[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] Add LDAP server certificate to the initial LTSP NBD image. (Closes: #932828)

Tue Jul 23 19:08:11 BST 2019


WolfgangSchweer pushed to branch master at Debian Edu / debian-edu-config


Commits:
8de8e54c by Wolfgang Schweer at 2019-07-23T18:04:35Z
Add LDAP server certificate to the initial LTSP NBD image. (Closes: #932828)

etc/ltsp/ltsp-build-client.conf: Don't create the image by default.
cf3/edu.cf: Define new class 'ltspimages'.
cf3/cf.finalize: Add code to include the LDAP server certificate for all
possible use cases, to generate the image and to adjust various rights.

Signed-off-by: Wolfgang Schweer <wschweer at arcor.de>

- - - - -


4 changed files:

- cf3/cf.finalize
- cf3/edu.cf
- debian/changelog
- etc/ltsp/ltsp-build-client.conf


Changes:

=====================================
cf3/cf.finalize
=====================================
@@ -4,6 +4,11 @@ bundle agent finalize
 # Moved from other bundles to this last one in the sequence to get the right
 # execution order.
 
+vars:
+
+  "default_arch" string => ifelse("x86_64", "amd64",
+                                      "i686", "i386",
+                                      $(sys.arch));
 files:
 
   # Add the language chooser to the lightdm-greeter panel.
@@ -52,6 +57,16 @@ files:
     link_from => ln_s("/usr/share/debian-edu/menu/menus/xfce-applications.menu"),
     move_obstructions => "true";
 
+  # Make sure the LDAP server certificate is available in the LTSP chroot of a
+  # new combined server before the SqushFS image is generated (see bundle end).
+
+  debian.server.ltspserver.!ltspimages.installation::
+
+    "/opt/ltsp/$(default_arch)/etc/ssl/certs/debian-edu-server.crt"
+    copy_from => local_cp("/etc/ssl/certs/debian-edu-server.crt");
+    "/opt/ltsp/$(default_arch)/etc/ssl/certs/debian-edu-bundle.crt"
+    copy_from => local_cp("/etc/ssl/certs/debian-edu-bundle.crt");
+
 commands:
 
   debian.server.installation::
@@ -97,6 +112,36 @@ commands:
 
     "/usr/sbin/pam-auth-update --package"
       contain => in_shell;
+
+  # Make sure the LDAP server certificate is available in the chroot of a separate
+  # LTSP server before the SqushFS image is generated. Also needed just in case
+  # an LTSP chroot is re-generated.
+
+  debian.ltspclient.installation::
+
+    "/etc/init.d/fetch-ldap-cert start"
+      contain => in_shell;
+
+  # Adjust certificate rights to make them accessible.
+
+  debian.ltspclient.installation::
+
+    "/bin/chmod 0644 /etc/ssl/certs/debian-edu*.crt"
+      contain => in_shell;
+    "/bin/chmod 0644 /opt/ltsp/*/etc/ssl/certs/debian-edu*.crt"
+      contain => in_shell;
+
+  # Note that 'ltsp-update-image --config-nbd' is needed to generate the image and
+  # to configure NBD; adjust rights to make the image available for the NBD server.
+
+  debian.ltspserver.!ltspimages.installation::
+
+    "/usr/sbin/ltsp-update-image --config-nbd"
+      contain => in_shell;
+    "/bin/chmod 0755 /opt/ltsp/images/"
+      contain => in_shell;
+    "/bin/chmod 0644 /opt/ltsp/images/*.img"
+      contain => in_shell;
 }
 
 bundle edit_line profile


=====================================
cf3/edu.cf
=====================================
@@ -23,6 +23,7 @@ bundle common edu
     "standalone"     expression => not( fileexists("/usr/bin/ntpq") );
     "minimal"	     expression => returnszero("/bin/grep 'Minimal' /etc/debian-edu/config","noshell");
     "ltspclient"     expression => fileexists("/usr/bin/getltscfg");
+    "ltspimages"     expression => isdir("/opt/ltsp/images");
     "installation"   expression => fileexists("/sbin/start-stop-daemon.REAL");
     "testinstall"    expression => returnszero("/bin/grep 'TESTINSTALL=\"true\"' /etc/debian-edu/config","noshell");
     # Set if the internet is reachable for downloading files.


=====================================
debian/changelog
=====================================
@@ -25,6 +25,11 @@ debian-edu-config (2.10.66) UNRELEASED; urgency=medium
     - While the reported arch is i686, LTSP uses i386. Set arch accordingly.
   * Adjust share/debian-edu-config/tools/kerberos-kdc-init. (Closes: #931366)
     - Remove outdated (and now wrong) logging section.
+  * Add LDAP server certificate to the initial LTSP NBD image. (Closes: #932828)
+    - etc/ltsp/ltsp-build-client.conf: Don't create the image by default.
+    - cf3/edu.cf: Define new class 'ltspimages'.
+    - cf3/cf.finalize: Add code to include the LDAP server certificate for all
+      possible use cases, to generate the image and to adjust various rights.
 
   [ Mike Gabriel ]
   * debian/debian-edu-config.fetch-ldap-cert: Make the script (and with it


=====================================
etc/ltsp/ltsp-build-client.conf
=====================================
@@ -7,7 +7,7 @@
 # Uncomment the next two entries, if NFS instead of NBD should be used for a
 # manually created LTSP chroot.
 #NFS_ROOT="True"
-#SQUASHFS_IMAGE="False"
+SQUASHFS_IMAGE="False"
 
 # This setting is needed to be able to install a chroot using the BD ISO image.
 TRUST_FILE_MIRROR="True"



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/commit/8de8e54c803a88270846fea706f20ea5768a4371

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/commit/8de8e54c803a88270846fea706f20ea5768a4371
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20190723/2e236508/attachment-0001.html>
