[debian-edu-commits] debian-edu/ 01/03: Improve TLS related scripts; configure mail also for the first user:

Wolfgang Schweer schweer-guest at moszumanska.debian.org
Sat Dec 9 17:08:28 UTC 2017 

This is an automated email from the git hooks/post-receive script.

schweer-guest pushed a commit to branch master
in repository debian-edu-config.

commit 7d203afbb70a82b90ab3b04ef992a742d0f457ff
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Sat Dec 9 18:01:10 2017 +0100

    Improve TLS related scripts; configure mail also for the first user:
    
    - share/debian-edu-config/tools/create-debian-edu-certs:
      + On a plain main server xrdp isn't installed by default, so
        only add xrdp conditionally to the 'ssl-cert' group.
    - share/debian-edu-config/tools/update-cert-dbs:
      + Drop output to standard out, add home directory location to logging
        information.
    - share/debian-edu-config/tools/run-at-firstboot:
      + Send an email to the first user to avoid a Dovecot pitfall. Unlike
        other users, this account is set up at installation time when Exim
        isn't yet able to look up user information in LDAP.
---
 debian/changelog                                   | 16 +++++++++++++++
 .../tools/create-debian-edu-certs                  |  5 ++++-
 share/debian-edu-config/tools/run-at-firstboot     | 24 ++++++++++++++++++++++
 share/debian-edu-config/tools/update-cert-dbs      |  3 +--
 4 files changed, 45 insertions(+), 3 deletions(-)

diff --git a/debian/changelog b/debian/changelog
index c138f5a..fa5a528 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,19 @@
+debian-edu-config (1.941) UNRELEASED; urgency=medium
+
+  * Improve TLS related scripts; configure mail also for the first user:
+     - share/debian-edu-config/tools/create-debian-edu-certs:
+       + On a plain main server xrdp isn't installed by default, so
+         only add xrdp conditionally to the 'ssl-cert' group.
+     - share/debian-edu-config/tools/update-cert-dbs:
+       + Drop output to standard out, add home directory location to logging
+         information.
+     - share/debian-edu-config/tools/run-at-firstboot:
+       + Send an email to the first user to avoid a Dovecot pitfall. Unlike
+         other users, this account is set up at installation time when Exim
+         isn't yet able to look up user information in LDAP.
+
+ -- Wolfgang Schweer <wschweer at arcor.de>  Sat, 09 Dec 2017 17:09:38 +0100
+
 debian-edu-config (1.940) unstable; urgency=medium
 
   [ Wolfgang Schweer ]
diff --git a/share/debian-edu-config/tools/create-debian-edu-certs b/share/debian-edu-config/tools/create-debian-edu-certs
index e00e59e..451e6c0 100755
--- a/share/debian-edu-config/tools/create-debian-edu-certs
+++ b/share/debian-edu-config/tools/create-debian-edu-certs
@@ -50,7 +50,10 @@ generate() {
     logger -t create-debian-edu-certs "rootCA and server certs generated"
     # Enable Debian-exim to read key file.
     usermod -a -G ssl-cert Debian-exim
-    usermod -a -G ssl-cert xrdp
+    # On a plain main server xrdp isn't installed by default.
+    if id xrdp 1>/dev/null 2>&1 ; then
+        usermod -a -G ssl-cert xrdp
+    fi
     # Add local trust for the created certificates.
     /usr/sbin/update-ca-certificates
     # Update dbm and sql certificate and key databases in homedirs.
diff --git a/share/debian-edu-config/tools/run-at-firstboot b/share/debian-edu-config/tools/run-at-firstboot
index bbca94d..1f54d4a 100755
--- a/share/debian-edu-config/tools/run-at-firstboot
+++ b/share/debian-edu-config/tools/run-at-firstboot
@@ -106,6 +106,30 @@ else
     info "apt-xapian-index/goplay is not installed"
 fi
 
+# Send mail to the first user to avoid the Dovecot permission pitfall
+# also in this special case. It doesn't seem to work during installation,
+# because Exim4 needs to grab information from LDAP which fails at that time.
+FIRSTUSER=$(grep -1 first-user-name /var/cache/debconf/config.dat | grep Value | cut -d' ' -f2)
+
+if [ ! -d /var/mail/"$FIRSTUSER" ] ; then
+    cat << EOF | /usr/lib/sendmail $FIRSTUSER
+Subject: Welcome to the mail-system
+
+Hello $FIRSTUSER,
+
+welcome to the mail-system.
+
+Your userID is $FIRSTUSER, and your email address is:
+
+    $FIRSTUSER at postoffice.intern
+
+Regards,
+
+    Debian-Edu SysAdmin
+
+EOF
+    logger -t exim-create-environment -p notice Sent mail to first-user.
+fi
 if [ -x /usr/bin/etckeeper ] ; then
     etckeeper commit "End of first boot" > /dev/null 2>&1 || true
 fi
diff --git a/share/debian-edu-config/tools/update-cert-dbs b/share/debian-edu-config/tools/update-cert-dbs
index 3ee4ca2..817dbc7 100755
--- a/share/debian-edu-config/tools/update-cert-dbs
+++ b/share/debian-edu-config/tools/update-cert-dbs
@@ -7,7 +7,6 @@ set -e
 
 BASE_HOME=/skole/tjener/home0
 for i in $(ls /skole/tjener/home0/ | grep -v lost+found) ; do
-    echo "$i"
     if [ -d $BASE_HOME/$i/.mozilla/firefox/debian-edu.default ] ; then
         su - $i sh -c 'certutil  -A -d dbm:$HOME/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
     fi
@@ -17,5 +16,5 @@ for i in $(ls /skole/tjener/home0/ | grep -v lost+found) ; do
     if [ -d $BASE_HOME/$i/.pki/nssdb ] ; then
         su - $i sh -c 'certutil  -A -d sql:$HOME/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt'
     fi
-    logger -t update-cert-dbs "updated both dbm and sql type nssdb files in homedirs"
+    logger -t update-cert-dbs "Updated nssdb files for user accounts in $BASE_HOME/."
 done

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git

More information about the debian-edu-commits mailing list