Bug#988372: unblock: debian-edu-config/2.11.55

To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: Bug#988372: unblock: debian-edu-config/2.11.55
From: Holger Levsen <holger@debian.org>
Date: Tue, 11 May 2021 15:22:02 +0200
Message-id: <[🔎] 20210511132202.GA27364@layer-acht.org>
Reply-to: Holger Levsen <holger@debian.org>, 988372@bugs.debian.org

Package: release.debian.org
Severity: normal
User: release.debian.org@packages.debian.org
Usertags: unblock

Please unblock package debian-edu-config 2.11.54. It fixes 3 important bugs
for Debian Edu and has no impact outside of Debian Edu, yet it's a key package
and thus needs an unblock. It's been in unstable for 12 days and has been
tested successfully. The diff is small and rather straughtforward too:

$ debdiff debian-edu-config_2.11.54.dsc debian-edu-config_2.11.55.dsc | diffstat
 debian/changelog                                |   17 ++++++++++++
 sbin/debian-edu-ltsp-install                    |   33 ++++++++++++++++++++----
 share/debian-edu-config/tools/kerberos-kdc-init |    8 ++++-
 share/debian-edu-config/tools/run-at-firstboot  |   16 +++++++++++
 4 files changed, 67 insertions(+), 7 deletions(-)

The full debdiff is attached and d/changelog has these entries:

debian-edu-config (2.11.55) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Create first user's Samba account at first boot of a main server when all
    required information is available via LDAP and debconf.  Closes: #987632.
    - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
      required password from debconf and let tools/run-at-firstboot create the
      Samba account.
  * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
    - Fix LTSP Initrd specific path component construction in case a 32-bit
      combined server is installed.
    - Provide a full name for diskless workstation to show up in the iPXE menu.
    - Use BD ISO image as mirror to enable complete offline installations of a
      combined server.

 -- Holger Levsen <holger@debian.org>  Thu, 29 Apr 2021 15:27:17 +0200


unblock debian-edu-config/2.11.55

Thanks for your work on releasing bullseye!


-- 
cheers,
	Holger

 ⢀⣴⠾⠻⢶⣦⠀
 ⣾⠁⢠⠒⠀⣿⡁  holger@(debian|reproducible-builds|layer-acht).org
 ⢿⡄⠘⠷⠚⠋⠀  OpenPGP: B8BF54137B09D35CF026FE9D 091AB856069AAA1C
 ⠈⠳⣄

If nothing saves us from death, may love at least save us from life.

diff -Nru debian-edu-config-2.11.54/debian/changelog debian-edu-config-2.11.55/debian/changelog
--- debian-edu-config-2.11.54/debian/changelog	2021-04-07 01:03:15.000000000 +0200
+++ debian-edu-config-2.11.55/debian/changelog	2021-04-29 15:27:17.000000000 +0200
@@ -1,3 +1,20 @@
+debian-edu-config (2.11.55) unstable; urgency=medium
+
+  [ Wolfgang Schweer ]
+  * Create first user's Samba account at first boot of a main server when all
+    required information is available via LDAP and debconf.  Closes: #987632.
+    - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
+      required password from debconf and let tools/run-at-firstboot create the
+      Samba account.
+  * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
+    - Fix LTSP Initrd specific path component construction in case a 32-bit
+      combined server is installed.
+    - Provide a full name for diskless workstation to show up in the iPXE menu.
+    - Use BD ISO image as mirror to enable complete offline installations of a
+      combined server.
+
+ -- Holger Levsen <holger@debian.org>  Thu, 29 Apr 2021 15:27:17 +0200
+
 debian-edu-config (2.11.54) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff -Nru debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install
--- debian-edu-config-2.11.54/sbin/debian-edu-ltsp-install	2021-02-07 11:27:28.000000000 +0100
+++ debian-edu-config-2.11.55/sbin/debian-edu-ltsp-install	2021-04-26 23:38:21.000000000 +0200
@@ -17,7 +17,7 @@
 # Author/Copyright:	Wolfgang Schweer <wschweer@arcor.de>
 # Licence:		GPL2+
 # first edited:	2019-11-21
-# last edited:	2021-02-04
+# last edited:	2021-04-26
 
 set -e
 
@@ -137,6 +137,8 @@
 
 # Provide a full menu name for x86_64.img
 IPXE_X86_64_IMG="Diskless Workstation (64-Bit)"
+# Provide a full menu name for x86_32.img
+IPXE_X86_32_IMG="Diskless Workstation (32-Bit)"
 
 ##### Set default boot value ######
 # Default value is x86_64 or x86_32 (arch specific, Diskless Workstation)
@@ -339,18 +341,33 @@
 show=false
 EOF
 
+# Specific settings needed if BD ISO image is used for installation.
+if grep -q BD /etc/apt/sources.list ; then
+	BD_ISO="true";
+	device="$(grep media/cdrom /etc/fstab | cut -d' ' -f1)"
+	mirror="file:///media/cdrom/"
+else
+	mirror="http://deb.debian.org/debian";
+fi
+
 # Create thin client chroot and generate image.
 export DEBIAN_FRONTEND=noninteractive
 if ! [ "" == "$thin_type" ] && [ ! -d /srv/ltsp/thin/"$thin_type"-"$arch"/etc/ltsp ] ; then
 	mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"
 	# Install common thin client packages.
-debootstrap --arch="$arch" --variant=minbase --include=linux-image-"$kernel_arch" \
-	"$dist" /srv/ltsp/thin/"$thin_type"-"$arch" http://deb.debian.org/debian
+debootstrap --arch="$arch" --no-check-gpg --variant=minbase --include=linux-image-"$kernel_arch" \
+	"$dist" /srv/ltsp/thin/"$thin_type"-"$arch" "$mirror"
 	chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt clean
 	mount /dev/pts -t devpts /srv/ltsp/thin/"$thin_type"-"$arch"/dev/pts
 	mount proc -t proc /srv/ltsp/thin/"$thin_type"-"$arch"/proc
 	mount tmpfs -t tmpfs /srv/ltsp/thin/"$thin_type"-"$arch"/tmp
 	mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/tmp/user/0
+	if [ "true" == "$BD_ISO" ] ; then
+		mkdir -p /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
+		mount $device /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
+		cp /var/cache/apt/*.bin /srv/ltsp/thin/"$thin_type"-"$arch"/var/cache/apt/
+		echo "deb [trusted=yes] $mirror $dist main" > /srv/ltsp/thin/"$thin_type"-"$arch"/etc/apt/sources.list
+	fi
 	chroot /srv/ltsp/thin/"$thin_type"-"$arch"/ apt -y -qq install education-thin-client p910nd
 	# Install case specific additional packages.
 	if [ "display" == "$thin_type" ] ; then
@@ -361,6 +378,9 @@
 		x2gothinclient-cdmanager x2gothinclient-usbmount \
 		firefox-esr-l10n-"$LANGCODE"
 	fi
+	if [ "true" == "$BD_ISO" ] ; then
+		umount /srv/ltsp/thin/"$thin_type"-"$arch"/media/cdrom
+	fi
 	umount /srv/ltsp/thin/"$thin_type"-"$arch"/dev/pts
 	umount /srv/ltsp/thin/"$thin_type"-"$arch"/proc
 	umount /srv/ltsp/thin/"$thin_type"-"$arch"/tmp
@@ -472,8 +492,11 @@
 	# next modification avoids ltsp command error if lot of images are available.
 	ALL_IMAGES=1 ltsp kernel
 	ltsp initrd
-	mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/"$(uname -m)"/ltsp.img
-
+	if uname -r | grep -q 686 ; then
+		mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/x86_32/ltsp.img
+	else
+		mv /srv/tftp/ltsp/ltsp.img /srv/tftp/ltsp/"$(uname -m)"/ltsp.img
+	fi
 	# Clean up ltsp.conf from specific items.
 	sed -i '/PRE_INIT_MAIN/d' /etc/ltsp/ltsp.conf
 	sed -i '/MASK_SYSTEM/d' /etc/ltsp/ltsp.conf
diff -Nru debian-edu-config-2.11.54/share/debian-edu-config/tools/kerberos-kdc-init debian-edu-config-2.11.55/share/debian-edu-config/tools/kerberos-kdc-init
--- debian-edu-config-2.11.54/share/debian-edu-config/tools/kerberos-kdc-init	2021-01-25 17:46:26.000000000 +0100
+++ debian-edu-config-2.11.55/share/debian-edu-config/tools/kerberos-kdc-init	2021-04-26 23:38:21.000000000 +0200
@@ -260,8 +260,12 @@
 firstuser_samba() {
     echo "Adding Samba account for '$FIRSTUSERNAME'"
     (echo $FIRSTUSERPWD; echo $FIRSTUSERPWD) | smbpasswd -a -s $FIRSTUSERNAME
-    db_set debian-edu-config/first-user-password ''
-    echo "First user password cleared from debconf database." 1>&2
+    # Clear password in case of success, i.e. if this script is called via
+    # /usr/share/debian-edu-config/tools/edu-ldap-from-scratch (outside d-i).
+    if pdbedit -L -v $FIRSTUSERNAME >/dev/null 2>&1 ; then
+        db_set debian-edu-config/first-user-password ''
+        echo "First user password cleared from debconf database." 1>&2
+    fi
 }
 
 ## check if there is no kdc yet:
diff -Nru debian-edu-config-2.11.54/share/debian-edu-config/tools/run-at-firstboot debian-edu-config-2.11.55/share/debian-edu-config/tools/run-at-firstboot
--- debian-edu-config-2.11.54/share/debian-edu-config/tools/run-at-firstboot	2021-01-25 17:46:26.000000000 +0100
+++ debian-edu-config-2.11.55/share/debian-edu-config/tools/run-at-firstboot	2021-04-26 23:38:21.000000000 +0200
@@ -7,6 +7,9 @@
 	. /etc/debian-edu/config
 fi
 
+# Enable debconf
+. /usr/share/debconf/confmodule
+
 # Grab dist value for both testing and stable release cases.
 if grep -q / /etc/debian_version ; then
 	dist=$(cat /etc/debian_version | cut -d/ -f1)
@@ -112,6 +115,19 @@
 EOF
 	logger -t exim-create-environment -p notice Sent mail to first-user.
 fi
+
+# Create first user's Samba account. The smbpasswd command fails inside d-i
+# because user information from LDAP is missing at that time. All passwords have
+# been cleared from the debconf database inside d-i, except the one needed here.
+if echo "$PROFILE" | grep -q Main-Server ; then
+	db_get debian-edu-config/first-user-password
+	FIRSTUSERPWD="$RET"
+	(echo "$FIRSTUSERPWD"; echo "$FIRSTUSERPWD") | smbpasswd -a -s $FIRSTUSER
+	info "Added Samba account for '$FIRSTUSER'."
+	db_set debian-edu-config/first-user-password ''
+	info "First user password cleared from debconf database."
+fi
+
 if [ -x /usr/bin/etckeeper ] ; then
 	etckeeper commit "End of first boot" > /dev/null 2>&1 || true
 fi

Attachment: signature.asc
Description: PGP signature

Reply to:

Follow-Ups:
- Bug#988372: marked as done (unblock: debian-edu-config/2.11.55)
  - From: "Debian Bug Tracking System" <owner@bugs.debian.org>

Prev by Date: Bug#988365: buster-pu: package htmldoc/1.9.3-1
Next by Date: Processed: tagging 988332
Previous by thread: Processed: htmldoc 1.9.3-1+deb10u1 flagged for acceptance
Next by thread: Bug#988372: marked as done (unblock: debian-edu-config/2.11.55)
Index(es):
- Date
- Thread