debian-edu-router (2.13.0~beta3) unstable; urgency=medium * Upload to unstable. [ Mike Gabriel ] * conf/apache2/conf-available/debian-edu-router-deployserver.conf: Drop '-deployserver' from download URL of ISOs, squashfs images and FAI configspace tarballs. * bin/debian-edu-router-fai_mkconfigspacetarball (et al.): Adjust filename of the FAI configspace tarball slightly ('.' vs. '_'). * bin/debian-edu-router-fai_release: Add script. Support building staging installer files that can be released on demand. * debian/po/: + Update template.pot file. + Update translation files after templates.pot update. * debian/copyright: + Update auto-generated copyright.in template file. + Update copyright attributions. * lintian: Various adjustment for this release. [ Daniel Teichmann ] * d-e-r-p.mdns-reflector.postinst: warning_log -> notice_log; warning_log -> error_log; * d-e-r-p.c-f: Rename e2guardian-refresh-blacklists related stuff to squid- refresh-blacklist or similar. * d-e-r-p.c-f.postinst: Rename 'restart_e2guardian_autorefresh_blacklists' to 'restart_autorefresh_blacklists'. * bin/debian-edu-router_refresh-blacklists.sh: Update copyright header. * bin/debian-edu-router_refresh-blacklists.sh: Completely rewrite script. * D-E-R-P.C-F: Completely rework selection process of black/whitelist categories. * bin/debian-edu-router_refresh-generated-ips.sh: Fix small whitespace bug in debug_log. * d-e-r-p.c-f.postinst: Remove /etc/squid/snippets.d/25_squid_acls.generated_ d-e-r-p.c-f.conf file, if autogenerate IPs task is turned off. * bin/debian-edu-router_acl-watcher.sh: Rewrite script. * bin/debian-edu-router_acl-watcher.sh: Update copyright header. * d-e-r-p.c-f.postinst: Remove unused ACL debugging comments in Squid config. * D-E-R-P.C-F: Remove legacy blacklists.d references and update e2guardian list paths. * conf/e2guardian/e2guardian{f1.conf,.conf.in}: Update __LISTDIR__ paths. -- Mike Gabriel Fri, 28 Mar 2025 23:08:18 +0100 debian-edu-router (2.13.0~beta2) experimental; urgency=medium [ Mike Gabriel ] * Debian Edu Router code: - Prepare for trixie (and for forky, rudimentarily). - conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/NFSROOT: Adopt various additions/changes from FAI upstream. * Packaging: + debian/debian-edu-router-plugin.content-filter.lintian-overrides: Upload line number of maintainer-script-calls-service override. + debian/debian-edu-router-deployserver.dirs: Create dirs exported via httpd. + debian/control: Use Git repo in Homepage: field for now. (LP:#2100822). [ Daniel Teichmann ] * Debian Edu Router code: - d-e-r-p.c-f: Drop debian-edu-router.conf file into /etc/default/uif.d/; Set default FILTER_COMMAND="iptables-legacy". - Makefile.iso: Smaller adjustments. Make *-globs more specific. - debian/debian-edu-router.common: Add generate_unique_pairs() function. - d-e-r-p.m-r.templates: Add templates for Googlecast, Miracast, AirPrint, AirPlay, IPP@Everywhere. - d-e-r-p.m-r.config: Add statemachine logic for new templates of firewall services. - d-e-r-p.m-r.postinst: Implement logic for new firewall service questions. - d-e-r-p.m-r.postinst: Change logging verbosity to WARNING. Reduces a lot of very verbose messages. - d-e-r-p.m-r.postinst: Instead of just restarting mdns-reflector, ENABLE + RESTART the service. * Packaging: + debian/control: Fix 'Breaks: ' field of d-e-r-common. -- Mike Gabriel Tue, 18 Mar 2025 17:07:27 +0100 debian-edu-router (2.13.0~beta1) experimental; urgency=medium * Upload to experimental. [ Daniel Teichmann ] * Add plugin: debian-edu-router-plugin.mdns-reflector (d-e-r-p-m-r). * Add plugin: debian-edu-router-plugin.content-filter (d-e-r-p-c-f). * Add plugin: debian-edu-router-plugin.ldap-connector (d-e-r-p-l-c). * Add plugin: debian-edu-router-plugins.krb5-connector (d-e-r-p-k-c). * Factor-out various functionalities to debian-edu-router-common bin:pkg. * Improve logging and debug support. * debian/d-e-r.common: Enforce debug msgs if /etc/debian-edu-router/debug was found. * d-e-r-loginmenu: Introduce plugin support. * d-e-r-loginmenu.sh: Stay consistent with unicode triple-dots (…) and normal ones (...). * loginmenu: Add options which toggle plugin's functionality. * loginmenu: Do not skip directly to main menu if in plugin menu. * loginmenu: Add option to toggle debug messages. * loginmenu: Introduce indicator, if plugin is enabled or not, in the plugin submenu. * loginmenu: Add 'etckeeper' support for plugins. * loginmenu: Add visual way of telling if task of a plugin is activated/ deactivated. * loginmenu: Support showing system logs. * loginmenu: Introduce new option to show DHCP leases of dnsmasq. * conf/debian-edu-router-plugins/d-e-r-p.example.sh: Add example plugin metadata file. * debian-edu-router-config: Various refactorings regarding network configuration management. (E.g. per-interface dnsmasq service units) * Improve and adjust Makefile.debug for 2.13.0 release. * Improve and adjust Makefile.iso for 2.13.0 release. * debian/d-e-r-c.common: Fix bug where different shells would produce different outputs in compare_comma_separated_items. * debian/d-e-r-c.config: Fix VLAN needed-ifaces calculations and show error dialog if too few interfaces are available. * debian/d-e-r-c.postinst: Show an easy copy&paste-able command to restore backed-up configuration after a service restart failure. * debian/d-e-r-c.config: Fix iface assignment message. (Iface was 'ok' every time). * debian/d-e-r-c.config: Allow user to cancel (back up) iface assignment. * debian/d-e-r-c.config: Bailout if interface assignment for VLAN is not successful after 5 tries. * debian/d-e-r-c.config: Fix step-by-step mode for iface assignment of internal networks. * debian/d-e-r-c.config: Reset VLAN iface debconf question if not using VLANs. * debian/d-e-r-c.common: Fix get_internal_networks_ifaces() not considering VLANs. * debian/d-e-r-c.common: Add option to not lowercase network names in get_internal_networks{_ifaces}. * debian/d-e-r.common: Add filter_item() function. * Add 'debian-edu-router-reconfigured' dpkg trigger. Reconfigure plugins packages when aforementioned trigger got activated. * debian/d-e-r-c.postinst: Remove plugin related config files before generating our own. * debian/d-e-r-c.postinst: If 'SKIP_SERVICE_RESTARTS_POSTINST' is set, also skip stopping networking service! * bin/debian-edu-router-fai_updateconfigspace: Fix quoting typo in git command. * docs/{webcache.md.in,squid_ACLs_explained.md.in}: Provide detailed content filter documentation. * debian/d-e-r-p.*.postinst: Unify code style (configure_package). * debian/d-e-r-c.config: Fix issue where step-by-step setup would be stuck in a loop. * debian/d-e-r-c.postinst: Fix issue where aborting an upgrade would make postinst fail completely. * data/filterlists.d/ProxyAllowSite.dist: Add '.debian.org' as always allowed and trusted website. * Debconf templates: Replace all occurrences of 'Debian Edu Router' to improve product branding. (D-E-R is brandable and can be renamed by vendors). * Project Wide: Use '/usr/lib/systemd/system/' instead of '/lib/systemd/system/'. * fai/config/debconf/DEBIAN_EDU_ROUTER: Add preseedings for Debian Edu Router Plugins. * fai/config/debconf/DEBIAN_EDU_ROUTER: Fix preseedings for VLAN IDs. * fai/config/files/etc/hosts/DEBIAN_EDU_ROUTER: Add tjener.intern (and ldap, www, ...) to /etc/hosts. * All plugins: Add general should-plugin-be-enabled question. * fai/config/class/z20_debian-edu-router.profile: Fix default selection. * fai/config/files/etc/debian-edu-router/debug/DEVELOPMENT: Add file; Force- Enable debugging mode, if DEVELOPMENT class was selected. * Add Debian Edu Skolelinux logo to /usr/share/debian-edu-router/logos/ 00_debian-edu-router_logo.svg (and use it in error pages when squid blocks internet access). * docs/squid_ACLs_flowchart.{svg, drawio}: Add schematics of the content filter engine. * bin/debian-edu-router-loginmenu.sh: Show version in addition to PRODUCTNAME and MACHINE_ID. * FAI conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/grub.cfg: Update file. * d-e-r-f grub.cfg.temp: Add background image and DejaVuSansMono font. * update-po{t}.sh: Use po/DOMAINS file to keep track of GETTEXT_DOMAINS. * All systemd services: Declare dependency on network-online.target. * bin/debian-edu-router-loginmenu.sh: Add button for starting 'htop' utility. * Update copyright notices in various files. * debian/control: + Add various 'Suggests' and 'Enhances' fields. + Add openssh-{client, server} as dependencies. + Move dnsmasq from Recommends: to Depends:. + Add to Depends: Add netcat-openbsd. [ Mike Gabriel ] * bin/debian-edu-router-fai_updateconfigspace: More reliably detect if we are in a Git working copy. * debian/copyright: Update copyright attributions. * debian/copyright: Update auto-generated copyright.in file. * lintian: Introduce more overrides where appropriate. * Make FAI installer localizable. * fai/config/class/: Support switching to another locale in FAI installer dialogs based on classes set in FAI profiles. * debian/: Split-out translation files of debian-edu-router-fai into its own bin:pkg (debian-edu-router-fai-l10n, to be installed in the FAI nfsroot). * debian/: Refactor how .po files get generated into .mo files and how they get installed into the bin:pkgs. * Various FAI installer improvements and bug fixes. * Make PRODUCTNAME partially localizable, rework how the PRODUCTNAME is printed on screen in plugins. * fai/config/package_config/DEBIAN: Make sure rsyslog is installed. * debian/README.i18n{,md}: Provide i18n guidelines for fully localizing debian-edu-router. * debian/control: + Add d-e-r-common to Pre-Depends: of d-e-r-common and d-e-r-fai bin:pkgs. + Add 'ssl-cert' to Pre-Depends: of d-e-r-plugin.content-filter. + debian/control: Pre-depend on debconf (for all bin:pkgs with debconf calls in preinst scripts. + Sort package names in D:/R: fields. + Add to R: (d-e-r-config): gpm. + Line-wrap S: field (d-e-r-config). + Add to R (content-filter): squid-langpack. + Bump Standards-Version: to 4.7.2. No changes needed. * debian/po/: + Update debconf dialogs translation files. * debian/*.templates: Fine-tune English translation templates for upload. Thanks, lintian. (fa54d887) * debian/*.lintian-overrides: Update lintian overrides. (fb7b43f3) * debian/debian-edu-router-plugin.content-filter.{postinst,postrm}: Drop backup/removal and restore of /etc/squid/conf.d/debian.conf. * conf/squid/snippets.d/01_squid_base_d-e-r-p.c-f.conf: Define localnet ACL so that /etc/squid/conf.d/debian.conf does not have to be removed. [ Temuri Doghonadze ] * po/: Add Georgian translations. (Many thanks from the upstream authors!!!). -- Mike Gabriel Mon, 10 Mar 2025 11:25:20 +0100 debian-edu-router (2.12.8) unstable; urgency=medium [ Daniel Teichmann ] * debian/d-e-r-c.postinst: Fix dnsmasq conf generation for networks over VLAN. * debian/d-e-r-c.config: Fix QCOUNT typo. (Prevents always showing not- implemented dialog). (Closes: #1049329). * debian/d-e-r-c.postinst: Only generate UIF filter rules for SSH if 'Uplink' interface is defined. (Closes: #1050231). [ Mike Gabriel ] * Adjust script name in README and print output (d-e-r-faiinstall -> d-e-r- fai_install). * debian/po: + Add pt_BR translation. Thanks to Paulo Henrique de Lima Santana. (Closes: #1037129). + Add sv.po. Thanks to Peter Kvillegård. (Closes: #1049959). + Add nl.po. Thanks to Frans Spiesschaert. (Closes: #1041874). * lintian: Adjust file lines in overrides. -- Mike Gabriel Mon, 11 Sep 2023 13:01:21 +0200 debian-edu-router (2.12.7) unstable; urgency=medium * d-e-r-c.postrm: Fix /etc/dnsmasq.d/ path name in comment. * debian/po/: + Update es.po. Thanks to Camaleón. (Closes: #1035682). + Update de.po. -- Mike Gabriel Mon, 15 May 2023 23:47:17 +0200 debian-edu-router (2.12.6) unstable; urgency=medium [ Daniel Teichmann ] * debian/d-e-r-c.{config,templates}: Add debian-edu-router-config/service-ssh- custom-port dialog & template. * debian/d-e-r-c.postinst: Generate sshd + uif config files for custom SSH port. * debian/d-e-r-c.postrm: Purge d-e-r related SSH service config files. * debian/d-e-r-c.postinst: Generate uif service definition (SSH custom port). * debian/d-e-r-c.postinst: Don't generate firewall rules, if SSH service is disabled. * debian/d-e-r-c.postinst: Replace sshd with ssh for invoke-rc.d call. * debian/d-e-r-c.config: Make sure user doesn't accidentely quit the conf dialog when trying to backup… * debian/d-e-r-c.postinst: Make nosetup_reason2 message bold. [ Mike Gabriel ] * debian/po: Update nl.po. Thanks to Frans Spiesschaert. (Closes: #1033906). * debian/debian-edu-router-config.config: Grammar fix. * debian/debian-edu-router-config.templates: Add EOL at EOF. * debian/d-e-r-c.{config, postinst}: Selectively allow/block incoming SSH connections. * debian/debian-edu-router-config.config: White-space fixes. * debian/debian-edu-router-config.config: Fix wrong debconf screen numbers that got broken by cherry-picking. * debian/po: Add pt_BR translation. Thanks to Paulo Henrique de Lima Santana. (Closes: #1034029). * debian/debian-edu-router-config.postinst: Assure enabling of SSH service in case it got disabled beforehand. * debian/debian-edu-router-config.postinst: Use update-rc.d instead of systemctl for disabling ssh service. * debian/debian-edu-router-config.lintian-overrides: Update line number in recursive-privilege-change override. Add various update-rc.d override. * debian/po/: Update translation files. * debian/debian-edu-router-config.postinst: Silence stdout/stderr of update-rc.d. Thanks, lintian. * debian/debian-edu-router-config.postinst: Ignore failures of update-rc.d when (re-)enabling ssh service. * debian/debian-edu-router-fai.lintian-overrides: Silence false-positive lintian reports. * debian/po/: Update es.po. Thanks to Camaleón. (Closes: #1034706). * debian/d-e-r-config.{postinst,postrm}: Assure that /etc/ssh/sshd_config.d/ exists when needed, purge it again if probably created by us. * debian/d-e-r-config.postrm: Purge /etc/dnsmasq.d/ again if probably created by us. -- Mike Gabriel Wed, 26 Apr 2023 08:26:22 +0200 debian-edu-router (2.12.5) unstable; urgency=medium [ Daniel Teichmann ] * Makefile.iso: Split CHROOT_LOCATION via 'tr' to avoid possible 'Union Directory' entries. * debian/d-e-r-c.postinst: Remove 'WARNING' from skip-network-setup msg to avoid it being shown at FAI installation. * debian/d-e-r-c.config: Remove old color codes and replace them with new color variables. * debian/d-e-r-c.config: Make bailout_on_too_many_failures() colorful. * {po/de.po, po/templates.pot, debian/d-e-r-config.templates}: Update translation. * debian/d-e-r-c.config: Make DNS nameserver question more reliable + support IPv6. * debian/d-e-r-c.config: IPv4 DNS NS's can provide IPv6 NS's and vice versa. So don't force both IPv4 and IPv6 nameservers. * debian/d-e-r-c.lintian-overrides: udevadm guard warning has been fixed. * debian/d-e-r-c.postrm: Set title to 'Debian Edu Router'. * debian/d-e-r-c.{templates,config,lintian-overrides}: Remove debian-edu-router-config/title. * debian/d-e-r-c.config: Add '|| true' guard to udevadm call. Thanks, Lintian. * debian/d-e-r-config.templates: Don't break '_Description:' line. Update translation. * po/{de.po,templates.pot}: Update template language files. [ Mike Gabriel ] * package_config/DEVELOPMENT.{asc -> gpg}: Rename file. Support for .asc files has been dropped in FAI. * fai/config/_obsolete-files.d/debian-edu-router-fai.removed: Mark package_config/DEVELOPMENT.asc as obsolete file. * bin/debian-edu-router-fai_instal: Mount /proc and /sys in nfsroot prior to creating/updating it. Those mountpoints are needed by dracut's 45url-libs module. * debian/copyright: Adjust for renamed DEVELOPMENT.{asc|gpg} file. * bin/debian-edu-router-fai_*: Drop support for Debian versions older than bullseye. * bin/debian-edu-router-fai_install: Drop non-free-firmware repo area if preparing a bullseye nfsroot. * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/NFSROOT: Forward-port changes from NFSROOT in FAI 6.0. * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/NFSROOT: Add libnss3. Required by dracut's 45url-libs module. * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/apt/sources.list.in: Add non-free-firmware package repo area. * fai/config/package_config/: Temporarily stop using 'aptitude' installation type, switch to legacy 'install' (i.e. apt-get). * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/nfsroot.conf.in: Drop '--include=aptitude' from FAI_DEBOOTSTRAP_OPTS. Not supported by FAI 6.0 currently. * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/nfsroot.conf.in: Add '--include=ca-certificates' to FAI_DEBOOTSTRAP_OPTS. For https deb-URLs it is vital to have ca-certificates already installed in FAI's base.tar.xz chroot tarball. * fai/config/package_config/FAIBASE: Drop libnss-sss and libpam-sss. (Remnant from Debian LAN which we used as a starting point). * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/grub.cfg: Mark simultaneous DHCP discovery as experimental, not BROKEN. It has been working quite well during recent tests. * debian/debian-edu-router-config.postinst: Assure that /etc/dnsmasq.d/ exists before placing files into it. * debian/debian-edu-router-config.postinst: Silence and ignore errors if /etc/dnsmasq.d/ is empty when attempting to remove files from it. * fai/config/class/90-development: Disable DEVELOPMENT class. * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/apt/sources.list.in: Comment out DEVELOPMENT APT repository. * conf/debian-edu/fai/debian-edu-router-fai.TEMPLATE/apt/trusted.gpg.d/: Rename itzks-keyring.gpg to DEVELOPMENT.gpg * fai/config/class/90-development: Disable DEVELOPMENT class. * debian/debian-edu-router-config.lintian-overrides: update line number. [ Camaleón ] * debian/po: Add es.po. Thanks to Camaleón. (Closes: #1033016). [ Frans Spiesschaert ] * debian/po: Add nl.po. Thanks to Frans Spiesschaert. (Closes: #1032534). -- Mike Gabriel Mon, 20 Mar 2023 08:49:18 +0100 debian-edu-router (2.12.4) unstable; urgency=medium [ Daniel Teichmann ] * debian/d-e-r-c.config: Replace old remnants of 'backbone' with 'mgmt'. * debian/d-e-r-c.templates: Fix typo in the 'Printers' DHCP example. * debian/d-e-r-c: Restrict the firewall so that you can no longer connect to other internal networks directly. * Makefile.debug: Add packages 'gpm' + 'ipv6calc'; Fix package 'ip4calc' -> 'ipcalc'. * bin/debian-edu-router-loginmenu.sh: Add 'completely configure d-e-r' option. * fai/config/debconf/DEBIAN_EDU_ROUTER: Fix one of the debconf preseedings. (papercut). * debian/d-e-r-c.postinst: Refactor echo log-statements to 'debug_log' or 'error_log' func calls. * debian/d-e-r-c.postinst: Rephrase port-is-already-in-use warning_log. * debian/d-e-r-c.postinst: If 'D_E_R_DEBUG' is set, don't just delete generated config files. * debian/d-e-r-c.{config,lintian-overrides}: Fix vlan template typo. * po/de: Update german language files. * po/: Execute ./update-pot.sh (Update language files). * debian/po/*: Execute debconf-updatepo (Update language files). * debian/po/de.po: Update german language files. * po/de/LC_MESSAGES/debian-edu-router-config.po: Make loginmenu strings more uniform. * debian/d-e-r-c.common: Add warning_log_stderr(). * debian/d-e-r-c.config: Don't run preconfigure stage, because commons file is not yet ready. * debian/d-e-r-c.config: Wait for iface link to be up before continuing. * debian/d-e-r-c.config: Add set_all_available_ifaces_up() and add a little documentation. * debian/d-e-r-c.{config,templates}: Step-By-Step: Optimize Uplink interface gathering. * debian/d-e-r-c.config: Step-by-Step: Fix bug where iface could be empty for internal network iface matching. * debian/d-e-r-c.postinst: Remove leftover reference of removed template 'debian-edu-router-config/net-connect-ext-iface-uplink'. [ Mike Gabriel ] * debian/debian-edu-router-config.templates: Shorten SHORT_DESCRIPTION fields to be under 78 chars long. * lintian: Drop too-long-short-description-in-templates overrides. * lintian: Adjust line numbers of some overrides. * debian/debian-edu-router-config.templates: Wrap too-long-lines in LONG_DESCRIPTION fields. (No change in the wording). * debian/po/templates.pot: Update file. * debian/po/: Update de.po. -- Mike Gabriel Thu, 16 Feb 2023 08:03:50 +0100 debian-edu-router (2.12.3) unstable; urgency=medium * debian/control: Add to D (d-e-r-c): procps (provides sysctl cmd). (Closes: #1030574). -- Mike Gabriel Sun, 05 Feb 2023 21:28:34 +0100 debian-edu-router (2.12.2) unstable; urgency=medium * debian/debian-edu-router-config.postinst: Create directory /etc/sysctl.d before writing a file into it. (Closes: #1030359). * fai/config/files/lib/systemd/system/startup-shutdown-chiptune.service/ GATEWAY: Add license header. * debian/copyright: Update copyright attributions. * debian/debian-edu-router-config.postrm: Assure purging of our sysctl config snippet. * lintian: Adjust line number in recursive-privilege-change override. -- Mike Gabriel Sat, 04 Feb 2023 15:33:09 +0100 debian-edu-router (2.12.1) unstable; urgency=medium [ Daniel Teichmann ] * FAI: Move startup-shutdown-chiptune.service to /lib/systemd/system/ and execute fcopy on it. * bin/debian-edu-router-loginmenu.sh: Fix 'ITEM_REBOOT_REBOOTING_NOW' string. * po/de/LC_MESSAGES/debian-edu-router-config.po: Fix punctuation typo; update pot files. -- Mike Gabriel Wed, 01 Feb 2023 12:25:04 +0100 debian-edu-router (2.12.0) unstable; urgency=medium * Initial release. (Closes: #1029988). -- Mike Gabriel Sun, 29 Jan 2023 22:05:00 +0100