Control: tag -1 - moreinfo Hi & sorry for the delay on this… On Fri, Aug 05, 2016 at 05:11:51PM +0200, Julien Cristau wrote: > So I'm not seeing anything that handles conffile renaming in maintainer > scripts (and e.g. removal of directories under /etc/iceweasel). That > seems wrong, I think? indeed, we had forgotten that commit… I'd now like to upload the following changes compared to previously in this bug-report: + - Add code to cleanup iceweasel and firefox-esr related conffiles in + postinst and preinst scripts. + - Adjust testsuite/ltsp and testsuite/webserver as + /etc/firefox-esr/cert_override.txt is no longer useful. + - Adjust sbin/snakeoil-on-ice as only the /etc/skel location on the main + server seems to be useful for the certificate override file. + - Move debian-edu.js -> etc/firefox-esr/debian-edu.js as this is the + location for syspref now. Or, if you prefer, these are the changes compared to whats in stable now: +debian-edu-config (1.818+deb8u2) UNRELEASED; urgency=medium + + [ Wolfgang Schweer ] + * Take 2b2a657f from sid on cf/cf.ldapclient: don't purge libnss-mdns + cause cups now needs mdns for automatic printer detection. + (Closes: #825919). + * dhclient-exit-hooks.d/hostname: adjust for the case of a dedicated + LTSP server. (Closes: #783087). + * Adjust ldap-tools/ldap-debian-edu-install to be compliant with systemd + now that unit samba.service is masked (see #769714). (Closes: #826201). + * Move from Iceweasel to Firefox ESR: (Closes: #827448) + - rename several files containing iceweasel and also the directory + share/iceweasel. + - replace iceweasel with firefox-esr in various files. + - use '/etc/firefox-esr' as place for firefox preference files. + - update Makefile. + - Add code to cleanup iceweasel and firefox-esr related conffiles in + postinst and preinst scripts. + - Adjust testsuite/ltsp and testsuite/webserver as + /etc/firefox-esr/cert_override.txt is no longer useful. + - Adjust sbin/snakeoil-on-ice as only the /etc/skel location on the main + server seems to be useful for the certificate override file. + - Move debian-edu.js -> etc/firefox-esr/debian-edu.js as this is the + location for syspref now. + + [ Mike Gabriel ] + * Iceweasel -> Firefox transition: system-wide, non-configurable browser + defaults now go into /usr/share/firefox-esr/browser/defaults/, not + /usr/share/firefox/defaults/. + * Rename cf.firefox to cf.firefox-esr and make sure it operated on + /etc/firefox-esr. + * firefox-networked-prefs.js: Fix configuration folder in comment. + * sbin/snake-on-ice: Rename /etc/firefox to /etc/firefox-esr. Only + declare OVERRIDE_FILE once and then use it accordingly (instead + of hard-coding /etc/firefox(-esr) several times. Use more quotes. + * debian/dirs: We ship /etc/firefox-esr, not /etc/firefox. + * kickoffrc: Use firefox-esr.desktop, rather than firefox.desktop. + * testsuite/ltsp: Check presence of cert_override.txt in /etc/firefox-esr/, + rather than /etc/firefox/. + * testsuite/webserver: Dito (check presence of cert_override.txt in /etc/firefox-esr/, + rather than /etc/firefox/). + + [ Holger Levsen ] + * Move code to cleanup /usr/share/pam-configs/krb5 diversion from postinst + to preinst to ease upgrades from old wheezy installations. + (Closes: #779641) + * Adjust cf.krb5client to ensure that cfengine runs are idempotent. + (Closes: #779642) - Patch taken from master branch from Wolfgang. For upload I'll obviously change the distribution to "jessie". Attached are three files: - d-e-c-previous.diff - the diff to what whas previously proposed in this bug - d-e-c-stable.diff.gz - the diff to what's in stable - d-e-c-stable-M.diff - the diff to what's in stable but generated with diff -M So, is this ok to upload? Thanks for your work on this point release! -- cheers, Holger
diff --git a/Makefile b/Makefile
index a1ea964..a083d4f 100644
--- a/Makefile
+++ b/Makefile
@@ -112,6 +112,7 @@ SYSCONFFILES = \
exim4/exim-ldap-client-v4.conf \
exim4/exim-ldap-server-v4.conf \
filesystems \
+ firefox-esr/debian-edu.js \
gosa/gosa.conf \
php5/apache2/php-debian-edu.ini \
insserv/overrides/kdm \
@@ -454,7 +455,6 @@ install: install-testsuite
share/debian-edu-config/rsyslog-collector \
share/debian-edu-config/firefox-networked-prefs.js \
share/debian-edu-config/squid3.conf \
- share/firefox-esr/browser/defaults/preferences/debian-edu.js \
share/pam-configs/edu-group \
share/pam-configs/edu-umask \
share/perl5/Debian/Edu.pm \
diff --git a/cf/cf.firefox-esr b/cf/cf.firefox-esr
index 89fd0e0..cd70a4e 100644
--- a/cf/cf.firefox-esr
+++ b/cf/cf.firefox-esr
@@ -1,17 +1,9 @@
#
# Set up firefox to accept the default ssl certificate created through cf.apache2.
#
-# Should create cert_override.txt in /etc/firefox/profile/ that will be included
-# in new firefox profiles created on local host.
# On main server use /etc/skel/ to create a default profile for new
-# users in case they start firefox the first time on non configured
-# hosts.
-#
+# users in case they start firefox the first time.
directories:
- # Check file system is prepared for the local firefox default profile.
- debian.installation.!standalone::
- /etc/firefox-esr/profile mode=755 owner=root group=root
-
# Check file system is prepared for inclusion in new users home directories.
debian.installation.server::
/etc/skel/.mozilla/firefox/debian-edu.default mode=755 owner=root group=root
diff --git a/debian/changelog b/debian/changelog
index 2df91a6..b71a967 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -14,6 +14,14 @@ debian-edu-config (1.818+deb8u2) UNRELEASED; urgency=medium
- replace iceweasel with firefox-esr in various files.
- use '/etc/firefox-esr' as place for firefox preference files.
- update Makefile.
+ - Add code to cleanup iceweasel and firefox-esr related conffiles in
+ postinst and preinst scripts.
+ - Adjust testsuite/ltsp and testsuite/webserver as
+ /etc/firefox-esr/cert_override.txt is no longer useful.
+ - Adjust sbin/snakeoil-on-ice as only the /etc/skel location on the main
+ server seems to be useful for the certificate override file.
+ - Move debian-edu.js -> etc/firefox-esr/debian-edu.js as this is the
+ location for syspref now.
[ Mike Gabriel ]
* Iceweasel -> Firefox transition: system-wide, non-configurable browser
diff --git a/debian/debian-edu-config.postinst b/debian/debian-edu-config.postinst
index 419bb36..5e39d0a 100644
--- a/debian/debian-edu-config.postinst
+++ b/debian/debian-edu-config.postinst
@@ -227,6 +227,39 @@ configure)
rm_conffile debian-edu-config /etc/powerdns/pdns.d/pdns-debian-edu.conf
fi
+ if dpkg --compare-versions "$2" le "1.818+deb8u1" && [ -L /usr/bin/firefox-esr ] ; then
+ rm_conffile debian-edu-config /etc/X11/Xsession.d/06debian-edu-iceweasel-ltsp
+ rm_conffile debian-edu-config /etc/apt/apt.conf.d/99-edu-prefer-iceweasel
+ rm_conffile debian-edu-config /etc/init.d/iceweasel-ldapconf
+ rm_conffile debian-edu-config /etc/cfengine/debian-edu/cf.iceweasel
+ if [ -L /etc/iceweasel/pref/debian-edu-networked.js ] ; then
+ rm /etc/iceweasel/pref/debian-edu-networked.js
+ fi
+ rm_conffile debian-edu-config /usr/share/debian-edu-config/iceweacel-networked-prefs.js
+ if [ -e /etc/iceweasel/pref/debian-edu-homepage-ldap.js ] ; then
+ rm /etc/iceweasel/pref/debian-edu-homepage-ldap.js
+ fi
+ if [ -e /etc/iceweasel/profile/cert_override.txt ] ; then
+ rm /etc/iceweasel/profile/cert_override.txt
+ fi
+ # for networked profiles only.
+ if grep -q Standalone /etc/debian-edu/config; then
+ :
+ else
+ if ! [ -e /etc/firefox-esr/debian-edu-networked.js ] ; then
+ ln -s /usr/share/debian-edu-config/firefox-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
+ if ! [ -e /etc/ltsp_chroot ] ; then
+ /usr/share/debian-edu-config/tools/update-firefox-homepage ldap:homepage
+ if grep -q Thin-Client-Server /etc/debian-edu/config && [ -d /opt/ltsp ] ; then
+ for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
+ chroot $ltsp_chroot /usr/share/debian-edu-config/tools/update-firefox-homepage ldap:homepage
+ done
+ fi
+ fi
+ fi
+ fi
+ fi
+
# sssd refuses to read the file if it has any other mode
chmod 600 /etc/sssd/sssd-debian-edu.conf
chown root:root /etc/sssd/sssd-debian-edu.conf
diff --git a/debian/debian-edu-config.preinst b/debian/debian-edu-config.preinst
index 405667f..9b22beb 100644
--- a/debian/debian-edu-config.preinst
+++ b/debian/debian-edu-config.preinst
@@ -58,6 +58,10 @@ upgrade)
pam-auth-update --package --remove edu-krb5
fi
+ # Just in case linking has already been done manually to now obsolete file.
+ if dpkg --compare-versions "$2" le "1.818+deb8u1" && [ -L /etc/firefox-esr/debian-edu-networked.js ] ; then
+ rm /etc/firefox-esr/debian-edu-networked.js
+ fi
;;
esac
diff --git a/etc/firefox-esr/debian-edu.js b/etc/firefox-esr/debian-edu.js
new file mode 100644
index 0000000..65d6e52
--- /dev/null
+++ b/etc/firefox-esr/debian-edu.js
@@ -0,0 +1,47 @@
+// Limit the disk cache, and disable it by default, to avoid users
+// filling up their home directory with cache files.
+pref("browser.cache.disk.enable", false);
+pref("browser.cache.offline.enable", false);
+
+pref("browser.cache.disk.capacity", 5120);
+// This need to point to a user specific file, can't use a common file for all users
+//pref("browser.cache.disk.parent_directory", "/var/tmp");
+
+// Only cache to memory instead
+pref("browser.cache.memory.enable", true);
+pref("browser.cache.memory.max_entry_size", -1);
+
+// Printer Settings
+pref("print.postscript.print_size", "A4");
+pref("print.postscript.print_command", "kprinter");
+pref("print.print_command", "kprinter");
+
+// Enable spell checking in both single-line and multi-line fields
+pref("layout.spellcheckDefault", 2);
+
+// Mailto settings
+pref("network.protocol-handler.app.mailto", "icedove");
+
+// Disable malware detection to avoid heavy I/O during login.
+// Should be disabled when BTS #? is fixed.
+// http://www.debianhelp.org/node/14453
+// https://bugs.launchpad.net/firefox/+bug/215728
+// https://bugs.edge.launchpad.net/ubuntu/+source/firefox-3.0/+bug/229745
+pref("browser.safebrowsing.malware.enabled", false);
+pref("browser.safebrowsing.enabled", false);
+
+// Disable location-bar suggestion feature that is sludgy on
+// thin-clients.
+pref("browser.urlbar.maxRichResults", 0);
+
+// Tell Firefox to not look for upgrades. Use apt to upgrade.
+pref("app.update.enabled", false);
+
+// But it is allowed to look for new extentions.
+pref("extensions.update.enabled", true);
+
+// Use LANG environment variable to choose locale.
+pref("intl.locale.matchOS", true);
+
+// Disable default browser checking.
+pref("browser.shell.checkDefaultBrowser", false);
diff --git a/sbin/snakeoil-on-ice b/sbin/snakeoil-on-ice
old mode 100644
new mode 100755
index 9911065..bc8529a
--- a/sbin/snakeoil-on-ice
+++ b/sbin/snakeoil-on-ice
@@ -1,7 +1,7 @@
#!/bin/bash
#
# Set up Firefox to accept the default ssl certificate created by debian-edu-config
-# for new users and new Firefox profiles.
+# for new users.
#
# Author: Oded Naveh
# Date: 03-06-2009
@@ -17,93 +17,35 @@ set -e
echo "info: Running $0"
-SERVERS='www:443 www:631 backup:443'
-
-## FIXME: Why is resolv.conf empty or missing? Because network
-## was started in the chroot (target)?
-## Try to find the DNS from the leases file, if that fails use
-## default DNS:
-if [ ! -s /etc/resolv.conf ] ; then
- DNS="10.0.2.2"
- LEASEDIR=/var/lib/dhcp/
- if [ -d $LEASEDIR ] ; then
- LEASEFILE=$LEASEDIR`ls -tr -1 $LEASEDIR | tail -n 1`
- if [ -r $LEASEFILE ] ; then
- if DNSLEASE=`cat $LEASEFILE | grep domain-name-servers | \
- tail -n 1 | \
- grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+"` ; then
- DNS=$DNSLEASE
- echo "info: Found leases file and domain-name-server: $DNS."
- else
- echo "info: Could not extract DNS from leases file."
- fi
- fi
- fi
- echo "info: Create temporary /etc/resolv.conf with DNS: $DNS."
- cat >> /etc/resolv.conf <<EOF
-## This is a temporary resolv.conf created by $0.
-## If you find it after installation, something went wrong. Try to replace it
-## by a symlink: /etc/resolv.conf -> /etc/resolvconf/run/resolv.conf, i.e.:
-## rm /etc/resolv.conf; ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
-nameserver $DNS
-search intern
-EOF
-fi
# On main server read local certificate
-# otherwise fetch the certificate over ssl.
if [[ $PROFILE =~ Main-Server ]]; then
- CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem;
-elif (ping -c 1 www > /dev/null); then
- CERT=$(tempfile -p fetch -s cert)
- echo | openssl s_client -connect www:443 2>/dev/null | \
- sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > $CERT;
+ :
else
- echo 'error: can not find SSL certificate for http://www'
- exit 1;
+ echo 'Not running on main server; exiting'
+ exit 1;
fi
+CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem;
+SERVERS='www:443 www:631 backup:443'
-# Write the override entries in the default profile.
-# These will be copied to new Firefox profiles.
+# The override entries will go into cert_override.txt in the skel directory.
+# This override file will be copied to the firefox profile for new users.
+# If users create another profile they'll have to do it themselves.
-OVERRIDE_FILE=/etc/firefox-esr/profile/cert_override.txt
+OVERRIDE_FILE=/tmp/cert_override.txt
SED_SERVERS=$(echo $SERVERS | sed 's/ /\\|/g')
FINGERPRINT=$(openssl x509 -in $CERT -noout -sha256 -fingerprint | sed 's/SHA256 Fingerprint=//')
OVERRIDE_STRING="OID.2.16.840.1.101.3.4.2.1 $FINGERPRINT MU AAAAAAAAAAAAAAAJAAAAGgDgwHd5q3rzhTAYMRYwFAYDVQQDEw10amVuZXIuaW50 ZXJu" # Bogus database key (A.*Ju)
-if [ -f $OVERRIDE_FILE ]; then
- sed "/$SED_SERVERS/ s/..\(:..\)\{31\}/$FINGERPRINT/" $OVERRIDE_FILE > $OVERRIDE_FILE.temp;
- if cmp $OVERRIDE_FILE $OVERRIDE_FILE.temp ; then
- cat <<-EOF 1>&2
- info: File $OVERRIDE_FILE
- info: already up to date. No need to do anything, exiting.
- EOF
- rm $OVERRIDE_FILE.temp
- exit 0
- else
- cp --backup=numbered $OVERRIDE_FILE /var/backups/cert_override
- echo -e "warning: Found old $OVERRIDE_FILE," \
- "\n\tcreated versioned backup in /var/backups/cert_override.x."
- fi
-else
- [ -d "$(dirname $OVERRIDE_FILE)" ] || mkdir -p "$(dirname $OVERRIDE_FILE)"
- echo -e '# PSM Certificate Override Settings file\n# This is a generated file! Do not edit.\n' > $OVERRIDE_FILE.temp;
-fi
+echo -e '# PSM Certificate Override Settings file\n# This is a generated file! Do not edit.\n' > $OVERRIDE_FILE;
for server in $SERVERS ; do
- if ! (grep -q $server $OVERRIDE_FILE.temp); then
- echo "$server $OVERRIDE_STRING" >> $OVERRIDE_FILE.temp;
- fi;
+ echo "$server $OVERRIDE_STRING" >> $OVERRIDE_FILE;
done
-chmod a+r $OVERRIDE_FILE.temp
-mv $OVERRIDE_FILE.temp $OVERRIDE_FILE
-
-
-# On main server also check /etc/skel/ for default profile.
-# This will be copied to new users home directories.
+chmod a+r $OVERRIDE_FILE
if [[ $PROFILE =~ Main-Server ]]; then
TEMPLATE_DIR=/etc/skel/.mozilla/firefox
@@ -111,12 +53,11 @@ if [[ $PROFILE =~ Main-Server ]]; then
# Check/copy the override file.
- if ! cmp $TEMPLATE_PROF/cert_override.txt $OVERRIDE_FILE ; then
- [ -d $TEMPLATE_PROF ] || mkdir -p $TEMPLATE_PROF
- rm -f $TEMPLATE_PROF/cert_override.txt
- cp $OVERRIDE_FILE $TEMPLATE_PROF/cert_override.txt
- chmod a+r $TEMPLATE_PROF/cert_override.txt
- fi
+[ -d $TEMPLATE_PROF ] || mkdir -p $TEMPLATE_PROF
+rm -f $TEMPLATE_PROF/cert_override.txt
+cp $OVERRIDE_FILE $TEMPLATE_PROF/cert_override.txt
+chmod a+r $TEMPLATE_PROF/cert_override.txt
+echo "info: $TEMPLATE_PROF/cert_override.txt generated"
# Check/make access to the profile enabled in profiles.ini.
@@ -138,25 +79,5 @@ if [[ $PROFILE =~ Main-Server ]]; then
fi;
fi
-for ROOT in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
- if [ ! -d "$ROOT$(dirname $OVERRIDE_FILE)" ] ; then
- continue # Only process LTSP chroots with firefox installed
- fi
- # Make sure self signed SSL certificate for internal web site also
- # work on diskless workstations.
- if [ -f $OVERRIDE_FILE ] ; then
- mkdir -p $(dirname $ROOT$OVERRIDE_FILE)
- if cp $OVERRIDE_FILE $ROOT$OVERRIDE_FILE ; then
- chmod a+r $ROOT$OVERRIDE_FILE
- else
-cat 1>&2 <<EOF
-error: Can't copy the new Firefox override settings to LTSP.
-error: Firefox profiles created on a thin client will not accept
-error: the new certificate
-EOF
- fi
- else
- error "Fail to find Firefox certificate override file."
- fi
- ls -l $ROOT$OVERRIDE_FILE |sed "s%^%info: $0: snakeoil-on-ice: %"
-done
+# Cleanup
+rm $OVERRIDE_FILE
diff --git a/share/firefox-esr/browser/defaults/preferences/debian-edu.js b/share/firefox-esr/browser/defaults/preferences/debian-edu.js
deleted file mode 100644
index 65d6e52..0000000
--- a/share/firefox-esr/browser/defaults/preferences/debian-edu.js
+++ /dev/null
@@ -1,47 +0,0 @@
-// Limit the disk cache, and disable it by default, to avoid users
-// filling up their home directory with cache files.
-pref("browser.cache.disk.enable", false);
-pref("browser.cache.offline.enable", false);
-
-pref("browser.cache.disk.capacity", 5120);
-// This need to point to a user specific file, can't use a common file for all users
-//pref("browser.cache.disk.parent_directory", "/var/tmp");
-
-// Only cache to memory instead
-pref("browser.cache.memory.enable", true);
-pref("browser.cache.memory.max_entry_size", -1);
-
-// Printer Settings
-pref("print.postscript.print_size", "A4");
-pref("print.postscript.print_command", "kprinter");
-pref("print.print_command", "kprinter");
-
-// Enable spell checking in both single-line and multi-line fields
-pref("layout.spellcheckDefault", 2);
-
-// Mailto settings
-pref("network.protocol-handler.app.mailto", "icedove");
-
-// Disable malware detection to avoid heavy I/O during login.
-// Should be disabled when BTS #? is fixed.
-// http://www.debianhelp.org/node/14453
-// https://bugs.launchpad.net/firefox/+bug/215728
-// https://bugs.edge.launchpad.net/ubuntu/+source/firefox-3.0/+bug/229745
-pref("browser.safebrowsing.malware.enabled", false);
-pref("browser.safebrowsing.enabled", false);
-
-// Disable location-bar suggestion feature that is sludgy on
-// thin-clients.
-pref("browser.urlbar.maxRichResults", 0);
-
-// Tell Firefox to not look for upgrades. Use apt to upgrade.
-pref("app.update.enabled", false);
-
-// But it is allowed to look for new extentions.
-pref("extensions.update.enabled", true);
-
-// Use LANG environment variable to choose locale.
-pref("intl.locale.matchOS", true);
-
-// Disable default browser checking.
-pref("browser.shell.checkDefaultBrowser", false);
diff --git a/testsuite/ltsp b/testsuite/ltsp
index 6c5c54d..502e739 100755
--- a/testsuite/ltsp
+++ b/testsuite/ltsp
@@ -58,12 +58,11 @@ if echo "$PROFILE" | grep -q Thin-Client-Server ; then
error "Missing $chroot/etc/debian-edu/config"
fi
- for path in /etc/ldap/ssl/ldap-server-pubkey.pem \
- /etc/firefox-esr/profile/cert_override.txt ; do
+ for path in /etc/ldap/ssl/ldap-server-pubkey.pem ; do
if cmp -s $path $chroot$path ; then
success "$path is identical inside and outside LTSP"
else
- error "$path differ inside and outside LTSP"
+ error "$path is different inside and outside LTSP"
fi
done
diff --git a/testsuite/webserver b/testsuite/webserver
index 4bfa489..45bd1f6 100755
--- a/testsuite/webserver
+++ b/testsuite/webserver
@@ -16,15 +16,14 @@ else
fi
skeloverride=/etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt
-if [ -e "$skeloverride" ] && [ -h "$skeloverride" ] ; then
- echo "error: $0: Found symlink in $skeloverride."
-fi
-
-overridefile=/etc/firefox-esr/profile/cert_override.txt
-if [ ! -f "$overridefile" ] ; then
- echo "error: $0: Missing $overridefile."
+if [ ! -f "$skeloverride" ] ; then
+ echo "error: $0: Missing $skeloverride."
else
- echo "success: $0: Found $overridefile."
+ if [ -h "$skeloverride" ] ; then
+ echo "error: $0: Found $skeloverride as symlink."
+ else
+ echo "success: $0: Found $skeloverride."
+ fi
fi
# Only Main-Server profile provide webserver
Attachment:
d-e-c-stable.diff.gz
Description: application/gzip
diff --git a/Makefile b/Makefile
index dfd6387..a083d4f 100644
--- a/Makefile
+++ b/Makefile
@@ -53,7 +53,7 @@ CFFILES = \
cf.exim \
cf.imap \
cf.homes \
- cf.iceweasel \
+ cf.firefox-esr \
cf.inetd \
cf.kdm \
cf.krb5client \
@@ -82,7 +82,7 @@ CFBINFILES = \
SYSCONFFILES = \
asound.conf \
apt/apt.conf.d/90squid \
- apt/apt.conf.d/99-edu-prefer-iceweasel \
+ apt/apt.conf.d/99-edu-prefer-firefox \
bind/named.conf.ldap2zone \
bind/db.intern \
bind/db.10.in-addr.arpa. \
@@ -91,7 +91,7 @@ SYSCONFFILES = \
bind/db.0.168.192.in-addr.arpa. \
bind/db.1.168.192.in-addr.arpa. \
X11/Xsession.d/05debian-edu-truncate-xerrorlog \
- X11/Xsession.d/06debian-edu-iceweasel-ltsp \
+ X11/Xsession.d/06debian-edu-firefox-ltsp \
X11/Xsession.d/09debian-edu-missing-home \
X11/Xsession.d/10debian-edu-one-login-per-host \
desktop-profiles/debian-edu-config.listing \
@@ -112,6 +112,7 @@ SYSCONFFILES = \
exim4/exim-ldap-client-v4.conf \
exim4/exim-ldap-server-v4.conf \
filesystems \
+ firefox-esr/debian-edu.js \
gosa/gosa.conf \
php5/apache2/php-debian-edu.ini \
insserv/overrides/kdm \
@@ -363,7 +364,7 @@ install: install-testsuite
share/debian-edu-config/tools/gosa-sync \
share/debian-edu-config/tools/gosa-sync-dns-nfs \
share/debian-edu-config/tools/gosa-unlock-user \
- share/debian-edu-config/tools/iceweasel-plugin-support \
+ share/debian-edu-config/tools/firefox-plugin-support \
share/debian-edu-config/tools/kerberos-kdc-init \
share/debian-edu-config/tools/ldap2bind-updatezonelist \
share/debian-edu-config/tools/ldap-user-clean-attic.sh \
@@ -392,7 +393,7 @@ install: install-testsuite
share/debian-edu-config/tools/sssd-generate-config \
share/debian-edu-config/tools/squid-update-cachedir \
share/debian-edu-config/tools/subnet-change \
- share/debian-edu-config/tools/update-iceweasel-homepage \
+ share/debian-edu-config/tools/update-firefox-homepage \
share/debian-edu-config/tools/update-proxy-from-wpad \
share/debian-edu-config/tools/workaround-udev-bug-765577 \
share/debian-edu-config/tools/wpad-extract \
@@ -452,9 +453,8 @@ install: install-testsuite
set -e ; for f in \
share/debian-edu-config/rsyslog-collector \
- share/debian-edu-config/iceweacel-networked-prefs.js \
+ share/debian-edu-config/firefox-networked-prefs.js \
share/debian-edu-config/squid3.conf \
- share/iceweasel/defaults/preferences/debian-edu.js \
share/pam-configs/edu-group \
share/pam-configs/edu-umask \
share/perl5/Debian/Edu.pm \
diff --git a/cf/cf.iceweasel b/cf/cf.firefox-esr
similarity index 70%
rename from cf/cf.iceweasel
rename to cf/cf.firefox-esr
index 7eb7084..cd70a4e 100644
--- a/cf/cf.iceweasel
+++ b/cf/cf.firefox-esr
@@ -1,17 +1,9 @@
#
-# Set up Iceweasel to accept the default ssl certificate created through cf.apache2.
+# Set up firefox to accept the default ssl certificate created through cf.apache2.
#
-# Should create cert_override.txt in /etc/iceweasel/profile/ that will be included
-# in new Iceweasel profiles created on local host.
# On main server use /etc/skel/ to create a default profile for new
-# users in case they start Iceweasel the first time on non configured
-# hosts.
-#
+# users in case they start firefox the first time.
directories:
- # Check file system is prepared for the local Iceweasel default profile.
- debian.installation.!standalone::
- /etc/iceweasel/profile mode=755 owner=root group=root
-
# Check file system is prepared for inclusion in new users home directories.
debian.installation.server::
/etc/skel/.mozilla/firefox/debian-edu.default mode=755 owner=root group=root
@@ -37,9 +29,9 @@ shellcommands:
# while school machines get the school start page from LDAP.
# The clients using LDAP also update the pages at boot.
debian.installation.standalone::
- "/usr/share/debian-edu-config/tools/update-iceweasel-homepage http\://www.skolelinux.org/"
+ "/usr/share/debian-edu-config/tools/update-firefox-homepage http\://www.skolelinux.org/"
debian.installation.!standalone::
- "/usr/share/debian-edu-config/tools/update-iceweasel-homepage ldap\:homepage"
+ "/usr/share/debian-edu-config/tools/update-firefox-homepage ldap\:homepage"
files:
# Ensure file file is readable by everyone
diff --git a/cf/cf.krb5client b/cf/cf.krb5client
index 1f2932f..2e886c8 100644
--- a/cf/cf.krb5client
+++ b/cf/cf.krb5client
@@ -8,7 +8,7 @@ links:
shellcommands:
# setup-roaming generate its own krb5.conf, no need to do it here.
- debian.installation.!standalone.!roaming::
+ debian.installation.!standalone.!roaming.!server::
"/usr/share/debian-edu-config/tools/sssd-generate-config -k > /etc/krb5.conf"
debian.installation.!standalone.secondpass::
diff --git a/cf/cf.ldapclient b/cf/cf.ldapclient
index 742f212..fe33d99 100644
--- a/cf/cf.ldapclient
+++ b/cf/cf.ldapclient
@@ -87,10 +87,6 @@ shellcommands:
debian.installation.!standalone::
"/usr/bin/apt-get purge -y libpam-ldapd"
- # Avoid multicast dns on stationary machines
- debian.installation.!standalone.!roaming::
- "/usr/bin/apt-get purge -y libnss-mdns"
-
# Avoid Network Manager GUI client stationary machines. The users
# can not change the config anyway.
debian.installation.!standalone.!roaming::
diff --git a/cf/cf.squid b/cf/cf.squid
index c46b436..24cdcca 100644
--- a/cf/cf.squid
+++ b/cf/cf.squid
@@ -1,8 +1,8 @@
links:
# Enforce proxy on networked installs
debian.!standalone::
- /etc/iceweasel/pref/debian-edu-networked.js ->
- /usr/share/debian-edu-config/iceweacel-networked-prefs.js nofile=force
+ /etc/firefox-esr/debian-edu-networked.js ->
+ /usr/share/debian-edu-config/firefox-networked-prefs.js nofile=force
# Configure squid, copy our setup to /etc/squid3/ (instead of
# including it in the package as a conffile), to ensure package
diff --git a/cf/cfengine.conf b/cf/cfengine.conf
index af679e6..2b7062f 100644
--- a/cf/cfengine.conf
+++ b/cf/cfengine.conf
@@ -101,7 +101,7 @@ import:
cf.dhcpserver
cf.exim
cf.fstab
- cf.iceweasel
+ cf.firefox-esr
cf.imap
cf.inetd
cf.kdm
diff --git a/debian/changelog b/debian/changelog
index e9751ef..b71a967 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,54 @@
+debian-edu-config (1.818+deb8u2) UNRELEASED; urgency=medium
+
+ [ Wolfgang Schweer ]
+ * Take 2b2a657f from sid on cf/cf.ldapclient: don't purge libnss-mdns
+ cause cups now needs mdns for automatic printer detection.
+ (Closes: #825919).
+ * dhclient-exit-hooks.d/hostname: adjust for the case of a dedicated
+ LTSP server. (Closes: #783087).
+ * Adjust ldap-tools/ldap-debian-edu-install to be compliant with systemd
+ now that unit samba.service is masked (see #769714). (Closes: #826201).
+ * Move from Iceweasel to Firefox ESR: (Closes: #827448)
+ - rename several files containing iceweasel and also the directory
+ share/iceweasel.
+ - replace iceweasel with firefox-esr in various files.
+ - use '/etc/firefox-esr' as place for firefox preference files.
+ - update Makefile.
+ - Add code to cleanup iceweasel and firefox-esr related conffiles in
+ postinst and preinst scripts.
+ - Adjust testsuite/ltsp and testsuite/webserver as
+ /etc/firefox-esr/cert_override.txt is no longer useful.
+ - Adjust sbin/snakeoil-on-ice as only the /etc/skel location on the main
+ server seems to be useful for the certificate override file.
+ - Move debian-edu.js -> etc/firefox-esr/debian-edu.js as this is the
+ location for syspref now.
+
+ [ Mike Gabriel ]
+ * Iceweasel -> Firefox transition: system-wide, non-configurable browser
+ defaults now go into /usr/share/firefox-esr/browser/defaults/, not
+ /usr/share/firefox/defaults/.
+ * Rename cf.firefox to cf.firefox-esr and make sure it operated on
+ /etc/firefox-esr.
+ * firefox-networked-prefs.js: Fix configuration folder in comment.
+ * sbin/snake-on-ice: Rename /etc/firefox to /etc/firefox-esr. Only
+ declare OVERRIDE_FILE once and then use it accordingly (instead
+ of hard-coding /etc/firefox(-esr) several times. Use more quotes.
+ * debian/dirs: We ship /etc/firefox-esr, not /etc/firefox.
+ * kickoffrc: Use firefox-esr.desktop, rather than firefox.desktop.
+ * testsuite/ltsp: Check presence of cert_override.txt in /etc/firefox-esr/,
+ rather than /etc/firefox/.
+ * testsuite/webserver: Dito (check presence of cert_override.txt in /etc/firefox-esr/,
+ rather than /etc/firefox/).
+
+ [ Holger Levsen ]
+ * Move code to cleanup /usr/share/pam-configs/krb5 diversion from postinst
+ to preinst to ease upgrades from old wheezy installations.
+ (Closes: #779641)
+ * Adjust cf.krb5client to ensure that cfengine runs are idempotent.
+ (Closes: #779642) - Patch taken from master branch from Wolfgang.
+
+ -- Holger Levsen <holger@debian.org> Tue, 31 May 2016 11:23:33 +0200
+
debian-edu-config (1.818+deb8u1) jessie; urgency=low
[ Petter Reinholdtsen ]
diff --git a/debian/debian-edu-config.iceweasel-ldapconf b/debian/debian-edu-config.firefox-ldapconf
similarity index 80%
rename from debian/debian-edu-config.iceweasel-ldapconf
rename to debian/debian-edu-config.firefox-ldapconf
index e60fba2..49bcf88 100755
--- a/debian/debian-edu-config.iceweasel-ldapconf
+++ b/debian/debian-edu-config.firefox-ldapconf
@@ -1,14 +1,14 @@
#!/bin/sh
### BEGIN INIT INFO
-# Provides: iceweasel-ldapconf
+# Provides: firefox-ldapconf
# Required-Start: $remote_fs
# Required-Stop: $remote_fs
# Should-Start: $network $syslog $named slapd fetch-ldap-cert
# Default-Start: 2 3 4 5
# Default-Stop:
-# Short-Description: Update iceweasel configuration from LDAP
+# Short-Description: Update firefox configuration from LDAP
# Description:
-# Update default iceweasel default setup (currently only start page)
+# Update default firefox default setup (currently only start page)
# from LDAP. Check LDAP every boot to see if the default start page
# should be changed or not.
### END INIT INFO
@@ -32,12 +32,12 @@ do_start() {
# Only networked profiles use LDAP
if echo "$PROFILE" | egrep -q 'Main-Server|Workstation|Roaming-Workstation|Thin-Client-Server|Minimal' ; then
- /usr/share/debian-edu-config/tools/update-iceweasel-homepage ldap:homepage
+ /usr/share/debian-edu-config/tools/update-firefox-homepage ldap:homepage
fi
if echo "$PROFILE" | grep -q Thin-Client-Server && [ -d /opt/ltsp ] ; then
for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
- chroot $ltsp_chroot /usr/share/debian-edu-config/tools/update-iceweasel-homepage ldap:homepage
+ chroot $ltsp_chroot /usr/share/debian-edu-config/tools/update-firefox-homepage ldap:homepage
done
fi
}
diff --git a/debian/debian-edu-config.postinst b/debian/debian-edu-config.postinst
index a0b192f..5e39d0a 100644
--- a/debian/debian-edu-config.postinst
+++ b/debian/debian-edu-config.postinst
@@ -136,15 +136,6 @@ if [ "$RET" = "false" ] ; then
fi
fi
-# Remove now obsolete diverted config file as bug #656309 is fixed
-if [ configure = "$1" ] && \
- dpkg --compare-versions "$2" le "1.726" && \
- [ -h /usr/share/pam-configs/edu-krb5 ]; then
- dpkg-divert --package debian-edu-config --remove /usr/share/pam-configs/krb5
- rm /usr/share/pam-configs/edu-krb5
- pam-auth-update --package --remove edu-krb5
-fi
-
pam-auth-update --package
# Some init-scripts fail if to many fd is open ??
@@ -236,6 +227,39 @@ configure)
rm_conffile debian-edu-config /etc/powerdns/pdns.d/pdns-debian-edu.conf
fi
+ if dpkg --compare-versions "$2" le "1.818+deb8u1" && [ -L /usr/bin/firefox-esr ] ; then
+ rm_conffile debian-edu-config /etc/X11/Xsession.d/06debian-edu-iceweasel-ltsp
+ rm_conffile debian-edu-config /etc/apt/apt.conf.d/99-edu-prefer-iceweasel
+ rm_conffile debian-edu-config /etc/init.d/iceweasel-ldapconf
+ rm_conffile debian-edu-config /etc/cfengine/debian-edu/cf.iceweasel
+ if [ -L /etc/iceweasel/pref/debian-edu-networked.js ] ; then
+ rm /etc/iceweasel/pref/debian-edu-networked.js
+ fi
+ rm_conffile debian-edu-config /usr/share/debian-edu-config/iceweacel-networked-prefs.js
+ if [ -e /etc/iceweasel/pref/debian-edu-homepage-ldap.js ] ; then
+ rm /etc/iceweasel/pref/debian-edu-homepage-ldap.js
+ fi
+ if [ -e /etc/iceweasel/profile/cert_override.txt ] ; then
+ rm /etc/iceweasel/profile/cert_override.txt
+ fi
+ # for networked profiles only.
+ if grep -q Standalone /etc/debian-edu/config; then
+ :
+ else
+ if ! [ -e /etc/firefox-esr/debian-edu-networked.js ] ; then
+ ln -s /usr/share/debian-edu-config/firefox-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
+ if ! [ -e /etc/ltsp_chroot ] ; then
+ /usr/share/debian-edu-config/tools/update-firefox-homepage ldap:homepage
+ if grep -q Thin-Client-Server /etc/debian-edu/config && [ -d /opt/ltsp ] ; then
+ for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
+ chroot $ltsp_chroot /usr/share/debian-edu-config/tools/update-firefox-homepage ldap:homepage
+ done
+ fi
+ fi
+ fi
+ fi
+ fi
+
# sssd refuses to read the file if it has any other mode
chmod 600 /etc/sssd/sssd-debian-edu.conf
chown root:root /etc/sssd/sssd-debian-edu.conf
diff --git a/debian/debian-edu-config.preinst b/debian/debian-edu-config.preinst
index d78ed68..9b22beb 100644
--- a/debian/debian-edu-config.preinst
+++ b/debian/debian-edu-config.preinst
@@ -49,6 +49,19 @@ upgrade)
rm_conffile debian-edu-config /etc/init.d/open-backdoor
fi
+ # Remove now obsolete diverted config file as bug #656309 is fixed
+ # this is needed in preinst, see #779641
+ if dpkg --compare-versions "$2" le "1.726" && \
+ [ -h /usr/share/pam-configs/edu-krb5 ]; then
+ dpkg-divert --package debian-edu-config --remove /usr/share/pam-configs/krb5
+ rm /usr/share/pam-configs/edu-krb5
+ pam-auth-update --package --remove edu-krb5
+ fi
+
+ # Just in case linking has already been done manually to now obsolete file.
+ if dpkg --compare-versions "$2" le "1.818+deb8u1" && [ -L /etc/firefox-esr/debian-edu-networked.js ] ; then
+ rm /etc/firefox-esr/debian-edu-networked.js
+ fi
;;
esac
diff --git a/debian/dirs b/debian/dirs
index a29294c..51ed88e 100644
--- a/debian/dirs
+++ b/debian/dirs
@@ -8,7 +8,7 @@ etc/cron.d
etc/cups
etc/debian-edu
etc/default
-etc/iceweasel/profile
+etc/firefox-esr
etc/init.d
etc/ldap/schema
etc/ldap/ssl
diff --git a/debian/rules b/debian/rules
index ed60b20..4341a08 100755
--- a/debian/rules
+++ b/debian/rules
@@ -12,7 +12,7 @@ override_dh_installinit:
# Start it after 15bind9 and 19slapd
dh_installinit --init-script fetch-ldap-cert -r --no-start -u"start 95 2 3 4 5 ."
# Start it after 15bind9, 19slapd and 95fetch-ldap-cert, and add some to be sure
- dh_installinit --init-script iceweasel-ldapconf -r --no-start -u"start 96 2 3 4 5 ."
+ dh_installinit --init-script firefox-ldapconf -r --no-start -u"start 96 2 3 4 5 ."
dh_installinit --init-script enable-nat --no-start
override_dh_gconf:
diff --git a/etc/X11/Xsession.d/06debian-edu-iceweasel-ltsp b/etc/X11/Xsession.d/06debian-edu-firefox-ltsp
similarity index 100%
rename from etc/X11/Xsession.d/06debian-edu-iceweasel-ltsp
rename to etc/X11/Xsession.d/06debian-edu-firefox-ltsp
diff --git a/etc/apt/apt.conf.d/99-edu-prefer-firefox b/etc/apt/apt.conf.d/99-edu-prefer-firefox
new file mode 100644
index 0000000..7fe37fa
--- /dev/null
+++ b/etc/apt/apt.conf.d/99-edu-prefer-firefox
@@ -0,0 +1,7 @@
+// We prefer firefox over other alternatives
+DPkg
+{
+Post-Invoke {
+"x=/usr/bin/firefox-esr;[ -x $x ] && update-alternatives --set x-www-browser $x||true";
+};
+};
diff --git a/etc/apt/apt.conf.d/99-edu-prefer-iceweasel b/etc/apt/apt.conf.d/99-edu-prefer-iceweasel
deleted file mode 100644
index 7ec903e..0000000
--- a/etc/apt/apt.conf.d/99-edu-prefer-iceweasel
+++ /dev/null
@@ -1,7 +0,0 @@
-// We prefer iceweasel over other alternatives
-DPkg
-{
-Post-Invoke {
-"x=/usr/bin/iceweasel;[ -x $x ] && update-alternatives --set x-www-browser $x||true";
-};
-};
diff --git a/etc/dhcp/dhclient-exit-hooks.d/hostname b/etc/dhcp/dhclient-exit-hooks.d/hostname
index f379e10..27193f8 100755
--- a/etc/dhcp/dhclient-exit-hooks.d/hostname
+++ b/etc/dhcp/dhclient-exit-hooks.d/hostname
@@ -17,15 +17,14 @@ export PATH
# if moved between networks.
if [ -r /etc/debian-edu/config ] ; then
. /etc/debian-edu/config
- case "$PROFILE" in
- Workstation|Thin-Client-Server|Minimal)
- ;;
- *)
- exit 0
- ;;
- esac
-else
+fi
+
+if echo "$PROFILE" | egrep -q 'Main-Server|Roaming-Workstation|Standalone' ; then
exit 0
+ else
+ if echo "$PROFILE" | egrep -q 'Workstation|Thin-Client-Server|Minimal' ; then
+ :
+ fi
fi
log() {
diff --git a/share/iceweasel/defaults/preferences/debian-edu.js b/etc/firefox-esr/debian-edu.js
similarity index 96%
rename from share/iceweasel/defaults/preferences/debian-edu.js
rename to etc/firefox-esr/debian-edu.js
index 82b8655..65d6e52 100644
--- a/share/iceweasel/defaults/preferences/debian-edu.js
+++ b/etc/firefox-esr/debian-edu.js
@@ -34,7 +34,7 @@ pref("browser.safebrowsing.enabled", false);
// thin-clients.
pref("browser.urlbar.maxRichResults", 0);
-// Tell Iceweasel to not look for upgrades. Use apt to upgrade.
+// Tell Firefox to not look for upgrades. Use apt to upgrade.
pref("app.update.enabled", false);
// But it is allowed to look for new extentions.
diff --git a/ldap-tools/ldap-debian-edu-install b/ldap-tools/ldap-debian-edu-install
index 5a9d771..fc63ac7 100755
--- a/ldap-tools/ldap-debian-edu-install
+++ b/ldap-tools/ldap-debian-edu-install
@@ -27,14 +27,16 @@ set -e
# there with the placeholder string ,,$SAMBAPWD''
# o Then run these commands from a terminal
#
-# $ /etc/init.d/samba stop
-# $ /etc/init.d/slapd stop
+# $ systemctl stop nmbd.service
+# $ systemctl stop smbd.service
+# $ systemctl stop slapd.service
# $ rm /var/lib/ldap/*
# $ rm -r /var/lib/samba/*
# $ mkdir /var/lib/samba/private
# $ chmod 755 /var/lib/samba/private
-# $ /etc/init.d/slapd start
-# $ /etc/init.d/samba start
+# $ systemctl start slapd.service
+# $ systemctl start smbd.service
+# $ systemctl start nmbd.service
# $ rm /etc/krb5kdc/stash
# $ rm /etc/krb5.keyt*
#
diff --git a/sbin/snakeoil-on-ice b/sbin/snakeoil-on-ice
old mode 100644
new mode 100755
index 6ed08d7..bc8529a
--- a/sbin/snakeoil-on-ice
+++ b/sbin/snakeoil-on-ice
@@ -1,7 +1,7 @@
#!/bin/bash
#
-# Set up Iceweasel to accept the default ssl certificate created by debian-edu-config
-# for new users and new Iceweasel profiles.
+# Set up Firefox to accept the default ssl certificate created by debian-edu-config
+# for new users.
#
# Author: Oded Naveh
# Date: 03-06-2009
@@ -17,93 +17,35 @@ set -e
echo "info: Running $0"
-SERVERS='www:443 www:631 backup:443'
-
-## FIXME: Why is resolv.conf empty or missing? Because network
-## was started in the chroot (target)?
-## Try to find the DNS from the leases file, if that fails use
-## default DNS:
-if [ ! -s /etc/resolv.conf ] ; then
- DNS="10.0.2.2"
- LEASEDIR=/var/lib/dhcp/
- if [ -d $LEASEDIR ] ; then
- LEASEFILE=$LEASEDIR`ls -tr -1 $LEASEDIR | tail -n 1`
- if [ -r $LEASEFILE ] ; then
- if DNSLEASE=`cat $LEASEFILE | grep domain-name-servers | \
- tail -n 1 | \
- grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+"` ; then
- DNS=$DNSLEASE
- echo "info: Found leases file and domain-name-server: $DNS."
- else
- echo "info: Could not extract DNS from leases file."
- fi
- fi
- fi
- echo "info: Create temporary /etc/resolv.conf with DNS: $DNS."
- cat >> /etc/resolv.conf <<EOF
-## This is a temporary resolv.conf created by $0.
-## If you find it after installation, something went wrong. Try to replace it
-## by a symlink: /etc/resolv.conf -> /etc/resolvconf/run/resolv.conf, i.e.:
-## rm /etc/resolv.conf; ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
-nameserver $DNS
-search intern
-EOF
-fi
# On main server read local certificate
-# otherwise fetch the certificate over ssl.
if [[ $PROFILE =~ Main-Server ]]; then
- CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem;
-elif (ping -c 1 www > /dev/null); then
- CERT=$(tempfile -p fetch -s cert)
- echo | openssl s_client -connect www:443 2>/dev/null | \
- sed -n '/-----BEGIN CERTIFICATE-----/,/-----END CERTIFICATE-----/p' > $CERT;
+ :
else
- echo 'error: can not find SSL certificate for http://www'
- exit 1;
+ echo 'Not running on main server; exiting'
+ exit 1;
fi
+CERT=/etc/ssl/certs/ssl-cert-snakeoil.pem;
+SERVERS='www:443 www:631 backup:443'
-# Write the override entries in the default profile.
-# These will be copied to new Iceweasel profiles.
+# The override entries will go into cert_override.txt in the skel directory.
+# This override file will be copied to the firefox profile for new users.
+# If users create another profile they'll have to do it themselves.
-OVERRIDE_FILE=/etc/iceweasel/profile/cert_override.txt
+OVERRIDE_FILE=/tmp/cert_override.txt
SED_SERVERS=$(echo $SERVERS | sed 's/ /\\|/g')
FINGERPRINT=$(openssl x509 -in $CERT -noout -sha256 -fingerprint | sed 's/SHA256 Fingerprint=//')
OVERRIDE_STRING="OID.2.16.840.1.101.3.4.2.1 $FINGERPRINT MU AAAAAAAAAAAAAAAJAAAAGgDgwHd5q3rzhTAYMRYwFAYDVQQDEw10amVuZXIuaW50 ZXJu" # Bogus database key (A.*Ju)
-if [ -f $OVERRIDE_FILE ]; then
- sed "/$SED_SERVERS/ s/..\(:..\)\{31\}/$FINGERPRINT/" $OVERRIDE_FILE > $OVERRIDE_FILE.temp;
- if cmp $OVERRIDE_FILE $OVERRIDE_FILE.temp ; then
- cat <<-EOF 1>&2
- info: File $OVERRIDE_FILE
- info: already up to date. No need to do anything, exiting.
- EOF
- rm $OVERRIDE_FILE.temp
- exit 0
- else
- cp --backup=numbered $OVERRIDE_FILE /var/backups/cert_override
- echo -e "warning: Found old $OVERRIDE_FILE," \
- "\n\tcreated versioned backup in /var/backups/cert_override.x."
- fi
-else
- [ -d /etc/iceweasel/profile ] || mkdir -p /etc/iceweasel/profile
- echo -e '# PSM Certificate Override Settings file\n# This is a generated file! Do not edit.\n' > $OVERRIDE_FILE.temp;
-fi
+echo -e '# PSM Certificate Override Settings file\n# This is a generated file! Do not edit.\n' > $OVERRIDE_FILE;
for server in $SERVERS ; do
- if ! (grep -q $server $OVERRIDE_FILE.temp); then
- echo "$server $OVERRIDE_STRING" >> $OVERRIDE_FILE.temp;
- fi;
+ echo "$server $OVERRIDE_STRING" >> $OVERRIDE_FILE;
done
-chmod a+r $OVERRIDE_FILE.temp
-mv $OVERRIDE_FILE.temp $OVERRIDE_FILE
-
-
-# On main server also check /etc/skel/ for default profile.
-# This will be copied to new users home directories.
+chmod a+r $OVERRIDE_FILE
if [[ $PROFILE =~ Main-Server ]]; then
TEMPLATE_DIR=/etc/skel/.mozilla/firefox
@@ -111,12 +53,11 @@ if [[ $PROFILE =~ Main-Server ]]; then
# Check/copy the override file.
- if ! cmp $TEMPLATE_PROF/cert_override.txt $OVERRIDE_FILE ; then
- [ -d $TEMPLATE_PROF ] || mkdir -p $TEMPLATE_PROF
- rm -f $TEMPLATE_PROF/cert_override.txt
- cp $OVERRIDE_FILE $TEMPLATE_PROF/cert_override.txt
- chmod a+r $TEMPLATE_PROF/cert_override.txt
- fi
+[ -d $TEMPLATE_PROF ] || mkdir -p $TEMPLATE_PROF
+rm -f $TEMPLATE_PROF/cert_override.txt
+cp $OVERRIDE_FILE $TEMPLATE_PROF/cert_override.txt
+chmod a+r $TEMPLATE_PROF/cert_override.txt
+echo "info: $TEMPLATE_PROF/cert_override.txt generated"
# Check/make access to the profile enabled in profiles.ini.
@@ -138,26 +79,5 @@ if [[ $PROFILE =~ Main-Server ]]; then
fi;
fi
-for ROOT in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
- if [ ! -d $ROOT/etc/iceweasel/profile ] ; then
- continue # Only process LTSP chroots with iceweasel installed
- fi
- # Make sure self signed SSL certificate for internal web site also
- # work on diskless workstations.
- OVERRIDE_FILE=/etc/iceweasel/profile/cert_override.txt
- if [ -f $OVERRIDE_FILE ] ; then
- mkdir -p $(dirname $ROOT$OVERRIDE_FILE)
- if cp $OVERRIDE_FILE $ROOT$OVERRIDE_FILE ; then
- chmod a+r $ROOT$OVERRIDE_FILE
- else
-cat 1>&2 <<EOF
-error: Can't copy the new Iceweasel override settings to LTSP.
-error: Iceweasel profiles created on a thin client will not accept
-error: the new certificate
-EOF
- fi
- else
- error "Fail to find Iceweasel certificate override file."
- fi
- ls -l $ROOT$OVERRIDE_FILE |sed "s%^%info: $0: snakeoil-on-ice: %"
-done
+# Cleanup
+rm $OVERRIDE_FILE
diff --git a/share/debian-edu-config/iceweacel-networked-prefs.js b/share/debian-edu-config/firefox-networked-prefs.js
similarity index 55%
rename from share/debian-edu-config/iceweacel-networked-prefs.js
rename to share/debian-edu-config/firefox-networked-prefs.js
index 9f169a8..ac44e80 100644
--- a/share/debian-edu-config/iceweacel-networked-prefs.js
+++ b/share/debian-edu-config/firefox-networked-prefs.js
@@ -1,9 +1,9 @@
// Force proxy usage. Only for networked clients. Enabled using cfengine
-// by symlinking this file to /etc/iceweasel/pref/debian-edu-networked.js
+// by symlinking this file to /etc/firefox-esr/debian-edu-networked.js
-// Enable automatic proxy setting Configure Proxy settings in iceweasel,
+// Enable automatic proxy setting Configure Proxy settings in firefox,
// using "Web Access Protocol Discovery" (WAPD). See
// /etc/debian-edu/www/wpad.dat for the WAPD files. The location of
-// The WPAD file is handed out using DHCP and Iceweasel should look for
+// The WPAD file is handed out using DHCP and firefox should look for
// http://wpad/wpad.dat automatically.
lockPref("network.proxy.type", 4);
diff --git a/share/debian-edu-config/tools/iceweasel-plugin-support b/share/debian-edu-config/tools/firefox-plugin-support
similarity index 92%
rename from share/debian-edu-config/tools/iceweasel-plugin-support
rename to share/debian-edu-config/tools/firefox-plugin-support
index adbe42c..7b93962 100644
--- a/share/debian-edu-config/tools/iceweasel-plugin-support
+++ b/share/debian-edu-config/tools/firefox-plugin-support
@@ -1,7 +1,7 @@
#!/bin/sh
#
# List the supported MIME types of the available
-# mozilla/firefox/iceweasel plugins.
+# mozilla/firefox plugins.
#
# See also http://wiki.debian.org/DebianEdu/BrowserMultimedia
diff --git a/share/debian-edu-config/tools/update-iceweasel-homepage b/share/debian-edu-config/tools/update-firefox-homepage
similarity index 79%
rename from share/debian-edu-config/tools/update-iceweasel-homepage
rename to share/debian-edu-config/tools/update-firefox-homepage
index dbef5d6..5f3bfc6 100755
--- a/share/debian-edu-config/tools/update-iceweasel-homepage
+++ b/share/debian-edu-config/tools/update-firefox-homepage
@@ -1,11 +1,11 @@
#!/bin/sh
#
-# Set default Iceweasel/firefox start page based on URL fetched from
+# Set default Firefox start page based on URL fetched from
# command line or LDAP.
set -e
-etcfile=/etc/iceweasel/pref/debian-edu-homepage-ldap.js
+etcfile=/etc/firefox-esr/debian-edu-homepage-ldap.js
if [ ldap:homepage = "$1" ] ; then
# Allow lookup script to be replaced using /etc/debian-edu/config
@@ -33,6 +33,6 @@ EOF
rm $etcfile.new
else
mv $etcfile.new $etcfile
- logger -t update-iceweasel-homepage "Updated Iceweasel default start page to $url."
+ logger -t update-firefox-homepage "Updated Firefox default start page to $url."
fi
fi
diff --git a/share/debian-edu/common/share/apps/kicker/default-apps b/share/debian-edu/common/share/apps/kicker/default-apps
index 321fdf5..78c9bbd 100644
--- a/share/debian-edu/common/share/apps/kicker/default-apps
+++ b/share/debian-edu/common/share/apps/kicker/default-apps
@@ -1,3 +1,3 @@
Home.desktop
-iceweasel.desktop
+firefox.desktop
ooo-writer.desktop
diff --git a/share/debian-edu/common/share/config/kickoffrc b/share/debian-edu/common/share/config/kickoffrc
index b0129ba..6b295f3 100644
--- a/share/debian-edu/common/share/config/kickoffrc
+++ b/share/debian-edu/common/share/config/kickoffrc
@@ -1,2 +1,2 @@
[Favorites]
-FavoriteURLs=/usr/share/applications/iceweasel.desktop,/usr/lib/libreoffice/share/xdg/writer.desktop,/usr/share/applications/gcompris.desktop,/usr/share/applications/kde4/dolphin.desktop,/usr/share/applications/kde4/systemsettings.desktop
+FavoriteURLs=/usr/share/applications/firefox-esr.desktop,/usr/lib/libreoffice/share/xdg/writer.desktop,/usr/share/applications/gcompris.desktop,/usr/share/applications/kde4/dolphin.desktop,/usr/share/applications/kde4/systemsettings.desktop
diff --git a/share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs b/share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs
index 6b7c31f..dc220b1 100644
--- a/share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs
+++ b/share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs
@@ -286,7 +286,7 @@ setup_diskless_workstation() {
stop-readahead stop-readahead-fedora \
exim4 openvpn \
resize_lvm hdparm rsync hddtemp fam resolvconf fetch-ldap-cert \
- iceweasel-ldapconf
+ firefox-ldapconf
# check which network the install is on, and start either as
# diskless workstation or thin client. Make sure to insert these
diff --git a/testsuite/ltsp b/testsuite/ltsp
index fe19f76..502e739 100755
--- a/testsuite/ltsp
+++ b/testsuite/ltsp
@@ -58,12 +58,11 @@ if echo "$PROFILE" | grep -q Thin-Client-Server ; then
error "Missing $chroot/etc/debian-edu/config"
fi
- for path in /etc/ldap/ssl/ldap-server-pubkey.pem \
- /etc/iceweasel/profile/cert_override.txt ; do
+ for path in /etc/ldap/ssl/ldap-server-pubkey.pem ; do
if cmp -s $path $chroot$path ; then
success "$path is identical inside and outside LTSP"
else
- error "$path differ inside and outside LTSP"
+ error "$path is different inside and outside LTSP"
fi
done
diff --git a/testsuite/webserver b/testsuite/webserver
index a772376..45bd1f6 100755
--- a/testsuite/webserver
+++ b/testsuite/webserver
@@ -16,15 +16,14 @@ else
fi
skeloverride=/etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt
-if [ -e "$skeloverride" ] && [ -h "$skeloverride" ] ; then
- echo "error: $0: Found symlink in $skeloverride."
-fi
-
-overridefile=/etc/iceweasel/profile/cert_override.txt
-if [ ! -f "$overridefile" ] ; then
- echo "error: $0: Missing $overridefile."
+if [ ! -f "$skeloverride" ] ; then
+ echo "error: $0: Missing $skeloverride."
else
- echo "success: $0: Found $overridefile."
+ if [ -h "$skeloverride" ] ; then
+ echo "error: $0: Found $skeloverride as symlink."
+ else
+ echo "success: $0: Found $skeloverride."
+ fi
fi
# Only Main-Server profile provide webserver
Attachment:
signature.asc
Description: Digital signature