Your message dated Mon, 26 Aug 2019 20:45:00 +0000 with message-id <E1i2LrI-000H3b-Bw@fasolo.debian.org> and subject line Bug#928756: fixed in debian-edu-config 2.10.65+deb10u1 has caused the Debian Bug report #928756, regarding debian-edu-config: search domain not configured correctly on diskless workstations in subnet00 to be marked as done. This means that you claim that the problem has been dealt with. If this is not the case it is now your responsibility to reopen the Bug report if necessary, and/or fix the problem forthwith. (NB: If you are a system administrator and have no idea what this message is talking about, this may indicate a serious mail system misconfiguration somewhere. Please contact owner@bugs.debian.org immediately.) -- 928756: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=928756 Debian Bug Tracking System Contact owner@bugs.debian.org with problems
--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: debian-edu-config: search domain not configured correctly on diskless workstations in subnet00
- From: Dominik George <natureshadow@debian.org>
- Date: Fri, 10 May 2019 15:10:22 +0200
- Message-id: <155749382225.2686.17448766634204497365.reportbug@pc-n207-14.subnet00.intern>
Package: debian-edu-config Version: 2.10.64 Severity: important -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 The following misbehaviour occurs reproducibly in a new installation of Debian Edu buster. 1. Install a combined server like normal. 2. Add a machine on the LTSP network 192.168.0.0/32 as in the screenshot. 3. Boot that machine as diskless workstation. If done like that, the /etc/resolv.conf generated at boot by ltsp-init with the information provided by 08-edu-hostname is missing a search domain entry (it should probably be subnet00.intern intern). Thus, short hostnames, like used by the default Firefox start page, are not resolvable. The configuration of the search domain works perfectly on the main network 10.0.0.0/16. I only tested on (two different) combined servers, not on a dedicated terminal server. - -- System Information: Debian Release: buster/sid Architecture: amd64 (x86_64) Kernel: Linux 4.19.0-4-amd64 (SMP w/8 CPU cores) Kernel taint flags: TAINT_PROPRIETARY_MODULE, TAINT_FIRMWARE_WORKAROUND, TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8), LANGUAGE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /usr/bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debian-edu-config depends on: ii bind9-host 1:9.11.5.P4+dfsg-1 ii cfengine3 3.12.1-2 ii debconf [debconf-2.0] 1.5.71 ii debconf-utils 1.5.71 ii debian-edu-artwork 2.10.5-1 ii desktop-profiles 1.4.30 ii e2fsprogs 1.44.5-1 ii education-tasks 2.10.47 ii fping 4.2-1 ii isenkram-cli 0.41 ii ldap-utils 2.4.47+dfsg-3 ii ldapscripts 2.0.8-1 ii libconfig-inifiles-perl 3.000001-1 ii libfilesys-df-perl 0.92-6+b4 ii libhtml-fromtext-perl 2.07-1 ii libio-socket-ssl-perl 2.060-3 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9104-1 ii libnss3-tools 2:3.42.1-1 ii libpacparser1 1.3.6-1.1+b4 ii libpam-python 1.0.6-1.1 ii libproxy1-plugin-kconfig 0.4.15-5 ii libproxy1-plugin-networkmanager 0.4.15-5 ii libproxy1-plugin-webkit 0.4.15-5 ii libterm-readkey-perl 2.38-1 ii libtext-unaccent-perl 1.08-1.3+b3 ii lockfile-progs 0.1.18 ii lsb-base 10.2019031300 ii lsb-release 10.2019031300 ii mime-support 3.62 ii net-tools 1.60+git20180626.aebd88e-1 ii netcat-traditional [netcat] 1.10-41.1 ii ng-utils 1.0-1+b1 ii openssl 1.1.1b-1 ii patch 2.7.6-3 ii python 2.7.16-1 ii python-notify 0.1.1-4 ii ssl-cert 1.0.39 ii swaks 20181104.0-2 ii tftp-hpa 5.2+20150808-1+b1 ii uuid 1.6.2-1.5+b7 Versions of packages debian-edu-config recommends: ii binutils 2.31.1-15 ii libnotify-bin 0.7.7-4 ii lsof 4.91+dfsg-1 ii memtest86+ 5.01-3 pn resolvconf <none> ii syslinux 3:6.04~git20190206.bf6db5b4+dfsg1-1 debian-edu-config suggests no packages. - -- Configuration Files: /etc/sssd/sssd-debian-edu.conf [Errno 13] Keine Berechtigung: '/etc/sssd/sssd-debian-edu.conf' - -- debconf-show failed -----BEGIN PGP SIGNATURE----- iQJ+BAEBCABoFiEEPJ1UpHV1wCb7F/0mt5o8FqDE8pYFAlzVeD0xGmh0dHBzOi8v d3d3LmRvbWluaWstZ2VvcmdlLmRlL2dwZy1wb2xpY3kudHh0LmFzYxgcbmF0dXJl c2hhZG93QGRlYmlhbi5vcmcACgkQt5o8FqDE8pazfw//RV0gY6hiwqAj0VAnjZHQ +42aDgBSII0r/TBUFXMZjAzGSlEFivoJ366Yxcww8IbJ0fk8gCD0Pz/mdI6Vc6aj 7YeMgkbXChFPSED9PaqjeiAIY6sGl++5Y6Av3X51tsP/+lOkVH8kII5CI55Ggmk1 XY+j02jgh67mstrYZbuiX5DB/bVGuOwVY06t1FO6d8Wsi/YEP4sx7IDJL4o3Ng8b H1jiCFYWUNUt/b1dOTbUhKQS0dIuyPQp0KANQk8aXQ9/VffeypASi/XZQKwAfGF/ wB2ZwYUqtWAQ0qvYsc3WqTj6fkcSqvGc2KGm9vsT3OjfuShs6xPj5Dw0qN3WV2Hk MmlDnRhmUWS8P2y1W9ItbUXMuQ3lUYrxKbpz+E6qBqsriKRIw4KiLGViAwxftrpH fLwim9hC/VPk7bwNU7w0KSWcQfvOWYf6wre4xw3aGgxrk4fuV3i9EutPSSyRNd8m 9NzP1XJRUlghxL66JcYzisKMjKT12aenyABjy3ExOCCwpuZ6L7SWYHKwAbvNQP1b x9F/N0wyEciZ81H1S0GUdEyr5/AnohFlFLrxL7JaNg8xXE/t2JVHWWbO2iCNKbgp 8iUGrvyO8/FsF42UjexiWrNHg7hKDPBEWa4DLtpCMEjvIGEF/QIP4Q/RvBOC+vQC fdI4jtonFwurGbnWV2x5wLE= =ftWv -----END PGP SIGNATURE-----Attachment: Bildschirmfoto_2019-05-10_15-07-32.png
Description: PNG image
--- End Message ---
--- Begin Message ---
- To: 928756-close@bugs.debian.org
- Subject: Bug#928756: fixed in debian-edu-config 2.10.65+deb10u1
- From: Mike Gabriel <sunweaver@debian.org>
- Date: Mon, 26 Aug 2019 20:45:00 +0000
- Message-id: <E1i2LrI-000H3b-Bw@fasolo.debian.org>
Source: debian-edu-config Source-Version: 2.10.65+deb10u1 We believe that the bug you reported is fixed in the latest version of debian-edu-config, which is due to be installed in the Debian FTP archive. A summary of the changes between this version and the previous one is attached. Thank you for reporting the bug, which will now be closed. If you have further comments please address them to 928756@bugs.debian.org, and the maintainer will reopen the bug report if appropriate. Debian distribution maintenance software pp. Mike Gabriel <sunweaver@debian.org> (supplier of updated debian-edu-config package) (This message was generated automatically at their request; if you believe that there is a problem with it please contact the archive administrators by mailing ftpmaster@ftp-master.debian.org) -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Format: 1.8 Date: Mon, 26 Aug 2019 20:14:26 +0200 Source: debian-edu-config Architecture: source Version: 2.10.65+deb10u1 Distribution: buster Urgency: medium Maintainer: Debian Edu Developers <debian-edu@lists.debian.org> Changed-By: Mike Gabriel <sunweaver@debian.org> Closes: 926933 928756 929964 930122 931366 931413 931680 932828 933183 933580 934380 Changes: debian-edu-config (2.10.65+deb10u1) buster; urgency=medium . [ Wolfgang Schweer ] * Adjust ltsp-build-client/Debian-custom/001-ltsp-setting. (Closes: #928756) - Use PXE option 'ipappend 2' for LTSP client boot. This option makes sure that all DHCP server information is getting through to LTSP clients. (LTSP used this option before, but switched to 'ipappend 3' during the Buster development cycle to ease setups with ProxyDHCP.) * Adjust share/debian-edu-config/sudo-ldap.conf. (Closes: #929964) - Fix sudo-ldap configuration. (The LDAP URI is needed on LDAP clients.) * Set environment variable to deal with Firefox profile. (Closes: #930122) This is a workaround for bug #930125, preventing firefox-esr startup issues if the mozilla profile is on an NFS share). - Ship share/debian-edu-config/edu-firefox-nfs with NSS_SDB_USE_CACHE="yes" as content. Thanks to Mike Gabriel for spotting the issue and providing this information. - Add instructions to cf3/cf.workarounds to link the 'edu-firefox-nfs' file to appropriate files below '/etc/X11/Xsession.d' and '/etc/profile.d'. * Adjust cf3/cf.homes: Set correct LTSP chroot path. (Closes: #931680) - While the reported arch is i686, LTSP uses i386. Set arch accordingly. * Adjust share/debian-edu-config/tools/kerberos-kdc-init. (Closes: #931366) - Remove outdated (and now wrong) logging section. * Fix loss of dynamically allocated v4 IP address. (Closes: #933580) - Drop etc/network/if-up.d/hostname. This script doesn't work anymore due to changed behaviour of the ifupdown/dhclient/systemd combination and now also causes the loss of a dynamically allocated ipv4 IP address after 20 to 30 minutes after booting. - Add code to d/debian-edu-config.postinstall to implement the intended hostname update just after rebooting the system after a change. - Adjust Makefile. * Provide Debian Edu RootCA certificate for download. (Closes: #933183) - Adjust share/debian-edu-config/tools/create-debian-edu-certs to copy the rootCA file to the web server directory at certificate generation time. - Adjust cf3/cf.finalize to care for the rootCA file as well. - Adjust cf3/cf.workarounds to copy the rootCA file to the web server directory upon main server upgrade. * Add LDAP server certificate to the initial LTSP NBD image. (Closes: #932828) - etc/ltsp/ltsp-build-client.conf: Don't create the image by default. - cf3/edu.cf: Define new class 'ltspimages'. - cf3/cf.finalize: Add code to include the LDAP server certificate for all possible use cases, to generate the image and to adjust various rights. * Changes to debian-edu-config.fetch-ldap-cert from 2.10.67). - Use independent conditions to make sure that the LDAP server certificate is only downloaded once for both host and LTSP chroot. (Closes: #934380) - Add code to validate the LDAP server certificate in case the Debian Edu RootCA certificate is available for download. . [ Mike Gabriel ] * Changes to debian-edu-config.fetch-ldap-cert (from 2.10.66): - Make the script (and with it Debian Edu buster workstations) work in a Debian Edu environment where the main server (TJENER) is still on Debian Edu 8 or 9. (Closes: #926933) - Retrieve TJENER's PKI server certificate only once per host to improve security. This re-introduces the behaviour of fetch-ldap-cert in stretch and earlier. (Closes: #931413). * Changes to debian-edu-config.fetch-ldap-cert (from 2.10.67): - White-space-only change: Fix broken and inconsistent indentations. - Fully inline-document fetch-ldap-cert script. - Add "-f" option to all curl calls that don't have it set so far. This assures that curl bails out with a non-zero exit code, if anything goes wrong while retrieving certificate files. - Also report a successful certificate verification if we verified the LDAP server certificate using the Debian Edu RootCA. - Really check that the LDAP server uses a certificate issued by the "Debian Edu RootCA", not just by (some) "RootCA". - Add 2x FIXME about BUNDLECRT file removal from host and from LTSP chroots. - LTSP chroot certificate copying: only log those actions, if they are actually about to happen.. - Silence curl stderr and gnutls-cli stdout+stderr. - Certificate retrieval: Fix upgrade path for RootCA deployment. Re-run CERTFILE (and ROOTCACRT retrieval) until we have both on the client. This will lead to repetitive downloads of the CERTFILE on system boot. To get rid of this, people must upgrade their TJENERs from Debian Edu 10.0 to 10.1. Then it will stop. This hack is necessary to assure distribution of the RootCA to all clients that don't have it, yet. - Detach dependency of ROOTCACRT chroot copying and BUNDLECRT chroot copying from chroot copying of the CERTFILE. The chroot may have the CERTFILE, but not the ROOTCACRT, yet. This assures a smooth upgrade path from Debian Edu 10.0 to Debian Edu 10.1. - Do a simple validity check if a directory under /opt/ltsp really is a chroot (and e.g. not the SquashFS images' directory). Checksums-Sha1: b607dc7c6bbebfac539d247d0ed0f44fa21f9aa8 1979 debian-edu-config_2.10.65+deb10u1.dsc 9dbd2f6629a2582012d38990fa79aca5341c2581 345200 debian-edu-config_2.10.65+deb10u1.tar.xz a6c2cdf305c8f044a8bfa713172184e9f9fd738e 6268 debian-edu-config_2.10.65+deb10u1_source.buildinfo Checksums-Sha256: 0835ba945745662431a159177d3b523a1282e15a89648b52094a31d8480a0245 1979 debian-edu-config_2.10.65+deb10u1.dsc 0309a33dbf4c5ee6fe6c41fcb37b189f63c28788f5777237c64fc89d439d3bf8 345200 debian-edu-config_2.10.65+deb10u1.tar.xz 87c384785f4d80d00083de666a3feff6399f37e7d0bd554f3017923af116d9d6 6268 debian-edu-config_2.10.65+deb10u1_source.buildinfo Files: 71346dbd768946f9e70480b6f81fb492 1979 misc optional debian-edu-config_2.10.65+deb10u1.dsc 49104c49362dc4d406782f6f359aab7b 345200 misc optional debian-edu-config_2.10.65+deb10u1.tar.xz 63cf6b6c00ba8f68207f7b6bf8165677 6268 misc optional debian-edu-config_2.10.65+deb10u1_source.buildinfo -----BEGIN PGP SIGNATURE----- iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAl1kIZ0VHHN1bndlYXZl ckBkZWJpYW4ub3JnAAoJEJr0azAldxsx1s8QAIfGI4kJnuPk9WZxdpXw6QxJ7W7v 31144c5IPLM+ahOBuMuBfRzT59+R7enJxUb/mfPPX4bM2x9WGCe2HQUDVIA7O430 9MFb2tmGHffDl+0cjYXDv4K1dUz/Gp/xFlCfrcLE+Q5WUPrALni8hWyXLLyWSPYU E14vOLjyrMnlos0bR9eJQVXfGUfX7wIGlyCuBeur1FUSf6Srlrr7j63bBA4+h5VH v61syK2LKlgRCmts7wIQn8qmWrxLzwF6CUitnaxP5inX7+WhCbm71zSaH3rnkN5V diZpR6MeUUsHw50n3RXvQRxVfBQVGMD63uObaQV2pOjg46QddIwp+dLEm6w+RQLn r6zueO6JifVKsxuusaT7K5AGiz5yoBHAQCH5AzUJQifSi8yrFTm0k1jViWDieQti OUnzw+ILj7QGG/KccrzSMLfjBHEzD9BbKajyLb38ukwWmIMPCt0IIKMuAjBAMlSL DM/fbYGWXHwh6L/T0tdEgyn/afhQR+BLjkXGmjpW6li/+6bw5nkF9WFF+lHBmgNt yAyRKCUZycKD2MUbC1LXY1y2iw+V7PqqzXqXadxpaki13ZG+DRERwf7Rwqg4bPFi JXZa5+3vH8dgNpxynSIMPJAGciYQfjUa5ZfSG0j8esg+h47mf92aTPzMxrQfDqHi PDv6xxsiZWXIN8sY =EjMw -----END PGP SIGNATURE-----
--- End Message ---