Package: release.debian.org Severity: normal User: release.debian.org@packages.debian.org Usertags: unblock Please unblock package debian-edu-config 2.11.54. It fixes 3 important bugs for Debian Edu and has no impact outside of Debian Edu, yet it's a key package and thus needs an unblock. It's been in unstable for 12 days and has been tested successfully. The diff is small and rather straughtforward too: $ debdiff debian-edu-config_2.11.54.dsc debian-edu-config_2.11.55.dsc | diffstat debian/changelog | 17 ++++++++++++ sbin/debian-edu-ltsp-install | 33 ++++++++++++++++++++---- share/debian-edu-config/tools/kerberos-kdc-init | 8 ++++- share/debian-edu-config/tools/run-at-firstboot | 16 +++++++++++ 4 files changed, 67 insertions(+), 7 deletions(-) The full debdiff is attached and d/changelog has these entries: debian-edu-config (2.11.55) unstable; urgency=medium [ Wolfgang Schweer ] * Create first user's Samba account at first boot of a main server when all required information is available via LDAP and debconf. Closes: #987632. - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the required password from debconf and let tools/run-at-firstboot create the Samba account. * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634. - Fix LTSP Initrd specific path component construction in case a 32-bit combined server is installed. - Provide a full name for diskless workstation to show up in the iPXE menu. - Use BD ISO image as mirror to enable complete offline installations of a combined server. -- Holger Levsen <holger@debian.org> Thu, 29 Apr 2021 15:27:17 +0200 unblock debian-edu-config/2.11.55 Thanks for your work on releasing bullseye! -- cheers, Holger ⢀⣴⠾⠻⢶⣦⠀ ⣾⠁⢠⠒⠀⣿⡁ holger@(debian|reproducible-builds|layer-acht).org ⢿⡄⠘⠷⠚⠋⠀ OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C ⠈⠳⣄ If nothing saves us from death, may love at least save us from life.
diff -Nru debian-edu-config-2.11.54/debian/changelog debian-edu-config-2.11.55/debian/changelog --- debian-edu-config-2.11.54/debian/changelog 2021-04-07 01:03:15.000000000 +0200 +++ debian-edu-config-2.11.55/debian/changelog 2021-04-29 15:27:17.000000000 +0200 @@ -1,3 +1,20 @@ +debian-edu-config (2.11.55) unstable; urgency=medium + + [ Wolfgang Schweer ] + * Create first user's Samba account at first boot of a main server when all + required information is available via LDAP and debconf. Closes: #987632. + - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the + required password from debconf and let tools/run-at-firstboot create the + Samba account. + * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634. + - Fix LTSP Initrd specific path component construction in case a 32-bit + combined server is installed. + - Provide a full name for diskless workstation to show up in the iPXE menu. + - Use BD ISO image as mirror to enable complete offline installations of a + combined server. + + -- Holger Levsen <holger@debian.org> Thu, 29 Apr 2021 15:27:17 +0200 + debian-edu-config (2.11.54) unstable; urgency=medium [ Wolfgang Schweer ] diff -Nru debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install --- debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install 2021-02-07 11:27:28.000000000 +0100 +++ debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install 2021-04-26 23:38:21.000000000 +0200 @@ -17,7 +17,7 @@ # Author/Copyright: Wolfgang Schweer <wschweer@arcor.de> # Licence: GPL2+ # first edited: 2019-11-21 -# last edited: 2021-02-04 +# last edited: 2021-04-26 set -e @@ -137,6 +137,8 @@ # Provide a full menu name for x86_64.img IPXE_X86_64_IMG="Diskless Workstation (64-Bit)" +# Provide a full menu name for x86_32.img +IPXE_X86_32_IMG="Diskless Workstation (32-Bit)" ##### Set default boot value ###### # Default value is x86_64 or x86_32 (arch specific, Diskless Workstation) @@ -339,18 +341,33 @@ show=false EOF +# Specific settings needed if BD ISO image is used for installation. +if grep -q BD /etc/apt/sources.list ; then + BD_ISO="true"; + device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)" + mirror="file:///media/cdrom/" +else + mirror="http://deb.debian.org/debian" +fi + # Create thin client chroot and generate image. export DEBIAN_FRONTEND=noninteractive if ! [ "" == "$thin_type" ] && [ ! -d /srv/ltsp/thin/"$thin_type"-"$arch"/etc/ltsp ] ; then mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch" # Install common thin client packages. -debootstrap --arch="$arch" --variant=minbase --include=linux-image-"$kernel_arch" \ - "$dist" /srv/ltsp/thin/"$thin_type"-"$arch" http://deb.debian.org/debian +debootstrap --arch="$arch" --no-check-gpg --variant=minbase --include=linux-image-"$kernel_arch" \ + "$dist" /srv/ltsp/thin/"$thin_type"-"$arch" "$mirror" chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt clean mount /dev/pts -t devpts /srv/ltsp/thin/"$thin_type"-"$arch"/dev/pts mount proc -t proc /srv/ltsp/thin/"$thin_type"-"$arch"/proc mount tmpfs -t tmpfs /srv/ltsp/thin/"$thin_type"-"$arch"/tmp mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/tmp/user/0 + if [ "true" == "$BD_ISO" ] ; then + mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom + mount $device /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom + cp /var/cache/apt/*.bin /srv/ltsp/thin/"$thin_type"-"$arch"/var/cache/apt/ + echo "deb [trusted=yes] $mirror $dist main" > /srv/ltsp/thin/"$thin_type"-"$arch"/etc/apt/sources.list + fi chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt -y -qq install education-thin-client p910nd # Install case specific additional packages. if [ "display" == "$thin_type" ] ; then @@ -361,6 +378,9 @@ x2gothinclient-cdmanager x2gothinclient-usbmount \ firefox-esr-l10n-"$LANGCODE" fi + if [ "true" == "$BD_ISO" ] ; then + umount /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom + fi umount /srv/ltsp/thin/"$thin_type"-"$arch"/dev/pts umount /srv/ltsp/thin/"$thin_type"-"$arch"/proc umount /srv/ltsp/thin/"$thin_type"-"$arch"/tmp @@ -472,8 +492,11 @@ # next modification avoids ltsp command error if lot of images are available. ALL_IMAGES=1 ltsp kernel ltsp initrd - mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/"$(uname -m)"/ltsp.img - + if uname -r | grep -q 686 ; then + mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/x86_32/ltsp.img + else + mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/"$(uname -m)"/ltsp.img + fi # Clean up ltsp.conf from specific items. sed -i '/PRE_INIT_MAIN/d' /etc/ltsp/ltsp.conf sed -i '/MASK_SYSTEM/d' /etc/ltsp/ltsp.conf diff -Nru debian-edu-config-2.11.54/share/debian-edu-config/tools/kerberos-kdc-init debian-edu-config-2.11.55/share/debian-edu-config/tools/kerberos-kdc-init --- debian-edu-config-2.11.54/share/debian-edu-config/tools/kerberos-kdc-init 2021-01-25 17:46:26.000000000 +0100 +++ debian-edu-config-2.11.55/share/debian-edu-config/tools/kerberos-kdc-init 2021-04-26 23:38:21.000000000 +0200 @@ -260,8 +260,12 @@ firstuser_samba() { echo "Adding Samba account for '$FIRSTUSERNAME'" (echo $FIRSTUSERPWD; echo $FIRSTUSERPWD) | smbpasswd -a -s $FIRSTUSERNAME - db_set debian-edu-config/first-user-password '' - echo "First user password cleared from debconf database." 1>&2 + # Clear password in case of success, i.e. if this script is called via + # /usr/share/debian-edu-config/tools/edu-ldap-from-scratch (outside d-i). + if pdbedit -L -v $FIRSTUSERNAME >/dev/null 2>&1 ; then + db_set debian-edu-config/first-user-password '' + echo "First user password cleared from debconf database." 1>&2 + fi } ## check if there is no kdc yet: diff -Nru debian-edu-config-2.11.54/share/debian-edu-config/tools/run-at-firstboot debian-edu-config-2.11.55/share/debian-edu-config/tools/run-at-firstboot --- debian-edu-config-2.11.54/share/debian-edu-config/tools/run-at-firstboot 2021-01-25 17:46:26.000000000 +0100 +++ debian-edu-config-2.11.55/share/debian-edu-config/tools/run-at-firstboot 2021-04-26 23:38:21.000000000 +0200 @@ -7,6 +7,9 @@ . /etc/debian-edu/config fi +# Enable debconf +. /usr/share/debconf/confmodule + # Grab dist value for both testing and stable release cases. if grep -q / /etc/debian_version ; then dist=$(cat /etc/debian_version | cut -d/ -f1) @@ -112,6 +115,19 @@ EOF logger -t exim-create-environment -p notice Sent mail to first-user. fi + +# Create first user's Samba account. The smbpasswd command fails inside d-i +# because user information from LDAP is missing at that time. All passwords have +# been cleared from the debconf database inside d-i, except the one needed here. +if echo "$PROFILE" | grep -q Main-Server ; then + db_get debian-edu-config/first-user-password + FIRSTUSERPWD="$RET" + (echo "$FIRSTUSERPWD"; echo "$FIRSTUSERPWD") | smbpasswd -a -s $FIRSTUSER + info "Added Samba account for '$FIRSTUSER'." + db_set debian-edu-config/first-user-password '' + info "First user password cleared from debconf database." +fi + if [ -x /usr/bin/etckeeper ] ; then etckeeper commit "End of first boot" > /dev/null 2>&1 || true fi
Attachment:
signature.asc
Description: PGP signature