessive I/O on the home directory server when several users log in. (Closes: #652535) * Make sure to close file descriptor 3 when starting bind9 from the installer, to avoid hanging the installer while waiting for it to close. * debian-edu-config (1.446~svn74311) squeeze-test; urgency=low [ Petter Reinholdtsen ] * Add new LDAP index for uniqueMember attribute in slapd-squeeze_debian-edu.conf, to ensure libnss-ldapd searches are processed quickly and syslog do not will up with heaps of messages stating "<= bdb_equality_candidates: (uniqueMember) not indexed". * Extend testsuite/ldap-server to include a simple stress test ensuring that the LDAP server work also with more than 1024 LDAP connections open. Should ensure that problem discovered with Debian Edu/Lenny do not resurface. * debian-edu-config (1.446~svn74227) squeeze-test; urgency=low [ Mike Gabriel ] * Prepare LTSP rwbind on diskless workstations for /var/log/ntpstats (addresses #638287), currently commented out because of RAM consumption on diskless workstations. * Provide LTSP rwbind on diskless workstations for /var/lib/alsa. Silence an error report on diskless workstation shutdown. [ Andreas B. Mundt ] * Fix regex in gosa-remove: A username may contain dots. * debian-edu-config (1.446~svn74195) squeeze-test; urgency=low [ Holger Levsen ] * Makefile: deploy cf.pxeinstall too. * debian-edu-config (1.446~svn74178) squeeze-test; urgency=low [ Holger Levsen ] * ldap-tools/mkslapdcert: make more robust. * cf/cf.adduser and cf.dhcpserver: don't run sbin/debian-edu-pxeinstall anymore, instead add a new script cf/cf.pxeinstall for this purpose. (Closes: #630970) * If this still doesn't make the hanging at the end of debian-edu-profile finish-install go away, I suggest to try with /dev/urandom, to be set in slapd-cert.cnf. * debian-edu-config (1.446~svn74165) squeeze-test; urgency=low [ Holger Levsen ] * ldap-tools/mkslapdcert: invoke /etc/init.d/urandom start of /var/lib/urandom/random-seed doesn't exist. * debian-edu-config (1.446~svn74129) squeeze-test; urgency=low [ Holger Levsen ] * ldap-tools/mkslapdcert: try harder to fix #630970, grep in more directories. * debian-edu-config (1.446~svn74128) squeeze-test; urgency=low [ Mike Gabriel ] * ldap2bind command during LDAP bootstrap (installation) has to run as user ,,bind''. * Fix for SVN r74090, saving of roaming profiles. * Assure that all Samba related config files are included in d-e-c package, esp. adding Win7+Samba related patches and cmd scripts. * debian-edu-config (1.446~svn74106) squeeze-test; urgency=low [ Mike Gabriel ] * Add cf.krb5client to Makefile. * debian-edu-config (1.446~svn74095) squeeze-test; urgency=low [ Mike Gabriel ] * Fix saving of roaming profiles for Windows XP. * Disable UAC on Windows 7 systems by default. * Samba netlogon: fix for 1stlogon.bat script plus filename fix for IE proxy registry patch. * debian-edu-config (1.446~svn74072) squeeze-test; urgency=low [ Holger Levsen ] * cupsd-debian-edu.conf: allow printing from 10.0.0.0/8. * ldap-bootstrap/dhcp.ldif and ipnetworks.ldif: updated for using 10.0.0.0/8. * cf/cf.syslog and cf.ltsp: updated for using 10.0.0.0/8. * /etc/cfengine/cfservd.conf: updated for using 10.0.0.0/8. * tools/subnet-change: updated to use 10.0.0.0/8. [ Mike Gabriel ] * Suppress dovecot warning message that appears on daemon start if IMAP login has not happened so far. * Disable IPv6 for Samba on Skolelinux systems (clients+server). * LDAP-bootstrap: Add _kerberos TXT record for default realm INTERN, add _kerberos-master SRV record and _kerberos-adm SRV record. Cfengine: Manipulate krb5.conf file on all networked systems, setting dns_lookup_kdc and dns_lookup_realm to true. (Closes: #629062, #638285) * Initial sync of DNS information from LDAP to bind9 config during LDAP bootstrap. * Provide registry patchset and some helper scripts (.bat) that facilitate Windows 7 (or Windows 2008 Server) joining to the SKOLELINUX Samba domain. * Handle removal of conffiles (init scripts: update-hostname, open-backdoor, resize_lvm) in preinst _and_ postinst. * Make 1stlogon.bat script (Samba netlogon share) functional for WinXP and Win7. * debian-edu-config (1.446~svn74028) squeeze-test; urgency=low [ Mike Gabriel ] * Disabled debugging option (set -x) in mkslapdcert. * Add php.ini (PHP5) for Debian Edu server. * Tweak php.ini for GOsa² mass imports (raise execution and input time, memory limit, closes: #638434). * Work around libnss caching problems and script error handling in Samba. * debian-edu-config (1.446~svn74012) squeeze-test; urgency=low [ Mike Gabriel ] * Update dnsd testsuite to reflect changes in SVN-r73890 (Kerberos using _udp, not _tcp). * Add missing expression ,,passwd'' after nscd -i in add machine script option of smb.conf. * Moved (Samba-related) groups and GOsa² templates from gosa.ldif to samba.ldif. * GOsa²-netgroups: Hide GOsa² user templates from objects that are shown available for netgroup membership. * GOsa²-netgroups: Allow netgroup membership for gosaTerminal objects. * debian-edu-config (1.446~svn73998) squeeze-test; urgency=low [ Mike Gabriel ] * Set Samba Administrator password (LMHASH/NTHASH) during LDAP bootstrap. * Provide DNS service during bootstrap of Samba LDAP objects, fetch LDAP certificate before creating the Samba domain in LDAP. * debian-edu-config (1.446~svn73987) squeeze-test; urgency=low [ Mike Gabriel ] * cn=smbadmin needs write access on the sambaDomainName=SKOLELINUX object. * Fix for chicken-and-egg problem during LDAP/Samba bootstrap. * Move cn=smbadmin creation to root.ldif. * Hide several (more) Samba specific groups from GOsa² (i.e. from the GOsa² administrators) * Assure that password for cn=smbadmin gets set properly during first part of LDAP bootstrap (i.e. when root.ldif is processed). * Set givenName: GOsa² and sn: System Administrator for uid=super-admin. * Add dhcp options default-lease-time and max-lease-time to global DHCP options (closes: #638274). * Explicitly allow smbd access from ,,localhost''. * Fix for failing ,,net getlocalsid'' command after LDAP bootstrap. * Enforce usage LDAP BaseDN as ldap computer suffix in smb.conf. * Enforce search mask in smbldap-tool for LDAP groups to BaseDN. * Add default OU for GOsa² winstations to LDAP bootstrap. * Invalidate nscd passwd cache immediately after calling Samba's add machine script, also make sure we raise no exception when running the add machine script. * Make ldap-debian-edu-install work when run during installation. * Allow a little pause between creation of the basic Samba machine object and the actual domain joining. * debian-edu-config (1.446~svn73951) squeeze-test; urgency=low [ Daniel Hess ] * Revert Samba's config file back to a state usable without Kerberos. - Accessing shares like user's home directory already works again. - Joining Windows hosts to the Skolelinux domain still does not work and needs further work on the smbaddclient.pl script. [ Mike Gabriel ] * Update Gosa netgroups, pulled in from: https://oss.gonicus.de/repositories/gosa-contrib/netgroups/trunk (closes: #629060, #629347). * Fix for gosa-remove script: the part in which the script searches for purgable homes does now search with -maxdepth 1 which speeds up user removal tremendously on systems with many many homes. * Removal of home dirs: do not chown root:root the whole later-to-be-remove home dir tree, only chown root:root for home dir basefolder to block access (closes: #629347). * GOsa-netgroups: Fix missing LDAP description field when viewing netgroups of a system. * GOsa-netgroups: Allow winstations to have netgroups, fix for gosa.conf and plugin code. * GOsa-netgroups: Samba machine accounts have a trailing '$' sign, handle these when enumerating netgroup members. * Update of smb.conf, preparing for NT4 domain controller support on Debian Edu main server. * Add Samba helper script smbldap-machineadd-gosa, derived from smbldap-useradd script. Adding smbldap-tools as dependency for debian-edu-config. * Provide smbldap-tools config for smbldap-machineadd-gosa script. * Add smbldap-machineadd-gosa script to package. * Update LDAP bootstrap for Samba related LDAP objects, add NIS netgroup for Windows workstations (common scenario is dual boot functionality: winstation and diskless workstation). * Fix for missing URI in passdb backend ldapsam (smb.conf). * SAMBA Domain Computers group has to be visible for GOsa². * Grant slightly wider permissions for cn=smbadmin to give the account the right to create Samba machine accounts in the SKOLELINUX domain. * Add sambaPrimaryGroupSID for uid=Administrator. * Add DHCP definitions for subnet01.intern (as there already is a subnet01.intern defined for DNS). * Rename backbone DHCP shared network to ,,intern''. Rename subnet00 DHCP shared network to subnet00.intern, for subnet01 accordingly. This makes the DHCP name space very similar to the DNS naming conventions (closes: #638275). * Cosmetic rename of super-admin fullname. * Add sambaProfilePath and sambaLogonScript defaults to GOsa² account templates (i.e. for NewTeacher and NewStudent). * sambaRID fixes for groups ,,students'' and ,,teachers''. * Giving examples for shared-teachers and shared-students shares, fixing minor typos in smb.conf. * Provide a completely new netlogon script infrastructure: on first domain logon, IE and Firefox get configured to use tjener's proxy and in firefox the SKOLELINUX www.intern home page is set as the default browser home page. * Add new netlogon scripts to debian-edu-config package (in Makefile). * Use direct path to LDAP cert in smbldap.conf instead of using a symlink. * Fix for smbldap.conf, correcting ou container for new SMB machines. * Replace $SAMBAPWD in smbldap_bind.conf during installation. [ Petter Reinholdtsen ] * Correct the Vcs-Browser link in the control file to use the new paths. [ Andreas B. Mundt ] * Use UDP SVR record instead of TCP for Kerberos. By default, the KDC does not listen on any TCP ports. [ Holger Levsen ] * share/debian-edu-config/d-i/finish-install: don't run "edu-etcvcs init" one more time, esp. not after already having committed. * Fix Makefile for Mike. * debian-edu-config (1.446~svn73823) squeeze-test; urgency=low [ Andreas B. Mundt ] * Fix code in sbin/debian-edu-pxeinstall and sbin/snakeoil-on-ice grabbing DNS from leases file. * debian-edu-config (1.446~svn73805) squeeze-test; urgency=low [ Andreas B. Mundt ] * Never leave /etc/hostname back empty. * Update tjener webpage logo. * Grab DNS from leases file in sbin/debian-edu-pxeinstall and sbin/snakeoil-on-ice if resolv.conf is missing. * Add code to trigger disk read/write to create some entropy when preparing the LDAP certificate. (to address #630970) * Fix machine ou in slapd.conf and smb-debian-edu-client.conf. * Add regular expression match for newer kernels' lvm-devices to sbin/debian-edu-fsautoresize. Thanks Petter for the hint. Really show percentage. (Closes: #631357). * debian-edu-config (1.446~svn73734) squeeze-test; urgency=low [ Andreas B. Mundt ] * Do not forget moving the systems' tab in /etc/gosa/gosa.conf. * Add FIXME concerning NFSv4 and Kerberos. * Try to use a temporay /etc/resolv.conf in snakeoil-on-ice and debian-edu-pxeinstall if /etc/resolv.conf is empty or missing. [ Holger Levsen ] * cf/cf.kdm and testsuite: remove workarounds for #582568 as we don't rely on root logins into kde nor gnome anymore. * debian-edu-config (1.446~svn73702) squeeze-test; urgency=low [ Andreas B. Mundt ] * Fix error in cfengine rule. * debian-edu-config (1.446~svn73693) squeeze-test; urgency=low [ Andreas B. Mundt ] * Clear LDAP password from debconf database in finish-install. * Rearranging GOsa menu: Move important stuff to the top of the list. * Modify cfengine rules to update /etc/hostname name from DHCP. * debian-edu-config (1.446~svn73652) squeeze-test; urgency=low [ Andreas B. Mundt ] * Add debconf templates for "ldap-password-again", "ldap-password-mismatch" and "ldap-password-empty". * Fetch ldap-password in the same manner as it already works for the kdc-password. * debian-edu-config (1.446~svn73615) squeeze-test; urgency=low [ Andreas B. Mundt ] * Remove code introduced to install GOsa for testing as it is installed by default now. * Send output from gosa-encrypt-passwords to /dev/null to not waste the log with useless messages. [ Daniel Hess ] * Add debconf template for "debian-edu-config/ldap-password" which is never shown, but makes debconf complain anyway if not avaible. * debian-edu-config (1.446~svn73556) squeeze-test; urgency=low [ Andreas B. Mundt ] * Clean ldap-debian-edu-install a bit and make it more robust. * Revert modification in cf.ldapserver, script is run as root. * Make sure the data in a deleted user's home directory is only accessible to root. (Closes: #629626). [ Mike Gabriel ] * Update for smb.conf on Debian Edu main server. Needs more work around smbldap-tools support. * debian-edu-config (1.446~svn73555) squeeze-test; urgency=low [ Andreas B. Mundt ] * Revert modifications in gosa.conf as they do not accomplish the intended. [ Mike Gabriel ] * Add NIS Netgroups tabs for systems (they were missing in the dh_install configuration file). * Drag in latest GOsa netgroups plugin code (r629) from https://oss.gonicus.de/repositories/gosa-contrib/netgroups/trunk (Closes: #629347). * debian-edu-config (1.446~svn73536) squeeze-test; urgency=low [ Andreas B. Mundt ] * Fix the username-generator in gosa.conf to allow editing the generated username. (It must not generate several names to make strictNamingRules="false" work). [ Daniel Hess ] * Remove 'ou=systems,dc=skole,dc=skolelinux,dc=no' definition from gosa.ldif and change the ou attribute in root.ldif to match the rename from machines to systems: This fixes a problem with the ldap bootstrap that breaks while adding the second 'ou=systems,dc=skole,dc=skolelinux,dc=no' in gosa.ldif. * debian-edu-config (1.446~svn73528) squeeze-test; urgency=low [ Daniel Hess ] * Revert modifications from svn revision 73509 as they made things worse. * debian-edu-config (1.446~svn73521) squeeze-test; urgency=low [ Daniel Hess ] * Make sure that /var/lib/dovecot exists before trying to create a file there. * debian-edu-config (1.446~svn73510) squeeze-test; urgency=low [ Mike Gabriel ] * Silence dovecot's boot message before first IMAP login success (Closes: #629043). [ Daniel Hess ] * Move debconf interaction from ldap-debian-edu-install into a separate script to test if interferences between the rest of ldap-debian-edu-install and debconf causes the "'finish-install' succeeded but requested to be left UN configured" problem with d-i. * debian-edu-config (1.446~svn73486) squeeze-test; urgency=low [ Holger Levsen ] * Remove depends on debian-edu-config-gosa-netgroups from debian-edu-config's depends. Only depend on it from the main-server task. * debian-edu-config (1.446~svn73485) squeeze-test; urgency=low [ Mike Gabriel ] * revert smb.conf on main server to security=DOMAIN (let Samba authenticate against LDAP again, not Kerberos) * disallow Samba root logins * disallow Samba anonymous logins * ou=machines is ou=systems when LDAP is used with GOsa² * debian-edu-config (1.446~svn73463) squeeze-test; urgency=low [ Holger Levsen ] * Remove our backdoor (which was poorly implemented and misnamed feature, see the buglog for details). (Closes: #629040) [ Daniel Hess ] * Remove not working '019-kernel-selection' script. * debian-edu-config (1.446~svn73449) squeeze-test; urgency=low [ Mike Gabriel ] * Fix missing "]"s in debian-edu-pxeinstall. * Run ldap-debian-edu-install as root (from cfengine). * No network-manager tweaks on main server (tjener). * Drop a local ntp test from testsuite which has become obsolete. * Add README for unused .ldif files. * debian-edu-config (1.446~svn73396) squeeze-test; urgency=low [ Daniel Hess ] * Make 'debian-edu-config-gosa-netgroups' depend on 'gosa': Postinstall scripts calls update-gosa and fails if 'gosa' is not yet installed. * debian-edu-config (1.446~svn73373) squeeze-test; urgency=low [ Andreas B. Mundt ] * Modify gosa.conf to allow for editing the generated uid. [ Daniel Hess ] * Add new variable 'ROOTPWDSSHAHASH' for ldap bootstraping: - Use the new ssha hash password in gosa.ldif for super-admin's userPassword: This should allow changing the password with gosa. [ Mike Gabriel ] * Move NIS Netgroups further up in the GOsa² sidebar menu. * debian-edu-config (1.446~svn73330) squeeze-test; urgency=low [ Daniel Hess ] * HashComment redundant security.d.o entry before adding our own to sources.list. (via cf.apt) [ Mike Gabriel ] * Use Debian's default NTP servers again for main server. * Use user Kerberos tickets for NFSv4 authentication/authorization on diskless workstations (Closes: #629049) * Beautify cf.adduser's Replace statements * cf.adduser: configure adduser.conf so that local users are now created with Debian's default again. * Add gosa-netgroups (from gosa-contrib 2.7 which is not in squeeze) as new binary package debian-edu-config-gosa-netgroup (Closes: #602859) * Make debian-edu-config-gosa-netgroups conflict with gosa >= 2.7 * tools/kerberos-kdc-init: remove unused heimdal function. * add myself to uploaders in control file * remove .svn folders in debian-edu-config-gosa-netgroups when building the binary package [ Holger Levsen ] * Remove /etc/dhcp/dhclient-exit-hooks.d/hostname-update and /etc/init.d/update-hostname as nowadays dhcp clients pick up their dns name from dhcp just fine. The code in question is from 2002 and nobody remembers why it should be necessary. (Closes: #629060) * Also drop /usr/sbin/update-hostname-from-ip * debian-edu-config (1.446~svn73270) squeeze-test; urgency=low [ Andreas B. Mundt ] * Add the tabs for the netgroups plugin in gosa.conf. * Add some descriptions to the netgroups in LDAP. * Change netmask in /etc/exports until GOsa supports 10.0.2.0/23. * Rework slapd-cert.cnf and make DNS aliases (subjectAltName) work. * Prepare gosa.conf for the netgroups plugin. * Enable HTTP in sources.list for APT. Most schools will have HTTP available today (Closes: #617368). * Disable DVD in sources.list for APT. Remove volatile repository, add squeeze-updates. * Testsuite: Check for TLS connection to ldap.intern if TLS connection to the ldap server reported by the SRV record fails. * Switch on password encryption in the GOsa configuration. [Jürgen Leibner] * correct typo in 'index.html.de' [Mike Gabriel] * Add cfengine script that modifies /etc/adduser.conf (Closes: #617384). * Move DHOME= setting from cf.homes to cf.adduser * Make CN for slapd cert match FQDN as returned by reverse DNS resolver. (Closes: #621800). * Deny root login for KDM. * ldap-tools/mkslapdcert: use SHA-1 algorithm for slapd TLS cert, refer to http://www.win.tue.nl/hashclash/rogue-ca/ for more information on MD5 insecurity. * Cleanup of GOsa test code * Fix some typos. [ Holger Levsen ] * Add Brazilian Portuguese translation by Eder L. Marques (Closes: #617726) [ Andreas B. Mundt ] * Continue the rework of DHCP/DNS-setup. * Use FQDN for ldap-server in smb-debian-edu.conf. Thanks to Andreas Schockenhoff for testing and reporting. * Fix testsuite DNS-lookups for subnets. * Rework DHCP-setup in gosa-server.ldif. * Improve names for ltspservers and subnets. * Adapt testsuite to reflect new setup. * Remove ldap user 'admin' for now as it conflicts with the admin in ou=ldap-access. * Fix cfengine-rule. * Make locate-syslog-collector returning a sensible default host if no DNS server is available. * Allow NetworkManager to manage devices in /etc/network/interfaces. Further testing needed. If we are lucky, some hooks in /etc/dhcp/dhclient-* can be removed, as they are included in NM. * Add ldap user 'admin'. This user is going to have limited permissions compared to the super-admin. ACLs not yet implemented. * Prepare two sub-networks in ldap by default for the thin-clients. Needs further testing. [ Andreas B. Mundt ] * Send a simple test-mail to root when running the postoffice test-suite. Minor fixes to latest commits. * Remove ldapserver from the 10.0.2-zone. Add extra 192.168.-zone to make ltspserver resolvable as 192.168.0.254. * Rename cf.ldap2bind to cf.bind. Add rule to switch off IPv6 for bind to silence IPv6 lookup failure messages. * Fix bug in debian-edu-ldapserver that inhibits the fallback to 'ldap' as ldap server. State the cause of failure precisely in the log. * Add mail alias for bind pointing to root. * Allow users of group 'bind' to write in /etc/bind/. Needed to make ldap2bind chronjob work. * Add 'current_directory = /' to exim's rootmail transport configuration to make mail services to root work again. * Adapt testsuite to DNS implementation. * Remove duplicate A-records from DNS configuration to make sure the reverse address mapping needed for reliably issuing a Kerberos service ticket works. To move services to another machine, add the machine to DNS, remove the CNAME-record(s) and modify the service record(s) to point to that new machine. * Rework gosa-server.ldif. Tested by bootstrapping the ldap tree. Recreate zone information for bind from the ldap tree. * Fix bugs in cf.homes and cfengine.conf that broke the installation. Tested by running cfengine in the spoiled system after applying the fixes to the mentioned files. * Make sure idmapd is started (/etc/defaults/nfs-common). Needed to test NFSv4 with Kerberos security. * Overhaul DNS setup of GOsa/bind in gosa-server.ldif. I had to revert the stuff added to make powerDNS work, it completely breaks GOsa's functionality. [ Christian Külker ] * Fix typo in www/index.pot and www/*.po. [ Andreas B. Mundt ] * Provide zone configuration files named.conf.ldap2zone, db.intern and db.2.0.10.in-addr.arpa. for bind to make sure DNS works right after installation. May need polishing and further testing (the files should be replaced by identical files from ldap in the first ldap2bind run). [ Petter Reinholdtsen ] * Adjust testsute/hardware to also handle ddccontrol to report DDC information, and prefer this over the disappearing xresprobe. * Fix incorrect shell test in dhclient-exit-hooks.d scripts (Closes: #610841). [ Andreas B. Mundt ] * Switch on NFS4 (sec=sys) for mounting the home directories with the automounter. Enable services needed to test sec=krb5p:krb5i:krb5 (done in cf/cf.homes). * Switch from pdns to bind and ldap2zone. This enables management of hosts with GOsa and has been done to enable further testing. Obviously it could be reverted and needs to be agreed on. Also needs documentation if kept for the release. Add debian/TODO.Squeeze. * Fix inconsistent naming of environmental variable USERPASSWORD in tools/gosa-sync. [ Holger Levsen ] * Fix tools/nbdswap-cleanup to delete the swapfiles. Add check which prevents the script from running twice. * Move debian/po/ru.po to www/ and restore the debian/po/ru.po file that was in 1.444 - thanks to Christian Perrier for spotting this! (Closes: #605245) * Add translation to Brasilian Portuguese of the www starting page, thanks to Gilberto Dos Santos Alves. [ Petter Reinholdtsen ] * Change asound.conf to always pass audio to pulseaudio (and not only for LTSP), to ensure Adobe Flash audio do not block access to the audio device for other programs. Drop no longer needed Xsession.d code to set ALSA_DEFAULT_PCM when thin clients log in. * Adjust some of the gosa-server.ldap DNS entries to work with PowerDNS, by adding associatedDomain attribute. * In gosa-server.ldif, change ldap, syslog, kerberos and kpasswd from CNAMEs to A records, to make sure they can be referred in SRV and MX entries. Fix typos in some SRV records. * Adjust PowerDNS setup to look for its object from the LDAP root, as its old subtree have moved and we do not want to track its location. * Change DHCP server setup to look for (&(objectClass=dhcpService)(cn=tjener) used by GOsa instead of the entry (&(objectClass=dhcpService)(cn=dhcp) from the old service subtree. * Add code to expand $MAC in ldap-debian-edu-install, for gosa-server.ldif to get it. Make sure to use / and not : as the sed substitution character, to ensure MACs can include :. * Make sure SRV records have FQDN to ensure the names extracted match the SSL certificate names. * Test suite: - Extend DNS server test to verify that CNAME and SRV records are present in DNS. Also add tests for the service specific A records (ldap/kerberos/postoffice/domain). - Make DNS test more robust by setting LC_ALL=C. - Add test in pxeinstall to ensure that tftp server is configured to use /var/lib/tftpboot/. * PXE server setup: - Remove support for now obsolete d-i-bootimages package in setup script. - Use cdn.debian.net instead of ftp.skolelinux.org as the default Debian mirror when installing the main-server from DVD, to get a mirror close to the machine instead of one in Norway. - Drop vga=788 as kernel argument for PXE installation, to get newt based d-i to work on Dell Latitude D505. * Updated Spanish web page translation by Hector Oron (Closes: #606088). * Added Catalonian web page translation by Hector Oron (Closes: #606108). * Remove 'Terminal=False' from etc/xdg/autostart/welcome-webpage.desktop to get Gnome as well as KDE to use it. Gnome complain that it do not understand the Terminal entry. * Update web page translation framework to handle the new translations. * Add workaround for bug #606313, while it isn't fixed in the ltsp-server package. * Disable code to write a special xorg.conf file on HP Mini 2133. The X server in Squeeze seem to handle autodetection. * Drop code to install b43-fwcutter on HP Mini 2133. It is done by d-i and discover-pkginstall in Squeeze. [ Ronny Aasen ] * Adjust some of the gosa-server.ldap, adding fqdn to cnames, and adding missing objectClass entries. [ Claudio Carboncini ] * Updated the Italian translation of the web page. [ Jürgen Leibner ] * Completed translation of the german www starting page. * Corrected some typos in the translation of the german www starting page. -- Holger Levsen Fri, 23 Dec 2011 18:13:10 +0100 debian-edu-config (1.445) unstable; urgency=low [ Petter Reinholdtsen ] * Add ltsp-build-client custom script to override the default kernel choice from 486 to 686, to allow us to change the kernel on the DVD. * Drop dependency on autofs-ldap. First of all, the Squeeze version is called autofs5-ldap, and secondly it is already a depends of the networked profiles. * Make sure run-at-firstboot only configure pdns if it is installed. [ Vagrant Cascadian ] * Also define KERNEL_VERSION, as some other plugins may use it. [ Andreas B. Mundt ] * Include gosa-server.ldif in ldap bootstrapping. [ Translations ] * Update Russian debconf translations thanks to Yuri Kozlov. (Closes: 603548) [ Holger Levsen ] * As #602765 has been fixed, again, stop deploying a copy of /etc/ldap/schema/autofs.schema which belongs to the autofs(5)-ldap package. (Closes: #602084) -- Holger Levsen Tue, 16 Nov 2010 23:07:44 +0100 debian-edu-config (1.444) unstable; urgency=low * Turn dependency on lsof into a recommends. lsof is only used by two optional tools related to LTSP services, while debian-edu-config has many other uses. (Closes: #585712) * Stop deploying a copy of /etc/ldap/schema/autofs.schema which belongs to the autofs-ldap package. Depend on autofs-ldap instead. (Closes: #602084) Thanks to Ralf Treinen and edos.debian.net! -- Holger Levsen Sat, 06 Nov 2010 17:58:58 +0100 debian-edu-config (1.443) unstable; urgency=low [ Jürgen Leibner ] * Little cleanup of the smb.conf and adjust the examples to match the new configuration using kerberos. [ Andreas B. Mundt ] * Complete gosa-server.ldif: Add missing dns and dhcp entries. * Add echo message to help the user with re-initializing the kerberos KDC. * Improve password changes done by GOsa: Do not show common users the passwords in the process list [ Petter Reinholdtsen ] * Rewrite setup-roaming to use sssd+libpam-mklocaluser instead of libpam-ccreds+libpam-localoffline and nscd. Make it use a sssd.conf file included in the package, to make it possible to update the configuration using package upgrades. Switch to use Kerberos for authentication, and purge libpam-ldapd and libpam-krb5 to avoid duplicate password checking and nscd to avoid duplicate caching. * Add libpam-mklocaluser hook script for roaming workstations to add a KDE and Gnome bookmark/places link to the SMB exported home directory when the local user is created. Use sambaHomePath attribute from LDAP if it is set to locate the SMB mount point, and generate if from the NFS mount point if the attribute is not set. * Adjust the roaming NSS setup to use LDAP for network names too. * Adjust roaming setup, remove obsolete nslcd config and add sss to netgroup part of nsswitch.conf to use it when sssd get netgroup support. * Try to generates sssd configuration dynamically and fall back to static setup if this fail. * Depend on ldap-utils to ensure ldapsearch is available when it is needed by the autodetection and test code. * Adjust roaming setup, purge the killer package to avoid throwing out the user when idle. * Add default config for networkmanager-kde on networked KDE systems, to not start it at login. * Add autostart entry to start the web browser with http://www/ as the welcome page when a user log in for the first time. The URL is fetched from LDAP using the labeledURI attribute from RFC 2079 in the users LDAP object and all parent objects up to and including dc=skole,dc=skolelinux,dc=no object, as well as the root DSE, to make it easy for administrators to change the start page for new users using the LDAP protocol. Add labeledURIObject object class to LDAP subtree object People, Students and Teachers as well as the base object. * Test suite: - Rewrite dnsd tests to no longer look for obsolete DNS entries (the ltspserver00, static00 and static200 entries are no longer in DNS). - Start on code to check the Kerberos server. - Add LTSP test to verify that IPv4 forwarding is enabled in the kernel. - Add LTSP test to verify that the default settings are available in LDAP. - Add LTSP test to verify that ldinfod can be contacted outside localhost (detects #519316 in inetutils-inetd). - Extend samba test to verify the sambadomain object is present in LDAP. - Extend samba test to verify that the net binary is available, and use it to verify that the Domain Admins group is listed in the samba group map. - Change samba test to look for the smbadmin user anywhere in LDAP, and not under a fixed CN. - Adjust ldap-client test to not check nscd but instead check sssd with roaming workstations. - Add ldap-client test to verify that only one of krb5, ldap and sss PAM modules is enabled. - Change ldap-client test to not look for cn=machines which seem to be unused but look for cn=admins instead. Change it also to search only from the base to not require any specific structure. - Extend ldap-client test to check that certificate verification is enabled for nslcd, sssd and ldapsearch. - Start on test suite for the sudo in LDAP setup. - Update dhcpd test to look for the new binary name dhcpd. - Extend ldap-server to verify that encryption is enforced for LDAP bind. - Change the CUPS test to only check http access to www on the Main-Server profiles, and check access to localhost for all profiles. Add check for https. - Create new nagios test script, to verify that Nagios do not report any errors after installation. - Try to detect and report if bug #582568 in kde/kdm is still present in the kdm test. - Add webcache test to detect and report squid bug causing APT to fail (#591839). - Update ldap-client test to use new automount LDAP content. * Add /etc/ltspfs/mounter.d/edu-notify based on proposal in #575031 to make sure inserting USB sticks on thin clients give some visual feedback to the user. Disable it when a Gnome environment is detected, as Gnome detect ltspfs mounts on its own. Depend on python-notify to make sure it work. * Remove unused LDAP subtrees Domains and Pam. * Move super-admin LDAP object from ou=people to ou=People, as the former do not exist as a subtree in LDAP while the latter do. * Change ldap-debian-edu-install script to report problems using the error: prefix to make sure the error reporting code running after installation is able to see errors from this script. Report error if kerberos setup fail. * Rename PW variable in ldap-debian-edu-install to ROOTPWDHASH, to be consistent with the other password variables in the script and make it clear that it is the hash and not the clear text password. * Some cleanup in the ldap-debian-edu-install script. Make sure files with clear text passwords (/etc/krb5kdc/service.keyfile, /etc/gosa/gosa.random_secret, /var/lib/samba/secrets.tdb) are not readable by others than the users that should have access when they are created. * Add new LDAP subtree ou=networks with subnet base and mask of the known subnets. Subtree name is based on recommondation from draft-howard-rfc2307bis-02.txt. * Move sambaDomain LDAP object and samba related user objects (cn=smbadmin, uid=root) to a ou=samba subtree. * Reinsert loading of DNS names into LDAP, while we try to figure out how to get diskless workstations working without them. * Disable autofs on the main-server, to avoid hiding the local file systems. * Samba initialization (samba-debian-edu-admin) - Rewrote minor bashism to work with dash. - Enable debug output to figure out why it fail. Make sure the script fail on the first error. - Try to get initialization working by reintroducing the admins and jradmins group without using the lis schema. - Try to get initialization working by rewriting it to call the samba-debian-edu-admin on first boot and not from cfengine within d-i, because it depend on operational DNS, LDAP and Samba server. - Remove net groupmap calls in samba-debian-edu-admin, as they do not work and the admins and jradmins groups already have the sambaSID they need in LDAP. Guessing we can live without Samba knowing about the students and teachers groups. - Merge the remaining samba configuration into ldap-debian-edu-install, because the removal of the calls to 'net groupmap' removed the need to set up samba on first boot. Remove call to samba-debian-edu-admin in run-at-first-boot and flag samba-debian-edu-admin as obsolete. - Remove samba-debian-edu-admin script, it is now obsolete and its task has been integrated into ldap-debian-edu-install. * Add dhclient-exit-hooks.d entry to update proxy settings using the wpad-url option sent from the DHCP server. Verify/update the proxy setting every time a dhcp reply is received. Rewrite proxy setup using WPAD to disable the use of a proxy if no WPAD file is found. * Add /etc/dhcp/dhclient-exit-hooks.d/hostname-update to update hostname from DNS when a DHCP request change the IP address. * Extend the debian-edu-ldapserver script to return the LDAP base found in the LDAP server root DSE when -b is used, the kerberos realm when -r is used and the kerberos server when -k is used. * Write on new test tool ldap-createuser-krb5 to create a user in LDAP, Samba and Kerberos from the command line. Use gosaDepartment objects as its LDAP base and to use an existing group if it exist. Generate gecos field using 'iconv ASCII//TRANSLIT' to make sure posixAccount get the ASCII version it need. * Filter ldapsearch output in ldap-createuser-krb5 through "perl -p0e 's/\n //g'" to make sure long lines are not wrapped and breaking the script, and wish for -T support in ldapsearch. * Add script ldap-add-host-to-netgroup to add hosts to netgroups from the command line. * Add ForceType to apache config, to enforce .html.nb pages to text/html and not application/matematica. * Add a call to munin-cron in run-at-firstboot after the configuration is generated, to ensure http://www/munin/ work when the test suite is executing. * Remove cfengine rule to set sysctl value net.ipv4.ip_forward=1 on LTSP servers. This is handled by init.d/enable-nat which also set up the NATing that needs the IP forwarding. * Change cfengine rule for KDM setup to not list previous user in non-standalone profiles. * Add README.OID to document the LDAP OIDs we have used so far. * Create new experimental objectclass dnsDomainAux to allow DHCP and DNS entries to have the same LDAP object. Make sure to include all the attributes added to dnsdomain2 in 2008 according to . * Add FEIDE schemas (noreduperson-1.5-openldap.schema, eduperson-200806-openldap.schema and eduorg-200210-openldap.schema) to the binary package. The schemas were downloaded from . * Remove control entry for cfinputs_version in all cf.* files, as it only produce a different warning and did not really quiet down cfengine. * Remove unused cfengine rules for ldap clients. * Run 'etckeeper commit' at the end of the first boot, to record any changes to /etc/ done during boot. Throw away output, there is no need to clutter the boot with the debug output. * Add workaround for #584434 in kdm, making sure kdm starts after krb5-kdc to get a local Kerberos kdc working with kdm. * Wrap long lines in pdns-debian-edu-conf and update comment on local_address setup. * Remove profile.d and Xsession.d code to set umask and add pam-auth-config entry to use pam_umask to do it instead. * Change pam_group setup for pam-auth-config to only use it for interactive logins. * Remove obsolete code in postinst to set file permissions on /etc/skel/.kde/share/config/kmailrc. The file is no longer part of this package. * Expermental LDAP based LTSP configuration: - Add experimental ltsp_config.d script to look up configuration in LDAP. Start on draft ltspclientaux.schema to be able to store the LTSP configuration in DHCP or DNS objects. - Copy LTSP configuration from /etc/debian-edu/lts.conf.dist into the LDAP object cn=ltspConfigDefault,cn=ltsp to test the this. - Avoid running ldapsearch when the LDAP server is unavailable, to avoid very log pauses during boot. - Make sure the code do not try to look up MAC address in LDAP if /proc is not mounted and not try to find hostname if it is not yet set. - Add caching to the script fetching LTSP configuration from LDAP to only do it once during boot, and make sure to only look up LDAP config if the cache directory is writable. * Add _kerberos._tcp and _kpasswd._tcp SRV record in DNS. * Remove ocsinventory DNS record. No-one found time to set up the server part so far, so remove this ununsed placeholder. * Remove unused bootps, db and afsdb DNS record. Neither is currently used, and bootps do not really make sense when we use DHCP. * Move all DNS reverse entries from dns_ranges.ldif to dns_arpa.ldif, to make it easier to test pdns in strict mode. * Start on ldap-createmachine script to add a computer to LDAP. * Remove www-server option from the DHCP setup, as it is ununsed and we will fetch the default URL from LDAP and not DHCP. * Remove workaround for bad init.d script dependencies in nslcd, as bug #585968 is fixed in Squeeze. Add breaks on nslcd (<< 0.7.7) and code in the postinst to remove /etc/insserv/overrides/nslcd. * Remove replaces/provides/conflicts on ldap-skolelinux, cfengine- skolelinux and ncs. These packages were removed 6 years ago. * Depend on debconf-utils to make sure debian-edu-pxeinstall find debconf-get-selections. * Get sitesummary2ldap working for updating the DHCP entry for the machines registered with sitesummary. Rename it to sitesummary2ldapdhcp, and install it in the binary package. * Split DHCP bootstrap file in two, one with the generic configuration and one with the dhcpHost entries. * Use /media/cdrom instead of /cdrom. The latter was made obsolete in Etch or Lenny. * Add vga=788 to the kernel arguments used with PXE installations, to match the argument used on the CD and DVD. * Change PXE setup to preseed apt-setup/local0 with test repository on test installations, to avoid duplicate entries in sources.list. * Remove obsolete debian-edu-etc-svk script, since we now use etckeeper. * Replace calls to etcinsvk in postinst with calls to etckeeper. * Update init.d/update-hostname to look for update-hostname-from-ip in its new location /usr/sbin/ where it belong. * Fix typo in the debian-edu-hd-warn script causing it to fail. * Correct pam-auth-config entry to use pam_umask to use the session and not the auth section. * Introduce new LDAP group ldap-admins with full access to LDAP. Add cn=admin and cn=gosa-admin as initial members of the group, making sure the group have one of the required member attribute. Drop slapd.conf access rule for gosa-admin, as its access is granted through the group. * Move adduser script to ldap-tools (and install it in /usr/bin/) and rename it to ldap-add-user-to-group. Extend script to handle groupOfNames groups. * Explain in ldap-debian-edu-install how to reinitialize ldap. * Make sure ldap-debian-edu-install report an error if ldif loading fail. * Move netgroup subtree object to the netgroup.ldif file next to the subtree members. * Introduce new LDAP subtree ou=ldap-access, for user and group objects used to update LDAP. Move ldap-admins group and admin, gosa-admin users into this subtree. * Modify LTSP plugin: - Change build of diskless workstation (032-edu-pkgs) to use LTSP method chroot_mount for mounting tha APT cache. - Add code to report what is blocking umount of CHROOT_MOUNTED entries. - Remove obsolete scripts 010-http-proxy and 099-progress-log. Their code is now in the ltsp package. - Make sure Kerberos and LDAP automatic configuration is invoked when building chroots for diskless workstations, unless building chroot on a main-server. - Add new workaround for bug #593770 in LTSP (failing to generate resolv.conf based on DHCP settings), and remove the old workaround. This should speed up the client boot a bit. - Move extra bind mount entries for diskless workstation from init.d config file to optional ltsp_config.d fragment, to make sure it is set in the initrd when the bind mounting is done. - Brush up ltsp_local_mount to work with new LTSP version, make sure it do not copy etckeeper .git directory and try to umount bind mounted files in /etc/ before bindmounting /etc/ read-writable to avoid hiding existing bind mounts. - Correct help text for --no-diskless-edu-workstation in the LTSP plugin. * Rename ou=hosts subtree to ou=dns, to avoid ou=hosts which according to draft-howard-rfc2307bis-02.txt should contain ipHost LDAP objects. * Move dhcp config in LDAP into new subtree ou=dhcp. * Add workaround for bug #589915 in slapd by making sure fetch-ldap-cert starts before krb5-kdc during boot. * Make sure fetch-ldap-cert give pdns 2 seconds to start before trying to locate the LDAP server using DNS. * Drop conflict on debian-edu-install (<= 0.616), it was published in 2004. * Drop conflict on samba (<<3.0.0), it was published in 2003. * Drop alternative depend on discover1. It is no longer in Debian. * Remove all our pam.d files, as we use pam-auth-update now * Remove code in debian-edu-hwsetup calling discover-pkginstall, as this is done by debian-installer (hw-detect) in Squeeze. * Rephrase server web page to use 'LDAP administration' instead of 'Lwat' as the link text, and improve explanation on where the link leads. * Drop translation flag from kerberos debconf templates, as they will normally not be show to any user. * Depend on libterm-readkey-perl for sitesummary2ldapdhcp to work. * Create new Perl module Debian::Edu, and move functions to find LDAP server, LDAP base and prompt for passwords there to avoid duplicate code in our scripts. Make sure it use LDAP settings from /etc/ldap/ldap.conf when set, to allow clients to change these in one place and affect our Perl LDAP scripts. Depend on fping to make sure Debian::Edu find it when needed. * Reduce DNS timeouts in Debian::Edu when looking for LDAP and Kerberos server, to make sure a result is returned quicker when no DNS server is available. Reduced runtime from 6.5 to 1.5 minute. * Extend ldap2netgroup to list member netgroups too. * Reimplement debian-edu-ldapserver using Perl to add support for -s servername and use it to speed up scripts using it. * Add "ServerAlias *" to our cupsd.conf file, to make cups accept requests using any name/interface. * Reinsert the machines group wanted by /etc/samba/smbaddclient.pl. * Change powerdns configuration to connect to ldapi:// to ensure the unix socket is used to communicate with the LDAP server. * Change init.d/fetch-ldap-cert to syslog and stop looking up LDAP server when it isn't needed. * Rewrite init.d/enable-nat to use LSB style output functions. * Change slapd.conf to include "localssf 128", to make sure connections using the unix socket (ldapi://) is considered safe enough to bind and update LDAP. * Extend workaround for bug #585966 to also include pdns-recursor in the $named definition, to ensure DNS lookup is working also for external DNS names. * Add new LDAP indexes for macAddress and dhcpHWAddress attributes, to ensure LTSP configuration and DHCP server searches are processed quickly. * Add new LDAP index for createTimestamp attribute, to ensure query from Lwat cron job is processed quickly. * Add LDAP index for aRecord to make sure powerdns reverse lookups are quick. * Remove LDAP server and base argument from scripts using the ldaptools that reads /etc/ldap/ldap.conf, to allow the settings in that file to be used instead. * Rewrite tools/passwd script to find LDAP objects dynamically, and use the LDAP server and base settings from ldap.conf. * Adjust debian-edu-ldapserver, to return default values for main-server during installation, when dynamic lookup is not possible. * Extend debian-edu-ldapserver with option -f to fall back to default values if autodetection fail. * Rewrite cfengine rules for LDAP clients to fetch LDAP server and base using debian-edu-ldapserver to fetch it dynamically during installation using -f to get default values if autodetection fail. * Make sure debian-edu-ldapserver do not use localhost to generate settings, to avoid getting bogus Kerberos realm. * Change SRV entries in DNS to use the service DNS names to allow the services to be relocated by only updating one DNS entry and not on the clients copying the SRV entries to their local configuration. * Fix minor typo in server-hosts netgroup. Remove unused domain part from triplet. * Add workaround for bug #582568 in kdm by touching /root/.local/kaboom using cfengine during installation. * Add cfengine rule to purge libpam-ldapd after installation, as a workaround for bug #591773 in nslcd. * Provide hook scripts in /usr/share/debian-edu-config/d-i/ for debian-edu-profile-udeb to call from within d-i. * Enable bootlogd for test installations in cfengine, to give us access to the boot messages after the boot. * Add code in the finish-install hook to install the Gosa packages for testing on the main-server. * Point web page link for LDAP administration to gosa, now that we concluded to use it for Squeeze. * Add attributes objectClass=gosaAccount and uid=admin to admin user object, to try to get the object to show up in Gosa. * Add code in d-i pre-pkgsel hook to dynamically look up sitesummary server, LDAP server and base as well as Kerberos realm and server to use it to preseed sitesummary-client, nslcd, lwat and krb5-config on all networked profiles. * Configure syslog collector on clients dynamically during installation based on 'syslog' DNS name and _syslog._udp SRV record, and remove old static configuration. Update DNS to provide this SRV record and not the unused _syslog._tcp entry. * Remove unused log-servers from DHCP setup, both for the server and the clients. * Make cfengine rule for LDAP clients more robust and make sure the ldap.conf file do not change when cfengine is executed several times. * Add _kerberos TXT record in DNS with the Kerberos realm as content, to allow packages like krb5-config and sssd to automatically detect the realm. * Add workaround for bug #592479 in network-manager triggered when building the LTSP chroot, by creating /var/lib/NetworkManager before trying to purge network-manager. * Create new group cn=ldap-auth,ou=ldap-access with the users that should be allowed to authenticate using LDAP bind. Not used yet, as I am unsure how to do that and unsure what will break if we force the use of Kerberos authentication. * Correct cfengine rule to detect the installation environment to look for /sbin/start-stop-daemon.REAL instead of /etc/inittab.real. The latter do not exist during installation any more. * Replace Package with Packages in squid.conf as a workaround for bug #591839 in squid. * Change SSL certificate specification for the LDAP server to use ldap.intern as its common name and list DNS:ldap as DNS:ldap and DNS:localhost to try to get certificate checking working. * Change gosa.conf to use ldap.intern instead of localhost as its connection point, to avoid certificate error when connecting. * Add policykit rule to make members of the admins group admins according to policykit. * Change ldap.conf to check SSL certificate when using TLS. * Point nslcd.conf to the SSL certificate for the LDAP server. * Make sure nslcd start after init.d/fetch-ldap-cert to have the cert file available when it is needed. * Change debian-edu-pxeinstall to also detect diskless workstations using pam-krb5 or pam-sss. * Adjust debian-edu-pxeinstall to work with the new debian-installer netboot debs. * Stop showing status when starting and stopping services in init.d/enable-nat, as it is mostly noise during boot and shutdown. * Make sure to purge libnss-mdns on stationary machines, as in not standalone and not roaming profiles. * Change automount map for autofs5-ldap to list a generic /skole/tjener/& entry to handle any subpoint under that path without any changes to LDAP. * Adjust automount options in LDAP to reduce timeout and make sure the home directory is mounted with more secure and efficient settings. * Update standards-version from 3.8.4 to 3.9.1. No changes needed. * Adjust sitesummary2ldapdhcp to work with recent changes in the Debian::Edu perl module. * Add link to http://linuxsignpost.org/ on the default page shown to new users. * Update Norwegian Bokmål (nb) web page translation. * Switch powerdns to strict LDAP mode, to make it possible to do DNS updates by only adjusting one LDAP object. Drop the reverse map from LDAP because of this. Adjust the DNS testsuite to handle multiple DNS names replies for reverse lookups. * Move ACL list for powerdns to config file generated at first boot, to avoid hardcoding subnet addresses in the package. * Start on subnet-change script to change the IP subnet used by the main-server (LDAP and files). It is not complete, yet. Depend on libnet-netmask-perl for the script to work. * Add code to migrate from slapd.conf to slapd.d style configuration when setting up LDAP during installation. Not enabled by default, as slapd since 2.4.23-5 work with slapd.conf. We should migrate to slapd.d and drop our slapd.conf file. * Add new tool notify-local-users to allow root to send a desktop.org style notifications to all local users. Add libnotify-bin as a recommend, to ensure it work out of the box. * Add reference to ALSA dmix setup in asound.conf. [ Andreas B. Mundt ] * Kerberos implementation: - Add debconf questions and templates to ask for the Kerberos master key during installation of the main-server. Avoid infinite loop by limiting the number of kdc password queries for debconf. - Add script to initialize the kerberos KDC. The script is called by ldap-debian-edu-install. - Reset debconf questions in kerberos-kdc-init only if password is empty, to avoid asking for the KDC password on package update. - Cleanup of the kerberos-kdc-init script. Add debugging to slapd startup. (Commented after successful implementation). - Use start-stop-daemon.REAL during installation when needed to start slapd. - Switch kerberos to access ldap using the ldapi:/// unix socket. This makes the KDC setup work at install time. Possible security issues still have to be checked, but it might be better to use the socket anyway for performance reasons. - Add smtp service principal and fix minor issues for host/service principals. - Add more kerberos checks to the test suite. * GOsa implementation: - Add configuration file gosa.conf for gosa. - Add schema-files from gosa. The files might be removed later and be replaced by the debian gosa (-schema) package(s). - Add scripts to process changes in ldap. The gosa-* scripts will be called by gosa hooks when creating or removing a user and to synchronize kerberos and posix/ldap passwords. * LDAP modifications: - Modify ldap bootstrapping to enable gosa and kdc out of the box. - Add default sudo-ldap configuration in sudo.ldif and configure sudo-ldap. - Modify ACLs in slapd-squeeze_debian-edu.conf to allow kdc and gosa access the ldap database. - Add KRB5_KTNAME=/etc/krb5.keytab.ldap to /etc/default/slapd. * Mailing system: - Switch from courier to dovecot imap server configuration. - Modify exim4 configuration (user lookup in ldap). * Miscellaneous: - Fix cfengine rules in cf.ldapserver and cf.ldapclient: Skip modifications (i.e. on a second run), if they are already in place. - Remove cfengine rules to modify the umask for lenny. The modification is default in squeeze, but can be overwritten using the etc/profile.d/ directory. - Remove old exim configuration and directory not used anymore; adapt Makefile. - Remove never used configuration file krb5-winbind-debian-edu.conf. * Enable GSSAPI authentication with kerberos ticket to exim4 smtp server. * Remove some debug code from the kerberos-kdc-init script. * Fix typos in cfengine config and clean it up a bit. * Make krb5.conf, kdc.conf and kadm5.acl readable for everybody. * Remove confused exit in kerberos KDC setup script. * Replace the manipulated automount.schema file and replace it by the autofs.schema file provided by the autofs5-ldap package. * Modify autofs.ldif to work with the autofs5-ldap package. * Remove cfengine rules not needed with the improved autofs.ldif. * Add code to figure out distinguished names needed for KDC setup. * Remove ignored automounter variable AUTOFS_ENABLED from cfengine rule. * Move gosa-* executables to /usr/share/debian-edu-config/tools/. * Move all sysadmin executables from /usr/bin/ to /usr/sbin/. * Remove unused bin/debian-edu-pxelinux.cfg. * Add experimental DHCP/DNS GOsa server configuration to gosa-server.ldif as example and for reference. * Switch most ou=* in ldap-bootstrap/*.ldif to lower case. There are still capital case references around in other files; we should clean up and avoid them from now on for consistency. * Add commented cfengine rule to filter ldap posix accounts and not show templates as normal users. Not activated because of #311188; let's see if we really need it. * Add cifs/tjener principal and corresponding keytab entry. * Move debconf questions from the package's configuration script to the kerberos-kdc-setup script to only ask for any password if the KDC is really set up. This makes sure no password is left in the database. * Modify for DHCPv4 transition starting with patch from Mehdi Dogguy (Closes: #585064). * Remove /etc/dhclient-exit-hooks as it is empty. * Remove /etc/insserv/overrides/dhcp3-server as it is not needed any more. * Remove files in /etc/dhcp3/ if they have not been modified. It is superseded by /etc/dhcp/. * Add breaks with old dhcp3-client and dhcp3-server packages. * Fix conflicting groupID numbers in predefined posix groups. Make sure they are the same compared to what has been used in Lenny. * Add Samba attributes to the GOsa user templates. Minor fixes. * Switch GOsa's ldap snapshot feature on by default for testing. [ Daniel Hess ] * Replace $SAMBACRYPTPW with $SAMBAPWDHASH in samba.ldif to fix setting the password for smbadmin by ldap-debian-edu-install. [ Jürgen Leibner ] * Add entries to smb.conf to use kerberos in a way to have tjener as an authentificationserver for samba as testcase. * Modified / reordered some entries in smb.conf for better reading. [ Holger Levsen ] * Unfuzzy translations of web page where possible, else just make sure the links are correct. -- Holger Levsen Sat, 30 Oct 2010 16:49:05 +0200 debian-edu-config (1.442) unstable; urgency=low [ Petter Reinholdtsen ] * Remove obsolete rules entry to install init.d/boot_xconf, which was removed in version 1.430. * Avoid error from init.d/fetch-ldap-cert when /opt/ltsp/ is missing. * Make init.d/fetch-ldap-cert depend on $named to make sure DNS work when it look for the LDAP server. * Reduce depend on resolvconf to recommends, to make it possible to remote it when resolvconf is not needed. * Make sure index.html.zh is included in the binary package. * debian-edu-pxeinstall: - Change how the script find the time/zone preseeding value, to cope with its package changed from d-i to tzsetup-udeb. - Make sure it exits with an error if it is unable to find d-i images. - Disable default proxy settings, to make it work also when installing a main-server via PXE. - Fix script to pass on mirror settings from the installed system without crashing with the new debconf template names. * Change cfengine ordering of update-proxy-from-wpad to make sure it is executed after debian-edu-pxeinstall to fix problem with main-server installations. * Remove code to run cfengine several times during installation, as the bug crashing cfengine on the first run seem to have been fixed. * Adjust debian-edu-ltsp to make sure it always umount the CD, also if the installation fail. * Move active content of ltsp-make-client from ltsp-make-client into a ltsp-build-client pluing, to allow us to build the LTSP chroot in one pass instead of two (Closes: #580255). New option --no-diskless-edu-workstation to disable it. Remove ltsp-make-client, it is no longer needed (Closes: #581077). * Modify LTSP plugin: - Change how the Squid proxy workaround (no pipelining) for APT in LTSP is implemented, to make sure the setting is not overwritten by the Debian/010-http-proxy script in ltsp-server. Enable it just after debootstrap ran. - Move code in plugin to allow untrusted packages from CD and bind mounting /var/cache/apt/archives into the ltsp chroot earlier (from after-install to install), to make sure both EARLY_PACKAGES and LATE_PACKAGES are shared with the host apt cache. - Rewrite installation of diskless workstation to query tasksel for the aptitude command to use, and use it directly to get output from the installation process. - Enable etckeeper also for LTSP clients. Install it early, and commit several times while setting up a diskless workstation. - Remove useless trailing space from some lines. - Disable new cron jobs (apt-xapian-index, dpkg, etckeeper, killer, logrotate, readahead, readahead-monthly) in Squeeze on diskless workstations. - Purge resolvconf on diskless workstations, and leave it to LTSP to update it at boot. - Source /etc/default/locale to fetch current default LANG setting during installation, to try to get the tasksel installation to pick the correct language packages. - Drop code to update the LDAP SSL certificate during building, as this is done by init.d/fetch-ldap-cert when the thin client server boots. - Move code to update Iceweasel web server certificate override to the snakeoil-on-ice script. - Adjust boot setup for diskless workstation to handle new scripts in Squeeze. - Disable init.d/bluetooth on thin clients, as it fail to start and they are unlikely to have use for it. - Purge network-manager, as it causes the client to hang during boot and we do not want dynamic network configuration. - Purge network-manager-openvpn, network-manager-pptp, network-manager-vpnc, openvpn, wpasupplicant, hdparm, hddtemp, readahead, readahead-fedora, ppp and popularity-contest when building diskless workstations, which do not make sense on LTSP clients. Use aptitude to purge unwanted packages, because it do not return an error code when trying to purge packages that are not installed like apt-get does. - Make sure to remove packages from LTSP chroot which are no longer needed after purging unwanted packages. - Add workaround for failure to migrate from sudo to sudo-ldap when installing diskless workstations (see #586887). * Change default-ltsp-client-setup to also look for a DNS server on $SERVER, to try harder to get DNS working if IP addresses was changed. * Test suite: - Correct ldap-client test to look for /etc/nslcd.conf and not the nss-ldapd.conf and pam_ldap.conf we no longer use. - Rewrite samba test to not exit on first error, but test several things in case only some problems are present. - Add new test for ltsp, verifying that the resolv.conf inside and outside the LTSP chroot have the same content. - Add new webserver test checking that http://www/munin/, http://www/sitesummary/ and http://www/debian-edu-doc/ work. - Add new cups test checking that http://www:631/ work. - Add new filesystem test, reporting an error if autofs is hiding the real mount point for /skole/tjener/home0/. * Make the tools/adduser script more robust, by avoiding hardcoded DN paths and instead look up admin user and requested group in LDAP before adding a user to the group. * Correct cleanup code in preinst to only run on upgrades, not first time installations, to avoid removing loadcpufreq when installed in a diskless workstation chroot. * The init.d/resize_lvm script is now obsolete, as online resizing has worked since Lenny. Remove it, and make sure to remove it during upgrades too. * Update our dhclient config to reflect changes to dhcp3-client between versions 3.0.4-13 and 3.1.3-2 (adding domain-search and rfc3442-classless-static-routes options). * Remove NameVirtualHost line at the start of the apache configuration, to avoid warning from apache when it starts. It do not seem to be needed. * Correct munin entry in our apache configuration, to make the munin page available. * Add tool missing-desktop-file to detect packages with Debian menu file and no XDG desktop file. * Add code to preinst and postinst to rename /etc/debian-edu/www/index.html.no to /etc/debian-edu/www/index.html.nb during upgrades, and remove incorrect removal code. * Add file share/debian-edu/common/share/config/kickoffrc with our KDE 4 favorites, adding iceweasel, OpenOffice.org Writer and gcompris and removing konqueror. * Add workaround to make pdns an optional implementation of $named while we wait for its bug to be fixed (#585966). The /etc/insserv.conf.d/debian-edu-config file should be removed when it is fixed. * Add insserv override files for ntp (#585772), nslcd (#585968) and dhcp3-server (#586035) while we wait for their respective bugs to be fixed. The files in /etc/insserv.conf.d/ should be removed when the bugs are fixed. * Add workaround for bug #585966 in pdns by sleeping for two seconds in init.d/fetch-ldap-cert and making sure pdns starts before the dhcp server. * New tool debian-edu-ldapserver to find current LDAP server, for use by scripts. * Change init.d/fetch-ldap-cert to use new script debian-edu-ldapserver. [ Andreas B. Mundt ] * Miscellaneous: - Switch package repositories to squeeze. - Add default nepomukserverrc configuration file: Do not start Nepomuk by default to keep the default disk space requirements low. [ Jürgen Leibner ] * Added some info into README about SMB configuration [ Holger Levsen ] * Add Danish translation, thanks to Joe Dalton. (Closes: #581044) * Provide source/format and set it to 1.0. [ Xavier Oswald ] * Updated French web page translation. -- Petter Reinholdtsen Mon, 05 Jul 2010 19:18:56 +0200 debian-edu-config (1.441) unstable; urgency=low [ Petter Reinholdtsen ] * Updated Standards-Version from 3.8.3 to 3.8.4. No changes needed. * Make sure ltsp-update-kernels is called on first boot, in case the LTSP initrd was changed during installation. * Disable code to insert PXE installation workaround for upgrading old udebs, as it is not yet needed for Squeeze. * Rename now obsolete language code 'no' to 'nb' for web page. * Drop kickerrc config from /etc/skel/ to avoid KDE upgrade dialog for first time users, as the configuration it was supposed to implement are no longer relevant in KDE 4 (Closes: #570784). * Add script share/debian-edu-config/tools/kerberos-kdc-init to initialize a Kerberos server. Not installed into the binary packages, as it need more work. * Move sbin/debian-edu-pxefirmware to share/debian-edu-config/tools/, as it should not be in the default path. * Move where the IP forwarding is enabled from /etc/sysctl.conf to /etc/sysctl.d/edu-ltsp.conf, to avoid upgrade problems. * Adjust LTSP chroot build rules to apply the apt configuration workaround for Skolelinux bug #1419 also in the LTSP chroot, to avoid download problems when using the Squid proxy. * Adjust desktop-profiles trigger for networked installs to also look for /etc/nslcd.conf to also work when we migrate to libpam-ldapd. * Change pam-configs entry for pam_group from type Primary to Additional, to properly reflect its task. Change its priority to 0 as its priority do not matter when it is of type Additional. Solve problem discovered with libpam-heimdal. * Add code to handle new "Roaming workstation" profile, and use new script /usr/share/debian-edu-config/tools/setup-roaming to configure machine for disconnected operation. Adjust test suite to handle the new profile. * Reduce dependency of xresprobe to recommends, and remove arcitecture flags in recommends list, as it do not work and breaks the build. [ Andreas B. Mundt ] * Add myself to Uploaders. * Remove old krb5-kdc.schema and add new kerberos.schema from the debian krb5-kdc-ldap package. * Copy slapd-lenny_debian-edu.conf to slapd-squeeze_debian-edu.conf and add schema and ACLs for kerberos there. * Change Makefile to use slapd-squeeze_debian-edu.conf. * Add commented code to debian-edu-config.postinstall to not forget removing old conffile(s) at a later stage. -- Petter Reinholdtsen Sat, 01 May 2010 21:50:04 +0200 debian-edu-config (1.440) unstable; urgency=low [ Petter Reinholdtsen ] * Updated hardcoded fallback distribution name for the LTSP build and PXE setup from lenny to squeeze (used when lsb_release do not know the distribution name). -- Petter Reinholdtsen Tue, 20 Apr 2010 19:32:44 +0200 debian-edu-config (1.439) unstable; urgency=low [ Petter Reinholdtsen ] * Drop calls to the obsolete debconf-set-frontend tool, and use DEBIAN_FRONTEND=noninteractive in debian-edu-winbind instead. * Change mirror preseeding in debian-edu-pxeinstall to use "new" style preseeding for manual mirror selection (Closes: #570783). * Disable /etc/security/group.conf editing for local device access in Squeeze. We still need it for fuse group membership and LTSP device access. * Disable editing of /etc/profile for Squeeze, and use the new /etc/profile.d/ feature instead to override the default umask. Depend on base-files (>= 5.3) for this (Closes: #370348). Also disable /etc/skel/.bash_profile editing which seem to be obsolete in Lenny and Squeeze. -- Petter Reinholdtsen Thu, 15 Apr 2010 21:27:32 +0200 debian-edu-config (1.438) unstable; urgency=low [ Petter Reinholdtsen ] * New script sbin/debian-edu-pxefirmware to add firmware files to the initrd used with PXE installation, to get PXE installation working for hardware needing non-free firmware. Do not include it in the binary package yet, as it need more work. * Remove dependency on etcinsvk. It depend on svk which is going away from Debian (Closes: #569793). * Adjust cfengine rule for kdm to allow root logins in Squeeze too, and only edit kde3 stuff in Lenny. * Adjust LTSP build rules to only add the local apt section if a CD already has a local section in its apt source (Closes: #573079). * Rewrite how translated web pages are handled, and use po4a to generate the non-english pages using .po files. Convert web pages to XHTML to get po4a working. The old translations has been manually migrated by someone that recognize the language. * Change install rule to install the Italian web page to the package. * Added Norwegian Bokmål debconf translation. * Add /usr/share/pam-configs/edu-group to configure pam_group when using pam-auth-update, as a workaround while we wait for #370346 to be fixed. -- Petter Reinholdtsen Sun, 04 Apr 2010 19:44:58 +0200 debian-edu-config (1.437) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust debian-edu-ltsp-audiodivert to generate wrappers that also work if the user have the $wrapper environment set, and document in a comment the source packages for padsp and esddsp. * Correct start dependencies for init.d/fetch-ldap-cert, making sure it starts after slapd (Closes: #566973). * Make sure fsautoresize cron job look for both short and long host name in the fsautoresize-hosts netgroup, to make it compatible with the host netgroups generated by lwat. * Configure powerdns to use localhost as its LDAP server, to remove the need to change this when changing subnet for the installation. * Include time zone selection in PXE installation preseeding file, to avoid problems when an unusual language/keyboard/region combination is used (Solves Skolelinux bug #1436). Do not change existing installations, as it can overwrite local changes done after installation. * Only enable our pam.d files on lenny. For Squeeze, we will use pam-auth-update. * Remove usplash on machines with video card ATI ES1000 as found on HP Proliant DL385 G6 (partly solves Skolelinux bug #1427). * Configure the bind addresses for powerdns during first boot, to make sure all interfaces are listed in local-address, causing the source IP address on DNS replies to be correct independent of the interface used. (Solves Skolelinux bug #1441). Do not change existing installations, as it can overwrite local changes done after installation. * Add new test verifying the netgroup setting in /etc/nsswitch.conf. * Correct non-verbose code path for init.d/update-hostname to not report bogus failure. * Add test for LDAP server verifying that the downloaded server certificate matches the slapd server certificate, to detect incorrectly downloaded certificates. [ Ronny Aasen ] * Add ForceType to apache config, to enforce .html.es pages to html. (Solves Skolelinux bug #1413) -- Petter Reinholdtsen Wed, 03 Mar 2010 21:26:59 +0100 debian-edu-config (1.436) unstable; urgency=low [ Vagrant Cascadian ] * Update email address to use vagrant@debian.org. [ Petter Reinholdtsen ] * Make ltsp-make-client disable the cron jobs we do not want to have enabled on a diskless workstation (Solves Skolelinux bug #1432, #1433). Do not change existing ltsp chroots on upgrades as there is no way to know if the current configuration is intended or not. * Make ltsp-make-client disable exim4 on thin clients and diskless workstations (Solves Skolelinux bug #1434). Do not change existing ltsp chroots on upgrades as there is no way to know if the current configuration is intended or not. * Update update-proxy-from-wpad to make sure it create files that are readable by all (Solves Skolelinux bug #1431). Do not fix existing installations as there is no way to know during package upgrade if /etc/environment and /etc/apt/apt.conf should be read protected or not. -- Holger Levsen Thu, 04 Feb 2010 18:48:25 +0100 debian-edu-config (1.435) unstable; urgency=low [ Petter Reinholdtsen ] * Output recipe for installing the iwlagn wireless driver in debian-edu-hwsetup if the iwlagn kernel module is not loaded on hardware that need it. * Remove usplash on machines with nVideo video card with PCI id 10DE:06EB, to avoid black on black screen when and after usplash is running. Detected on Dell Latitude E6500. * Drop the 'splash' boot argument from LTSP and PXE boots. It is no longer needed as installing usplash is enough to activate it. * Provide new tool update-iceweasel-homepage to change the default home page used by Iceweasel. * Adjust ltsp-make-client to only create symlinks to init.d scripts if the symlinks do not exist, to make sure ltsp-make-client can process the same chroot several times without failing (Solves Skolelinux bug #1423). * Remove etcinsvk calls from cfengine-debian-edu. It slow down the script a lot when called outside the installer. * Return to two calls to cfengine in cfengine-debian-edu. The last run appear to no longer be needed, and running three times make the installation change behaviour depending on the speed of the computer. * Make sure /etc/environment is created by update-proxy-from-wpad if it is missing make sure the proxy settings are activated also for non-proxied installations. [ John S. Skogtvedt ] * Fix tools/passwd: - Check return code rather than output of ldappasswd as suggested by Christian Ostheimer (Skolelinux bug #1365). - Pass -s option to smbpasswd so it reads password from stdin. [ Holger Levsen ] * Make debian-edu-hwsetup more reliable. [ Ole-Anders Andreassen] * Translated to norwegian and added smb-roaming-profiles-nb.conf to trunk/src/debain-edu-conf/doc/examples . [ Jürgen Leibner ] * Generalize the deploy of the samba roaming profile examples in the Makefile -- Holger Levsen Sat, 30 Jan 2010 22:23:20 +0100 debian-edu-config (1.434) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust ltsp-make-client used to improve LTSP based diskless workstations: - Make sure to make /etc/ldap/ssl/ldap-server-pubkey.pem readable by all users, to get screen unlocking to work (Solves Skolelinux bug #1415). - Make sure to disable gdm in runlevel 4 the same way kdm is disabled, to try to get the gnome option working (Skolelinux bug #1420). - Start cron in runlevel 3, to get shutdown-at-night to work. - Purge munin-node and xfs from chroot. We do not want these network services running, and having them installed confused sitesummary when generating Nagios configuration. * Remove obsolete cfengine rules only affecting sarge and etch installs. * Change lenny cfengine rules to run on lenny and later (aka squeeze). * Adjust lwat cfengine rules to make sure the "sambaPwdLastSet" settings are only inserted when it is missing. * Add new tool wpad-extract making it possible to extract the proxy setting from a WPAD file on the command line. Depend on libjavascript-perl to get it to work. * Add postinst code to correct permissions on ldap-server-pubkey.pem in LTSP chroot and fix skolelinux bug #1415 on upgrades. * Add code in the preinst to remove obsolete conffiles in /etc/nagios/ and /etc/cfengine/. Not removing obsolete files in /etc/bind/ and /etc/ldap/ to avoid breaking those still using bind and slapd config from Etch during upgrades. * Add test to detect incorrect permissions on /etc/resolv.conf. * Make sure LTSP resolv.conf is readable by all also on DVD installs (Solves Skolelinux bug #1416). Fix this bug on upgrades too. * Adjust debian-edu-pxeinstall to improve the PXE installation experience: - Rewrite how a test installation is detected, to make sure it work on both DVD, netinst and PXE installs. - Make sure to preseed ftp to use the same proxy as http. - Make sure to fetch proxy settings from /etc/environment if they are set there. - Make sure to only create thin client and diskless LTSP options when the main-server is a thin client server. * Speed up the test suite when no Internet is available by using netstat --numeric-hosts when checking if a given port is open, to avoid unneeded DNS lookups. * Use ltsp-arch-debian-edu in ltsp test code to make sure all parts use the same way to figure out the LTSP architecture. * Change ltsp-arch-debian-edu to only run dpkg once. * Do not run snakeoil-on-ice in the LTSP client chroot to avoid error during installation when it is unable to fetch SSL certificate from https://www/. * Provide installation option (kernel argument edu-skip-ltsp-make-client) to skip the step converting LTSP chroot to a combined thin client/diskless workstation chroot (Solves Skolelinux bug #1417). * Add etc/skel/.kde/share/config/kickerrc enabling mediaapplet.desktop for users, to make sure the direct media applet is started. The file was created by logging in and adding the applet to kicker. The list of default applets in kicker is hardcoded in the source, so this is the only non-forking way to add a default applet. The list of applications in share/debian-edu/common/share/apps/kicker/default-apps is overrided. * Run sitesummary client and server parts at first boot, to make sure munin config is configured imediately. * Remove some old cruft from bin/debian-edu-ltsp, and make sure it runs ltsp-update-sshkeys after the ltsp chroot is generated. * Add APT option "Acquire::http::Pipeline-Depth 0;" to make sure package downloading work well througth Squid (partly solves skolelinux bug #1419). * Rewrite how cfengine detect a thin client server environment, to make sure a simple main-server is not mistaken as a thin client server. * Rewrite how cfengine detect a workstation environment, to make sure both kde and gnome environments are detected while not detecting it for a standalone installation. * New testcase for workstations to detect if cfengine fail to update mplayer configuration. * Disable nagios configuration in cfengine. This is now done by sitesummary using preseeding. * Create an empty /etc/nagios3/htpasswd.users to make sure the documenteed htpasswd call can add the nagiosadmin user. * Use wpad-extract in webcache test to verify that the wpad file work. * Make sure everything looking for the wpad.dat file is using the URL http://wpad/wpad.dat. * Provide new tool update-proxy-from-wpad to update /etc/envionment and APT proxy settings using the content of a wpad file. Updates /etc/apt/apt.conf, the file created by debian-installer with proxy information. Use it to update the settings during installation. * Remove obsolete cfengine rule for updating the permissions of /etc/kde3/kioslaverc. This file is no longer created by us. * Make sure debian-edu-pxeinstall is used on main-server installs too, not only on combined main-server+thin-client-server installs. * Remove trailing slash from directory entries in cf.iceweasel, to try to avoid error from cfengine when the directories exist. * Run cfengine three times to recover from bug in cfengine. Try to commit to etcinsvk between each run. Save output from the cfengine run in /var/log/installer/cfengine-debian-edu-*.log for easier debugging. * Make all cfengine files and directories rules use consistent mode= and act= statements. * Make sure mplayer cfengine rule is executed on workstations as well as standalone profiles. * Remove code creating /etc/inittab.real for cfengine to find. It is no longer needed as the udebs use -Dinstallation now. [ José L. Redrejo Rodríguez ] * Added /var/lib/gdm if it exist to the list of writable dirs for diskless using Gnome. [ Morten Werner Forsbring ] * Fixed a cfengine-syntaxproblem in cf/cf.dhcpserver. * Changed from using action=create to action=touch in cf/* as this should be a workaround for a bug reported to cfengine upstream (https://cfengine.org/pipermail/help-cfengine/2008-November/004434.html). -- Petter Reinholdtsen Thu, 21 Jan 2010 14:22:38 +0100 debian-edu-config (1.432) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust nbdquery, make sure to throw away error messages from lsof to avoid passing noise to nbdswap-cleanup. * Correct URL used in chguserpw.desktop, to use https://www/lwat instead of https://tjener/, to make sure the Icewease SSL overrides take effect when visiting the password change page. * Add ltsp test checking the Debian Edu profile setting in /opt/ltsp/arch/etc/debian-edu/config, to detect problem discovered by Ole-Anders Andreassen. * Adjust ltsp-make-client used to improve LTSP based diskless workstations: - Correct typo, copy the cert_override.txt file without --parent. - Report content of host resolv.conf when DNS lookup fail, to make it easier to debug. - Send messages to stdout instead of stderr, to avoid reordering of messages because of independend buffering of stdout and stderr. - Bind-mount the APT cache earlier, to make sure it is used for all package installations. - Add more status reporting to make it easier to figure out when the script fail, if it fails. - Move diskless workstation specific init.d scripts to /usr/share/debian-edu-config/ and symlink them in place to make sure the files belong to a package and can be bugfixed using the normal upgrade mechanism. - Avoid boot warning when booting non-laptop diskless workstations by only making /var/lib/acpi-support writable if it exist. - Do not install libpam-mount and smbfs, until someone can explain why they are needed on the default diskless workstations setup. They are missing on the DVD and give different diskless workstation environment when installing from DVD and netinst Cd. - Insert new init.d scripts after enabling and disabling init.d scripts, to make sure update-rc.d reorder the boot sequence based on dependencies. This solve slow boot and USB mount issues on diskless workstations. - Disable the xdebian-edu-firstboot init.d script, it is not needed on LTSP clients. - Drop rule to disable now removed init.d script boot_xconf. * Add resolvconf update script to copy the current /etc/resolv.conf to the LTSP chroots when it changes, to make sure apt and other tools work in the chroots. * Update Nagios configuration: - Add check for swap usage, report warning when less than 10% is free, and critical when less tha 5% is free. - Change process count warning and criticial limits from 250/400 to 500/1000, as a thin client server easily will reach the 250 process limit. - Change check for DNS to look up the DNS server address instead of www.skolelinux.org, to make sure the check work also without Internet access. * Remove now-obsolete configuration and setup for usbmount. We use dbus and hal for this these days. * Fix minor typo in snakeoil-on-ice. [ Oded Naveh ] * Modified snakeoil-on-ice to allow update of an existing override file by testing the content of the file not only its existence. -- Holger Levsen Mon, 11 Jan 2010 22:48:19 +0100 debian-edu-config (1.431) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust ltsp-make-client used to improve LTSP based diskless workstations: - Purge lvm2 from the LTSP chroot, to avoid hang during shutdown (Solves skolelinux bug #1403). - Do not add '@include common-pammount' in pam.d/kdm, as /etc/pam.d/common-pammount is missing and including a non-existing file is a fatal error for PAM. - Make sure to look for the same /etc/exports entry as cfengine inserts, to make sure duplicate entries are not inserted. - Make sure /var/lib/acpi-support/ is writable, for acpi-support to be able to write its status files. - Fix minor typo in code copying /etc/environment to LTSP chroot. * Enable diskless workstations on all thin-client-server installations, not only combined main-server+thin-client-server. * Adjust debian-edu-pxeinstall to improve the PXE installation experience: - Write default PXE menu to debian-edu/ instead of pxelinux.cfg/, and write default menus for diskless workstations and thin clients to make it easier to change this after installation. - Remove redundant mkdir calls. - Rewrite preseed/early_command to parse the Package list to find the latest udebs to install, to avoid having to maintain a list of extra udebs to install on ftp.skolelinux.org. Based on code from Vagrant Cascadian. - Correct code used to detect DVD installs. Grep case-IN-sensitive in /etc/apt/sources.list. - Mention which desktop will be installed in the PXE menu entry for doing installations. - Make sure to fetch the upgraded udebs from the test repository if the main-server installation was using a test build. * Adjust the xorg.conf file generated for HP Mini 2133 by debian-edu-hwsetup, to make its formatting match the file generated by xdexconf, to make it easier to compare the two. Rewrite how the keyboard layout is detected to try to get it working. * Add SuspendTime=60 to arts configuration used with thin client logins, to make the setting consistent with the value currently used. * Rewrite sound setup for thin clients to use Pulseaudio and ALSA forwarding to Pulseaudio for everything using ALSA, and divert binaries and add wrappers using padsp for audacity and gtick to get these packages currently using OSS /dev/dsp by default to work. Keeping ESD configuration for KDE on thin clients, as it did not work without it. Need to find fix for kmix on thin clients. (Solves skolelinux bug #1370) * Extend self test of LTSP to verify that the packages we want to have installed in LTSP is installed in LTSP. Depend on education-tasks (>= 0.842~svn60380) to make sure the education-thin-client task is available. * Adjust timezone self test to report the detected timezone when it isn't the expected one. * Adjust powerdns configuration, make sure clients on the thin client network (192.168.0.0/24) also can do recursive DNS lookups. * Change DNS check in Nagios, stop poking www.google.com all the time. Look up www.skolelinux.org instead. * Add test to verify that the SSL related files are identical inside and outside LTSP. * Add 'allow-recursion-override=on' to the powerdns configuration, to make sure DNS lookups are quick even when no Internet connection is available (Solves Skolelinux bug #1410). * Change recommend on memtest86 to memtest86+, to recommend the same package that is recommended from the education-common and education-main-server packages. * Remove symlink /etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt and directory /etc/skel/.mozilla/firefox/debian-edu.default/ from package. Also remove cfengine rule generating this symlink. Both should be a file created by snakeoil-on-ice. * Make sure snakeoil-on-ice make /etc/iceweasel/profile/cert_override.txt readable for everyone and create the file /etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt (and not a symlink) as using a symlink to a root owned file make it impossible for the user to update the list of overrided certificates. (Solves skolelinux bug #1409). * Report when snakeoil-on-ice is executed, to make it easier to find it in the installation logs. * Remove commented and useless dh_link line related to the cert_override.txt file in debian/rules * Add code in webserver test script to ensure the cert_override.txt symlink is gone. * Make sure /etc/iceweasel/profile/cert_override.txt on diskless workstations is readable by all. * Correct rsyslog client configuration, make sure the file pointed to by /etc/rsyslog.d/debian-edu-client.conf exist (renamed share/debian-edu-config/rsyslog-clients to share/debian-edu-config/rsyslog-client to avoid having to change the symlinks on existing installations). * Rewrite syslog test to check rsyslog config and not sysklogd config, and to verify that installations of everything except Standalone is either forwarding syslog messages or collecting them (or both for Thin-Client-Server). * Add more LDAP client tests, report if group lookup work, services nscd and nslcd is operational and try to use ldapsearch when TLS is required. Extend it to collect more information in the ldap client test from nscd. Add code to check the client side copy of the LDAP server SSL certificate. Also report DNS settings for the LDAP server (SRV and A record, this all closes: #570773). * Make sure sbin/debian-edu-update-netblock is included in the package. * Convert ldap2netgroup to find LDAP server using DNS SRV records and correct handling of command line arguments. * Make sure to not stop thin client NAT rules, and not remove the LTSP audio diverts during upgrades. * Remove obsolete cfengine rule modifying lts.conf on thin client servers. The file is copied from /etc/debian-edu/lts.conf.dist now. * Remove obsolete and disabled cfengine rule trying to work around a no longer present bug in rc.local on LTSP clients. * Make sure to install openbsd-inetd on LTSP clients, to get our scripts nbdquery and nbdswapd-cleanup working, and make sure to not disable inetd in ltsp-make-clients. * Log to syslog when executing run-at-firstboot. * Use ltsp-build-client plugins and not cfengine rules to generate resolv.conf, set up nbdquery and copy lts.conf in the LTSP chroot to make sure the LTSP chroot can be generated with the same content after installation. * Remove SOUND=Y and LOCALDEV=Y from default lts.conf file. Both are now obsolete as the default enable sound and local devices. * Fix postinst code handling upgrades to really remove the obsolete boot_xconf init.d script and reorder the report-reboot and update-hostname script. * Add tool squid-update-cachedir useful for updating the cache size used by the Squid configuration based on partition size. Call this tool from cfengine instead of using cfengine/shell magic to set the correct Squid cache size during installation. * Adjust squid configuration to cache files with size up to 150 MB, to make sure all the debian packages installed over PXE can be cached. * Depend on xresprobe on i386 and amd64, and report ddcprobe output from testsuite/hardware to get information about the display. * Remove now redundant cfengine rule for nbdswapd (now added by ltsp-server), and rewrite the nbdswap-cleanup scripts to use the new port number 9572 instead of the old port number 9210. * Change charset of www/index.html.no to UTF-8, and fix an incorrect character. Add missing link to alternative page. * Change www/index.html.nl, add link to missing alterantive page. * Add the Italian web pages and link to it from the other packages * Link web pages to http://wiki.debian.org/DebianEdu instead of http://developer.skolelinux.no/. * Remove now obsolete directories /etc/nagios/debian-edu/hosts/ and /etc/nagios/debian-edu/hostgroups/ from the package. * Fix typo in ltsp-make-client leading to the cert_override.txt file only being readable for root (Solves Skolelinux bug #1409). [ Holger Levsen ] * Rename example PXE boot file default-ltsp.cfg to default-thin.cfg. * debian-edu-config.postinst: Remove cruft. (=very old commented out code which was in use before 2003.) -- Holger Levsen Thu, 07 Jan 2010 11:58:44 +0100 debian-edu-config (1.430) unstable; urgency=low [ Petter Reinholdtsen ] * Adjust ltsp-make-client used to enable LTSP based diskless workstations: - Make sure the loopback interface is enabled at boot. - Make sure to enable bootmisc.sh, dbus, hal and pulseaudio on diskless workstations (runlevel 3). - Disable ltsp-client-core in runlevel 3, to avoid ldm on diskless workstations. - Make sure package depend on instead of recommend patch, as patch is used to configure KDM. - Disable init.d scripts readahead, readahead-desktop, stop-readahead, lvm2, resize_lvm, hdparm, xfs, rsync, hddtemp and fam on thin clients and diskless workstations, as neither should be needed and we want them to boot faster. - Disable portmap, nfs-common, nslcd and rwhod on thin clients. - Make sure portmap and nfs-common only start on diskless workstations. - Remove useless code copying /etc/hosts from host environment. The client seem to boot fine without it, and it would have to copy to hosts.ltsp to work. - Make sure /var/spool/rwho/ is writable to get rwhod working. - Add code to adjust resolv.conf during boot depending on which DNS server address is working, unless already set in lts.conf. Test 10.0.2.2 and 192.168.1.254. Disable resolvconf. - Make /var/cache/hald/ writable for hald to start at boot. - Make sure SSL certificate for the LDAP server is available on the clients by copying it if available on the server or making sure init.d/fetch-ldap-cert will work during boot. - Rewrite how the Workstation task is installed to behave exactly like debian-installer/pkgsel (Solves skolelinux bug #1400). - Group code to fetch the SSL certificate for the LDAP server in one location. - Move extra entries for /etc/defaut/ltsp-client-setup to a file included in the package, to make it easier to update the content using apt. - Disable resolvconf, as dhclient isn't running and resolvconf thus fail to do anything useful. - Rewrite how APT options are specified, from the command line to a file in /etc/apt/apt.conf.d/, to make sure tasksel is also using the required options. - Make sure tasksel diverts are cleaned up even if tasksel fail. - Drop code inserting our own policy-rc.d, and instead set LTSP_HANDLE_DAEMONS=false to tell the LTSP policy-rc.d to not start any services in the chroot. - Make sure all messages are sent to stderr. - Try harder to get aptitude to accept the unauthenticated packages on the CD/DVD. - Make test for detecting a configured LTSP environment more robust. - Correct how the LDAP SSL certificate is copied into the LTSP chroot, to get it to work in combined main-server + thin-client-server installations and avoid unneeded work during boot. - Adjust how the internal web server SSL certificate is made available for iceweasel to make sure it is copied into the LTSP chroot. * Add cfinputs_version = ( 2 ) in all cfengine files, to document the format and avoid warning from cfengine. * Clean up Iceweasel proxy configuration, avoiding several conficting configuration settings. Make sure only the WPAD configuration is used, and move all proxy handling to cf.squid. * Add test to verify that the automatic proxy configuration file (WPAD) is available. * Use /usr/bin/update-ini-file to edit iceweasel ini file instead of editing the file using edit rules. Less prone to error. * Change update-hostname-from-ip to fall back to interface eth0 if there is no default route available. * Avoid dpkg -S in bin/update-hostname-from-ip to speed up the DNS lookup. Use 'getent hosts ' instead. * Remove cfengine rule to add '*' to kdm/Xaccess and do not enable XDMC in kdmrc, as LTSP is using SSH to log in now, and thus do not need XDMC access. * Remove cfengine rule to disallow root login for standalone installs. it seem to be the default in Debian. * Make sure init.d/fetch-ldap-cert return exit code 1 when it fail to download the certificate. * Make sure ltsp-make-client copy the Iceweasel certificate override file every time it is executed, instead of expecting snakeoil-on-ice to do this. This required rewriting the cfengine rules to have four passes running shell commands. * Fix typo and improve messages in snakeoil-on-ice. * Add code in postinst to remove the now obsolete conffile /etc/init.d/boot_xconf on upgrades. * Leave the creation of /opt/ltsp/*/etc/iceweasel/profile/ to ltsp-make-client and not cfengine. Drop cfengine rule. * Disable cfengine rule creating /opt/ltsp/*/etc/ltsp/update-kernels.conf, as the boot arguments provided there are now set using pxelinux. * Adjust debian-edu-pxeinstall to improve the PXE installation experience: - Drop d-i default PXE entries from our PXE menu. - Move PXE menu separator entries to the toplevel file, to have better control over their placement and avoid the empty line at the end on the menu. - Preseed the locale and keyboard settings from the main-server installation. This depend on the debian-edu-profile-udeb copying the cdebconf failes into /target a bit earlier than normal. - Preseed the apt source settings from the main-server installation, unless it was installed from DVD (for DVD installs hard code http://ftp.skolelinux.org/debian). - Add hack to fetch list of updated udebs to install directly from http://ftp.skolelinux.org/skolelinux/pxe-lenny-extra-udeb during PXE installation, to work around the fact that the Debian/Lenny packages are old and produce too small partitions and fail to hide the tasksel question. (Solves skolelinux bug #1401). - Use above hack to install newer ltsp-client-builder, to try to get PXE installation of LTSP servers working (Related to skolelinux bugs #1369). - Install same desktop type via PXE as the one that was selected for the main-server installation. Add workaround for d-i refusing to accept tasksel/desktop= as kernel argument. Use desktop= instead. - Hardcode host name to 'pxeinstall' during installation. It is changed at boot anyway based on DNS lookups, so no need to slow down the installation with that question. - Fix typo in ltsp preseeding (Solves skolelinux bugs #1369). - Append the content of /etc/debian-edu/www/debian-edu-install.dat.local when generating the PXE preseeding file, to make it easier to have local overrides and still be able to rerun debian-edu-pxeinstall. - Make it easier to adjust the behaviour by reading /etc/debian-edu/pxeinstall.conf after variables are set if the file exist. Made a few more parameters set based on variables (proxy, url to extra udebs) to make it possible to adjust these values. * New script debian-edu-hwsetup to have a place to implement hardware specific tweaks. Currently remove usplash on Acer Aspire One, avoid the white on white console and fix xorg.conf on HP Mini 2133 (keep keyboard setting) and install hardware specific packages using discover-pkginstall. * New tool pipegraph, to debug strange debconf problems. [ Holger Levsen ] * debian-edu-pxeinstall: re-order PXE menu entries. [ Ronny Aasen ] * Alter wpad.pac to go direct on unresolveable addresses. (Closes skolelinux bug: 1068) [ John S. Skogtvedt ] * ltsp-client-setup: fix typo, wait max 1 second per host. -- Holger Levsen Tue, 15 Dec 2009 18:40:31 +0100 debian-edu-config (1.429) unstable; urgency=low [ Holger Levsen ] * Explain how to choose DNS service names in README. [ Petter Reinholdtsen ] * Fix typo in debian-edu-pxeinstall to get it to find the d-i images on disk, and add code to try to install d-i-bootimages before looking for the images. * Change cf.dhcpserver to run debian-edu-pxeinstall also when no Internet connection is detected, as the d-i-bootimages package is now available on the DVD. * Change incorrect rule in cf.apt to trigger only for workstations with Internet connectivity. * Copy configuration changes done in the xdebian-edu-firstboot script in debian-edu-install to share/debian-edu-config/tools/run-at-firstboot, to allow us to keep all configuration settings in this package. * Fix typos in ltsp-make-client, and make sure package installation is done after the media is mounted when using CD or DVD. Try harder to mount CD and DVD when running ltsp-make-client during installation. * Change ltsp-make-client to only rewrite the ltsp environment resolv.conf if DNS lookups do not work. * Correct use of invoke-rc.d in resolvconf hook, add /usr/sbin/ to PATH before calling invoke-rc.d. Solve bug introduced in version 1.425. * Increase space requirement for /opt from 4928 to 5073 in ltsp-make-client to allow 10% free space when enabling diskless workstations. * Move code in ltsp-make-client to check and correct resolv.conf before using apt if the current resolv.conf one do not work. * Enable diskless workstation support on combined main-server+thin-client-server during installation by calling ltsp-make-client from cfengine, and add code in debian-edu-pxeinstall to detect this and enable a new PXE menu option for this. Adjust autorunlevel selection code to allow runlevel to be specified as a kernel option to LTSP. * Update Standards-Version from 3.8.2 to 3.8.3. No change needed. * Fix how ltsp-make-client handle resolv.conf handling, to get it working also when there are no comments in the file. Only copy resolv.conf in LTSP if DNS resolving is working in the host environment. * Fix debian-edu-pxeinstall path to file created when diskless workstation support is detected. * Make sure ltsp-make-client copies the /etc/debian-edu/config file into the chroot to avoid error messages from debian-edu-install when it is installed. * Add policy-rc.d in LTSP chroot while ltsp-make-client is running, to avoid daemons starting in the process. * Correct code downloading LDAP SSL certificate in ltsp-make-client. * Make sure ltsp-make-client create /etc/debian-edu/ before trying to create a file in the directory. * Fix typo in sed command used to copy /etc/debian-edu/config. * Make ltsp-make-client replace the resolvconf symlink in the LTSP chroot with a file, to avoid a dangling symlink on the clients. Make sure /etc/resolvconf/run is writable to give resolvconf a chance to work. * Move iceweasel proxy configuration to a js file that is only enabled on networked installs, to get standalone installs working properly. [ Jonas Smedegaard ] * Tighten leading comment in etc/default/backdoor: Fix non-utf8 whitespace, strip trailing spaces and add missing final dot. [ Daniel Hess ] * Fix adding rw_dirs directories to /etc/default/ltsp-client-setup by ltsp-make-client script. * Add '/etc/network/run' to rw_dirs and add stanza for loopback to /etc/network/interfaces, so that ifupdown will create the loopback interface for us. Makes nfs-common able to register statd service (instead of failing to start). * Add default values for NET_ETH and MASK_ETH to ltsp-make-client. Needed if ltsp-make-client is executed out of the installer (default now for Lenny, if the terminal server profile is installed), would break NFS exports (in /etc/exports) otherwise. -- Holger Levsen Thu, 03 Dec 2009 13:28:27 +0100 debian-edu-config (1.428) unstable; urgency=low [ Holger Levsen ] * Apply patch by John S. Skogtvedt fixing some missing ranges in ldap-bootstrap/dns_ranges.diff [ Jürgen Leibner ] * Split doc/examples/smb-roaming-profiles.conf into language depending files. Now there is a source file doc/examples/smb-roaming-profiles-en.conf in English and doc/examples/smb-roaming-profiles-de.conf as the first translation to German. [ Petter Reinholdtsen ] * Extend ltsp-make-client to use --allow-unauthenticated as apt argument when installing from CD or DVD, to work around the missing archive signature on those medias. * Stop using aptitude in ltsp-make-client, as it do not understand --allow-unauthenticated. * Introduce new function in_target() in ltsp-make-client to make it easier to adjust the chroot environment in a constent way. [ Philipp Hübner ] * Modify nagios3 configuration to not monitor sshd on the default gateway and to not monitor fuse filesystems when monitoring disk space. (Closes skolelinux#1389) [ Holger Levsen ] * share/iceweasel/defaults/preferences/debian-edu.js: force proxy usage, thanks to Ralf Gesellensetter and Philipp Hübner. (Closes: #499709) * Apply patch by John S. Skogtvedt so that the following DNS names are created in LDAP (and thus are known to DNS too) ltspserver00-19 10.0.2.10 printer00-19 10.0.2.30 static00-49 10.0.2.50 dhcp000-154 10.0.2.100 # dhcp000-155 in db.10, but 100+155=255 dhcp155-399 10.0.3.1 # dhcp156-399 in db.10, ends at 10.0.3.245 ltsp001-253 192.168.0.1 # ltsp200-253 are dynamic (Closes skolelinux#1391) [ Petter Reinholdtsen ] * Change depend on atftpd | tftpd-hpa to suggests, to avoid pulling in the tftp daemon on clients. Pull the package in using the tasks instead. [ Daniel Hess ] * Move init.d/resize_lvm after checkfs during boot, to make sure the file systems are checked before we try to resize them. * Add /etc/dbus-1/system.d/hal-debian-edu.conf: Restrict reception of 'DeviceAdded' and 'PropertyModified' messages. Stops KDE and GNOME popup boxes to show up on thinclient users for devices added into LTSP server. (Closes Skolelinux bug: 1376) [ Petter Reinholdtsen ] * Add new testsuite test pxeinstall to check that the PXE boot environment is correctly set up. * Drop test for dhcp001.intern from testsuite/dnsd, to reflect new DNS configuration. * Undo LDAP change to the DHCP configuration done in version 1.425 (Fix wrong filename on cn=INTERNAL). The file name /var/lib/tftpboot/pxelinux.0 is the correct one for cn=INTERNAL, while /var/lib/tftpboot/ltsp/i386/pxelinux.0 is the correct one for cn=THINCLIENT. The former is set up by debian-edu-pxeinstall. [ Vagrant Cascadian ] * add patch to recommends, as ltsp-make-client uses it. * drop "terra" from /etc/lsb-release. [ Petter Reinholdtsen ] * Drop empty directory /etc/bind/debian-edu/ from package. * Rewrite debian-edu-pxeinstall to install the text version of the installer in the PXE environment. * Rewrite testsuite/dnsd to look for LTSP client IP addresses that are present in the new DNS configuration. * Adjust init.d script dependencies to run after syslog and in a more fixed position during boot when concurrent booting is enabled. [ Oded Naveh ] * Add and install cf.lwat, Closes Skolelinux bug #1364. -- Holger Levsen Sun, 01 Nov 2009 14:27:01 +0100 debian-edu-config (1.426) unstable; urgency=low [ Oded Naveh ] * Removed settings in cf/cf.squid that are now Debian default in squid.conf. close #1353 (skolelinux). * Adjust testsuite/dnsd to powerdns responses, partial fix #1352 (skolelinux). * Install /etc/skel/.mozilla to create a default Iceweasel profile with the cert_override.txt in new home directories, see #1328 (skolelinux). * Install script to accept the snakeoil certificate on Iceweasel: #1328. * Rebirth of cf.iceweasel, invoke the script from cfengine: #1328. [ Vagrant Cascadian ] * debian/copyright: point to GPL-2 explicitly. [ Holger Levsen ] * Apply patch by John S. Skogtvedt which adds some more names to DNS: - ltspserver - was missing, but referred to in DHCP config - ltspserver00, printer00, static00 - template entries which have the nice effect that DNS lookup in lwat will work for these three names, which can be helpful if the user doesn't remember what to enter. - the range ltsp200-ltsp253, which is the DHCP range for unknown thin clients. Many users probably have less than 50 thin clients, for them this means that DNS will work for the thin clients and no extra work is needed. - Reverse DNS entries for all of the above. * Thanks, John! [ Vagrant Cascadian ] * install education-thin-client in ltsp-build-client plugins rather than a list of other packages, as it depends on all needed packages. [ Oded Naveh ] * Set web cache size to 80% of /var/spool/squid by cfengine-debian-edu. [ Vagrant Cascadian ] * default web pages: - add links for default content in English on some pages. - add note to translators to not translate the names of the languages in navigation links. * move files in /var/www to /etc/debian-edu/www, and adjust apache2 configuration accordingly. reduces lintian errors, and is more FHS compliant. * update Standards-Version to 3.8.2, no changes needed. [ Jürgen Leibner ] * Added doc/examples/smb-roaming-profiles.conf as an example how to make samba working with 'roaming profiles' discussed at "http://bugs.skolelinux.org/show_bug.cgi?id=1064" This example is according to the sugestions made for using roaming profiles You can read it at "http://www.samba.org/samba/docs/using_samba/ch04.html" -- Vagrant Cascadian Tue, 21 Jul 2009 09:52:26 +0200 debian-edu-config (1.425) unstable; urgency=low [ José L. Redrejo Rodríguez ] * updated ldap-debian-edu-install to add ldif files for powerdns * added cf/cf.pdns to fix pdns-recursor configuration * added ldap-bootstrap/dns ldif files * added etc/powerdns/pdns.d/pdns-debian-edu.conf and updated Makefile [ Vagrant Cascadian ] * Actually install plugin to add keys to the LTSP chroot's apt keyring. * Exit cron.hourly script when debian-edu-config is no longer installed by checking for presence of debian-edu-fsautoresize and innetgr. Patch by Filippo Giunchedi (Closes: #493338) * Remove most traces of lessdisks, as it was removed from Debian. * Use invoke-rc.d to reload bind in resolvconf script, so that it respects the policy layer (and fixes lintian warning). * Call update-mime without full path in postinst, as suggested by Debian Policy 6.1. * purge Packages and Release files that debootstrap may have copied incorrectly, which prevents apt from fetching the correct Packages files when installing from NETINST CD * add ltsp-build-client plugin (backported from upstream) so that it respects http proxy settings for apt when building ltsp chroot * update Standards-Version to 3.8.1, no changes needed. * update debian/compat to version 7, as older versions are no longer used. * build-depend on debhelper >= 7 * add "set -e" to preinst, so that errors stop package from installing * lower priority to extra, as it depends on several packages that are priority extra, to comply with debian policy 2.5. [ Holger Levsen ] * Add depends to net-tools. * Remove cf.bind9 and etc/bind - we don't need it anymore. * Rename testsuite/bind9-dns to testsuite/dnsd. * Cleanup and fix cf/cfengine.conf so that cf.pdns is executed. * Include patch from John Skogtvedt to ldap-bootstrap/dhcp.ldif to enhance the LDAP structure to work better with the changes in lwat adding support for managing DHCP with lwat. - Fix wrong filename on cn=INTERNAL - Add another dhcpGroup to cn=INTERNAL, because of the 250-host dhcpGroup limit (there is room for more than 250 hosts on the 10.0.2.0/23 network) - Remove all per-host filenames. It's confusing and a source of errors if the filename on dhcpSharedNetwork/dhcpGroup is changed and only a few hosts have filename set. [ Luk Claes ] * Fix Italian translation: s/nagios2/nagios3/. * Remove obsolete nagios2 stuff. [ Petter Reinholdtsen ] * Replace pam_foreground with pam_ck_connector.so in etc/pam.d/common-session-debian-edu, to move to consolekit instead of pam-foreground for tracking sessions for device access. * Extend the README with ideas for LDAP based client configuration. * Adjust debian-edu-pxeinstall to handle memtest86+ as well as memtest86. * Extend debian-edu-pxeinstall to fetch boot images from the d-i-bootimages package if it is installed. [ Oded Naveh ] * Install override plugin to remove existing chroot at before-install. This plugin is primarily intended to serve during system installation. [ Vagrant Cascadian ] * only delete existing LTSP chroot if --purge-chroot commandline option is specified. * ltsp-build-client plugins: default --purge-chroot to true when CD install is detected [ Ronny Aasen ] * change loglevel of ldap server from 0 to none, to get critical errors in the log. * change the server check of cfengine, to look for the Main-Server string in /etc/debian-edu/config. checking of named is useless after we replaced bind. * add bind, and pdns checks to cfengine. and use it in the bind cf script. * Adapt smbaddclient.pl to tbldump output in lenny, while keeping backwards compatibility. * add some common samba indexes to slapd-lenny_debian-edu.conf [ Daniel Hess ] * Update samba.schema from Samba version found in Lenny. The Samba version found in Lenny uses some new attributes not yet supported by out LDAP setup. * Allow smbadmin (the administrative user used by Samba) to access some more attributes. The Samba version in Lenny seems to be very unhappy if it can not add or modify this attributes. * Load (include) dnsdomain2.schema on slapd-lenny_debian-edu.conf needed by powerdns. * Correct webcache cname and add some cnames of tjener to ldap * Fix pdns cfengine script to really change local-port of recursor. * Add SRV records for _ldap and _syslog to the LDAP DNS bootstrap file. Fixes libnss-ldapd lookups with 'uri DNS' configuration. -- Vagrant Cascadian Tue, 12 May 2009 22:01:23 -0700 debian-edu-config (1.424) unstable; urgency=low [ Petter Reinholdtsen ] * Make sure samba test is executed also on combined servers. * When copying the host sources.list, avoid cdrom entries to try to get the installation working with netinst CD. * Make iceweasel the default browser, as it handle multimedia and flash pages better than konqueror. - Use it as the x-www-browser alternative using etc/apt/apt.conf.d/99-edu-prefer-iceweasel. - Tell KDE to use it as its default browser in /usr/share/debian-edu/common/share/config/kdeglobals. - Make it show up in the KDE panel instead of konqueror for all users using /usr/share/debian-edu/common/share/apps/kicker/default-apps. * Add OOo Writer to the default KDE panel. * Existing LDAP SSL certificate should only be a warning, not an error. This avoid an error report during installation when both cfengine runs work as they should. * Increase lifetime of OpenLDAP SSL certificate from 30 days to 10 years. * Add cfengine rule to remove the generated /var/www/index.html blocking our translated web pages. * Restructure debian-edu-pxeinstall, moving pxelinux.0 from /var/lib/tftpboot/debian-edu/ to /var/lib/tftpboot/ and changes following from this move, to allow us to fetch files from /var/lib/tftpboot/ltsp and thus enable thin client boot using the new PXE menu. * Adjust PXE boot setup to install KDE desktops by default, and use boot=nfs for thin client boots. * Rewrite default DHCP config to tell klients to boot using the new path. * Adjust debian-edu-fsautoresize to only process each mounted device once. This solve problem during installation of workstation where /dev/.static/dev was incorrectly handled. * Get debian-edu-reboot-when-idle to work by using start-stop-daemon to detatch the process and by using 'who' to check if the machine is idle. Translate some of the comments in the script. * Change mkslapdcert to allow everyone access to the public certificates in /etc/ldap/ssl/. Thanks to Daniel Hess for the investigation and proposed solution. This get LWAT working again. * Change how the networked desktop profile is enabled. Avoid dpkg, as it is slow and might fail if the database is locked. Look for /etc/pam_ldap.conf as a flag file instead. It should be present on all machines using LDAP to check passwords. * Add draft script ldap-tools/sitesummary2ldap, trying to populate machine objects in LDAP based on the collected sitesummary information. * Add DNS alias ocsinventory for use by OCS Inventory clients to connect to their server. * Change /etc/export on LTSP servers to allow clients to boot from the Debian Edu backbone network as well (10.0.2.0/23). * Add cfengine edit rule for /etc/mplayer/mplayer.conf to get working. It is a workaround for bug #491403. * Disable adept notifier in all networked installs, instead of only for LTSP clients and students. It should only be enabled in standalone profiles. * Adjust ltsp-make-client to get it working better in Lenny: - Use aptitude to install the tasks instead of tasksel to get better output when it fail. - Try to automatically resize LTSP partition if it is too small. - Do not fail if LANG is not set. - Do not fail when using LDAP based dhcp server. - Disable CDROM apt source automatically instead of failing if it is enabled. * Add support for automatic LVM resize of /opt/ in ltsp-make-client. * Ajust LTSP client build hooks to install aptitude and debian-edu-archive-keyring to make sure it is installed in every LTSP chroot. * Change installation of init.d scripts boot_xconf report-reboot to make sure the order and runlevel of the LSB headers match the update-rc.d call. * Move start of init.d/update-hostname before $syslog, to make sure we get the correct hostname in logs on the first boot. * Change dependencies from tftp to tftp | tftp-hpa to avoid conflicting with ltsp-client-core and allowing debian-edu-config to be installed in an LTSP chroot. * Move start of init.d/open-backdoor after $syslog, to make sure any error is logged. [ Vagrant Cascadian ] * LTSP: disable gpg verification for debootstrap when doing CD install. * add "boot=nfs" to default boot options for thin clients [Bart Cornelis] * Regenerate desktop-profile cache as we added profiles [ Holger Levsen ] * Added Italien version /var/www/index.html.it thanks to Claudio Carboncini. * Added Swedish debconf translations thanks to Martin Bagge. (Closes: #503600) * Added Russian debconf translations thanks to Yuri Kozlov. (Closes: #496948) * Added Japanese debconf translations thanks to Hideki Yamane. (Closes: 510717) * Move "boot=nfs" to the beginning of the LTSP boot options, as one will hardly ever want to remove it. [ Vagrant Cascadian ] * Added ltsp-build-client plugin (099-progress-log) that logs when each step of ltsp-build-client is finished. * Fix bug in ltsp-build-client plugin preventing debian-edu-archive-keyring from being installed in the debootstrap phase. * Always add server's /etc/apt/trusted.gpg to the LTSP chroot's apt keyring. * Add myself to Uploaders. * Add flags to allow Debian-Maintainer uploads. -- Holger Levsen Wed, 18 Mar 2009 21:59:26 +0100 debian-edu-config (1.423) unstable; urgency=low [ Petter Reinholdtsen ] * Reorder squid.conf cfengine rule to work with the file in Lenny. * Drop squid.conf edit rule for adding the CUPS and webmin ports (631 and 10000), as it is now the default in squid. * Rewrite squid.conf access rule to allow access for all RFC 1918 nets (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16), and not only the backbone and thin client net, to reduce the difference between our and the default squid configuration. * Add cfengine code to initialize PXE install during install. * Rewrite PXE install script to use DNS name and not IP address to find preseed file. Also make sure the file it creates are readable by everyone. * Preseed DNS domain in PXE installs to get less questions asked. * Make sure test installs using PXE uses the test repository. * Call sync before and after cfengine, to see if it solve the strange problem with cfengine not running to completion. * Adjust LDAP client test to match the current correct configuration. * Make debian-edu-fsautoresize more verbose when -v is used. * Added new helper script iceweasel-plugin-support useful for listing the claimed mime types of mozilla plugin. * Move iceweasel prefs file from /usr/lib to /usr/share, to avoid overriding all iceweasel configuration (Closes: #491536). * Change cfengine rule for thin-client server to only do related edits on thin-client-server installs. * Only build the PXE installation environment if we can download files from the the Internet, until we find another way to fetch the d-i (PXE) boot images. * Drop cfengine rules for nss-ldap, we use nss-ldapd now. * Run /usr/share/doc/kaffeine/install-css.sh during installation for workstation and standalone profiles if downloading from the Internet work. * Split out ldap-server-getcert tool from the fetch-ldap-cert init.d script. * Added script debian-edu-winbind moved from the debian-edu-install package. * Try to get LTSP installation working, by installing debian-edu-archive-keyring using debootstrap and using apt option --allow-unauthenticated until our CD is signed. * Use lsb_release output to avoid hardcoding distribution name in debian-edu-pxeinstall (Closes: #489715). * Try to get PXE install of LTSP servers working by preseeding ltsp-build-client-udeb. * Add LTSP build plugin to accept the local component when installing from CD, and to append the host sources.list to the LTSP chroot sources.list to get the same set of packages available. [ Vagrant Cascadian ] * Add ltsp plugin to default to lenny if distribution detection fails. [ Translations ] * Updated Turkish from Mert Dirik (Closes: #491929). [ Holger Levsen ] * Remove Andreas Stockholm from uploaders, thanks Andreas! -- Holger Levsen Fri, 25 Jul 2008 23:24:10 +0000 debian-edu-config (1.422) unstable; urgency=low * preinst: compare against in Debian released versions only when handling conffile removals. * debian/control: Turn depends on memtest86 and syslinux into recommends on amd64 and i386 only, so that the package is installable on other archs. -- Holger Levsen Wed, 16 Jul 2008 14:21:43 +0000 debian-edu-config (1.421) unstable; urgency=low [ Petter Reinholdtsen ] * Correct DHCP server configuration in LDAP and on disk. * Report test duration instead of time stamps. * Remove obsolete code in testsuite used to to rename /etc/skolelinux/config to /etc/debian-edu/config. * Speed up some tests by reducing number of ping packages used from 3 to 1. * Speed up DNS test suite by only looking up external DNS entries if ping reches the the IP address in question. * Speed up package installation test by only quering dpkg once for the list of installed packages. * Correct timezone test to work properly, and fix bugs in handling of BR and SE country codes. * Depend on discover | discover1 for the hardware test. * Increase cfengine editfilesize from 150k to 200k, to make sure it can edit squid.conf (now 164k). * Update syslog configuration to configure rsyslog instead of sysklogd. * Move iceweasel client proxy setting from cf.iceweasel to cf.squid to have it next to the configuration of environment and KDE. This make cf.iceweasel obsolete. Remove the conffile. * Change wpad URL passed on using DHCP from http://10.0.2.2/wpad.dat to http://www/wpad.dat, to make it easier to redirect using DNS. Add the wpad info to the DHCP packages sent on the thin client network too. * Remove obsolete debian/debian-edu-config.modules and the call to dh_installmodules. It was useful in Woody, a long time ago. * Depend on resolvconf to get the correct DNS client configuration. * Change iceweasel and KDE proxy settings to use "Web Access Protocol Discovery" for proxy configuration, to avoid hardcoding proxy settings on the clients. Add wpad DNS alias to get this working with Firefox. * Remove KDE test to check for the new proxy setting indicator, as it no longer make sense. * Change LTSP test to look for /etc/hosts in the chroot, not just the /etc/ directory, as the latter is generated by cfengine. * Add a rootDSE ldif entry to provide extra information in the OpenLDAP rootDSE. * Add RFC 2782 style service entries for ldap, http and syslog in DNS. * Add smtp-server and www-server options to the DHCP server setup, pointing to http://www/ and postoffice. * Provide replacement /etc/dhcp3/dhclient.conf file, to add options ntp-servers, log-servers, smtp-server, www-server, wpad-url to the request list. * Add script /usr/sbin/debian-edu-pxeinstall to generate a PXE boot environment for installing Debian Edu. * Provide PXE boot image /var/lib/tftpboot/debian-edu/pxelinux.0 on backbone network by default, and enable PXE installation. Depend on atftpd | tftpd-hpa, tftp, syslinux, memtest86 and debian-edu-artwork to get the needed files. * Add empty netgroup shutdown-at-night-hosts for make it easier to activate it on clients. Add generator for the server part using this netgroup. * Fix samba test to run only on Main-Server, where the samba packages are installed. * Add cron job to automatically run 'debian-edu-fsautoresize -n' on hosts listed as member of the fsautoresize-hosts netgroup, to make it easier to automatically extend LVM volumes on a large site. * Change testsuite/ldap-client to use the LDAP rootDSE to locate the LDAP base. * Remove unused and old LDAP schemas norEduPerson and EduPerson. * Added script /usr/share/debian-edu-config/tools/qemu-test-network to test a complete network using qemu. * Rewrite how the networked desktop-profile settings are enabled, to activate when the education-networked package is installed, instead of when the education-standalone package is not installed. * Edit init.d scripts to remove bashism in text output. No use providing translation hooks when the rest of the i18n framework is missing (Closes: #486029). * Move etcinsvk from Recommends to Depends, to make sure it always is installed. [ Holger Levsen ] * Remove obsolete code checking for /etc/skolelinux in bin/debian-edu-hd-warn, share/debian-edu-config/tools/logoutkill.sh and share/debian-edu-config/tools/nightkill.sh * Change the hardcoded distribution name in /usr/sbin/debian-edu-pxeinstall to lenny, so that this will continue to work when testing becomes stable. * Rewrite test for etcinsvk in postinst to keep lintians checkbashism test quiet. -- Holger Levsen Wed, 16 Jul 2008 11:31:45 +0000 debian-edu-config (1.420) unstable; urgency=low [ Petter Reinholdtsen ] * Add Xsession.d fragment to trunkate or remove ~/.xsession-errors. * Move iceweasel configuration into separate files in /lib/iceweasel/defaults/pref/ to avoid editing a conffile during installation. * Enable spell checking in both single-line and multi-line fields in iceweasel. * Add usplash to list of packages to install in the LTSP chroot. * Correct fatal typo in debian-edu-fsautoresize. [ Holger Levsen ] * testsuite/network: rename the "barebone" profile to "minimal", add a test for the Sugar profile. * testsuite/taskpkgs: add a check for the Sugar profile. * testsuite/kdm: do not run this for the Sugar profile. * testsuite/ldap-client, ntp and squid: also run these teste for the Minimal profile. * debian-edu-test-install: Add timestamps to the logfile when running the tests. [José L. Redrejo Rodríguez] * Added gconf values to limit visibility of usb mounted disks on Gnome -- Holger Levsen Thu, 26 Jun 2008 18:52:29 +0000 debian-edu-config (1.419) unstable; urgency=low [ Petter Reinholdtsen ] * Avoid error from init.d/fetch-ldap-cert when /etc/ldap/ldap.conf is missing. * Correct munin-node configuration to avoid boot hang. Remove /etc/munin/debian-edu-munin.conf and add /etc/munin/debian-edu-munin-node.conf with correct content. * Change testsuite/ldap-client to look for /etc/nss-ldapd.conf instead of the old /etc/libnss-ldap.conf. * Remove option schemacheck from slapd-lenny_debian-edu.conf, as it is not supported by slapd version 2.4.7. * Remove option TLSCipherSuite from slapd-lenny_debian-edu.conf as version 2.4.7 of slapd in Debian is linked with gnutls which provide a different set of cipher names (see #462588). Hoping the default gnutls settings are ok. * Depend on openssl to pull in SSL tools for certificate generation and checking. * Change mkslapdcert to generate certificate file with openldap:openldap ownership, to make sure slapd can read it. Drop cfengine rule doing the same. * Correct cfengine rule to detect lenny installs. * Add missing dhcp.schema to slapd.conf and package. * Drop cfengine rule to remove the LVM volume debianedufreespace. This task is better left to the installer scripts. * Add cfengine edit rule for kdm to avoid listing all users in the KDM login screen. * Disable adept notifier for all LTSP clients, also non-students. * Remove debian-edu-etc-svk code, and moved it to separate package called etcinsvk. (Closes: #482386) * New cfengine rule to allow NFS clients to access the servers FAM service, to reduce the amount of NFS traffic from each client. * Change debian-edu-fsautoresize to syslog when resizing. [ Ronny Aasen ] * Cfengine scripts fail becouse cf.munin is gone. Removed references to cf.munin. * Fix typo in ldap-debian-edu-install file path [ Holger Levsen ] * Switch to nagios3. * debian/rules: use binary-indep instead of binary-arch, as the package is architecture independent. * Make sure to remove slapd-etch_debian-edu.conf which was left over from change done by Patrick Winnertz in version 1.418. * Remove empty directories /usr/share/lintian/overrides/ and /usr/share/man/man1/ * Added copyright statement to debian/copyright. * Bump Standards-Version to 3.8.0. * Add Vcs- pseudo-headers to debian/control. -- Holger Levsen Sat, 21 Jun 2008 14:58:59 +0000 debian-edu-config (1.418) unstable; urgency=low [ Petter Reinholdtsen ] * Improve init.d/open-backdoor, to save the correct pid file when started and remove it when killed. * Correct LSB header of init.d/boot_xconf to match reality. * Do not stop update-hostname during shutdown to stop wasting time. [ Patrick Winnertz ] * Fix some lintian errors concerning deprecated keys in desktop entrys. * Switched to dhcp3-server-ldap in order to store dhcp informations in ldap * Removed cf.munin in favour of using the default file. * Removed cf.ssh .. X11Forwading is enabled now by default * Switched some configuration stuff for lenny (basically replaced etch in cf.* scripts with lenny) * Remove obsolte nagios1 stuff -- Patrick Winnertz Fri, 04 Apr 2008 23:52:37 +0200 debian-edu-config (1.417) unstable; urgency=low [ Morten Werner Forsbring ] * Syntax-cleaning in cf/cf.homes and removing redundant stuff. * Remove workaround for #375077 (libnss-ldap) failed to bind to LDAP server) in cf/cf.ldapclient, as this is fixed in etch and newer (the create-action is not a valid file-action in cfengine 2.2.3). * Bumped the standards-version to 3.7.3 (no changes). * Replaced the Listen-interface debian-edu-ssl-default Apache-site with NameVirtualHost (Listen-stuff is already present in ports.cfg). * Added 'ServerName www' to the debian-edu Apache-sites. * Drop running discover2 from testsuite/hardware as it does not have as nice --format functionality as discover1, and we did not come up with a alternative solution for the formatting. [ Petter Reinholdtsen ] * Add code in preinst to remove obsolete and unmodified conffiles, both init.d scripts and other files (Closes: #458524). * Correct paths in cf/cf.ltsp to use $(ltsp_arch) instead of hardcoding i386, to get it working better on non-i386 and non-amd64 architectures. * New helper program ltsp-arch-debian-edu returning the ltsp architecture, to fix cfengine configuration with cfengine version 2. * Use new helper program ltsp-arch-debian-edu to set ltsp_arch variable, to get it working with both cfengine 1 and 2. * Add workaround for /dev/pts/ mount missing when d-i installs this package, by trying to mount it in debian-edu-etc-svk if it is missing. * Only configure libnss-ldap when it is installed. It should not be configured when the new libnss-ldapd is used. * Change ltsp-make-client to make /var/lib/ntp writable, to make sure ntpd can store its drift file. * Escape : in cfengine scripts to get them working with cfengine version 2.2. * Start on a script to enable or disable exam mode. Currently just an empty shell. [ Patrick Winnertz ] * Prepare for a new upload to debian * Added Homepage field to control * Bump standards Version to 3.7.3 -- Patrick Winnertz Thu, 07 Feb 2008 10:11:27 +0100 debian-edu-config (1.416+svn39964) terra; urgency=low [ Petter Reinholdtsen ] * Comment out call from apt to debian-edu-etc-svk, as it messes with the terminal and make some install scenarios hang. * Set SVKBATCHMODE in debian-edu-etc-svk to enable non-interactive mode when used with svk version 2.0.1-1 and above. * Fix exim config fix for bug #1264 to not fail in LTSP chroots, where exim isn't installed. [ Patrick Winnertz ] * Rename cf.mozilla to cf.iceweasel and made it modify the correct files (Closes Skolelinux bug: 1298) * Made iceweasel use icedove instead of mozilla-thunderbird -- Petter Reinholdtsen Wed, 23 Jan 2008 13:44:07 +0100 debian-edu-config (1.416+svn39828) terra; urgency=low * Make sure our extra LTSP packages and preseeding is used also when LTSP chroot is generated after installation. * Change APT hook for the debian-edu-etc-svk call do not block waiting for input by redirecting stdin from /dev/null. * Ignore failures from debian-edu-etc-svk in the postinst while we wait for svk bug #435786 to be fixed. -- Petter Reinholdtsen Fri, 14 Dec 2007 23:44:20 +0100 debian-edu-config (1.416+svn39481) terra; urgency=low [ Ronny Aasen ] * Adding groupmap commands to samba-debian-edu-admin, for the default groups jradmin, students,teachers. part of the fix for #1270 * Cleaning up swap files for thinclients that are powerdown/unreachable. Solves Skolelinux bug #1281. [ Petter Reinholdtsen ] * Add ltsp-build-client script fragment to pull in alsa-utils when building the thin client chroot. Solves Skolelinux bug #1288, at least for new installs. * Make sure init.d/update-hostname only run on boot. (Solves skolelinux bug #1287). * Make sure init.d/boot_xconf only run on boot. * Quiet down nbdswap-cleanup when nc fail to connect to the client. * Undo some description changes in root.ldif, and sync the names with samba-debian-edu-admin, using 'institution' instead of 'school' to cater for users who do not call themselves schools. [ Daniel Hess ] * Adding groupmaps to the root.ldif so they get added during installation. Let samba-debian-edu-admin set sambaNextRid to 1003 to don't collide with the rids used in root.ldif. -- Petter Reinholdtsen Sat, 1 Dec 2007 14:06:44 +0100 debian-edu-config (0.416+svn39160) terra; urgency=low * Do not allow debian-edu-etc-svk commit to break apt upgrades. Solves Skolelinux bug 1283. * Configure debian-edu-etc-svk to ignore the machine generated file /etc/mtab. * Use debian-edu-etc-svk commit instead of the old update in the postinst. -- Petter Reinholdtsen Sat, 24 Nov 2007 12:11:10 +0100 debian-edu-config (0.416+svn39072) terra; urgency=low * Fix INTERFACE setting in update-hostname-from-ip (Solves Skolelinux bug #1282). -- Petter Reinholdtsen Wed, 21 Nov 2007 23:38:38 +0100 debian-edu-config (0.416+svn38891) terra; urgency=low [ Ronny Aasen ] * Fix a bug in the mailconfiguration. Mails are not sent via smarthost. Also check for the bug on upgrades and fix the link if needed. Solves skolelinux bug #1264 [ Daniel Hess ] * Add ltsp_local_mount init-script to setup access to local cdroms on diskless workstations by making /etc/mtab writeable and creating /media entries. Solves skolelinux bug #1234. [ Klaus Ade Johnstad ] * Replaced 127.0.0.1 with www in index.html for Sitesummary [ Morten Werner Forsbring ] * Adjust the Nagios disk-limits to 10% and 5% for warning and critical. * Default to not send mail from Nagios. * Really remove the slbackup cfengine-stuff (as it wasn't used). * Change my lastname. [ Finn-Arne Johansen ] * Make smbaddclient invalidate passwd cache whenever a samba workstation is joined to the domain (Solves Skolelinux bug #1269) * Make update-hostname-from-ip use the interface with the default gw to fetch the hostname, to make it work on a laptop with wireless and others [ Petter Reinholdtsen ] * Link to the language specific documentation directories from the default web pages for German, Norwegian Bokmål and Dutch. * Add link to the Russian start web page from the other start pages. * Update cfengine-debian-edu to use the current flag file (/etc/inittab.real), and not the woody flag file. Remove obsolete test base-config which is looking for the woody flag file. * Remove unused cfengine variable 'domain' from cfengine.conf, as it broke configuration of the live CD. * Do not create /etc/ntp.conf on standalone installs. The ntp packages are not installed in standalone mode. * Remove share/debian-edu/students/share/config/kdesktoprc, as it do not seem to have a purpose, and block the default background image in debian-edu-artwork to show up for users with the studends KDE profile. * Disable editing of KDE language profile files in /usr/share/locale/l10n/no/, as it was only needed in woody and sarge. * Remove obsolete cf/cf.pcmcia and cf/cf.mime-support. * Remove all woody entries from cf/*. * Remove useless/redundant cf/cf.nat. * Correct handling of or (|) in cfengine rules. * Change slapd handling in ldap-debian-edu-install, to avoid starting slapd if it wasn't running when the script started. * Detect sudo environment in debian-edu-etc-svk, and fetch $HOME from the passwd file in this case. (Solves Skolelinux bug #1271) * Change cfengine rules to make sure /skole/tjener/home0/ exist even when manual partitioning is used. (Solves Skolelinux bug #1276) * Add APT hook for debian-edu-etc-svk to commit before and after packages are installed, to make it easier to figure out what changes were done by apt. * Change init.d/resize_lvm dependency, making lvm optional, to allow the package to be installed with insserv when lvm isn't installed. [ Patrick Winnertz ] * Added chguserpw.desktop which is part of lwat to installed it automatically on the desktop of students. [ Luk Claes ] * Removed myself from uploaders. -- Patrick Winnertz Wed, 08 Aug 2007 12:58:57 +0200 debian-edu-config (0.415) unstable; urgency=low [ Petter Reinholdtsen ] * Change LTSP build rules to use a network based APT source when build LTSP chroot with amd64 netinst CD, as the CD is missing the i386 binaries needed. * Remove cfengine rule to update /etc/default/update-hostname. It is now handled by preseeding. Solves skolelinux bug #1228. [ Daniel Hess ] * For network based LTSP build on amd64 change build rules: . Set option_mirror_value instead of MIRROR and add option_extra_mirror_value for skolelinux/local packages. . Set local as component for exta_mirror and remove it for all other mirrors. . Add the Debian-Edu archive key as in debian-edu-archive-keyring to the apt-keys list, so it is available when the Release file is checked. . Check for http_proxy set to "high" and unset it, if it is. This seems to be a bug with debconf, which returns always "high" after the debconf priority (which is high) was been read. -- Petter Reinholdtsen Fri, 20 Jul 2007 17:08:03 +0200 debian-edu-config (0.414) unstable; urgency=low [ Daniel Heß ] * Add suffix for group mappings to samba config. Allow samba to add groupmapping existing groups in the slapd config. This restores the old behaviour from when groupmaps where stored external. * Add Samba groupmap information to "admins" group when loading root.ldif in ldap-debian-edu-install. (Closes skolelinux bug #1223) * Include "displayName" attribute in the groupmap. This is not required for it to work, but it's displayed in Windows and is less confusing this way. [ Petter Reinholdtsen ] * Remove cfengine rule to edit /etc/opera6rc.fixed and other references to Opera. Opera is no longer included. * Add more debug output to ldap-debian-edu-install. * Disable editing of /etc/inputrc, as testing show that it is no longer needed to support 8-bit characters in bash. * Remove bogus calls to db_go in debian-edu-config.postinst. [ Holger Levsen ] * Modified /etc/lsb-release to only include DISTRIB_DESCRIPTION. -- Petter Reinholdtsen Wed, 18 Jul 2007 00:26:20 +0200 debian-edu-config (0.413) unstable; urgency=low [ Ronny Aasen and Petter Reinholdtsen ] * Fixed a bug in cfengine's ltsp_arch variable, that broke the installer. Based on patch from Klaus Ade Johnstad. Fixes skolelinux bug #1196. [ Klaus Ade Johnstad ] * Fixed typo introduced in fix for skolelinux bug #1196 * Fixed tail according to new syntax, 's/tail +/tail -n +/g' in /usr/sbin/ltsp-make-client * Fixed bug #1220, typo in lts.conf [ Petter Reinholdtsen ] * Update ltsp testsuite to use i386 on amd64 systems to fix skolelinux bug #1200. * Fixed debian-edu-etc-svk initialization using expect, and improved the script to a point where it is working properly. * Make it possible to enable debian-edu-etc-svk by preseeding debian-edu-config/etc-in-svk, and include cronjob for updating the svk state of /etc/. Depend on svk and expect to make sure the needed packages are installed. * Make sure init.d/start-wlan is not executed during package installation, as it can kill the network connection on laptops. * Change init.d/fetch-ldap-cert to extract the server certificate using the SSL protocol, instead of downloading it over HTTP. * Correct ldap-tools/mkslapdcert to extract the server certificate (and no the public key) and make it available for download, as this is the file needed by clients interested in verifying the SSL connection to the LDAP server. * Rewrite ldap.conf to use the downloaded LDAP server certificate to verify the connection, trying to make it possible to disable the 'TLS_REQCERT never' setting to enforce this. It is not yet working, so the 'TLS_REQCERT never' is still needed. This is related to skolelinux bug 1211. * Move stray client side LDAP configuration from cf.ldapserver to the more correct cf.ldapclient. * Remove kdm theme cfengine rules. They are no longer needed. * Renamed the 'update' command in debian-edu-etc-svk to commit. The old command still work, but will be removed in the future. * Add proposed APT sources in the LTSP chroot as well. Related to skolelinux bug #1168. * Remove code in mkslapdcert to make the LDAP SSL certificate available from the web server. It is no longer needed when fetch-ssl-cert can fetch it directly from the LDAP server. Make sure to only try to download the certificate if it is mentioned in the LDAP config. * Modify cfengine rule for editing /etc/libnss-ldap.conf and /etc/pam_ldap.conf to avoid editing if the host setting already is present. * Improve usage information printed by debian-edu-fsautoresize. * Extend testsuite/taskpkgs to detect if a package in a task is missing. * Update cfengine rule for /etc/hosts.allow to also allow access from 10.0.2.0/23 to tftp and portmap, making sure diskless workstation boots get access. * Allow 127.0.0.1 NFS mount privileges to the LTSP chroot, to get qemu testing to work out of the box. * Updates in ltsp-make-client: - General cleanup and convert it to use aptitude instead of apt-get to track manually installed packages. - Make sure it installs debian-edu-archive-keyring, and - fetches the LDAP SSL certificate. - Add code verify that enoug disk space is available in /opt/ltsp/$arch before starting. Using 4096 MiB as the limit. - Add code to make sure /var/lib/dbus and /media is writable by dbus. Solves skolelinux bug #1180. - Stop installing usbmount. It does not work at the moment, and is not needed when udev/hal is working. * Specify SCREEN_07=ldm in lts.conf to make sure ldm is still enabled on thin clients after ltsp-make-clients installed kdm. Solves skolelinux bug #1210. [ Steffen Joeris ] * Include debian-edu-etc-svk under the SBIN programs in the Makefile to make sure it is included in the binary package * Make sure that the start page translations are in sync with the English page (Closes skolelinux bug #1156) - Include updated Spanish start page Thanks to José L. Redrejo - Include initial Russian start page Thanks to Yuri Kozlov - Include updated German start page Thanks to Ludger Sicking - Include updated French start page Thanks to Xavier Oswald - Include updated Norwegian start page Thanks to Frode Jemtland - Include updated Dutch start page Thanks to Thijs Kinkhorst * Delete old obsolete directories from the old kde-profile * Add kgeography, gcompris, gimp and stopmotion to the students desktop (See skolelinux bug #1199) * Make sure that the standard kde start menu is recognized and avoid having an empty menu (Closes skolelinux bug #1199) * Remove obsolete desktop-directories dir from students kiosk mode * Change slapd-etch_debian-edu.conf to allow the members of the admin group to perform their administrative privileges (Closes skolelinux bug #1146) * Uncomment code in debian-edu-etc-svk to call aptitude, because the dependencies are already solved via Depends field and it would cause the installer to fail (Closes skolelinux bug #1205) Thanks to Daniel Heß * Remove dependency against debianutils as this package is essential * Make sure that Makefile clean call will honour failures * Remove some kde restrictions from the kiosk mode, only keep the rule that students are not allowed to start a new session and can't become root via kde. Thanks to Klaus Ade Johnstad for some advice * Include configuration file for adept_notifer to tell the application not to start during login (Closes skolelinux bug: #1151) [ Daniel Heß ] * Let cupsd listen on /var/run/cups/cups.sock for connections from local clients like the KDE printer ui (Closes skolelinux bug #1207) * Change slapd (ldap) config to restrict jradmins from changing the passwords of users with higher privileges (members of the admins group, smbadmin and the rootdn). This could had been used to set new passwords and gain access to accounts with higher privileges. Many thanks to Steffen Joeris for helping to implement this. -- Steffen Joeris Thu, 12 Jul 2007 21:53:16 +0200 debian-edu-config (0.412) unstable; urgency=low [ Petter Reinholdtsen ] * Remove init.d/loadcpufreq, as the functionality is moved to the cpufrequtils package. * Add new pam.d/common-auth-debian-edu activated on standalone installations to make sure console users is given access to local devices. * Remove obsolete pam.d files not used since woody. * Provide access to the scanner group for users on the console. Based on patch to user-setup in Ubuntu. * Make default /usr/share/debian-edu-config/fsautoresizetab and include it in the package. * Change quoting in the dhcpd.conf editing in sbin/ltsp-make-client to try to get it working with bash (Related to Skolelinux bug #1060). * Install localization-config in ltsp-make-client, and run it after the packages are installed, trying to fix skolelinux bug #1127. * Make sure all pxe booting clients use the same path to pxelinux.0 in dhcpd.conf. * Remove support for etherboot/non-pxe boot in dhcpd.conf. Those with such network cards will have to add it manually. * Make sure the munin server is treated as a munin client when collecting information to get the new sitesummary integration working out of the box. Change how munin-client.conf is updated to get the cfengine rule working. * Drop the fuse group from the list of groups assiged to console users, and make it a group assigned to all logged in users on thin clients, to make it easier to enable local device access on thin clients. * Make sure kderc is updated to enable the special desktop icons for the root user and the members of the admins group. * Make sure /var/www/index.html.?? files uses relative URLs when possible, and use the symbolic www DNS name instead of tjener. * Modified squid to access SSL on port 631, and change all links to Cups to use https on this port. * Change ldap-tools/mkslapdcert to secure the directory where the certificate is created before creating the certificate, and make the public key available in a separate file to make it easier to copy it to the clients. * Create init.d script fetch-ldap-cert to download after apache starts the LDAP SSL certificate on clients when they boot, unless it already is downloaded. * Rename ESERVER to the correct ESPEAKER in the desktop-profile trigger for thin client sound settings in KDE. Fixes skolelinux bug #1183. * Add fuse to /etc/modules on thin-client-servers, to make sure local device access work out of the box when enabled. Fixes skolelinux bug #1184. * Enable sound on LTSP thin clients by default, and let those who want silent clients disable it by changing to SOUND=N in lts.conf, instead of the other way around. * Add 000-arch-detection plugin for ltsp-build-client, to install i386 LTSP chroot on amd64 machines. Fixes skolelinux bug #1195. * Remove obsolete/renamed scripts cfengine-skolelinux, skolelinux-hd-warn, skolelinux-restart-services and skolelinux-test-install. The rename was done in 2004, so documentation should be updated by now. * Enable local device access on LTSP thin clients by default. * Rename cfengine variable de_arch to ltsp_arch, to make it more obvious what the variable is used for. Change its content to i386 on amd64. [ Ronny Aasen ] * Remove the timeout on nbd-server, it removed the swapfile from the client while it's running. * Cleanup the slapd config file. Rename from sarge to etch. And update the cf script to match. And remove the old woody file from the package. * Added sambaNextRid to smbadmin's acl. needed in order to join machines to the domain. * Added ldap-users.pl with dependencies from webmin 1.180, used by samba to create machine accounts in ldap. * Edited smbaddclient.pl to use the provided ldap-users.pl, and not webmin. * Added configfile to support the links to debian-edu-doc made from the local webpage. * Added script to cleanup the ltsp network swapdir daily (Closes Skolelinux Bug #1169) * Added script nbdquery. shows ports in use by nbd-client on ltsp clients * Changed nbdswapd-cleanup to use nbdquery on the ltsp clients, and edited cf.ltsp to activate nbdquery on the ltsp clients * Add dependency on lsof * Added nbdquery to the makefile [ Holger Levsen ] * Relabeled descriptions to say "all $foo in the institution" instead of "...school" [ Klaus Ade Johnstad ] * Small fix of comments in dhcpd.conf * Removed Norwegian comments in dhcpd.conf * Removed unneeded stanzas for ltsp-clients -- Petter Reinholdtsen Sat, 16 Jun 2007 15:17:06 +0100 debian-edu-config (0.411) unstable; urgency=low [ Steffen Joeris ] * Remove icons from the kiosk desktop for student users which relate to uninstalled software (Closes Skolelinux Bug #1140) * Remove obsolete kiosk-profile directory as it is now divided into individual directories * Allow students to run a shell and the kde command execution * Include the kiosk mode for root - Give root the tjener desktop icon to call the internal webpage - Update Makefile and add the tjener.desktop file - Update debian-edu-config.postinst to generate additional config entry for the root kiosk mode [ Petter Reinholdtsen ] * Add the fuse group to the list of groups assigned during login, trying to get LTSP local device access working out of the box. * Avoid hardcoding the IP address on the default apache web page. * Avoid hardcoding IP addresses in the nagios config. This will cause problem in case DNS is unavailable, but make it easier to change IP subnet. * Add pam-foreground as an optional pam session module, to get /var/run/console/ populated with information needed by dbus to give special privileges to users on the console. * Edit /etc/security/group.conf to set up local device access to local users for all profiles, not just standalone and workstation. * Remove unused directory /etc/kde2/kdm from package. * Correct URL to popularity-contest in the default web page. * Drop the popularity-context section in the default web page, as it is part of the default install now. * Add group description to the LDAP groups missing it (Closes skolelinux bug #1132). * Add new init.d script loadcpufreq based on scripts found in the powernowd package in Ubuntu to load the required cpufreq kernel modules, and edit /etc/default/cpufrequtils to enable ondemand cpu scaling to save power. * Change install rule to fail on errors copying files. * Add LC_ALL=C in bin/update-hostname-from-ip to make sure the output format is known. * Use the service name in tjener.desktop, to make it easier to use a different DNS domain. * Modify cf.ltsp to not export /var/opt/ltsp/swapfiles. Swap is done using nbd and not nfs now. * Removed obsolete cf/cf.sarge-installation-cleanup and cf/cf.devfsd. * Avoid hardcoding DNS domain name on the web page. Use relative links where it is possible. * New script sbin/debian-edu-fsautoresize making it easier to resize LVM volumes. Add depend on libfilesys-df-perl to get it working. * Minor cleanup related to the init.d/nbd-poll script. [ Bart Cornelis (cobaco) ] * Added Dutch translation [ Holger Levsen ] * Added myself to uploaders. * added catalan translation, thanks to René Mérou * converted /var/www/index.html.?? files to unicode (Closes: Skolelinuxbug #1142) [ Ronny Aasen ] * Added configuration for network swap out of the default install. (Closes Skolelinux bug #1087) * Generate random nagios password at installation time (Closes skolelinux bug #1119) * Edit testsuite/bind9-dns to support bind9-host * Edit ltsp-make-client to include preseeds for popularity-contest. * Edit ltsp-make-client to prevent starting a second instance of all deamons in the chroot. * Make a working resolv.conf for the ltsp thin clients. (Closes Skolelinux bug #1073) * Provide debian's default DB_CONFIG before making the ldap DB's, shameless rip from slapd.postinst. (Closes Skolelinux bug #1150) * Renamed index.html.nb to index.html.no (Closes Skolelinux bug #1148) * Changed links on nagios to https. * Added a variable in cfengine, and replaced i386 in cf scripts. * Added support for bind9-host to update-hostname-from-ip. * Cleaning up cf.exim, mail should own /var/lib/maildirs * New syntax in authldaprc (Closes Skolelinux bug #1163) * Added slbackup-php in the webpage * Added a /debian-edu-doc to the webpage * Added subtree_check on exports made by ltsp-make-client (Closes Skolelinux bug #1167) * Forcing the use of encryption on cups administration pages. * Dropped developer pages, we use the wiki. on the webpage. * Updated the url for the mailinglists. On the webpage. * Make nbd-server save in the correct swapfile dir. avoid creating large files in /tmp (Closes Skolelinux bug #1169) [ Finn-Arne Johansen ] * Prepared for better integration with resolvconf -- Petter Reinholdtsen Sun, 27 May 2007 08:47:19 +0200 debian-edu-config (0.410) unstable; urgency=low [ Patrick Winnertz ] *Include wpad for autoconfiguring the proxy for clients. [ Steffen Joeris ] * Correct the path to the kiosk profile in /etc/kderc * Remove unneeded .desktop files from the applications and Desktop sections for kiosk profile as these are not on the CD * Adding first version of the kpanel for the student kiosk profile which includes some generic directories and the some of the current applications * Remove webmin check from testsuite scripts as we do not have webmin anymore and this always reports an error after the installation * Drop the ispell-dict-default script from the testsuite as we are no longer distributing the education-desktop-other metapackage on the first CD due to space limits and therefore no longer including the various dictionaries and make sure that bogus error messaging after the installation is avoided * Do not perform the bind9-dns check after installation in case a standalone profile will be installed * Only perform network check for showmount if nfs-common is installed and therefore exclude the Standalone profile from this check * Disable all syslog checks on Standalone profile as it is not setup * Add myelf to uploaders * Add information about kiosk mode students to README * Drop cf.apache script and make sure that cf.apache2 script is installed * Include Spanish debconf translation (Closes: #407474) thanks to Javier Ruano * Include initial Portuguese debconf translation (Closes: #414060) thanks to Ricardo Silva [ Petter Reinholdtsen ] * Extend filesystem test to report ext3 file systems without the resize_inode feature. [ Ronny Aasen ] * disable cf.apache since we are installing apache2 now. * configure apache2 userdir with our homedir location * provide a new apache2 default sitefile, showing our frontpage and correct hostmaster email address. * provide a new apache2 ssl default sitefile, using a selfsigned cert. * modified debian/rules to use a debian-edu-config.links file * using cf.apache2 to enable userdir and ssl modules. * using cf.apache2 to disable the debian stock default site, and enable our own ssl and regular default site files * Deleted webmin from our web frontpage * Added link to sitesummary on our web frontpage * fixed link to nagios on web frontpage * Added experimental nagios2 configuration /etc/nagios2/debian-edu * Added and enabeled cfengine script cf.nagios2 * mount nfs with the tcp argument in automounter ldap * Add lwat to the local homepage * Add append_domain to squid.conf, to fix broken resolv on non FQDN * Make Nagios ignore space checks on special filesystems * Trying to remove the spare freespace partition properly, in cf.fstab * Update testsuite/timezone, /etc/localtime is not a symlink anymore. * alter the way we configure bind9, to avoid breaking on bind reconfiguration [ Finn-Arne Johansen ] * chown /var/lib/ldap to openldap after slapadd has been run as root -- Steffen Joeris Fri, 9 Mar 2007 19:22:09 +1100 debian-edu-config (0.409) unstable; urgency=low [ Luk Claes ] * Added myself to uploaders. [ Petter Reinholdtsen ] * Adjust cfengine test for detecting etch, to look for '4.0' and not 'testing', to match the current version. * Change testsuite/bind9-dns to not report missing Internet connectivity as an error. * Change testsuite/ispell-dict-default to handle locales with UTF-8 or other non-ISO-8859-1 charmaps properly. -- Luk Claes Wed, 22 Nov 2006 22:31:59 +0100 debian-edu-config (0.408) unstable; urgency=low [ Ronny Aasen ] * Add authorative to dhcp configuration * reordering cf.ldapclient fixes libnss-ldap * Modify cf.ntp to support setting the clock on startup * Add /etc/lsb-release with some initial values. This should remove the need to preseed ltsp with --dist since lsb-release should function as expected * remove cf.popcon from the makefile. since cf.popcon is removed * added ltsp plugin in order to configure ltsp pxelinnux to use usplash * added nosuid to /tmp in cf.fstab * creates /opt/ltsp/i386/etc/ltsp/update-kernels.conf tru cf.ltsp this enables usplash in ltsp booting clients [ Steffen Joeris ] * Include French translation for debconf questions (Closes: #392190) Thanks to Guilhelm Panaget * Delete apt settings for woody and sarge, to clean up a bit * Delete old kdesktoprc for the kiosk profile * Make sure that the kiosk profile is installed in a hierachic order * Include new desktop icon framework for the debian_edu_pupils * Update the package build to honor the new kiosk files * Include German translation for debconf questions (Closes: #396383) Thanks to Helge Kreutzmann * Add special desktop restrictions to the debian_edu_pupils kiosk mode * Add the first customized kmenu for the debian_edu_pupils kiosk profile which is divided into the disciplines [ Petter Reinholdtsen] * Enable esd sound in KDE for thin client users by adding a new desktop profile thin-client for all users with LTSP_CLIENT and ESERVER set in the environment. * Modify default pam.d/common-auth to use pam_group, to make it easier to provide local device access to the user logged into the console. Rewrite pam_group config to include more groups and also work on tty1-9 logins. Activate it on thin-client-server installs, as well as workstation and standalone installs. [ Morten Werner Olsen ] * Removing all traces of bind8. -- Petter Reinholdtsen Sun, 19 Nov 2006 13:56:08 +0100 debian-edu-config (0.407) unstable; urgency=low [ Ronny Aasen ] * Modify cf.ldapclient, Altering libnss-ldap default bind policy to soft * Added commented volatile sources for etch to cf.apt * modify cf.fstab, to delete the dummy freespace logical volume * fix the regex matcing /tmp in cf.fstab * updated www.uio.no ip address in testsuite * dont run debian-edu-ltsp, we use ltsp-client-builder [ Petter Reinholdtsen ] * Correct exit code and output handling in update-hostname-from-ip. * Drop code to edit /etc/defaults/ntpdate. It is no longer needed. * Moved testing of network settings from debian-edu-install to testsuite/network. * Add DNS alias sitesummary.intern for the sitesummary collector. [ Steffen Joeris ] * Include Czech translation for debconf questions (Closes: #391475) Thanks to Miroslav Kure -- Petter Reinholdtsen Wed, 4 Oct 2006 13:50:48 +0200 debian-edu-config (0.406) unstable; urgency=low [ Petter Reinholdtsen ] * Use 'tail -n +3' instead of 'tail +3' in ntp test, to avoid warning. * Make dash test more robust. * Update test to detect missing webmin and report that. * Correct syslog UDP activation code to edit /etc/default/syslogd, not /etc/default/sysklogd. * Fix typo in webmin test script. * Modify testsuite/kde to accept execute bit on /etc/kde3/kioslaverc. No idea why the file is executable, but we only need to check if it is readable for all. * Correct testsuite/webcache to not test a non-proxying connection to squid. It does not, and should not, work. * Add testsuite/ltsp to detect if the LTSP chroot is installed on the thin client server. * Modify ntp test to check if /etc/default/ntpdate have syntax errors. * Change init.d/update-hostname to use the LSB log functions and to not print anything when VERBOSE=no. Add depends on lsb-base. * Removed useless chkconfig line from init.d scripts. [ Steffen Joeris ] * Mark update-hostname debconf question as internal and fix typo at enable-nat question (Closes: #388062) * Fix typo in update-hostname debconf question to make sure lintian is happy * Change hash commenting for /etc/default/ntpdate file, because current code breaks configuration for main-server(only), because of if-clause * Remove mime-types from cf.mime-support which are already merged into the mime-support package and write bugreport against mime-support for the rest to make sure we can remove cf.mime-support soon [ Ronny Aasen ] * Added cf.fstab, purpose is to add /tmp as tmpfs in fstab * Modify dhcp configuration to look for pxelinux.0 in the correct location * ldm fail if Xsession is not executable, edit cf.ltsp to make sure /etx/X11/Xsession is +x -- Petter Reinholdtsen Sun, 24 Sep 2006 17:26:20 +0200 debian-edu-config (0.405) unstable; urgency=low [ Patrick Winnertz ] * Removed obsolete alternative dependency on cfengine, because it is going to be removed from debian. [ Petter Reinholdtsen ] * Rewrite base-config test to no longer report the missing dbootstrap_settings as an error. It is not present on etch. * Adjust syslog cfengine rule to enable UDP listening on etch. * Adjust webserver test to accept as a success both either apache2 or apache running. * Update debian-edu-ltsp to work with both old and new version of ltsp-server. Change default dist from sarge to etch, and add new option --dist to make it easier to change it. * New test 'dash' to check that /bin/sh points to dash, not bash. * Remove cfengine rule to set GreetString in kdmrc. Leave this to debian-edu-artwork. Use debian-edu-artwork script to enable KDM theme. * Updated LSB header for the init.d scripts. [ Steffen Joeris ] * Cleanup the cf scripts and remove cf.shell and cf.webmin entries and adjust the Makefile * Deactivate slbackup configuration part via cfengine for combo servers as it is merged into the installer, * Add dh_link to debian/rules and use it for linking the ldapdump script into the needed slbackup directory and deactivate the generation via cfengine merge it into the installer * Move the enable-nat part for the thin-client-server into the postinst script and deactivate the cf.nat cfengine call * Start the debian-edu-config.prerm script and make sure that the enable-nat init script is called if nat is enabled * Remove the cf.issue file as we don't use it anymore * Change code for enable-nat script to make it compliant with policy and use the code snipplet from dh_installinit * Add debconf template to ask if enable-nat should be activated or not (Closes: #365140) * Start the debian-edu-config.config script for the debconf question * Include code into debian-edu-config.postinst script to avoid starting enable-nat script if debconf boolean is false * Add po-debconf to Build-Depends-Indep as we need it for the debconf templates * Start the po files for the debconf templates * Add code to debian-edu-config.postinst to start the kde kiosk profiles for debian-edu which creates basic configuration for the /etc/kderc and the /etc/kde-user-profile as a mapping file [ Ronny Aasen ] * Avoid touching the conffile named.conf of bind9, instead give it the option -c filename in the non conffile /etc/default/bind9 * Edit cf.ldapserver and slapd-sarge_debian-edu.conf to try to run slapd as the default openldap user. (Closes Skolelinux Bug #1112) * Fixed wrong dist variable in debian-edu-ltsp, blocked execution * Workaround for a bug in ltsp-build-client. * add --accept-unsigned-package, since our cd is not signed yet. * add a workaround for bug #375077 to avoid the long lookuptimes that occure after the cfengine run edits nsswitch.conf. * PXElinux in etch have changed it needs next-server and root-path options in dhcp now. * incresed editfilesize in cfengine.conf, squid'c config was larger then the previous value. * make debian-edu-pxelinux.cfg use syslinux from the chroot * pxelinux don't like symlinks. copied pxelinux and images instead since hardlinks dont work across devices * added the mandatory nfs export flag for subtree_check or not * remove debian-edu-pxelinux.cfg from cf.ltsp instead call ltsp-server from debian-edu-ltsp -- Petter Reinholdtsen Sun, 17 Sep 2006 17:13:00 +0200 debian-edu-config (0.404) unstable; urgency=low [ Petter Reinholdtsen ] * Remove the cron job bin/filehandle_ctl.sh. It is no longer needed with linux 2.6 kernels. * Comment out cf.shell, as the same setting can be activated using preseeding now. * Update standards-version from 3.6.2 to 3.7.2. No change needed. * Add depend on ${misc:Depends} to get a debconf dependency for the hidden debconf question available for preseeding. [ Steffen Joeris ] * Change build-depends-indep to build-depends as debhelper is needed during the clean target * Increase debhelper level to 4 * Remove obsolete calls for conffiles in Makefile * Cleanup debian/rules to remove the obsolete calls too * Adding md5sum file for package * Change DESTDIR to package name instead of tmp to adjust packaging to current debhelper level -- Petter Reinholdtsen Sun, 20 Aug 2006 23:27:54 +0200 debian-edu-config (0.403) unstable; urgency=low [ Steffen Joeris ] * Update sources.list and adjust it for etch as non-US is gone * Remove cf.webmin as webmin is gone * Remove obsolete cf.shorewall * Remove obsolete cf.kdm_hdwarn as kde is doing this check now * Remove obsolete cf.udev as we are configuring the rights for the sound device via pam (Closes: #370350) * Remove obsolete cf.amanda as we are using other backup methods (Closes: #370393) * Fix configuration of squid.conf in cf.squid * Adjust path for dhcpd.conf in cfrunhosts.pl * Adjust Makefile because of removed files * Fix configuration for authldaprc in cf.imap [ Frode Jemtland ] * Translated norwegian comment in cfengine.conf to english. Fixed skolelinux bug #1088 [ Ronny Aasen ] * Removed webmin from ltspserver profile cfengine run. [ Bart Cornelis (cobaco) ] * Use desktop-profiles instead of debian-edu specific script to set up the kde-profiles (Fixes skolelinux bug #1005). [ Petter Reinholdtsen ] * Correct LSB dependency info in resize_lvm init.d script. -- Petter Reinholdtsen Fri, 4 Aug 2006 19:36:49 +0200 debian-edu-config (0.402) unstable; urgency=low [ Petter Reinholdtsen ] * Update the resize_lvm init.d script: - use MiB instead of LVM PE as size unit. - Make sure it is installed in rcS.d/ - Make sure it isn't started during install nor upgrade. - Rename variable MOUNTPOINT to DEVNAME to reflect its content. - Use lvextend instead of lvresize to be compatible with LVM 1.x. Thanks to Finn-Arne for this idea. - Do not include the resize_lvm default file in the package, to avoid upgrade problems on installations where it is modified. * Update standards-version from 3.6.1 to 3.6.2. [ Finn-Arne Johansen ] * Added resize_lvm init-script * Treat sarge and etch as !woody to simplify scripting with cfengine * Keep the slapd config from sarge (not renaming it to "*-!woody_*") * Added etch templates for sources.list (maybe it's not needed) -- Petter Reinholdtsen Wed, 19 Apr 2006 22:50:02 +0200 debian-edu-config (0.401) unstable; urgency=low [ Petter Reinholdtsen ] * Fix syntax error in boot_xconf. (Closes: #343457) * Achnowledge old upload. (Closes: #301565) * Modified the ltsp-make-client script used for building diskless workstations: - Modify code to rename rc#.d symlinks instead of removing them, to avoid them to reappear after an upgrade. - Reinsert init.d scripts ifupdown and networking when building diskless workstation, to make sure the loopback network interface is enabled. - Make sure to only update /etc/exports once when executing ltsp-make-client several times. - Move network interface name into variable to make it easier to change. - Use the apt location of ltsp-server instead of ltsp-client to detect the apt source to use, as the latter might not be installed nor available on the server. - Add /opt/ltsp instead of /opt/ltsp/i386 to /etc/exports, to be compatible with the update done by the ltsp package itself. * Add dependency on host to make sure init.d/update-hostname work. -- Petter Reinholdtsen Thu, 23 Mar 2006 13:08:44 +0100 debian-edu-config (0.400) unstable; urgency=low [ Patrick Winnertz ] * Changed symlink of /bin/sh from /bin/ash to /bin/dash * Added shellcommands section in cf.shell in order to invoke dpkg-divert --add /bin/sh (Closes Skolelinux Bug #1041) [ Benjamin Sonntag ] * Added manpages for some binaries in this package. Also added a mechanism in Makefile so that /bin /sbin and ldapprograms manpages are autodetected and installed too. * Added file for backdoor in /etc/default (still disabled by default, but useful to know how to fill it) * Added documentation in README file for samba ssh and apache. * Corrected lintian warning on xboot_conf not having restart and reload cases. * Added CFBINFILES to Makefile so that cfd and cfrunhosts.pl are now executables. [ Steffen Joeris ] * Distribution umask only in /etc/profile (Closes Skolelinux Bug #996) * Disable connection settings in courier-imap so that the cf.imap is running and the courier-imap is not running by default (Closes Skolelinux Bug #998) * change ntp-configuration to not use pool.ntp.org and let the clients search for ntp.intern (Closes Skolelinux Bug #1024) * Dropping kmail preconfiguration (Closes Skolelinux Bug #550 and #1017) * Also remove conffiles for kmail from /usr/share/debian-edu/* and update Makefile * still providing sound permission changes for devfs if someone still uses kernel24 * update Makefile for cf.udev [ Henning Sprang ] * Now configuring NTP with cfengine (cf/cf.ntp). (Closes Skolelinux bug #1024) [ Bjorn Ove Grotan ] * Fixed typo in tools/jrpasswd [ Ragnar Wisloff ] * Added example of settings for serial mouse to lts.conf. Fixes #584. [ Finn-Arne Johansen ] * Fixed typo in when creating pxelinux config for old ltsp * Added permissions to set timestamps when passwords was changed * Display menu for pxebooting devices if more than one netbooting solution is installed * Set PATH for ldapdump.sh to properly stop/start slapd. (Closes Skolelinux bug #1000) * Cleaned up the dependencies of debian-edu-config, only include the necesarry packages for installing this package. * added HOST variable for talking to the ldap-server * Set the correct permission on samba passwords. (Closes Skolelinux bug #1007) * Added support for doing a netbased installation of ltsp in debian-edu * Added support for installing ltsp in another location than /opt/ltsp/i386 * Extended/rewritten script for creating diskless/stateless workstations * Split up the configuration of courier imap, should close skolelinux bug #998 * Added dependency to ng-utils (should close Skolelinux bug #1033) * Stopped imap from running on a unencrypted port * Removed positive test for imap2 (unencrypted port) (closes Skolelinux #1038) * Added commented out cfengine code to set up access to local devices when logged in via kdm on non-server (alternativ fix for Skolelinux #974) * Added sample definition for shared folder in samba * Added sample config for usbmount * Added sample config for pam_mount on stateless clients * Added script for making stateless workstations to the package, should be ready for testing * Added workaround for missing background.png in ltsp-themes (Skolelinux #1035) * Set up mozilla-firefox to use kprinter and A4 as default. Thanks to Klaus Ade Johnstad for finding the bug (and the solution) (Closes Skolelinux #1042) * use pam_group instead of manipulating the devices to get access to local devices * ldap-debian-edu-install needs to use bash for now * Dont test for a running squid on a thin-client-server. Thanks to Ole-Anders Andreassen for finding this bug (Closes Skoleliux #1054) * Add support for detecting Arch in debian-edu-ltsp (Closes Skolelinux #1055) * Modified slapd-sarge-debian-edu.conf to allow jradmins to change passwords, and admins to add user * Dont use bash on diskless workstation, since it breaks ltsp-client-setup (Closes Skolelinux #1059) * Removed extra "-e" in ltsp-make-client breaking dhcpd.conf (Closes Skolelinux #1060) * No need to allow users to read their own encrypted samba password * Need to allow samba root to update nextID, and to search the samba Attributes (Closes Skolelinux #1061) * Define wins server in dhcp, to allow windows clients to resolv the samba domain (Closes Skolelinux #1067) [ Patrice Neff ] * Added support for using cfengine server * Enabled configuration of the sysstat system * Cleaned up the test for squid * Cleaned up test for XFS * Included libnet-ldap-perl required by some of the ldap-tools * Added a Spanish translation of the index page at var/www/index.html.es * Allow port 10000 in Squid configuration (so that Webmin is accessible) [ Morten Werner Olsen ] * Removing /etc/skel/.kde/share/config from debian/dirs. * Removing all references to /etc/default/ntp-servers (isn't owned by any packages). * Cleaning up cf/cf.ntp and commenting out all references to pool.ntp.org and using 127.127.1.0 as default for main-server (as NTP will understand that is using the local clock as reference). * Fix /etc/default/ntpdate for non-Main-server's (point to ntp). * Fixing Finn-Arne's email-address in the 0.397 changelog entry (prevents lintian-error). * Disabling the xfree-test that assume that xfree86 is started. * Disabling the kdm-tests that assumes that kdm is started. * Now defaulting to not sending any Nagios-mails. * Change my email-address in the Uploaders-field. :) [ Andreas Schuldei ] * making slapd use ipv4 only in cf.ldapserver (for uml testframework, where long timeouts occure when probing for ipv6 stuff) [ Frode Jemtland ] * Found a updated version of debian-edu-config/bin/debian-edu-ltsp in one of my test servers. This seemd to me to be a improvment to get disk less workstations to work, with ltsp. Probably need more files from this installation to get it to work * Updated the index.html.en and index.html.de with a plea to install the popcon package * Added a German var/www/index.html.de by Ralf Gesellensetter * Updated rest of the index files to have a link to the German translation * Changed special norwegian characters to html codes [ Bart Cornelis (cobaco) ] * Added var/www/index.html.nl with a Dutch translation of the default page. * Updated the other index.html pages to have a link to the Dutch version * Added dutch index.html in the Makefile script -- Morten Werner Olsen Sat, 4 Mar 2006 19:33:13 +0100 debian-edu-config (0.399) unstable; urgency=low [ Bjorn Ove Grotan ] * Added administrative password-change utility (tools/jrpasswd) [ Morten Werner Olsen ] * Added LDAP-database dump script (tools/ldapdump.sh) * Added etc/slbackup/pre.d to debian/dirs * Added a cfengine-hook that symlinks the tools/ldapdump.sh into /etc/slbackup/pre.d/ (fixes debian-edu bug #923) * Fixed the permissions on the config-file (pxelinux.cfg/config) for PXE-booting. * Updated cf/cf.kdm to get a little bit more interesting background for the login-screen. * Added myself as uploader. * Deliver mail to root as the mail-user (not root). This prevented mail for root to be delivered. [ Petter Reinholdtsen ] * Fix typo in testsuite/webcache, using correct argument to find. * Close stdin/stdout when restarting the wlan to avoid hanging on first time installs. * Add LSB init.d headers to document boot time dependencies. * Use new script debian-edu-ltsp to build LTSP environment using the new LTSP debian packages. * Make sure missing sound card don't give a warning dialog box. * Make sure testsuite/php is no longer used. We do not install PHP any more. * Only run testsuite/{ldap-server,webmin,webserver} on Main-Server installs. * Only run testsuite/{ldap-client,ntp,webcache} on Main-Server, Workstation and Thin-Client-Server installs. * Only run testsuite/dhcpd on Main-Server and Thin-Client-Server installs. * Only report missing kdm and X server as information when running the testsuite, as these are started after this point in the installation sequence. * Start on script ltsp-make-client to convert a LTSP thin client chroot to a more complete client installation. [ Maximilian Wilhelm ] * Added exim4 LDAP configuration for server and client (Closes: #276769) [ Finn-Arne Johansen ] * Added firefox proxy, cache and printer config * Fixed detection of 2.4-kernel * Included the munin cfengine script, and fixed the munin script * Made cfengine-debian-edu work with both cfengine and cfengine2 * Better detection of group "installation" * Replaced all occurences in chengine of "installasjon" with "installation" * Disabled FifoDir for kdm on non-standalone, to prevent shutdown from a logged in session * Disabled shutdown from non-local display for kdm (fixes debian-edu bug #949) * Updateded /etc/samba/slapaddclient.pl because tdbdump is relocated * Set up automounting via ldap * Disabled listing of hashed password to unauthenticated users (fixes debian-edu bug #945) * Gave smbadmin access to the Machine Subtree (fixes debian-edu bug #950) * Installation script for lessdisks thin client is availible, but does not run by default * Set up ldap users on lessdisks clients * Set a more suited certificate for the postoffice (Closes: #301288) * Fixed Typo preventing hidden home dir mounting from Windows server Thanks to Bernt Johnsen AFK for discovering * Close debconf fd before init-script runs, prevents initscripts from runing cleanly (Fixes debian-edu bug: #301565) * Made nightkill a bit more quiet * Made debian-edu-config Replace,Conflict and Provide ncs (fixes debian-edu bug #975) * Fixed missing translation from installasjon -> installation in cf.cups (Fixes debian-edu bug: #967) * Disabled ldap idletimeout, since kdm fails to set up a new connection * tftpboot files are moved from /tftpboot into /var/lib/tftpboot, rewritten dhcpd.conf, and added script debian-edu-pxelinux.cfg to help maintain pxelinux.cfg/default (Partly closes: #905) * Fixed typo in tools/ldapdump.sh to remove error-message * Added support for using /usr/share/d-e-c/tools/passwd as non-root user * Fixed permission on samba passwords for ldap [ Ragnar Wisloff ] * Corrected cfengine edit line for USE_XFS in cf.ltsp to make LTSP * Changed permissions on /etc/skel/.kde/share/config/kmailrc to make only user readable. (Fixes debian-edu bug #887) * Added cf.sysstat which enables the sysstat system * Added Nagios config files and amended cf.nagios to fit. (Fixes debian-edu bug #953 and #954). * Fixed missing logos from NAgios package. * Added UserDir config to cf.apache. Fixes debian-edu bug #639. [ Frode Jemtland ] * Corrected errors about php4 in cf.apache * Updated information about ServerAdmin in cf.apache * Added language support for nb, no and nn in cf.apache * Commented out mime type nb in cf.apache * Fixes skolelinux bug: #938 and #864 * Added files to /var/www: index.html.nb, index.html.en, logo-trans.png, skl-ren_css.css. Fixes debian-edu bug: #942. * Fixed typos in html files. [ Andreas Schuldei ] * extending ldap-debian-edu-install to deal with cases where /etc/shadow does not exist (for uml test installations) -- Petter Reinholdtsen Sun, 11 Dec 2005 21:00:32 +0100 debian-edu-config (0.398) unstable; urgency=low * Finn-Arne Johansen - Added common-auth|account|passwd-ldap-debian-edu for ldap authentication, Tried to enable it for Sarge only (Closes: #275031). - Added detection of sarge in lessdisks-chroot. - Added conf-files for winbind/ads authentication, with dummy variables - Added pam_env to common session to support /etc/environment - better detection of woody/sarge - fixed kdm to not show userlist on sarge (Closes: #294048) - fixed kdm to allow root logins on server console (Closes: #294047) - moved dbootstrap_settings on sarge, to prevent cfengine from detect a clean installation if run again - Remove custom Xsession, to get kdm to honour /etc/alternatives/x-session-manager - Rewrite of debian-edu-restart-services - Added test for samba to debian-edu-test-install - Make sure ldap is stopped during ldap-debian-edu-install - Added new imapd.pem for courier-imap-ssl certificate - fixed some ACL stuff in ldap-schema/lis.schema to make it work - Disabled devfsd for 2.6 kernels (use udev instead) - changed slapd-debian-edu.conf -> slapd-sarge_debian-edu.conf to support slapd 2.2 - Moved skript for setting up X in lessdisks ws at boot from d-e-install (also updated) - Replaced cfengine with cfengine2 - sett correct path to cfagent * Bart Cornelis - Set up proxy + kmail when inside a debian-edu network. * Petter Reinholdtsen - Get PCI reporting working in Sarge. * Bjørn Ove Grøtan - Updated norEduPerson.schema * Andreas Schuldei - add writeableBy for ACL usage to ldap-schema/lis.schema -- Andreas Schuldei Sat, 4 Jun 2005 21:36:07 +0200 debian-edu-config (0.397) unstable; urgency=high * Andreas Schuldei - added afs entries to the named zone files * Finn-Arne Johansen - Changed samba into using tls instead of ldaps - Changed test for services in inetd.conf, not lines containing the name of service (Closes: #288912) * Klaus Ade Johnstad -Removed a space, to avoid errormessage "bad substitution" when running /usr/bin/debian-edu-hd-warn -- Finn-Arne Johansen Thu, 6 Jan 2005 11:48:33 +0100 debian-edu-config (0.396) unstable; urgency=low * Correct code to make sure /etc/kde[23]/kioslaverc. It need to create the file if it missing, as the 'files' section is executed before the 'shellcommands' section. * Remove share/debian-edu/common/share/config/kioslaverc. Not all profiles uses a proxy (standalone does not), so KDE should not always use a proxy. * Move editing of /etc/ldap/ldap.conf from cf.ldapclient to cf.ldapserver where it belongs, and where it can be part of the cfengine rules already editing the file. * Do the same editing of /etc/ldap/ldap.conf in woody and sarge, as the rules were similar enough, and seem to differ only for historical reasons. -- Petter Reinholdtsen Sat, 23 Oct 2004 20:43:23 +0200 debian-edu-config (0.395) unstable; urgency=low * Finn-Arne Johansen - Set Thin client nfs-access to be async - Added, but deactivated code to set nscd cache size - Updated ldap initialisation to set up group mapping from unix group admins to samba group "Domain Admins" (fixes skolelinux bug #812) - Updated format for slapd.conf to specify both ldap and ldaps as service - Added pointer to certificate file on sarge server install - Set ldap clients to never check certificate - Updated samba.schema to support sambaPasswordHistory - Added test for squid spool dir ownership - Added host definition for ldap-clients * Klaus Ade Johnstad - Added some more host-templates in dhcpd-debian-edu.conf, and some space between the lines, to avoid some gruff in the comment fields in webmin-dhcp. * Petter Reinholdtsen - Add test to detect errors with /etc/kde[23]/kioslaverc. - Make sure /etc/kde[23]/kioslaverc is readable by all. * Maximilian Wilhelm - Complete rewrite of /etc/group to LDAP migration script. -- Joey Hess Tue, 5 Oct 2004 16:29:20 -0400 debian-edu-config (0.394) unstable; urgency=low * Finn-Arne Johansen - Fixed bashism in detection of workstation profile in cfengine.conf - Added slapdconfig for sarge (bdb backend, commented out for now) - Changed ldap-bootstrap script to support exim4, and nonexisting samba - Added support for sarge in cfengine.conf - Fixed squid config for sarge - Fixed slapd Database setup for sarge - Changed detection of ltspserver profile * Petter Reinholdtsen - Correct xfree86 test. It should no longer report errors on Main-server installs. - Enable postinst code to handle debconf preseeding for init.d/update-hostname. It is now working as it should. - Document some problems with init.d/open-backdoor. - Make sure open-backdoor print a message when it is enabled. * Maximilian Wilhelm - Added ldap base dn to client config - Added CNAME kerberos for tjener to db.intern - Localized debian-edu-hd-warn correctly and added chech if X is running -- Petter Reinholdtsen Sun, 8 Aug 2004 13:28:30 +0200 debian-edu-config (0.393) unstable; urgency=low * Andreas Schuldei - Remove unnecessary and wrong lines from the autofs.ldif. objectclasses OU and automoutMap can not be in the same ldap entry, with stricter checking as in openldap 2.1.X. * Finn-Arne Johansen - Remove path from temporary filename for ldap-user-clean-attic.sh. (Fixes skolelinux bug #786) * Petter Reinholdtsen - Add debconf template install rule. - Add quotes (") around the value stored in /etc/default/update-hostname to make sure it is a valid sh-script even if the value is junk. -- Petter Reinholdtsen Thu, 17 Jun 2004 10:16:04 +0200 debian-edu-config (0.392) woody; urgency=low * Petter Reinholdtsen - Change xfree86 test to only warn if X isn't running. X is started after the test is executed, so it isn't really an error. - Make it possible to configure init.d/update-hostname at install time using an hidden debconf value. - Restart bind before ntpd, as ntpd need to look up 'ntp' in DNS. * Finn-Arne Johansen - Added ldap-user-clean-attic.sh to the command line ldap tools - Changed number of imap clients allowd to connect from same host (closes: #459) -- Petter Reinholdtsen Mon, 14 Jun 2004 09:27:02 +0200 debian-edu-config (0.391) woody; urgency=low * Finn-Arne Johansen - Improved a workaround for bug #286 in skolelinux, #156332 in debian to ensure that the dhcp server is restartable after installation -- Petter Reinholdtsen Sat, 12 Jun 2004 22:06:24 +0200 debian-edu-config (0.390) woody; urgency=low * Petter Reinholdtsen - Only test XFree86, kdm and xfs if it is supposed to be installed (!Main-Server). - Insert code in debian-edu-restart-services to force dhcpd restart as a workaround for skolelinux bug #286. Not sure if it works, but it is better to have this code here instead of in debian-edu-install. - Add test to check if host 'ldap', 'ntp', 'syslog' and 'webcache' is reachable. - Started in README on highlevel description of the configuration changes done. -- Petter Reinholdtsen Fri, 11 Jun 2004 00:04:30 +0200 debian-edu-config (0.389) unstable; urgency=low * Finn-Arne Johansen - Fetch sambasid for PDC instead of domain. * Petter Reinholdtsen - Rewrote samba-debian-edu-admin script to make timeout length a variable, and to fetch hostname short form only once. - Remove trailing space from line ends and the samba-debian-edu-admin file. -- Petter Reinholdtsen Thu, 3 Jun 2004 18:07:44 -0300 debian-edu-config (0.388) unstable; urgency=low * Finn-Arne Johansen - Set smaller cache size for mozilla - Fixed type and missing entries in mozilla proxy settings -- Petter Reinholdtsen Mon, 31 May 2004 01:53:18 -0300 debian-edu-config (0.387) unstable; urgency=low * Finn-Arne Johansen - Fixed some missing samba objects to the ldap tree. - Changed procedure to fetch sambaSID. - Updated Makefile to include cf.mozilla. - Tries to take up the network interface before fetching sambaSID. - Changed samba-debian-edu-admin to ensure that sambaSID is availible when needed. - Disabled samba password change. - Disabled samba root access to shared resources. - Added sample entry for assigning static ip to workstations, (fixes SL #750). -- Petter Reinholdtsen Fri, 28 May 2004 14:36:35 -0300 debian-edu-config (0.386) unstable; urgency=medium * Finn-Arne Johansen - Updated slapd.conf to limit the write access of smbadmin -- Petter Reinholdtsen Fri, 21 May 2004 23:36:04 +0200 debian-edu-config (0.385) unstable; urgency=medium * Petter Reinholdtsen - Change webmin test to check the config file before checking if the server is listening to the correct port. Also changed it to not die on the first error, but to do all checks before setting the return code. * Finn-Arne Johansen - Changed DHCP lease time. - Moved samba clients to a subtree under ou=People. * Andreas Schuldei - Make the retrival of the machine group dynamic in etc/samba/smbaddclient.pl. -- Petter Reinholdtsen Thu, 20 May 2004 22:28:22 +0200 debian-edu-config (0.384) unstable; urgency=low * Finn-Arne Johansen - Changed config of samba, and rewritten smbaddclient.pl script to ease the adding of NT clients. - Removed nss_base_passwd from libnss-ldap.conf to allow use of ou=machines for samba clients. - Added config for mozilla to use webcache, and kprinter. * Petter Reinholdtsen - Reinsert nss_base_passwd into libnss-ldap.conf, as it might have unwanted side effects, like removed users and machines showing up as existing users. - Add test for webmin allow line in /etc/webmin/miniserv.conf. -- Petter Reinholdtsen Sat, 15 May 2004 19:44:45 +0200 debian-edu-config (0.383) unstable; urgency=low * adding organisational unit Machines to root.ldif for samba. -- Andreas Schuldei Wed, 5 May 2004 21:38:39 +0200 debian-edu-config (0.382) unstable; urgency=low * Finn-Arne Johansen - Added missing samba-debian-edu-install script * Andreas Schuldei - performance tuning for slapd: adding some indices and keeping the db in RAM -- Andreas Schuldei Wed, 28 Apr 2004 19:12:41 +0200 debian-edu-config (0.381) unstable; urgency=low * Finn-Arne Johansen - Added config for samba 3.0 * Petter Reinholdtsen - Only create samba LDAP config on first time install. -- Andreas Schuldei Wed, 28 Apr 2004 17:27:13 +0200 debian-edu-config (0.380) unstable; urgency=low * Petter Reinholdtsen - Fix typo in cf.webmin. The file is called /etc/webmin/config, not /etc/webmin/config.conf. - Add cfengine rule in cf.webmin to rewrite /etc/webmin/dhcpd/config to use dhcp version 3 instead of version 2. (Fixes skolelinux bug #666) - Renamed every file using 'skolelinux' prefix and postfix, to using 'debian-edu' instead. Added compatibility wrapper scripts to avoid breaking installation while changing. This will break existing installations, but is needed to be done before we stabilise for consistency. -- Petter Reinholdtsen Mon, 26 Apr 2004 20:09:52 +0200 debian-edu-config (0.379) unstable; urgency=low * Remove cf.mkinitrd from the include list in cfengine.conf too. -- Petter Reinholdtsen Fri, 23 Apr 2004 23:30:09 +0200 debian-edu-config (0.378) unstable; urgency=low * Klaus Ade Johnstad - Changed the warning/explanation in 10skolelinux-one-login-per-host from Norwegian into English. * Petter Reinholdtsen - Changed webmin configuration to use PAM for authentication, removing the need to keep a separate user database in webmin. -- Petter Reinholdtsen Fri, 23 Apr 2004 00:06:47 +0200 debian-edu-config (0.377) unstable; urgency=low * Petter Reinholdtsen - Add test taskpkgs to check if the correct task packages are installed. * Klaus Ade Johnstad - Added the special forwarders need for Skoleetaten i Oslo, in named-bind9.conf - Added the correct path to the dhcp3 script, in dhcpd-skolelinux.conf -- Petter Reinholdtsen Tue, 20 Apr 2004 00:07:37 +0200 debian-edu-config (0.376) unstable; urgency=low * Petter Reinholdtsen - Do not edit /usr/X11R6/lib/X11/xkb/rules/xfree86.lst any more, as we are using XFree86 4.2 now, and the changes are already there. - Rewrite edit rule for xfree86.lst in cf.locales to insert the same text as is used in XFree86 4.2. - Remove cf.mkinitrd, as DELAY=0 is the default in debian-installer. - Remove edit rule for /etc/network/interfaces from cf.ldap, as this file is updated correctly by debian-edu-profile-udeb in d-i now. - Modify update-ini-file to add a section if the ini-file only consist of comments. (Skolelinux bug #633) -- Petter Reinholdtsen Thu, 15 Apr 2004 00:09:12 +0200 debian-edu-config (0.375) unstable; urgency=low * Andreas Schuldei - Renamed the 'guest' group to 'none' and the 'jnadmin' group to 'jradmin' in root.ldif. - Adding an attic OU for deleted users, and added an attic capability flag in root.ldif. * Petter Reinholdtsen - Add missing newline at the end of ldap-bootstrap/root.ldif. -- Petter Reinholdtsen Wed, 14 Apr 2004 10:00:19 +0200 debian-edu-config (0.374) unstable; urgency=low * Petter Reinholdtsen - Report output from rpcinfo -p when testing the network status. * Andreas Schuldei - Adding a default class to root.ldif, removing the generic age group. * Finn-Arne Johansen - Modified password script to allow changing of admin password. (fixes skolelinux #236) * Ragnar Wisloff - Added nagios to list of services to restart. -- Petter Reinholdtsen Thu, 1 Apr 2004 22:34:09 +0200 debian-edu-config (0.373) unstable; urgency=low * Petter Reinholdtse - Change /etc/exports rule for /skole/tjener/home0 to only export to selected host netgroups by default. * Bjørn Ove Grøtan - Commented out indexing of eduPerson-related parts in slapd.conf since we're not using EduPerson.schema yet. -- Petter Reinholdtsen Tue, 30 Mar 2004 23:31:31 +0200 debian-edu-config (0.372) unstable; urgency=low * Petter Reinholdtsen - Improve the mail content sent from init.d/report-reboot. - Avoid restarting init.d/report-reboot on installs and upgrades. (Closes: #240776) - Do not use EduPerson.schema yet. - Make sure debian-edu-mailcap is installed without execute bit. * Ragnar Wisloff - Fixed typos in cf.nagios -- Petter Reinholdtsen Mon, 29 Mar 2004 21:35:47 +0200 debian-edu-config (0.371) unstable; urgency=low * Bjørn Ove Grøtan - Add norEduPerson.schema to the package. * Petter Reinholdtsen - Make sure to install EduPerson.schema and norEduPerson.schema, to get slapd to start. (Fixes Skolelinux bug #664) - Make sure newly added scripts in /usr/share/ are installed with execute bit. - Make sure /etc/init.d/report-reboot is a conffile. -- Petter Reinholdtsen Sun, 28 Mar 2004 22:50:44 +0200 debian-edu-config (0.370) unstable; urgency=low * Finn-Arne Johansen - Adding script to change users password in ldap (also samba) - Moved nice to have script from /usr/sbin/ into /usr/share... - Added code to set umask when logging in with kdm - Added the script located in share into the Makefile * Petter Reinholdtsen - Updated testsuite/dhcpd to check dhcpd version 3. -- Petter Reinholdtsen Sat, 27 Mar 2004 16:57:14 +0100 debian-edu-config (0.369) unstable; urgency=low * Bjørn Ove Grøtan - adding ACL for smbadmin and performance tuning * Petter Reinholdtsen - Add workaround for apache problem in skolelinux-restart-services. This should make sure the missing apache parent process is worked around. (Skolelinux bug #636) * Ragnar Wisloff - Changed cf.nagios to use forced symlinks -- Petter Reinholdtsen Sat, 27 Mar 2004 11:58:23 +0100 debian-edu-config (0.368) unstable; urgency=low * Petter Reinholdtsen - Add new init.d script report-reboot, which can send an email when a server boots. - Implement 'status' argument to init.d/open-backdoor, reporting if the SSH backdoor is running or not. - Add Finn-Arne Johansen as uploader. - Remove all '.#*' files in clean target, to make sure this cruft do not make it into the source package. -- Petter Reinholdtsen Mon, 15 Mar 2004 22:19:29 +0100 debian-edu-config (0.367) unstable; urgency=low * Replaced dhcp with dhcp3-server in skolelinux-restart-services, should fix #286 and #421 -- Finn-Arne Johansen Thu, 4 Mar 2004 20:50:19 +0100 debian-edu-config (0.366) unstable; urgency=low * Fixed config for dhcp3 -- Finn-Arne Johansen Wed, 3 Mar 2004 22:27:21 +0100 debian-edu-config (0.365) unstable; urgency=low * changed distribution from UNRELEASED to unstable -- Andreas Schuldei Wed, 3 Mar 2004 17:15:44 +0100 debian-edu-config (0.364) unstable; urgency=low * Rune Nordbøe Skillingstad - Package now conflicts debian-edu-install <= 0.616. (Closes: #235734) * Petter Reinholdtsen - Restart autofs at the end of the install, to make sure the new configuration is used. -- Rune Nordbøe Skillingstad Tue, 2 Mar 2004 09:20:24 +0100 debian-edu-config (0.363) unstable; urgency=low * Finn-Arne Johansen - Added /etc/mailcap - Added /etc/dhcp3/dhcp-skolelinux.conf * Petter Reinholdtsen - Make sure to include cf.nagios in the package. - Removed cf.modules as it is unused now. - Add missing quote character in cf.apache. (Closes: #235537) * Rune Nordbøe Skillingstad - Restart nscd - Fixed bug: /etc/dhcp3 was not created in install in Makefile - Moved /etc/mailcap to /lib/mime/packages/debian-edu-mailcap and using update-mime in postinst script - Package now depends on mime-support. -- Petter Reinholdtsen Mon, 1 Mar 2004 17:28:06 +0100 debian-edu-config (0.362) unstable; urgency=low * Ragnar Wisløff - Added cf.nagios and changes to cfengine.conf to include cf.nagios * Rune Nordbøe Skillingstad - Moved mime.types from cf.apache to cf.mime-support - Added rewriting of apache to cf.apache -- Petter Reinholdtsen Sun, 29 Feb 2004 17:06:43 +0100 debian-edu-config (0.361) unstable; urgency=low * Rune Nordbøe Skillingstad - Fixed wrong loggin in bind9 configuration - Moved restarting of services from cf-files to skolelinux-restart-services - Moved skolelinux-test-install and skolelinux-restart-services here from debian-edu-install - No more initializing of LDAP if data exists * Ragnar Wisløff - Changed default kernel for thin clients to PXE -- Petter Reinholdtsen Sun, 29 Feb 2004 15:42:13 +0100 debian-edu-config (0.360) unstable; urgency=low * Alex Brasetvik - New netgroups infrastructure. * Petter Reinholdtsen - Get rid of warning message if the user isn't allowed access to the sound device (artsmessagerc) and dialog box on initial login asking about default configuration (kpersonalizerrc). - Avoid confusing users about the disabled ssh tunneling script. (Closes: #233174) * Rune Nordbøe Skillingstad - Added ltsp network in acl for squid - Changed to use bind9 -- Petter Reinholdtsen Sat, 28 Feb 2004 17:42:09 +0100 debian-edu-config (0.359) unstable; urgency=low * Make sure /etc/default/update-hostname is created when needed. * Move named configuration from /etc/bind/ to /etc/bind/debian-edu/, to reduce the chance of a name conflict with existing zone files. (Closes: #232805) -- Petter Reinholdtsen Sun, 15 Feb 2004 15:43:26 +0100 debian-edu-config (0.358) unstable; urgency=low * Petter Reinholdtsen - Convert init.d/start-wlan to POSIX sh notation. - Make sure init.d/update-hostname is enabled for all profiles except the main-server profile. * Bart Cornelis - Changed occurences of devel@skolelinux.no to debian-edu@l.d.o everywhere. * Finn-Arne Johansen - Include sbin/logoutkill.sh and sbin/nightkill.sh in the package. -- Petter Reinholdtsen Sun, 15 Feb 2004 11:18:37 +0100 debian-edu-config (0.357) unstable; urgency=low * Make sure it is safe to run 'init.d/enable-nat start' several times. -- Petter Reinholdtsen Sat, 7 Feb 2004 20:49:18 +0100 debian-edu-config (0.356) unstable; urgency=low * Petter Reinholdtsen - Return 0 and not 5 from init.d scripts if the service is unavailable to avoid errors in Debian. The LSM specify 5 as the return value, but this give warnings from invoke-rc.d in Debian Woody. - Fix typo in init.d/enable-nat. - Make sure init.d/update-hostname is disabled by default. - Avoid error message from mii-tool in init.d/start-wlan. -- Petter Reinholdtsen Sat, 7 Feb 2004 20:27:39 +0100 debian-edu-config (0.355) unstable; urgency=low * Petter Reinholdtsen - Improve init.d/ltspnet-nat, making sure it enables IPv4 forwarding if it isn't enabled already. - Improve Linux Software Base complience for all init.d scripts. - Include init.d/backdoor and init.d/wlan in package. - Use dh_installinit to install and enable init.d scripts. This gets rid of some lintian warnings -- Petter Reinholdtsen Sat, 7 Feb 2004 19:53:48 +0100 debian-edu-config (0.354) unstable; urgency=low * Petter Reinholdtsen - Improve init.d/ltspnet-nat. Add 'restart' and 'status' arguments. Make it possible to override the default configuration using /etc/default/ltspnet-nat. - Add depends on iptables as init.d/ltspnet-nat need it. -- Petter Reinholdtsen Sat, 7 Feb 2004 10:07:46 +0100 debian-edu-config (0.353) unstable; urgency=medium * Petter Reinholdtsen - Make sure bin/update-ini-file handle missing files by creating them first, and then leave it to Config::IniFiles to update the content. - Change Build-Depends to Build-Depends-Indep as this package is architecture 'all'. - Add Andreas Schuldei as uploader. -- Petter Reinholdtsen Sat, 31 Jan 2004 20:19:56 +0100 debian-edu-config (0.352) unstable; urgency=medium * Petter Reinholdtsen - Jump to version number to 0.352 make sure it is higher than the version used in Skolelinux / Woody (0.351.skolelinux.#). - Fixed several syntax errors in ldap-bootstrap/root.ldif: All lisAclGroups needed a 'member' attribute, the Variables object was listed twice, and the cn and dn of object 'juadmins' was not the same. - Made sure all groups are object class posixGroup. - Reordered objectClass specifiers to make sure all objects use the same order; top, RFC-standardized groups, and site-specific groups. - Make sure ldap-skolelinux-install exit on first error, to try to detect if it fail. - Rewrite update-ini-file from using libconfig-ini-perl to using libconfig-inifiles-perl, to get a dependency which exist both in Woody and Sarge. * Per Harald Westby - cf.apache adds entries for OpenOffice.org document types to /etc/mime.types * Finn-Arne Johansen - Added scripts to remove stray processes. One for logout (logoutkill.sh), and one for a nightly cron task (nightkill.sh). - Added script apt-get-update-files-download that gives somewhat a better message whenever there is new packages waiting to be installed. -- Petter Reinholdtsen Fri, 30 Jan 2004 22:46:09 +0100 debian-edu-config (0.1) unstable; urgency=low * Initial upload, based on the current Skolelinux version 0.350-7. -- Petter Reinholdtsen Sat, 17 Jan 2004 16:00:09 +0100