[debian-edu-commits] [Git][debian-edu/debian-edu-config][bookworm] 81 commits: Remove myself from Uploaders
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Wed Sep 27 21:35:32 BST 2023
Mike Gabriel pushed to branch bookworm at Debian Edu / debian-edu-config
Commits:
7ce774b1 by Wolfgang Schweer at 2023-06-08T10:46:25+02:00
Remove myself from Uploaders
- - - - -
e7073dcd by Holger Levsen at 2023-06-08T11:21:21+02:00
Start 2.12.33 development.
d/changelog entries will be written on release
using the git commit messages.
Use 'gbp dch --since 2.12.32'
to write d/changelog entries since that last release.
Gbp-Dch: ignore
Signed-off-by: Holger Levsen <holger at layer-acht.org>
- - - - -
05a4ec8b by Guido Berhoerster at 2023-06-23T08:17:28+02:00
Adapt ntp configuration for ntpsec (closes: #1038881)
ntpsec has replaced ntp in bookworm, adapt configuration and add a drop-in file
instead of editing the configuration file.
Drop insserv overrides for ntp, the ntpsec systemd unit has an ordering
dependency on nss-lookup.target equivalent to the "$named" facility.
- - - - -
ebbbd1b6 by Guido Berhoerster at 2023-06-26T16:05:01+02:00
Set up database for icingaweb2
Starting with version 2.11 user preferences must be stored in the DB.
- - - - -
4657dfca by Guido Berhoerster at 2023-06-29T09:31:27+02:00
Fix permissions issue preventing icingaweb2 from reading the backend config
The /etc/icingaweb2/modules directory ends up with "drwxrwSrwx" permissions,
missing the "x" bit preventing icingaweb2 from reading the monitoring backend
configuration in /etc/icingaweb2/modules/monitoring/. Instead of adjusting
single files and directories, enforce sensible permissions on all directories
and configuration files. Closes: #1039475.
- - - - -
c54b6cc4 by Daniel Teichmann at 2023-06-30T10:40:16+00:00
etc/dhcp/dhcp-debian-edu.conf: ldap-server. 'ldap' -> 'ldap.intern'. (Closes: #1039966)
- - - - -
66d00155 by Guido Berhoerster at 2023-07-01T03:38:39+00:00
Fix samba usershares permissions
Setting the group ownership of /var/lib/samba/usershares/ to "students" fails
during the installation because this group is defined in LDAP and the slapd is
not running at the time the samba promise bundle is evaluated. Thus use the
numeric GID instead. The group is defined in
ldap-bootstrap/{samba.ldif,gosa.ldif}. Closes: #1039461.
- - - - -
02972022 by Mike Gabriel at 2023-07-01T05:59:53+02:00
Revert "etc/dhcp/dhcp-debian-edu.conf: ldap-server. 'ldap' -> 'ldap.intern'. (Closes: #1039966) "
This reverts commit c54b6cc4d712b48a62e4c7103fe6edf96180526b.
- - - - -
62f81eb6 by Mike Gabriel at 2023-07-01T05:59:53+02:00
release as 2.12.33
- - - - -
50fabfaf by Mike Gabriel at 2023-07-01T06:06:50+02:00
Start 2.12.34 development.
d/changelog entries will be written on release using the git commit
messages.
Use 'gbp dch --since 2.12.33' to write d/changelog entries since that
last release.
- - - - -
04a9db68 by Daniel Teichmann at 2023-07-03T16:36:29+02:00
etc/dhcp/dhcp-debian-edu.conf: ldap-server. 'ldap' -> 'ldap.intern'. (Closes: #1039966)
- - - - -
df38e13d by Daniel Teichmann at 2023-07-25T18:06:37+02:00
share/debian-edu-config/tools/gosa-remove: Fix kadmin.local, Use '-force' to disable interaction via stdin.
- - - - -
98b9a05d by Guido Berhoerster at 2023-07-31T12:52:49+02:00
ldap-createuser-krb5: Fix user creation
Remove Samba NT4 domain support, add samba user using smbpasswd.
Add root CA for new users (copied from gosa-create).
Closes: #1042456
- - - - -
ec303a6a by Guido Berhoerster at 2023-08-07T11:05:58+02:00
ldap-createuser-krb5: fix new UID/GID selection
Exclude special users (UID/GID >= 10000) when looking for the highest UID/GID.
- - - - -
83a921a4 by Guido Berhoerster at 2023-08-07T11:06:43+02:00
ldap-createuser-krb5: add CLI options for uid/gid/department
Also ensure script is run as root.
- - - - -
3c671914 by Guido Berhoerster at 2023-08-07T11:06:43+02:00
ldap-createuser-krb5: Add additional attributes based on template users
- - - - -
25c911dd by Guido Berhoerster at 2023-08-07T11:06:43+02:00
ldap-createuser-krb5: add support for additional groups
- - - - -
dffca0f4 by Guido Berhoerster at 2023-08-07T11:06:43+02:00
ldap-createuser-krb5: send welcome email in order to create maildir
Without this the maildir in /var/mail/<user> will not exist and Dovecot will
refuse to let the user log in as it cannot create this directory.
- - - - -
a037063a by Guido Berhoerster at 2023-08-07T15:04:46+02:00
ldap-createuser-krb5: set LDAP password when creating users
This allows users to use gosa to change their password.
- - - - -
39890c47 by Guido Berhoerster at 2023-08-07T14:08:25+00:00
Add systemd services for configuring Chromium/Firefox from LDAP
Factor out logic from init script into separate script which are then called
from both the init script and systemd services.
- - - - -
085be419 by Guido Berhoerster at 2023-08-07T14:08:25+00:00
Add systemd service enabling NAT for thin clients
- - - - -
d8d40e3d by Guido Berhoerster at 2023-08-07T14:08:25+00:00
Add systemd service for fetching the RootCA file from the main server
- - - - -
a06fb0d8 by Guido Berhoerster at 2023-08-07T14:08:25+00:00
Drop init script for fetching LDAP SSL public key from legacy main servers
This drops support for clients running behind a main server based on DebianEdu
stretch (closes: #1030116).
- - - - -
90dec108 by Guido Berhoerster at 2023-08-07T14:08:25+00:00
Update debian/rules for init scripts and systemd services
Closes: #1039166
- - - - -
67ea7417 by Guido Berhoerster at 2023-08-07T14:11:55+00:00
Generate a random password for the icinga/icingaweb databases
Closes: #1040015
- - - - -
69cd4c75 by Guido Berhoerster at 2023-08-07T14:13:47+00:00
update-dlw-krb5-keytabs: Handle missing/empty diskless-workstation-hosts
The "set -e" makes the shell exit with status 1 immediately without any message
if the grep in the subshell does not match anything. This in turn makes scripts
like gosa-remove-host fail without any error message. Exit gracefully with a
message and exit status 0 if diskless-workstation-hosts netgroup is
missing/empty.
- - - - -
e9f9ab68 by Guido Berhoerster at 2023-08-07T14:15:21+00:00
Followup fixes for ntpsec transition
Explicitly install the ntpsec package instead of the transitional ntp package.
Update comments accordingly.
Remove non-existent editline_ntp promise.
- - - - -
7bf138c3 by Guido Berhoerster at 2023-08-07T14:16:56+00:00
Add systemd support to debian-edu-restart-services
This uses a list of service units which was compiled on a main server + ltsp
installation. Uses stop and start to force restart reverse-dependencies. It
also makes sure that drop in files are recognized. Closes: #1042940
- - - - -
f49c8ba1 by Mike Gabriel at 2023-08-07T17:33:00+02:00
debian/debian-edu-config.lintian-overrides: Update existing overrides (line numbers and such).
- - - - -
02d1a793 by Mike Gabriel at 2023-08-07T17:33:00+02:00
debian/debian-edu-config.lintian-overrides: Drop missing-systemd-service-for-init.d-script overrides. Systemd service files are now provided.
- - - - -
d86055e6 by Mike Gabriel at 2023-08-07T17:33:00+02:00
debian/debian-edu-config.lintian-overrides: Drop init.d-script-does-not-implement-status-option override for fetch-ldap-cert. Init script is now gone.
- - - - -
006738c6 by Mike Gabriel at 2023-08-07T17:33:00+02:00
testsuite: Install to pkglibexecdir rather than libexecdir. Thanks lintian.
- - - - -
a5a05dcd by Mike Gabriel at 2023-08-07T17:33:00+02:00
Makefile: Adjust white-spacing in variable declarations.
- - - - -
abde700b by Mike Gabriel at 2023-08-07T18:32:10+02:00
Makefile: Use $(NULL) variable at end of file lists. Allow for better git-patch readability.
- - - - -
5f5b2ecb by Guido Berhoerster at 2023-08-10T08:31:12+02:00
Allow root access to cups via SystemGroups
root access is allowed in the default configuration and e.g. necessary for
services like debian-edu-cups-queue-autoflush.service to work.
Closes #1043397
- - - - -
08f4cf77 by Guido Berhoerster at 2023-08-10T07:07:40+00:00
Configure gosa not to use STARTTLS since TLS is already used
ldapTLS configures the use of STARTTLS, not TLS per se which is enabled by the
use of ldaps: protcol in URLs. Closes #1041322
- - - - -
0401de82 by Guido Berhoerster at 2023-08-10T07:08:22+00:00
cf3/promises.cf: fix typo and allow connections from localhost and network
- - - - -
385f9033 by Mike Gabriel at 2023-08-10T11:18:41+02:00
d/changelog: update from Git log
- - - - -
5da55e56 by Mike Gabriel at 2023-08-10T09:19:04+00:00
Convert CRON configuration to systemd timers.
- - - - -
9ec5fe82 by Mike Gabriel at 2023-08-10T09:19:04+00:00
sbin/*-for-netgroup-hosts: Some noop + white-spacing beautifications.
- - - - -
2a3319cc by Mike Gabriel at 2023-08-10T16:58:37+02:00
Move d-e-c-*-for-netgroup-hosts scripts to pkglibexecdir.
- - - - -
a77d163f by Mike Gabriel at 2023-08-10T17:07:30+02:00
debian/debian-edu-config.maintscript: Assure removal of /etc/init.d/fetch-ldap-cert conffile.
- - - - -
f1df1d86 by Mike Gabriel at 2023-08-10T17:08:00+02:00
debian/debian-edu-config.postinst: Assure runlevel de-registering of init script fetch-ldap-cert.
- - - - -
ebc3a021 by Mike Gabriel at 2023-08-10T17:23:33+02:00
debian/debian-edu-config.cron.*: Only run scripts if they exist. Thanks piuparts.
- - - - -
38375cfe by Mike Gabriel at 2023-08-10T17:29:59+02:00
release as 2.12.34
- - - - -
f0edf403 by Mike Gabriel at 2023-08-10T17:32:56+02:00
Start 2.12.35 development. d/changelog entries will be written on release using the git commit messages. Use 'gbp dch --since 2.12.34' to write d/changelog entries since that last release.
- - - - -
e6560d37 by Guido Berhoerster at 2023-08-11T14:56:08+02:00
Remove configure-edu-gateway
The script is obsoleted by the the more sophisticated configuration abilities
provided by the debian-edu-router-config package.
Closes: #1043407
- - - - -
30dc5aea by Guido Berhoerster at 2023-08-16T09:55:40+02:00
Do not hardcode X2Go desktop to Xfce
Add a commandline option --x2go_desktop for specifying the default desktop and
make a best effort finding a usable desktop if none is specified.
Closes: #1049396
- - - - -
75b4e3f7 by Guido Berhoerster at 2023-08-18T08:16:28+02:00
Disable cf-execd on installation
Currently cf-execd is enabled by default if systemd is used (see #1043353) but
the agent should only be run on installation. (Closes #1041323)
- - - - -
8412a3d9 by Guido Berhoerster at 2023-08-18T14:42:15+00:00
Do not attempt to fetch the rootCA cert outside of a DebianEdu network
An error should only be reported if the machine is inside a DebianEdu network,
i.e. www.intern is resolvable, but the download fails. (Closes: #1008599)
- - - - -
55d14403 by Mike Gabriel at 2023-08-19T17:04:29+02:00
debian/tests/control: Remove configure-edu-gateway from list of tests. Script and testscript are now gone.
- - - - -
09513259 by Mike Gabriel at 2023-08-19T17:21:22+02:00
Silence lintian warnings of type 'bash-term-in-posix-shell' by using variable names that lintian can't confuse with bash-only pre-set variables (e.g. $HOSTNAME or $UID).
- - - - -
f741cf36 by Mike Gabriel at 2023-08-19T17:22:29+02:00
release as 2.12.35
- - - - -
ce667805 by Mike Gabriel at 2023-08-19T17:24:56+02:00
Start 2.12.36 development.
d/changelog entries will be written on release using the git commit
messages.
Use 'gbp dch --since 2.12.35' to write d/changelog entries since that
last release.
Gbp-Dch: ignore
Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
- - - - -
7c4d3a12 by Guido Berhoerster at 2023-08-21T09:54:01+02:00
Update proxy settings in dconf
This adds support in update-proxy-from-wpad for setting the proxy default
values in dconf. The values are added to a site database, it also packages an
empty local database in order to obviate the need to modify the user profile.
(Closes: #955702)
- - - - -
a3a6e9f5 by Guido Berhoerster at 2023-08-21T10:22:45+02:00
Remove use of obsolete grep aliases
These have been obsolete forever and have been removed from GNU grep upstream.
- - - - -
34b9ae60 by Guido Berhoerster at 2023-08-21T10:22:45+02:00
Use command -v builtin over external which command
- - - - -
7f7b8198 by Mike Gabriel at 2023-08-29T16:25:51+02:00
ldap-bootstrap/gosa.ldif: Provide ou=incoming potentially used by GOsa²'s class 'newArpDevice'. This is esp. to silence GOsa² error messages but might be useful at a later point of time.
- - - - -
9a38129b by Guido Berhoerster at 2023-09-05T14:23:57+02:00
Do not solely rely on the presence of init scripts in maintainer scripts
Check also for systemd service files.
- - - - -
7028af6b by Guido Berhoerster at 2023-09-05T14:25:39+02:00
Remove direct invocation of wlan init script
This no longer exists in Debian.
- - - - -
912fa538 by Guido Berhoerster at 2023-09-05T14:26:50+02:00
Replace invocation of fetch-ldap-cert init script in DHCP hooks
This has been replaced by fetch-rootca-cert (see #971780).
- - - - -
da8c1dd3 by Guido Berhoerster at 2023-09-07T14:57:16+02:00
Silence exim4 warnings in logfile
The lack of keep_environment in the exim4 configuration for clients leads to
continuous warnigs in the logfile:
Warning: purging the environment.
Suggested action: use keep_environment.
Setting it to an empty values (which is the default) silences that.
- - - - -
de18a627 by Guido Berhoerster at 2023-09-07T18:43:30+00:00
Ship PAM group.conf for workstations
LDAP users should be members of several system groups on networked (roaming)
workstations.
- - - - -
8ccc22b8 by Guido Berhoerster at 2023-09-07T18:44:25+00:00
Rename dhclient hook in Makefile
Followup to commit 912fa538970efd7175481779a5bde71f6d14d530.
- - - - -
35d62a90 by Guido Berhoerster at 2023-09-07T18:44:25+00:00
Do not use command paths in maintainer scripts
Fix lintian warning introduced in commit
9a38129b8c9de16bf658bcdef4423410e4aaf686.
- - - - -
23b937e7 by Guido Berhoerster at 2023-09-08T09:05:43+02:00
Add missing dependency on iptables
This is required by debian-edu-update-netblock (Closes: #1051446).
- - - - -
88a0b8b1 by Mike Gabriel at 2023-09-09T23:07:59+02:00
release as 2.12.36
- - - - -
d3574525 by Mike Gabriel at 2023-09-09T23:09:10+02:00
Start 2.12.37 development.
d/changelog entries will be written on release using the git commit
messages.
Use 'gbp dch --since 2.12.36' to write d/changelog entries since that
last release.
Gbp-Dch: ignore
- - - - -
5561b91a by Guido Berhoerster at 2023-09-11T05:37:00+00:00
Discard excessive nullmailer logging
Filter out log messages coming from a client running nullmailer since it is
very verbose and can easily fill up the filesystem under /var/log
(Closes: #1003728).
- - - - -
21457dc8 by Guido Berhoerster at 2023-09-19T11:46:53+02:00
ldap-createuser-krb5: fix password prompt
- - - - -
fddcfc17 by Guido Berhoerster at 2023-09-19T15:15:46+02:00
Disable cfengine3 systemd service
Disabling only cf-execd in 75b4e3f7 (see #1041323) did not work as it gets
pulled in as a dependency of cfengine3. Thus disable the cfengine3 service
instead.
- - - - -
47cc42ed by Guido Berhoerster at 2023-09-20T08:23:42+02:00
Rewrite testsuite/filesystems, add exception for /boot
Rewrite for clarity and robustness.
Add exception for /boot which may use ext2.
- - - - -
7584d0c4 by Guido Berhoerster at 2023-09-20T08:23:42+02:00
testsuite/ldap-client: fix invocation of ldapsearch
The -h command line option has been removed, ldapsearch now only accepts a LDAP
URI via the -H option. Use dig and awk instead of host and interpret the SRV
record properly.
- - - - -
92cba3da by Guido Berhoerster at 2023-09-20T08:23:42+02:00
testsuite/ldap-client: improve error message on PAM modules
Also do not use the deprecated egrep and get rid of unnecessary wc.
- - - - -
7b4304a4 by Guido Berhoerster at 2023-09-20T08:23:42+02:00
testsuite/ldap-server: fix invocation of ldapsearch
The -h command line option has been removed, ldapsearch now only accepts a LDAP
URI via the -H option.
- - - - -
3504627e by Guido Berhoerster at 2023-09-20T08:23:42+02:00
Fix remaining invocations of ldapsearch
- - - - -
6d803b3a by Guido Berhoerster at 2023-09-20T08:26:17+02:00
Disable the LDAP PAM module
- - - - -
ed1d0ca1 by Guido Berhoerster at 2023-09-25T17:59:16+02:00
setup-freeradius-server: Set commonName and subjectAltNames on the server cert
Closes: #1010159.
- - - - -
e29c074f by Guido Berhoerster at 2023-09-25T17:59:35+02:00
setup-freeradius-server: Improve robustness
Use update-ini-file for OpenSSL config files.
Use more precise sed substitutions which do not rely on example values.
Increase password length from 8 to 16 characters.
- - - - -
02c4c4c1 by Guido Berhoerster at 2023-09-26T10:32:16+00:00
Change minimum UID/GID for LDAP user to 2000
With this change local user accounts now use the UID/GID range 1000-1999
instead of 500-999 whereas LDAP user accounts use 2000-59999 instead of
1000-59999. This is to reserve UID/GID 0-999 for system users which is the
default in Debian and not conforming to it is increasingly problematic as
packages are beginning to use systemd-sysusers for creating system user
accounts which does not obey /etc/addusers.conf or /etc/login.defs by default.
The first user account created during installation now has UID/GID 2000 instead
of 1000.
Configure gosa and adjust ldap-createuser-krb5 accordingly.
Closes: #1003192.
- - - - -
41a4f5c6 by Mike Gabriel at 2023-09-27T22:31:46+02:00
release as 2.12.37
- - - - -
30 changed files:
- Makefile
- README
- cf3/cf.adduser
- + cf3/cf.cfengine3
- cf3/cf.ldapclient
- cf3/cf.ntp
- + cf3/cf.pam
- cf3/cf.samba
- cf3/cf.syslog
- cf3/promises.cf
- debian/changelog
- debian/control
- debian/debian-edu-config.chromium-ldapconf
- + debian/debian-edu-config.chromium-ldapconf.service
- debian/debian-edu-config.cron.daily
- debian/debian-edu-config.cron.hourly
- + debian/debian-edu-config.debian-edu-cups-queue-autoflush.service
- + debian/debian-edu-config.debian-edu-cups-queue-autoflush.timer
- + debian/debian-edu-config.debian-edu-cups-queue-autoreenable.service
- + debian/debian-edu-config.debian-edu-cups-queue-autoreenable.timer
- + debian/debian-edu-config.debian-edu-fsautoresize.service
- + debian/debian-edu-config.debian-edu-fsautoresize.timer
- + debian/debian-edu-config.debian-edu-update-netblock.service
- + debian/debian-edu-config.debian-edu-update-netblock.timer
- + debian/debian-edu-config.enable-nat.service
- − debian/debian-edu-config.fetch-ldap-cert
- debian/debian-edu-config.fetch-rootca-cert
- + debian/debian-edu-config.fetch-rootca-cert.service
- debian/debian-edu-config.firefox-ldapconf
- + debian/debian-edu-config.firefox-ldapconf.service
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/fbe31ecb0f05879441af2ab546e4f79646337600...41a4f5c665d1bb0d9ad9beb14b0ff36632a53e52
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/fbe31ecb0f05879441af2ab546e4f79646337600...41a4f5c665d1bb0d9ad9beb14b0ff36632a53e52
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230927/89c3bdfe/attachment-0001.htm>
More information about the debian-edu-commits
mailing list