Change log for debian-edu-config package in Debian
| 1 → 75 of 288 results | First • Previous • Next • Last |
debian-edu-config (2.12.45) unstable; urgency=medium
* share/debian-edu-config/tools/gosa-sync:
+ From password TMPFILE, strip newline character from end-of-file.
The LDAP whoami call for verifying the correctness of the passed-in
user password requires a password file without trailing newline
to succeed.
* share/debian-edu-config/gosa.conf.template:
+ Various white-space fixes.
+ Don't (single-)quote placeholders in plugin hooks. GOsa² will add single-
quotes around placeholder variables when generating hook commands. Esp.
when using single quotes around placeholders, they will be duplicated
and thus eliminate eacher other. This problem occurred for users
with space characters in their DN while changing the user's password.
(The hook would only operate on a partial DN string, split at first
space char occurrence in the DN string).
-- Mike Gabriel <email address hidden> Thu, 25 Jul 2024 09:52:14 +0200
| Published in bookworm-release |
debian-edu-config (2.12.44~deb12u1) bookworm; urgency=medium * Upload to bookworm. -- Mike Gabriel <email address hidden> Thu, 01 Feb 2024 10:52:12 +0100
debian-edu-config (2.12.44) unstable; urgency=medium
* share/debian-edu-config/tools/wpad-extract:
+ Update IP of www.debian.org.
+ Don't use the proxy for accessing wpad.
* share/debian-edu-config/tools/fetch-rootca-cert:
+ Don't use the proxy for accessing wwww.intern.
* debian/debian-edu-config.maintscript:
+ Remove stray /etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert. Should have
been removed with 2.12.34 already. (Closes: #1061560).
+ Use <prior-version> version numbers as recommended on the
dpkg-maintscript-helper man page (the current upload version suffixed
by '~').
-- Mike Gabriel <email address hidden> Wed, 31 Jan 2024 15:07:09 +0100
debian-edu-config (2.12.43) unstable; urgency=medium
[ Holger Levsen ]
* d/changelog:
- add missing Closes: for #1021688, #1024033 and #1039461 in previous
entries to ease future debugging.
- fix too long line in previous entry.
-- Holger Levsen <email address hidden> Mon, 25 Dec 2023 11:56:02 +0100
| Superseded in bookworm-release |
debian-edu-config (2.12.41~deb12u1) bookworm; urgency=medium * Upload to bookworm. -- Mike Gabriel <email address hidden> Sun, 03 Dec 2023 08:45:42 +0100
debian-edu-config (2.12.42) unstable; urgency=medium
* share/debian-edu-config/tools/update-proxy-from-wpad: Ignore missing dconf
command. (Closes: #1057777). It might be missing on main-server installations
where no desktop environment is installed.
-- Mike Gabriel <email address hidden> Sat, 09 Dec 2023 08:15:45 +0100
debian-edu-config (2.12.41) unstable; urgency=medium
[ Guido Berhoerster ]
* gosa-sync: Decode the user password which GOsa substitutes base64 encoded.
This fixes a bug where the user password could not be set or changed.
(related to #1052159).
-- Mike Gabriel <email address hidden> Fri, 01 Dec 2023 21:44:38 +0100
debian-edu-config (2.12.40) unstable; urgency=medium
* share/debian-edu-config/gosa.conf.template:
+ Deploy GOsæ² based on its classic theming, the Materialize CSS theme is
too immature to be used in production.
-- Mike Gabriel <email address hidden> Thu, 30 Nov 2023 08:32:34 +0100
debian-edu-config (2.12.39) unstable; urgency=medium * ldap-bootstrap/root.ldif: Fix gosaAclEntry of BaseDN object. -- Mike Gabriel <email address hidden> Sun, 19 Nov 2023 09:56:39 +0100
debian-edu-config (2.12.38) unstable; urgency=medium [ Wolfgang Schweer ] * Fix main server network setup. Closes: #1055647. -- Holger Levsen <email address hidden> Fri, 10 Nov 2023 16:42:11 +0100
debian-edu-config (2.12.37) unstable; urgency=medium
[ Guido Berhoerster ]
* Discard excessive nullmailer logging.
Filter out log messages coming from a client running nullmailer since it is
very verbose and can easily fill up the filesystem under /var/log.
(Closes: #1003728).
* ldap-createuser-krb5: fix password prompt.
* Disable cfengine3 systemd service.
Disabling only cf-execd in 75b4e3f7 (see #1041323) did not work as it gets
pulled in as a dependency of cfengine3. Thus disable the cfengine3 service
instead.
* Rewrite testsuite/filesystems, add exception for /boot
Rewrite for clarity and robustness. Add exception for /boot which may use
ext2.
* testsuite/ldap-{server,client}: Fix invocation of ldapsearch.
The -h command line option has been removed, ldapsearch now only accepts a
LDAP URI via the -H option.
Also do not use the deprecated egrep and get rid of unnecessary wc.
Use dig and awk instead of host and interpret the SRV record properly.
* testsuite/ldap-client: Improve error message on PAM modules.
* Fix remaining invocations of ldapsearch.
* Disable using the LDAP PAM module (we use pam_krb5.so instead).
* setup-freeradius-server: Set commonName and subjectAltNames on the server
cert.
(Closes: #1010159).
* setup-freeradius-server: Improve robustness
Use update-ini-file for OpenSSL config files.
Use more precise sed substitutions which do not rely on example values.
Increase password length from 8 to 16 characters.
* Change minimum UID/GID for LDAP user to 2000 (Closes: #1003192)
With this change local user accounts now use the UID/GID range 1000-1999
instead of 500-999 whereas LDAP user accounts use 2000-59999 instead of
1000-59999. This is to reserve UID/GID 0-999 for system users which is the
default in Debian and not conforming to it is increasingly problematic as
packages are beginning to use systemd-sysusers for creating system user
accounts which does not obey /etc/addusers.conf or /etc/login.defs by default.
The first user account created during installation now has UID/GID 2000 instead
of 1000.
Configure gosa and adjust ldap-createuser-krb5 accordingly.
-- Mike Gabriel <email address hidden> Wed, 27 Sep 2023 09:57:06 +0200
debian-edu-config (2.12.36) unstable; urgency=medium
[ Mike Gabriel ]
* ldap-bootstrap/gosa.ldif:
+ Provide ou=incoming potentially used by GOsa²'s class 'newArpDevice'.
This is esp. to silence GOsa² error messages but might be useful at a
later point of time.
[ Guido Berhoerster ]
* Update proxy settings in dconf.
This adds support in update-proxy-from-wpad for setting the proxy default
values in dconf (used by e.g. GNOME components). The values are added to
a site database, it also packages an empty local database in order to
obviate the need to modify the user profile. (Closes: #955702)
* Remove use of obsolete grep aliases. These have been obsolete forever and
have been removed from GNU grep upstream.
* Use command -v builtin over external which command
* Do not solely rely on the presence of init scripts in maintainer scripts.
Check also for systemd service files.
* Remove direct invocation of wlan init script. This no longer exists in
Debian.
* Replace invocation of fetch-ldap-cert init script in DHCP hooks and rename.
dhclient hook in Makefile.
This has been replaced by fetch-rootca-cert (see #971780).
* Silence exim4 warnings in logfile.
The lack of keep_environment in the exim4 configuration for clients leads to
continuous warnings in the logfile:
'Warning: purging the environment. Suggested action: use keep_environment.'
Setting it to an empty value (which is the default) silences that.
* Ship PAM group.conf for workstations. LDAP users should be members of
several system groups on networked (roaming) workstations.
* Add missing dependency on iptables
This is required by debian-edu-update-netblock (Closes: #1051446).
-- Mike Gabriel <email address hidden> Sat, 09 Sep 2023 23:04:46 +0200
debian-edu-config (2.12.35) unstable; urgency=medium
[ Guido Berhoerster ]
* Remove configure-edu-gateway. (Closes: #1043407).
The script is obsoleted by the more sophisticated configuration
abilities provided by the debian-edu-router-config package.
* Do not hardcode X2Go desktop to Xfce. (Closes: #1049396).
Add a commandline option --x2go_desktop for specifying the default desktop
and make a best effort finding a usable desktop if none is specified.
* Disable cf-execd on installation. (Closes: #1041323).
Currently cf-execd is enabled by default if systemd is used (see #1043353)
but the agent should only be run on installation.
* Do not attempt to fetch the rootCA cert outside of a DebianEdu network
An error should only be reported if the machine is inside a DebianEdu
network, i.e. www.intern is resolvable, but the download fails. (Closes:
#1008599).
[ Mike Gabriel ]
* debian/tests/control: Remove configure-edu-gateway from list of tests.
Script and testscript are now gone. (Related to closure of #1043407, see
above).
* Silence lintian warnings of type 'bash-term-in-posix-shell' by using
variable names that lintian can't confuse with bash-only pre-set
variables (e.g. $HOSTNAME or $UID).
-- Mike Gabriel <email address hidden> Sat, 19 Aug 2023 17:00:36 +0200
debian-edu-config (2.12.34) unstable; urgency=medium
[ Mike Gabriel ]
* Start 2.12.34 development.
* debian/debian-edu-config.lintian-overrides:
+ Update existing overrides (line numbers and such).
+ Drop missing-systemd-service-for-init.d-script overrides. Systemd service
files are now provided.
+ Drop init.d-script-does-not-implement-status-option override for
fetch-ldap-cert. Init script is now gone.
* testsuite: Install to pkglibexecdir rather than libexecdir. Thanks lintian.
* Makefile: Adjust white-spacing in variable declarations.
* Makefile: Use $(NULL) variable at end of file lists. Allow for better git-
patch readability.
* Convert CRON configuration to systemd timers.
* sbin/*-for-netgroup-hosts: Some noop + white-spacing beautifications.
* Move d-e-c-*-for-netgroup-hosts scripts to pkglibexecdir.
* debian/debian-edu-config.postinst:
+ Assure runlevel de-registering of init script fetch-ldap-cert.
* debian/debian-edu-config.maintscript:
+ Assure removal of /etc/init.d/fetch-ldap-cert conffile.
* debian/debian-edu-config.cron.*:
+ Only run scripts if they exist. Thanks piuparts.
[ Daniel Teichmann ]
* etc/dhcp/dhcp-debian-edu.conf:
+ ldap-server. 'ldap' -> 'ldap.intern'. (Closes: #1039966).
* share/debian-edu-config/tools/gosa-remove:
+ Fix kadmin.local, Use '-force' to disable interaction via stdin.
[ Guido Berhoerster ]
* ldap-tools/ldap-createuser-krb5:
+ Fix user creation. (Closes: #1042456).
Remove Samba NT4 domain support, add samba user using smbpasswd.
Add root CA for new users (copied from gosa-create).
+ Fix new UID/GID selection.
Exclude special users (UID/GID >= 10000) when looking for the highest
UID/GID.
+ Add CLI options for uid/gid/department.
Also ensure script is run as root.
+ Add additional attributes based on template users.
+ Add support for additional groups.
+ Send welcome email in order to create maildir.
Without this the maildir in /var/mail/<user> will not exist and Dovecot
will refuse to let the user log in as it cannot create this directory.
+ Set LDAP password when creating users.
This allows users to use GOsa² to change their password.
* Add systemd services for configuring Chromium/Firefox from LDAP.
Factor out logic from init script into separate script which are then called
from both the init script and systemd services.
* Add systemd service enabling NAT for thin clients.
* Add systemd service for fetching the RootCA file from the main server.
* Drop init script for fetching LDAP SSL public key from legacy main servers.
This drops support for clients running behind a main server based on Debian
Edu stretch. (Closes: #1030116).
* Update debian/rules for init scripts and systemd services. (Closes:
#1039166).
* Generate a random password for the icinga/icingaweb databases.
(Closes: #1040015).
* update-dlw-krb5-keytabs: Handle missing/empty diskless-workstation-hosts.
* Followup fixes for ntpsec transition.
* Add systemd support to debian-edu-restart-services: This uses a list
of service units which was compiled on a main server + ltsp
installation. Uses stop and start to force restart
reverse-dependencies. It also makes sure that drop in files are
recognized. (Closes: #1042940).
* Configure gosa not to use STARTTLS since TLS is already used. ldapTLS
configures the use of STARTTLS, not TLS per se which is enabled by the
use of ldaps: protocol in URLs. (Closes: #1041322).
* Allow root access to cups via SystemGroups. 'root' access is allowed in
the default configuration and e.g. necessary for services like
debian-edu-cups-queue-autoflush.service to work. (Closes: #1043397).
* cf3/promises.cf: fix typo and allow connections from localhost and network.
-- Mike Gabriel <email address hidden> Thu, 10 Aug 2023 16:47:59 +0200
debian-edu-config (2.12.33) unstable; urgency=medium
[ Guido Berhoerster ]
* Adapt ntp configuration for ntpsec. Closes: #1038881.
ntpsec has replaced ntp in bookworm, adapt configuration and add a
drop-in file instead of editing the configuration file. Drop insserv
overrides for ntp, the ntpsec systemd unit has an ordering dependency
on nss-lookup.target equivalent to the "$named" facility.
* Set up database for icingaweb2
Starting with version 2.11 user preferences must be stored in the DB.
* Fix permissions issue preventing icingaweb2 from reading the backend config
The /etc/icingaweb2/modules directory ends up with "drwxrwSrwx" permissions,
missing the "x" bit preventing icingaweb2 from reading the monitoring backend
configuration in /etc/icingaweb2/modules/monitoring/. Instead of adjusting
single files and directories, enforce sensible permissions on all directories
and configuration files. Closes: #1039475.
-- Mike Gabriel <email address hidden> Sat, 01 Jul 2023 05:41:56 +0200
debian-edu-config (2.12.32) unstable; urgency=medium
* debian-edu-ltsp-install: fix failure with absent BD iso images. Patch
thanks to Wolfgang Schweer. Closes: #1033451.
-- Holger Levsen <email address hidden> Mon, 27 Mar 2023 20:40:47 +0200
debian-edu-config (2.12.31) unstable; urgency=medium
* sbin/debian-edu-pxeinstall: adjust for memtest86+ 6.10-4, thanks to
Wolfgang Schweer.
* Turkish debconf translation update, thanks to Atila KOÇ. Closes: #1031668.
-- Holger Levsen <email address hidden> Sun, 26 Feb 2023 10:10:43 +0100
debian-edu-config (2.12.30) unstable; urgency=medium
d-i/finish-install: fix typo, thanks to Wolfgang Schweer.
-- Holger Levsen <email address hidden> Wed, 15 Feb 2023 15:14:02 +0100
debian-edu-config (2.12.29) unstable; urgency=medium
* d-i/finish install: remove first local user (and kdc and ldap if set)
passwords from debconf after setting them in the system. Thanks to
Wolfgang Schweer. Closes: #1029077.
* d-i/pre-pkgsel: only set kdc and ldap passwords on main-server, thanks to
Wolfgang Schweer.
-- Holger Levsen <email address hidden> Mon, 13 Feb 2023 17:48:44 +0100
debian-edu-config (2.12.28) unstable; urgency=medium
[ Mike Gabriel ]
* ldap-bootstrap/gosa.ldif: Adjust gosaAclTemplate to GOsa² 2.8 (all ->
all/all).
-- Holger Levsen <email address hidden> Mon, 06 Feb 2023 21:22:46 +0100
debian-edu-config (2.12.27) unstable; urgency=medium
* debian-edu-pxeinstall: adopt to recent changes in memtest86+. Thanks to
Wolfgang Schweer.
* gosa.conf.template: use LDAPS instead of LDAP to access tjener.
Closes: #1030348. Thanks to Daniel Teichmann for the bug report and
Wolfgang Schweer for the patch.
-- Holger Levsen <email address hidden> Mon, 06 Feb 2023 11:39:05 +0100
debian-edu-config (2.12.26) unstable; urgency=medium
* tools/create-debian-edu-certs: use chown with colon instead of a dot,
thanks lintian.
* Explicitly use bash for ldap-tools/ldap-createuser-krb5,
sbin/debian-edu-ltsp-chroot and testsuite/ldap-server, thanks lintian.
* d/control:
- drop obsolete depends on lsb-base, thanks lintian.
- bump standards version to 4.6.2, no changes needed.
* d/source/lintian-overrides: override some
very-long-line-length-in-source-file warnings.
* d/debian-edu-config.lintian-overrides:
- convert to new syntax.
- override a bunch of unused-debconf-template warnings.
- override init.d-script-does-not-implement-status-option for internal init
scripts.
- override some bash-term-in-posix-shell where I confirmed those are false
positive.
-- Holger Levsen <email address hidden> Mon, 30 Jan 2023 14:37:19 +0100
debian-edu-config (2.12.25) unstable; urgency=medium
[ Wolfgang Schweer ]
* sbin/debian-edu-ltsp-install: Install firefox-esr l10n package conditionally
in case the minidesktop thin client type has been chosen.
-- Holger Levsen <email address hidden> Sun, 13 Nov 2022 14:57:03 +0100
debian-edu-config (2.12.24) unstable; urgency=medium
[ Mike Gabriel ]
* debian/control:
+ Change D (d-e-c) on libpam-python to a versioned dependency
(>= 1.1.0~git20220701.1d4e111-0.3~). Starting with this version,
libpam-python has fully been ported to Python3. (Closes: #1020928).
-- Holger Levsen <email address hidden> Mon, 24 Oct 2022 23:28:55 +0200
debian-edu-config (2.12.23) unstable; urgency=medium
[ Wolfgang Schweer ]
* share/debian-edu-config/isc-dhcp-server.service.eth1_only: Use nslcd instead
of slapd as required service. Otherwise the DHCP service on a separate or
additional LTSP server fails to start if it has been stopped before.
* ldap-tools/ldap-debian-edu-install: After the move to MDB the slapd package
recently stopped shipping the BDB related DB_CONFIG example file. Trying to
copy the file breaks LDAP setup.
* cf3/cf.finalize: Replace connman with network-manager-gnome in case the LXQt
desktop environment is used during an installation including the Main server
or LTSP server profile. (In these cases, ConnMan as the preferred LXQt
network manager doesn't work well with the Debian Edu specific way network
interfaces are set up.)
-- Holger Levsen <email address hidden> Mon, 17 Oct 2022 21:56:43 +0200
| Published in bullseye-release |
debian-edu-config (2.11.56+deb11u4) bullseye; urgency=medium
[ Wolfgang Schweer ]
* etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal
network sent to root@<mynetwork-names>. (Closes: #1003727).
* Use mktemp instead of deprecated tempfile, adjust:
- etc/X11/Xsession-debian-edu
- sbin/debian-edu-update-netblock
- share/debian-edu-config/tools/gosa-sync
- testsuite/postoffice
(Closes: #1005352).
[ Mike Gabriel ]
* share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service
principals if they don't yet exist. (Closes: #1002014).
* share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment.
* share/debian-edu-config/tools/setup-freeradius-server: Fix integer
comparison in run-by-root check. Script was not executable fully (not even
as root).
* debian/debian-edu-config.fetch-ldap-cert: Drop retrieval of
Debian-Edu_rootCA from this script. This now is the task of the
fetch-rootca-cert script. (Closes: #971780).
* debian/debian-edu-config.fetch-rootca-cert: Ensure proper symlinking of
Debian-Edu_rootCA.crt in /usr/local/share/ca-certificates/ to
Debian-Edu_rootCA.crt in /etc/ssl/ca-certificates. Forced symlinking is
required, because earlier versions of the fetch-ldap-cert init script put
Debian-Edu_rootCA.crt into /etc/ssl/ca-certificates/ as a file. Forced
symlinking replaces files by the wanted symlink. The -n option (no-
dereference) is required to make sure we don't follow any already existing
symlink. (This relates to #971780).
* share/debian-edu-config/tools/update-proxy-from-wpad:
- Fix typo (wrong protocol) in APT proxy config creation.
- Create a Debian Edu specific proxy configuration in /etc/apt/apt.conf.d/
named 03debian-edu-config rather than meddling with /etc/apt/apt.conf
directly. Clean up any earlier meddling from apt.conf, as well. (Closes:
#1003560).
* share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}:
- Don't fail if proxy update is not possible, only send warnings to stderr
and syslog. Don't source wpad-extra script, execute it instead and capture
stdout. (Closes: #1008067).
* sbin/update-hostname-from-ip:
- Simply if-then-else-clauses, reduce number of exit calls, don't exit with
non-zero exitcode. Improve syslog messages if things fail. (Closes:
#1006604).
* share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed
on Roaming Workstation. (Closes: #1004605).
* share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user
templates and ignore them. (Closes: #815042).
* ldap-schemas/: Update schema files from Debian's latest GOsa² list of
schemas.
* share/debian-edu-config/tools/clean-up-host-keytabs: Don't fail
on Kerberos principal removal.
* etc/cups/cups-browsed-debian-edu.conf:
- Let TJENER's print queues appear on Debian Edu clients, use same
print queue names on clients as on TJENER. (Closes: #1005841).
* sbin/debian-edu-pxeinstall:
- Don't append 'ipappend 2' to the kernel boot cmdline anymore as it
confuses systemd when booting into the installed system. This resolves
the graphical.target not coming up on Debian Edu workstations that got
installed via the PXE/network based Debian Installer method. (Closes:
#1006362).
- Silence stderr output if the artwork theme lacks a plymouth subfolder.
This can be silently ignored and should not trouble Debian Edu admins.
* Support krb5i on Diskless Workstations (aka LTSP FAT Clients):
- ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup
during LDAP bootstrap.
- debian/debian-edu-config.{postinst,postrm}: Create non-privileged
debian-edu system user account on Debian Edu mainserver (for distribution
of host keytabs to diskless workstations aka LTSP fat clients).
- share/debian-edu-config/tools/: Add update-dlw-krb5-keytabs script and
call it (with delay) from gosa-modify-host hook script. (Closes: #613167,
#1002018).
* Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/
and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes:
#1002019).
* share/debian-edu-config/squid.conf:
- Prefer DNSv4 lookups over DNSv6. Debian Edu does not yet fully support
IPv6 and many schools still use IPv4 primarily. This gives a great
performance boost to squid installations if IPv6 internet is not fully
available for whatever reason. (Closes: #1006375).
* share/debian-edu-config/tools/list-gosa-systems:
- Drop immature list-gosa-systems script again that got sneaked in via
upload of 2.11.56+deb11u3. We apologize for the noise.
-- Mike Gabriel <email address hidden> Wed, 23 Mar 2022 12:28:00 +0100
debian-edu-config (2.12.22) unstable; urgency=medium * d/postinst: do not call update-mime anymore. Closes: #1010432. * d/control: bump standards version to 4.6.1. -- Holger Levsen <email address hidden> Mon, 13 Jun 2022 12:39:42 +0200
debian-edu-config (2.12.21) unstable; urgency=medium
* Replace dependency on mime-support with one on media-types, thanks to
Charles Plessy for the bug report and all the work on this in the first
place. Closes: #1010102
-- Holger Levsen <email address hidden> Mon, 25 Apr 2022 17:22:41 +0200
| Published in buster-release |
debian-edu-config (2.10.65+deb10u8) buster-security; urgency=medium
* etc/apache2/mods-available/debian-edu-userdir.conf:
- White-space cleanup (tabs and spaces mixed).
- CVE-2021-20001: Disable built-in PHP engine.
- Add warning to not re-enable PHP interpretation in user dirs (with
reference to our README).
* README.public_html_with_PHP-CGI+suExec.md:
- Provide documentation on how to enable suExec support in https userdirs
(i.e. ~/public_html).
* debian/NEWS:
+ Add file, inform about PHP being disabled in Apache2 user directories.
-- Mike Gabriel <email address hidden> Mon, 07 Feb 2022 16:22:12 +0100
| Superseded in bullseye-release |
debian-edu-config (2.11.56+deb11u3) bullseye-security; urgency=medium
* etc/apache2/mods-available/debian-edu-userdir.conf:
- White-space cleanup (tabs and spaces mixed).
- CVE-2021-20001: Disable built-in PHP engine.
- Add warning to not re-enable PHP interpretation in user dirs (with
reference to our README).
* README.public_html_with_PHP-CGI+suExec.md:
- Provide documentation on how to enable suExec support in Apache2 user
directories (i.e. ~/public_html).
* debian/NEWS:
+ Add file, inform about PHP being disabled in Apache2 user directories.
-- Mike Gabriel <email address hidden> Fri, 04 Feb 2022 13:19:51 +0100
debian-edu-config (2.12.20) unstable; urgency=medium
* Regression fix upload.
* debian/changelog:
+ Update missing changelog item in 2.12.18 upload stanza (for commit
0e3432df).
* debian/debian-edu-config.preinst:
+ Make .keytab file moval more robust/idempotent. Don't attempt moving
.keytab files if /etc/debian-edu/host-keytabs is already a symlink.
* debian/debian-edu-config.postinst:
+ Fix some typos (follow-up for 0e1df64b, v2.12.16).
* share/debian-edu-config/tools/update-proxy-from-wpad:
- Really send warnings from this script to stderr (follow-up for f827feba,
v2.12.18).
* share/debian-edu-config/tools/gosa-remove-host:
- Fix path in comment (follow-up fix for dd2a1c79, v2.12.18).
-- Mike Gabriel <email address hidden> Wed, 23 Mar 2022 13:26:35 +0100
debian-edu-config (2.12.19) unstable; urgency=medium
* Regression fix upload.
* Makefile:
- Install script share/debian-edu-config/tools/update-dlw-krb5-keytabs into
bin:pkg.
-- Mike Gabriel <email address hidden> Tue, 22 Mar 2022 10:31:36 +0100
debian-edu-config (2.12.17) unstable; urgency=medium
[ Mike Gabriel ]
* share/debian-edu-config/tools/clean-up-host-keytabs:
- Don't fail on Kerberos principal removal.
- Set executable bits of this file.
* debian/control:
+ Add D (debian-edu-config): libsitesummary-perl (available starting with
sitesummary 0.1.50). (Closes: #815695, #968268).
-- Holger Levsen <email address hidden> Sun, 13 Feb 2022 09:45:45 +0100
debian-edu-config (2.12.16) unstable; urgency=medium
[ Wolfgang Schweer ]
* etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal
network sent to root@<mynetwork-names>. (Closes: #1003727).
[ Mike Gabriel ]
* share/glib-2.0/schemas/31_debian-edu+mate.gschema.override: Add various
long-term-used MATE settings overrides (some from Ubuntu MATE).
* MATE screensaver: Offer "logout user" button on screensaver dialog after
40min of inactivity and allow other users to salvage a workstation from
an idle user (session).
* share/debian-edu-config/tools/setup-freeradius-server: Fix integer
comparison in run-by-root check. Script was not executable fully (not even
as root).
* etc/apache2/mods-available/debian-edu-userdir.conf:
- White-space cleanup (tabs and spaces mixed).
- CVE-2021-20001: Disable built-in PHP engine.
- Add warning to not re-enable PHP interpretation in user dirs (with
reference to our README).
* README.public_html_with_PHP-CGI+suExec.md:
- Provide documentation on how to enable suExec support in Apache2 userdirs
(i.e. ~/public_html).
* debian/NEWS:
+ Add file, inform about PHP being disabled in Apache2 user directories.
* debian/debian-edu-config.fetch-ldap-cert: Drop retrieval of
Debian-Edu_rootCA from this script. This now is the task of the
fetch-rootca-cert script. (Closes: #971780).
* debian/debian-edu-config.fetch-rootca-cert: Ensure proper symlinking of
Debian-Edu_rootCA.crt in /usr/local/share/ca-certificates/ to
Debian-Edu_rootCA.crt in /etc/ssl/ca-certificates. Forced symlinking is
required, because earlier versions of the fetch-ldap-cert init script put
Debian-Edu_rootCA.crt into /etc/ssl/ca-certificates/ as a file. Forced
symlinking replaces files by the wanted symlink. The -n option (no-
dereference) is required to make sure we don't follow any already existing
symlink. (This relates to #971780).
* Support krb5i on Diskless Workstations (aka LTSP FAT Clients):
- ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup
during LDAP bootstrap.
- debian/debian-edu-config.{postinst,postrm}: Create non-privileged
debian-edu system user account on Debian Edu mainserver (for distribution
of host keytabs to diskless workstations aka LTSP fat clients).
- share/debian-edu-config/tools/: Add new update-dlw-krb5-keytabs script and
call it (with delay) from gosa-modify-host and gosa-remove-host hook
scripts.
- (Closes: #613167).
* debian/control:
+ Add D: adduser.
* share/debian-edu-config/tools/update-proxy-from-wpad:
- Fix typo (wrong protocol) in APT proxy config creation.
- Create a Debian Edu specific proxy configuration in /etc/apt/apt.conf.d/
named 03debian-edu-config rather than meddling with /etc/apt/apt.conf
directly. Clean up any earlier meddling from apt.conf, as well. (Closes:
#1003560).
* share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed
on Roaming Workstation. (Closes: #1004605).
* share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user
templates and ignore them. (Closes: #815042).
* ldap-schemas/: Update schema files from Debian's latest GOsa² list of
schemas. (Closes: #1004949).
* debian/debian-edu-config.postinst:
+ Replace calling 'service' by calling 'invoke-rc.d'. Thanks, lintian.
* debian/debian-edu-config.lintian-overrides:
+ Adjust line number references in lintian overrides.
-- Mike Gabriel <email address hidden> Fri, 04 Feb 2022 13:06:25 +0100
debian-edu-config (2.12.15) unstable; urgency=medium
[ Mike Gabriel ]
* share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service
principals if they don't yet exist. (Closes: #1002014).
* share/d-e-c/tools/copy-host-keytab: Restart nfs-common/rpc-gssd after
having copied over /etc/krb5.keytab. This avoids rebooting for applying
the copied over changes.
* share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment.
[ lintian-brush ]
* Add missing build dependency on dh addon.
-- Holger Levsen <email address hidden> Wed, 29 Dec 2021 18:15:27 +0100
| Superseded in bullseye-release |
debian-edu-config (2.11.56+deb11u2) bullseye; urgency=medium
[ Mike Gabriel ]
* share/debian-edu-config/tools/pxe-addfirmware: Fix TFTP server path
(/var/lib/tftpboot-> /srv/tftp). (Closes: #995610).
[ Wolfgang Schweer ]
* Add real support for LTSP chroot setup and maintenance. (Closes: #996103).
- Adjust existing scripts and manual page for improved LTSP chroot setup:
+ sbin/debian-edu-ltsp-install: Add LTSP diskless client chroot creation,
use uniform locations for X2Go thin clients and diskless workstations,
ensure sitesummary-client setup and configuration inside chroots, care
for proper mount and umount operation, add xrdp-sesman to the list of
masked services for LTSP clients, make sure all kernels are updated,
adjust the ltsp.conf file content to match the changes, replace last
edit date with version number, adjust usage information accordingly.
+ share/debian-edu-config/tools/run-at-firstboot: Care for the changed
'debian-edu-ltsp-install' default options to make sure combined server
installations have a generated SquashFS image file just like before.
+ share/man/man8/debian-edu-ltsp-install.8: Update to reflect the changes.
- Provide maintenance related scripts and manual pages:
+ sbin/debian-edu-ltsp-chroot: Tool to make LTSP chroot maintenance easy.
+ sbin/debian-edu-ltsp-initrd: Wrapper script for 'ltsp initrd' command.
It makes sure that a use case specific initrd (/srv/tftp/ltsp/ltsp.img)
is generated and moved to the right location.
+ sbin/debian-edu-ltsp-ipxe: Wrapper script for 'ltsp ipxe' command. It
cares for a Debian Edu specific /srv/tftp/ltsp/ltsp.ipxe content.
+ share/debian-edu-config/tools/ltsp-addfirmware: Install firmware in LTSP
chroots in case clients won't work otherwise. (Adjusted tool from Buster
re-added to the binary package.)
+ share/man/man8/debian-edu-ltsp-chroot.8
+ share/man/man8/debian-edu-ltsp-initrd.8
+ share/man/man8/debian-edu-ltsp-ipxe.8
* Adjust Makefile to reflect the changes.
-- Holger Levsen <email address hidden> Sun, 28 Nov 2021 16:10:50 +0100
debian-edu-config (2.12.14) unstable; urgency=medium
[ Wolfgang Schweer ]
* Create the SquashFS image by default for LTSP chroots:
- sbin/debian-edu-ltsp-install: Adjust option setting accordingly.
- share/man/man8/debian-edu-ltsp-install.8: Update and improve content.
* Don't delete the /var/cache/apt directory after X2Go client chroot creation,
adjust sbin/debian-edu-ltsp-install accordingly.
* share/debian-edu-config/tools/ltsp-addfirmware: Improve usage information.
-- Holger Levsen <email address hidden> Sat, 20 Nov 2021 12:28:45 +0100
debian-edu-config (2.12.13) unstable; urgency=medium
[ Wolfgang Schweer ]
* Improve LTSP related maintenance:
- sbin/debian-edu-ltsp-initrd: New tool. This is a wrapper script for the
'ltsp initrd' command. It makes sure that a use case specific initrd
(/srv/tftp/ltsp/ltsp.img) is generated and moved to the right location.
- share/man/man8/debian-edu-ltsp-initrd.8: New manual page.
- share/man/man8/debian-edu-ltsp-ipxe.8: Improve manual page content.
-- Holger Levsen <email address hidden> Sat, 13 Nov 2021 14:30:28 +0100
debian-edu-config (2.12.12) unstable; urgency=medium
[ Wolfgang Schweer ]
* Improve LTSP related tools:
- sbin/debian-edu-ltsp-install: Care for sitesummary-client installation and
LTSP client type specific configuration.
- sbin/debian-edu-ltsp-ipxe: Care for PXE installation related menu items.
-- Holger Levsen <email address hidden> Wed, 10 Nov 2021 01:49:02 +0100
debian-edu-config (2.12.11) unstable; urgency=medium
[ Wolfgang Schweer ]
* debian/debian-edu-config.lintian-overrides: Adjust overrides for
'possibly-insecure-handling-of-tmp-files-in-maintainer-script'; actually,
'mktemp -d' is used in debian/debian-edu-config.postinst, tmp file handling
is secure.
* cf3/cf.ntp: Make sure ntp replaces systemd-timesyncd
* cf3/promises.cf: Adjust bundlesequence to ensure ntp configuration happens
after ntp has been installed.
-- Holger Levsen <email address hidden> Wed, 03 Nov 2021 09:57:40 +0100
debian-edu-config (2.12.10) unstable; urgency=medium
[ Wolfgang Schweer ]
* share/debian-edu-config/tools/{improve-desktop-l10n,install-task-pkgs}:
- Don't rely on package availability for each arch autopkgtest is run on.
-- Holger Levsen <email address hidden> Mon, 25 Oct 2021 11:54:11 +0200
debian-edu-config (2.12.9) unstable; urgency=medium
[ Wolfgang Schweer ]
* Deal with networking related issues in the autopkgtest environment:
- share/debian-edu-config/tools/configure-edu-gateway: Drop services start,
stop and restart actions, leave it to the user, add related comment.
- debian/tests/configure-edu-gateway: Use 'no' instead of 'yes' for the
firewall option to avoid a possible pitfall in the test environment.
-- Holger Levsen <email address hidden> Sat, 23 Oct 2021 22:54:50 +0200
debian-edu-config (2.12.8) unstable; urgency=medium
[ Wolfgang Schweer ]
* Fix and improve autopkgtest:
- debian/tests/control: Add locales to Depends.
- debian/tests/{improve-desktop-l10n,install-task-pkgs}: Actually generate
the wanted locale for a more useful test, simplify code.
- debian/tests/configure-edu-gateway: Simplify code.
- share/debian-edu-config/tools/configure-edu-gateway: Deal with network
interfaces in case of virtual setup to fix related test.
-- Holger Levsen <email address hidden> Sat, 23 Oct 2021 09:27:56 +0200
debian-edu-config (2.12.7) unstable; urgency=medium
[ Wolfgang Schweer ]
* Add autopkgtest, providing these tests:
- configure-edu-gateway (turn a minimal system into a dedicated gateway).
- improve-desktop-l10n (install additional packages for $LANG).
- install-task-pkgs (install additional packages concerning education
desktop packages for $LANG).
* debian/debian-edu-config.postinst:
- Fix code to remove the /etc/smbldap-tools directory.
* cf3/promises.cf:
- Remove the debian-edu/cf.ldapscripts entry from the inputs list.
-- Holger Levsen <email address hidden> Fri, 22 Oct 2021 14:29:35 +0200
debian-edu-config (2.12.6) unstable; urgency=medium
[ Wolfgang Schweer ]
* debian/debian-edu-config.maintscript: Drop /etc/ldap/slapd-debian-edu.conf
removal; this also affects preinst which is too early if upgrading from
bullseye, breaking the LDAP data base conversion.
* debian/debian-edu-config.postinst: Conditionally remove the now obsolete
/etc/slapd-debian-edu.conf file.
* debian/debian-edu-config.lintian-overrides: Fix entries to avoid mismatched
overrides, thanks lintian.
* Remove Samba PDC setup related files, obsolete since bullseye:
- etc/smbldap-tools/{smbldap.conf,smbldap_bind.conf}, cf3/cf.ldapscripts,
share/debian-edu-config/debian-edu.addmachine.template and
share/debian-edu-config/debian-edu.ldapscripts.passwd.
* debian/control: Drop ldapscripts from Depends.
* Adjust files to deal with above changes:
- Makefile, cf3/promises.cf
- debian/debian-edu-config.{maintscript,postinst,postrm}.
-- Holger Levsen <email address hidden> Thu, 21 Oct 2021 09:21:44 +0200
debian-edu-config (2.12.5) unstable; urgency=medium
[ Mike Gabriel ]
* share/debian-edu-config/tools/pxe-addfirmware: Fix TFTP server path
(/var/lib/tftpboot-> /srv/tftp).
[ Wolfgang Schweer ]
* Use the etc/ldap directory for the dedicated slapd.conf file instead of
using cf-agent to copy the file; this makes the setup more robust:
- Remove share/debian-edu-config/slapd-debian-edu-mdb.conf.
- Add etc/ldap/slapd-debian-edu-mdb.conf.
- Adjust share/debian-edu-config/tools/move-ldap-bdb-to-mdb, Makefile and
cf3/cf.ldapserver accordingly.
* debian/debian-edu-config.maintscript:
- Care for removal of obsolete ldap/slapd-debian-edu.conf file.
- Drop no longer needed entries.
* debian/debian-edu-config.postinst:
- Use 'command -v' instead of deprecated 'which'.
- Adjust LDAP data base related entry.
- Cleanup from no longer needed versioned edits/removals.
* debian/debian-edu-config.lintian-overrides: Adjust after postinst changes.
* share/debian-edu-config/testsuite-lib.sh:
- Use /Status:/ instead of /Status\:/ in awk command. (Avoids logs to be
spoiled with warnings.)
* share/debian-edu-config/d-i/finish-install:
- Run cf-agent in verbose mode to improve log message readability.
* cf3/cf.dhcpserver: Ensure proper rights for systemd service files.
* sbin/debian-edu-ltsp-chroot:
- Use last edit date to improve version information.
- Minor fixes, thanks shellcheck.
* sbin/debian-edu-ltsp-install:
- Use last edit date to improve version information.
- Minor fixes (typos and copy paste errors).
* share/debian-edu-config/tools/ltsp-addfirmware:
- Adjust script to be usable with re-written LTSP and add it to the binary
package. Also, exclude firmware-microbit-micropython{-dl} and packages
requiring interactive EULA acceptance.
* share/debian-edu-config/tools/pxe-addfirmware:
- Also exclude unusable package(s) firmware-microbit-micropython{-dl}.
-- Holger Levsen <email address hidden> Wed, 13 Oct 2021 13:43:37 +0200
| Superseded in bullseye-release |
debian-edu-config (2.11.56+deb11u1) bullseye; urgency=medium
[ Wolfgang Schweer ]
* Adjust sbin/debian-edu-ltsp-install. (Closes: #993935)
Thanks to Dominik George for spotting and reporting the issue.
- Extend main server related exclude list.
- Add slapd and xrdp-sesman to the list of masked services.
- Ensure home directory access after above changes.
-- Holger Levsen <email address hidden> Tue, 28 Sep 2021 16:32:20 +0200
debian-edu-config (2.12.4) unstable; urgency=medium
[ Wolfgang Schweer ]
* Add LTSP related tools and manual pages:
- sbin/debian-edu-ltsp-chroot: Used for chroot maintenance.
- sbin/debian-edu-ltsp-ipxe: Wrapper for 'ltsp ipxe' command.
- share/man/man8/debian-edu-ltsp-chroot.8
- share/man/man8/debian-edu-ltsp-ipxe.8
* Improve sbin/debian-edu-ltsp-install concerning chroots:
- Relocate and keep X2Go thin client chroots.
- Unset temporary directory variables instead of manually creating
directories and mounting tmpfs.
- Add/adjust iPXE menu item names.
- Care for complete sources list in chroots.
- Use 'no' as default for the --diskless_workstation option.
* Adjust to match above changes:
- share/debian-edu-config/tools/run-at-firstboot
- share/man/man8/debian-edu-ltsp-install.8
- share/debian-edu-config/tools/copy-host-keytab
* share/debian-edu-config/tools/{improve-desktop-l10n,install-task-pkgs}:
- Check if package is already installed. Avoids useless noise if cf-agent is
also run after system installation, e.g. upgrades.
- Whitespace cleanup.
* debian/debian-edu-config.postrm: Remove cruft.
* debian/debian-edu-config.lintian-overrides: Cleanup, thanks lintian.
* debian-edu-config.postinst: Don't run LDAP data base conversion inside d-i.
-- Holger Levsen <email address hidden> Thu, 30 Sep 2021 12:00:04 +0200
debian-edu-config (2.12.3) unstable; urgency=medium
[ Wolfgang Schweer ]
* Improve sbin/debian-edu-ltsp-install:
- Add LTSP diskless workstation chroot installation as additional option.
- Add some more inline documentation.
* Adjust share/d-e-c/tools/debian-edu-bless to be easier usable with the
'debian-edu-ltsp-install' script:
- Update the list of supported desktop environments, use xfce as default.
- Support 'none' as an option to above list just in case someone decides to
not install a desktop environment by default (modular installation).
- Use cf-agent in verbose mode for better readable logging.
* Update share/man/man8/debian-edu-ltsp-install.8 to match the changes.
* Use mktemp instead of deprecated tempfile, adjust:
- etc/X11/Xsession-debian-edu
- sbin/debian-edu-update-netblock
- share/debian-edu-config/tools/gosa-sync
- testsuite/postoffice
-- Holger Levsen <email address hidden> Thu, 23 Sep 2021 00:17:27 +0200
debian-edu-config (2.12.2) unstable; urgency=medium
[ Wolfgang Schweer ]
* Adjust sbin/debian-edu-ltsp-install. (Closes: #993935)
Thanks to Dominik George for spotting and reporting the issue.
- Extend main server related exclude list.
- Add slapd and xrdp-sesman to the list of masked services.
- Ensure home directory access after above changes.
-- Holger Levsen <email address hidden> Wed, 15 Sep 2021 00:38:42 +0200
debian-edu-config (2.12.1) unstable; urgency=medium
[ Wolfgang Schweer ]
* Start on 2.12.1 as Debian 12 (bookworm) is targeted.
* Restrict Icinga web GUI administration using a dedicated group.
- ldap-bootstrap/gosa.ldif: Add group icinga-admins.
- tools/edu-icinga-setup: Adjust configuration files (HERE documents) to use
icinga-admins group for administrator role.
* Move LDAP database backend from deprecated BDB to default MDB one:
- Add share/debian-edu-config/slapd-debian-edu-mdb.conf (configuration).
- Adjust cf3/cf.ldapserver to copy/link configuration file conditionally.
- Adjust debian/debian-edu-config.postinst to handle the migration upon
upgrades.
- Add separate tool share/debian-edu-config/tools/move-ldap-bdb-to-mdb (just
in case the migration should be done earlier).
* Adjust Makefile.
* Adjust debian/debian-edu-config.lintian-overrides, thanks Lintian.
* Use 'command -v' instead of 'which' in debian/debian-edu-config.prerm and
testsuite/samba.
* Bump standards version to 4.6.0, no changes needed.
-- Holger Levsen <email address hidden> Sat, 04 Sep 2021 01:21:58 +0200
debian-edu-config (2.11.56) unstable; urgency=medium
[ Wolfgang Schweer ]
* Adjust workaround for isc-dhcp-server-ldap bug #971275. (Closes: #989340)
- share/debian-edu-config/isc-dhcp-server.{service,service.eth1_only}:
Use ExecStartPre command inspired by the isc-dhcp-server init script
instead of a sleep command.
* Adjust Exim configuration on client systems. (Closes: #989338)
- cf3/cf.exim:
Use exim-ldap-client-v4.conf file as exim4.conf on client machines instead
of preseeded configuration. This way sending system emails to the main
server is working again after the exim4 4.94 changes.
* Adjust sbin/debian-edu-ltsp-install. (Closes: #989342)
- Drop line containing the cp command (/var/cache/apt doesn't contain .bin
files in all use cases and the benefit is minimal if they exist; also, the
pkgcache.bin and srcpkgcache.bin files might contain outdated data).
- Use the BD ISO image to setup X2Go thin client support only if the script
is run inside the Debian Installer environment. There are too many ways
to install a combined server (with or without Internet connection, with
or without adjusting the sources list, with or without running apt update)
to cover all these cases.
-- Holger Levsen <email address hidden> Sat, 05 Jun 2021 00:06:13 +0200
debian-edu-config (2.11.55) unstable; urgency=medium
[ Wolfgang Schweer ]
* Create first user's Samba account at first boot of a main server when all
required information is available via LDAP and debconf. Closes: #987632.
- Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
required password from debconf and let tools/run-at-firstboot create the
Samba account.
* Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
- Fix LTSP Initrd specific path component construction in case a 32-bit
combined server is installed.
- Provide a full name for diskless workstation to show up in the iPXE menu.
- Use BD ISO image as mirror to enable complete offline installations of a
combined server.
-- Holger Levsen <email address hidden> Thu, 29 Apr 2021 15:27:17 +0200
debian-edu-config (2.11.54) unstable; urgency=medium
[ Wolfgang Schweer ]
* share/glib-2.0/schemas/31_debian-edu+mate.gschema.override: Set existing
mate-panel layout file for the panel to show up. Closes: #986448.
-- Holger Levsen <email address hidden> Wed, 07 Apr 2021 01:03:15 +0200
debian-edu-config (2.11.53) unstable; urgency=medium
[ Wolfgang Schweer ]
* Improve GOsa² hooks: explicitly create Samba account using gosa-create
(before changing the password via gosa-sync). Closes: #986122.
- tools/gosa-create: Add code to create the user's Samba account.
- tools/gosa-sync: Adjust log message accordingly.
-- Holger Levsen <email address hidden> Wed, 31 Mar 2021 10:44:04 +0200
debian-edu-config (2.11.52) unstable; urgency=medium
[ Wolfgang Schweer ]
* Adjust internal web page related files. (Closes: #985902)
- www/index.html.en: Use pt-pt for European Portuguese, adjust PO files,
generate language specific index files.
- www/{es-es,nb-no,pt-br}.po: Fix blends page link and related translation.
-- Holger Levsen <email address hidden> Sun, 28 Mar 2021 11:04:27 +0200
debian-edu-config (2.11.51) unstable; urgency=medium
[ Wolfgang Schweer ]
* cf3/cf.dhcpserver: Make sure the dhcpd.leases file exists. Closes: #984596.
(Without a leases file, isc-dhcp-server remains in starting stage forever.)
-- Holger Levsen <email address hidden> Fri, 05 Mar 2021 19:58:03 +0100
debian-edu-config (2.11.50) unstable; urgency=medium [ Wolfgang Schweer ] * debian/debian-edu-config.postinst: Adjust to really fix bug ##982448. -- Holger Levsen <email address hidden> Tue, 16 Feb 2021 15:39:04 +0100
debian-edu-config (2.11.49) unstable; urgency=medium
[ Wolfgang Schweer ]
* debian/debian-edu-config.postinst: Adjust condition. Closes: #982448.
- Avoid upgrade failure in case /etc/debian-edu/config happens to be empty.
* sbin/debian-edu-pxeinstall: Copy the debian-installer directories (d-i-n-i
packages) instead of symlinking them. This allows tftpd-hpa to access them.
-- Holger Levsen <email address hidden> Tue, 16 Feb 2021 11:00:13 +0100
debian-edu-config (2.11.48) unstable; urgency=medium
[ Wolfgang Schweer ]
* debian/debian-edu-config.postinst: Care for a proper /etc/network/interfaces
file in case of a plain main server.
* share/debian-edu-config/tools/configure-edu-gateway: Adjust execution
condition to reflect recent changes, improve feedback for users.
* sbin/debian-edu-ltsp-install: Make it easier to configure the iPXE menu and
to describe the needed steps in the manual.
- Improve /etc/ltsp/ltsp.conf content (here document).
- Rework Debian Edu specifíc iPXE menu setup.
* Workaround X2Go bug #890517 to prevent killer from kicking out users:
- Add share/debian-edu-config/killer.cron file. The modified cron job will
only run if no X2Go user is logged in on the related LTSP-Server.
- Add code to cf3/cf.workarounds to replace the existing killer cron job
on systems with LTSP-Server profile.
-- Holger Levsen <email address hidden> Sun, 07 Feb 2021 11:45:44 +0100
| Superseded in buster-release |
debian-edu-config (2.10.65+deb10u7) buster; urgency=medium
[ Mike Gabriel ]
* share/debian-edu-config/tools/clean-up-host-keytabs: Add script.
Move host keytabs cleanup code out of gosa-modify-host into a standalone
script, but still call it from there (for now). Major script improvement:
Reduce LDAP calls to a single ldapsearch query which greatly improves the
execution speed of the code. (Closes: #935080).
-- Holger Levsen <email address hidden> Mon, 25 Jan 2021 14:09:36 +0100
debian-edu-config (2.11.47) unstable; urgency=medium
[ Wolfgang Schweer ]
* Cope with issues found during recent installations.
- share/debian-edu-config/tools/gosa-sync: Add TERM=linux. Without this
explicit setting a password can't be set or modified any longer.
- share/debian-edu-config/d-i/finish-install: Make script more robust to
avoid a totally broken installation in case modprobe fails inside target.
- cf3/cf.dhcpserver: Correct class statement for several profile cases.
- share/debian-edu-config/isc-dhcp-server.service and
share/debian-edu-config/isc-dhcp-server.service.eth1: Make sure the
slapd.service is available before the DHCP server tries to fetch the
configuration from LDAP.
-- Holger Levsen <email address hidden> Sun, 31 Jan 2021 18:39:57 +0100
debian-edu-config (2.11.46) unstable; urgency=medium
[ Wolfgang Schweer ]
* Rework DHCP setup. Editing /etc/default/isc-dhcp-server can be dropped this
way and the pitfall due to bug #971275 is also avoided:
- Add share/debian-edu-config/isc-dhcp-server.service and
share/debian-edu-config/isc-dhcp-server.service.eth1_only. These files
are used for conditional configuration addressing three cases: plain main
server, combined (main and LTSP) server, and separate LTSP server.
- Adjust cf3/cf.dhcpserver accordingly.
-- Holger Levsen <email address hidden> Mon, 25 Jan 2021 17:47:02 +0100
debian-edu-config (2.11.45) unstable; urgency=medium
[ Wolfgang Schweer ]
* Cope with issues found during a Buster main server upgrade.
- cf3/cf.squid: Copy additional configuration file instead of symlinking it.
- postinst: Add code to remove symlinks that point to already removed files
(previously used for workarounds).
[ Holger Levsen ]
* postinst: use 'rm -f' instead 'rm -rf' where appropriate.
-- Holger Levsen <email address hidden> Tue, 19 Jan 2021 16:25:46 +0100
debian-edu-config (2.11.44) unstable; urgency=medium
[ Wolfgang Schweer ]
* Improve freeRADIUS server setup:
- etc/samba/smb-debian-edu.conf: Use TJENER instead of SKOLELINUX as
workgroup name to match the Samba server 'standalone' role; this way
TJENER will be used as domain name for freeRADIUS automatically. As an
additional benefit the wbinfo command is working to check users.
- Move the 'ntlm auth' entry from share/debian-edu-config/smb.conf.edu-site
to etc/samba/smb-debian-edu.conf (and enable it) to avoid a possible
pitfall in case manual adjustment is forgotten.
- share/debian-edu-config/tools/setup-freeradius-server:
+ Configure EAP-TTLS/PAP authentication (via Kerberos) in addition to
PEAP-MSCHAPV2 to provide EAP methods for various end user devices.
+ Keep all configuration adjustments inside the tool itself so that it can
be used standalone.
+ Add/improve inline documentation.
- Drop no longer needed files (share/debian-edu-config/freeradius-*), adjust
Makefile and debian/debian-edu-config.postinst accordingly.
-- Holger Levsen <email address hidden> Tue, 12 Jan 2021 12:35:54 +0100
debian-edu-config (2.11.43) unstable; urgency=medium
[ Wolfgang Schweer ]
* share/debian-edu-config/tools/kerberos-kdc-init:
- Delay clearing the debconf database from passwords until the first user's
Samba account has been created.
* share/debian-edu-config/tools/edu-icinga-setup:
- Cope with recent mariadb-server package changes. Some leftover occurencies
of 'mysql' have been replaced with 'mariadb'.
* sbin/debian-edu-pxeinstall:
- Determine the Debian Edu artwork theme via the desktop-base active theme
alternative instead of hardcoding it.
-- Holger Levsen <email address hidden> Thu, 07 Jan 2021 12:42:49 +0100
debian-edu-config (2.11.42) unstable; urgency=medium
[ Wolfgang Schweer ]
* sbin/debian-edu-pxeinstall: Use the Homeworld theme also for syslinux.
* Drop CUPS related workaround now that bug #977198 has been fixed:
- Remove share/debian-edu-config/cups.service.
- Adjust Makefile and cf3/cf.workarounds.
- Add code to debian/debian-edu-config.postinst to remove systemd override
directory and file. Thanks to Petter Reinholdtsen for the hint.
* Adjust testsuite/{cups,dnsd,ldap-client,ntp,samba} to reflect recent changes
to related services.
-- Holger Levsen <email address hidden> Fri, 01 Jan 2021 13:59:08 +0100
debian-edu-config (2.11.41) unstable; urgency=medium
[ Wolfgang Schweer ]
* Add script share/debian-edu-config/tools/setup-freeradius-server. This tool
allows one to setup freeRADIUS with a basic configuration suited for the
Debian Edu network after installing required packages (winbind, freeradius).
(Still needs to be documented in the manual).
* Add example configuration files used by the 'setup-freeradius-server' tool:
- share/debian-edu-config/freeradius-authorize (user related configuration).
- share/debian-edu-config/freeradius-clients.conf (AP configuration).
- share/debian-edu-config/freeradius-eap.conf (TLS configuration).
- share/debian-edu-config/freeradius-mschap.conf (ntlm_auth configuration).
* cf3/cf.{grub,pxeinstall}: Only run commands inside Debian Installer to avoid
superfluous execution if cf-agent is called manually.
-- Holger Levsen <email address hidden> Sun, 27 Dec 2020 14:43:52 +0100
debian-edu-config (2.11.40) unstable; urgency=medium
[ Wolfgang Schweer ]
* Rework sssd configuration, thanks to Mike Gabriel. (Closes: #977462)
- share/debian-edu-config/tools/sssd-generate-config:
Cleanup the included HERE documents (configuration snippets) from entries
that are either default ones (like excluding the root user), obsolete, no
longer in use or non-existent; also correct the wrong AD related one.
As systemd is used, sssd services are now activated via sockets. The
'service' configuration stanza needs to be empty to avoid starting
permanently running processes. this also aviods spamming syslog with error
messages.
- Adjust the static etc/sssd/sssd-debian-edu.conf file accordingly.
* Adjust sbin/debian-edu-ltsp-install:
- Improve IP address determination for the dedicated LTSP network.
- Add nameserver stanza to /etc/network/interfaces.
* share/debian-edu-config/d-i/finish-install: Only run debian-edu-ltsp-install
in case of a combined server. Leave it up to the local admin what type of
LTSP clients should be supported. (Still needs to be documented.)
* share/debian-edu-config/cups.service: Cleanup from superfluous entries,
thanks to Didier 'OdyX' Raboud.
* cf3/cf.workarounds: Create missing GOsa² related directory to avoid
confusion in case an admin is setting up a system of type printer.
-- Holger Levsen <email address hidden> Sun, 20 Dec 2020 09:47:45 +0100
debian-edu-config (2.11.39) unstable; urgency=medium
[ Wolfgang Schweer ]
* Add bin/debian-edu-copy-pki targeting roaming workstations (Closes: #951071)
The issues mentionend in the bug report are now cared for via policy files
for Firefox ESR, Thunderbird and Chromium.
The self signed Debian Edu server certificate has been the only problem left
for roaming workstations (in case a program uses the PKI infrastructure).
* Add man page share/man/man1/debian-edu-copy-pki.1.
* Improve sbin/debian-edu-ltsp-install:
- Add one more explanation to the script header, thanks Holger.
- Replace condition for NFS export configuration in case of a combined
server. This will fix the setup if the script is executed inside the
Debian Installer.
* share/man/man8/debian-edu-ltsp-install: Correct image type description.
* sbin/debian-edu-pxeinstall: use the now available homeworld theme.
* Workaround CUPS bug (#977198, cups service fails randomly after reboot):
- Add override file share/debian-edu-config/cups.service.
- Adjust cf3/cf.workarounds to activate the override file.
This makes sure the cups service starts after the nslcd one (needed because
the Debian Edu cups-files.conf refers to an LDAP group).
-- Holger Levsen <email address hidden> Sun, 13 Dec 2020 10:56:48 +0100
debian-edu-config (2.11.38) unstable; urgency=medium
[ Wolfgang Schweer ]
* Improve LTSP related setup and management framework. (Closes: #969935).
- Remove LTSP5 related tool sbin/debian-edu-ltsp.
- Move share/debian-edu-config/tools/edu-ltsp-install to
sbin/debian-edu-ltsp-install as tool for the re-written LTSP and improve
it further:
+ Add example how to support 32-bit thin client.
+ Extend Firefox ESR configuration for the thin client 'desktop' variant.
+ Care for iPXE menu completion after adding additional chroots.
- Add man page share/man/man8/debian-edu-ltsp-install.8.
- Adjust share/debian-edu-config/d-i/finish-install, Makefile,
share/debian-edu-config/tools/run-at-firstboot and
debian/debian-edu-config.lintian-overrides to reflect the changes.
* Adjust etc/dovecot/local.conf to match a recent Dovecot change. Now the IMAP
server name needs to be set (instead of the hostname of the system the
service is running on) for the Kerberos ticket to be accepted.
* Add various man pages:
- share/man/man8/debian-edu-fsautoresize.8
- share/man/man1/debian-edu-ldapserver.1
- share/man/man8/debian-edu-pxeinstall.8
- share/man/man8/debian-edu-update-netblock.8
- share/man/man1/ldap-debian-edu-install.1
- share/man/man1/ldap2netgroup.1
- share/man/man1/sitesummary2ldapdhcp.1
- share/man/man8/update-hostname-from-ip.8
* Makefile: Fix typo from years ago to get LDAP related man pages installed.
-- Holger Levsen <email address hidden> Sat, 05 Dec 2020 01:31:54 +0100
debian-edu-config (2.11.37) unstable; urgency=medium
[ Wolfgang Schweer ]
* Rework CUPS configuration, thanks to Mike Gabriel. (Closes: #944347).
Base Debian Edu specific configuration on recent CUPS configuration files:
- etc/cups/cupsd-debian-edu.conf: Use ipp.intern as central print server,
restrict access to preconfigured internal networks.
- etc/cups/cups-files-debian-edu.conf: Add LDAP group 'printer-admins' as
additional CUPS @SYSTEM group.
- etc/cups/cups-browsed-debian-edu.conf: New file. Configure all other
machines on the internal networks as clients using driverless printing.
- cf3/cf.cups: Adjust to conditionally activate CUPS configuration.
- www/*: Use FQDN for the print server, adjust PO and index files.
* Move over configuration (i.e. non-artwork) related files from d-e-artwork
for the sake of consistency. (Use different filenames to avoid conflicts.)
- share/glib-2.0/schemas/21_debian-edu+gdm.gschema.override
- share/glib-2.0/schemas/31_debian-edu+mate.gschema.override
- share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override
- share/mate-panel/layouts/debian-edu-mate.layout
* Adjust Makefile and debian/control to reflect the changes.
-- Holger Levsen <email address hidden> Mon, 23 Nov 2020 22:31:27 +0100
debian-edu-config (2.11.36) unstable; urgency=medium
[ Wolfgang Schweer ]
* Set DuckDuckGo as default search provider for both Firefox-ESR and Chromium.
This setting isn't forced, users are allowed to change it, compare #955707:
- Adjust share/firefox-esr/distribution/policies.json,
- Add etc/chromium/policies/recommended/search_provider.json.
* Improve homepage and startup page setup and newtab content for both
Firefox-ESR and Chromium:
- Adjust etc/firefox-esr/debian-edu.js,
- Adjust share/debian-edu-config/tools/update-chromium-homepage.
[ Holger Levsen ]
* Update standards version to 4.5.1, no changes needed.
-- Holger Levsen <email address hidden> Wed, 18 Nov 2020 12:10:46 +0100
debian-edu-config (2.11.35) unstable; urgency=medium
[ Wolfgang Schweer ]
* share/debian-edu-config/tools/edu-ltsp-install:
- Use http instead of https (debootstrap) to avoid a possible pitfall if a
proxy isn't configured to use https.
- Fix typo to avoid breaking home directory mounting (combined server).
* share/debian-edu-config/tools/improve-desktop-l10n:
- Also care for debian-edu-doc legacy packages.
* Rework internal network time synchronization. This avoids to edit the ntp
conffile on clients:
- Add share/debian-edu-config/debian-edu-timesyncd.conf as override file for
networked clients (with the exception of roaming workstations).
- Adjust Makefile, cf3/cf.ntp and cf3/edu.cf accordingly.
* debian/control: Move libpam-python back from Suggests to Recommends now
that the package is available in testing again. (Not yet ported to Python3,
but the Python2 related dependency chain doesn't fail any longer).
-- Holger Levsen <email address hidden> Mon, 09 Nov 2020 09:49:21 +0100
debian-edu-config (2.11.34) unstable; urgency=medium
[ Wolfgang Schweer ]
* Improve Samba configuration to support using PEAP-MSCHAPv2 with FreeRADIUS:
- Add 'netbios name = tjener' in etc/samba/smb-debian-edu.conf (the value
will be used as domain name).
- Add ntlm auth stanza to share/debian-edu-config/smb.conf.edu-site (case
restricted setting 'ntlm auth = mschapv2-and-ntlmv2-only').
* share/debian-edu-config/tools/gosa-sync: Adjust Samba account related code
introduced in d-e-c 2.11.33.
-- Holger Levsen <email address hidden> Thu, 29 Oct 2020 17:41:06 +0100
| 1 → 75 of 288 results | First • Previous • Next • Last |
