[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye] 9 commits: debian/debian-edu-config.fetch-ldap-cert: Drop retrieval of Debian-Edu_rootCA...

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Fri Feb 11 16:12:19 GMT 2022



Mike Gabriel pushed to branch bullseye at Debian Edu / debian-edu-config


Commits:
4f863e0c by Mike Gabriel at 2022-02-11T17:05:40+01:00
debian/debian-edu-config.fetch-ldap-cert: Drop retrieval of Debian-Edu_rootCA from this script. This now is the task of the fetch-rootca-cert script. (Closes: #971780).

- - - - -
1447dab1 by Mike Gabriel at 2022-02-11T17:09:42+01:00
debian/debian-edu-config.fetch-rootca-cert: Ensure proper symlinking of Debian-Edu_rootCA.crt in /usr/local/share/ca-certificates/ to Debian-Edu_rootCA.crt in /etc/ssl/ca-certificates. Forced symlinking is required, because earlier versions of the fetch-ldap-cert init script put Debian-Edu_rootCA.crt into /etc/ssl/ca-certificates/ as a file. Forced symlinking replaces files by the wanted symlink. The -n option (no-dereference) is required to make sure we don't follow any already existing symlink. (This related to #971780).

- - - - -
ca374ffa by Mike Gabriel at 2022-02-11T17:09:42+01:00
share/debian-edu-config/tools/update-proxy-from-wpad: Fix typo (wrong protocol in APT proxy config creation.

- - - - -
ec51aeda by Mike Gabriel at 2022-02-11T17:09:42+01:00
share/debian-edu-config/tools/update-proxy-from-wpad: Create a Debian Edu specific proxy configuration in /etc/apt/apt.conf.d/ named 03debian-edu-config rather than meddling with /etc/apt/apt.conf directly. Clean-up any earlier meddling from apt.conf, as well. (Closes: #1003560).

- - - - -
c11b1b3d by Mike Gabriel at 2022-02-11T17:09:42+01:00
d/changelog: typo fix

- - - - -
2308b5a7 by Mike Gabriel at 2022-02-11T17:09:53+01:00
share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed on Roaming Workstation. (Closes: #1004605).

- - - - -
8374f118 by Mike Gabriel at 2022-02-11T17:10:06+01:00
share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user templates and ignore them. (Closes: #815042).

- - - - -
e9be2a4a by Mike Gabriel at 2022-02-11T17:10:15+01:00
ldap-schemas/: Update GOsa²-specific schema files from Debian's latest version of GOsa² (2.7.4+reloaded3-16).

- - - - -
c9a9791c by Mike Gabriel at 2022-02-11T17:11:50+01:00
share/debian-edu-config/tools/clean-up-host-keytabs: Don't fail on Kerberos principal removal.

- - - - -


13 changed files:

- debian/changelog
- debian/debian-edu-config.fetch-ldap-cert
- debian/debian-edu-config.fetch-rootca-cert
- ldap-schemas/gofon.schema
- ldap-schemas/gosa-samba3.schema
- ldap-schemas/goserver.schema
- ldap-schemas/gosystem.schema
- ldap-schemas/goto-mime.schema
- ldap-schemas/goto.schema
- share/debian-edu-config/tools/clean-up-host-keytabs
- share/debian-edu-config/tools/gosa-remove
- share/debian-edu-config/tools/setup-roaming
- share/debian-edu-config/tools/update-proxy-from-wpad


Changes:

=====================================
debian/changelog
=====================================
@@ -11,6 +11,31 @@ debian-edu-config (2.11.56+deb11u4) UNRELEASED; urgency=medium
   * share/debian-edu-config/tools/setup-freeradius-server: Fix integer
     comparison in run-by-root check. Script was not executable fully (not even
     as root).
+  * debian/debian-edu-config.fetch-ldap-cert: Drop retrieval of
+    Debian-Edu_rootCA from this script. This now is the task of the
+    fetch-rootca-cert script. (Closes: #971780).
+  * debian/debian-edu-config.fetch-rootca-cert: Ensure proper symlinking of
+    Debian-Edu_rootCA.crt in /usr/local/share/ca-certificates/ to
+    Debian-Edu_rootCA.crt in /etc/ssl/ca-certificates. Forced symlinking is
+    required, because earlier versions of the fetch-ldap-cert init script put
+    Debian-Edu_rootCA.crt into /etc/ssl/ca-certificates/ as a file. Forced
+    symlinking replaces files by the wanted symlink. The -n option (no-
+    dereference) is required to make sure we don't follow any already existing
+    symlink. (This relates to #971780).
+  * share/debian-edu-config/tools/update-proxy-from-wpad:
+    - Fix typo (wrong protocol) in APT proxy config creation.
+    - Create a Debian Edu specific proxy configuration in /etc/apt/apt.conf.d/
+      named 03debian-edu-config rather than meddling with /etc/apt/apt.conf
+      directly. Clean up any earlier meddling from apt.conf, as well. (Closes:
+      #1003560).
+  * share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed
+    on Roaming Workstation. (Closes: #1004605).
+  * share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user
+    templates and ignore them. (Closes: #815042).
+  * ldap-schemas/: Update schema files from Debian's latest GOsa² list of
+    schemas.
+  * share/debian-edu-config/tools/clean-up-host-keytabs: Don't fail
+    on Kerberos principal removal.
 
  -- Mike Gabriel <sunweaver at debian.org>  Fri, 14 Dec 2021 22:21:50 +0100
 


=====================================
debian/debian-edu-config.fetch-ldap-cert
=====================================
@@ -16,14 +16,25 @@
 #
 # Author: Petter Reinholdtsen <pere at hungry.com>
 # Date:   2007-06-09
+#
+# Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
+# Date:   2022-01-06
+
+###
+### FIXME: Legacy init script for Debian Edu clients.
+###
+###        --- Remove for Debian Edu bookworm+1 ---
+###
+###        Warning: Removing this script will drop support for clients running
+###        against Debian Edu main servers based on Debian Edu stretch and
+###        earlier.
+###
 
 set -e
 
 . /lib/lsb/init-functions
 
 CERTFILE=/etc/ssl/certs/debian-edu-server.crt
-BUNDLECRT=/etc/ssl/certs/debian-edu-bundle.crt
-ROOTCACRT=/etc/ssl/certs/Debian-Edu_rootCA.crt
 
 do_start() {
 
@@ -33,7 +44,7 @@ do_start() {
 	ERROR=false
 
 	###
-	### PHASE 1: RootCA / bundle-cert / LDAP server cert retrieval
+	### PHASE 1: LDAP server cert retrieval
 	###
 
 	if ( [ ! -f $CERTFILE ] || [ ! -f $ROOTCACRT ] ) && [ -f /etc/nslcd.conf ] &&
@@ -50,116 +61,21 @@ do_start() {
 
 		[ "$VERBOSE" != no ] && log_action_begin_msg "Fetching LDAP SSL certificate."
 
-		# do an openssl connect to the LDAP server, and check whether its certificate
-		# has been issued by the "Debian Edu RootCA", if not we are likely dealing with a
-		# pre-Debian Edu 10 (aka buster) TJENER or with some other non-Debian-Edu LDAP
-		# server.
-		if echo | openssl s_client -connect "$LDAPSERVER:$LDAPPORT" 2>/dev/null | grep -q "Debian Edu RootCA" ; then
-
-			# Since Debian Edu 10, the LDAP certificate (or the RootCA file) is distributed
-			# over http (always via the host serving www.intern, by default: TJENER)
-			#
-			# We do an availability check for the webserver first, to provide proper
-			# error reporting (see below). So, the following check merely discovers,
-			# if the webserver is online at all.
-			if curl -sfk --head -o /dev/null https://www.intern 2>/dev/null; then
-
-				# Now let's see if the webserver has the "Debian Edu RootCA" file.
-				# This has been the case for Debian Edu main servers (TJENER) since
-				# Debian Edu 10.1.
-				if curl -fk https://www.intern/Debian-Edu_rootCA.crt 1> $ROOTCACRT 2>/dev/null && \
-
-				    grep -q CERTIFICATE $ROOTCACRT ; then
-
-					# Obtained a RootCA-verified version of the LDAP server's server certificate.
-					gnutls-cli --x509cafile $ROOTCACRT --save-cert=$CERTFILE.new $LDAPSERVER < /dev/null 1>/dev/null 2>/dev/null
-					logger -t fetch-ldap-cert "Fetched rootCA certificate from www.intern."
-
-					# If the host previously had got the BUNDLECERT file installed,
-					# we make sure here to have it removed. From now on, the LTSP chroot
-					# can operate on the ROOTCACRT file and the BUNDLECERT will never get
-					# update anymore once the ROOTCACRT is available on www.intern.
-					rm -f $BUNDLECRT
-				else
-
-					# If there is no Debian Edu RootCA available on www.intern, fallback to
-					# debian-edu-bundle.crt download (an approach done by a Debian Edu 10.0
-					# main server (aka TJENER) only and changed to RootCA provisioning in
-					# in Debian Edu 10.1.
-
-					# Drop the ROOTCACRT file, as it probably only contains some 404 http
-					# error message in html.
-					rm -f $ROOTCACRT
-
-					# So, now let's see if the webserver has the "debian-edu-bundle.crt"
-					# file. If so (and no Debian Edu RootCA file), then we are likely dealing
-					# with a Debian Edu 10.0 main server.
-					if curl -fk https://www.intern/debian-edu-bundle.crt 1> $BUNDLECRT 2>/dev/null && \
-					    grep -q CERTIFICATE $BUNDLECRT ; then
-
-						# Obtained a self-verified version of the LDAP server's server certificate.
-						# (The BUNDLECERT file should already contain the LDAP server's certificate,
-						# so having this cert file should allow us to successfully and "verified'ly"
-						# connect to the LDAP server and let us retrieve that very same certificate).
-						gnutls-cli --x509cafile $BUNDLECRT --save-cert=$CERTFILE.new $LDAPSERVER < /dev/null 1>/dev/null 2>/dev/null
-						logger -t fetch-ldap-cert "Fetched bundle certificate from www.intern."
-					else
-
-						# We should never get here... If we do anyway, then something went
-						# terribly wrong or the www.intern servicing server is misconfigured.
-
-						# Drop the ROOTCACRT file, as it probably only contains some 404 http
-						# error message in html.
-						rm -f $BUNDLECRT
-
-						logger -t fetch-ldap-cert "Failed to fetch certificates from www.intern."
-					fi
-
-				fi
-
-			else
-
-				# Report an error, if www.intern is down http-wise. This can happen and is probably
-				# a temporary problem that needs an admin to fix it.
-				log_action_end_msg 1
-				logger -t fetch-ldap-cert "Failed to connect to www.intern, maybe the web server down."
-				ERROR=true
-
-			fi
-
-		else
-
-			# Fallback: Fetch LDAP certificate from a pre-Debian-Edu-10 (aka buster) LDAP server
-			# (or some non-Debian-Edu LDAP server)
-			/usr/share/debian-edu-config/tools/ldap-server-getcert $LDAPSERVER > $CERTFILE.new
-			chmod 644 $CERTFILE.new
-			logger -t fetch-ldap-cert "Fetched pre Buster LDAP server certificate."
+		# Fetch LDAP certificate from the Debian Edu main server (i.e. from the LDAP server)
+		/usr/share/debian-edu-config/tools/ldap-server-getcert $LDAPSERVER > $CERTFILE.new
+		chmod 644 $CERTFILE.new
 
-			# FIXME: Add some error handling here:
-			#   - LDAP server down
-			#   - what-not-else...
-
-		fi
-
-		# By now, we should have obtained the LDAP server's CERTFILE (verified in two cases (10.0 or 10.1 TJENER),
-		# simply downloaded from the LDAP server itself in the third case (pre-10.0 TJENER)
 		if test -s $CERTFILE.new ; then
 			mv $CERTFILE.new $CERTFILE
 			[ "$VERBOSE" != no ] && log_action_end_msg 0
-			if [ -f $BUNDLECRT ] || [ -f $ROOTCACRT ] ; then
-				logger -t fetch-ldap-cert "Fetched and verified LDAP SSL certificate from $LDAPSERVER."
-			else
-				logger -t fetch-ldap-cert "Fetched LDAP SSL certificate from $LDAPSERVER."
-			fi
+			logger -t fetch-ldap-cert "Fetched LDAP SSL certificate from $LDAPSERVER."
 		else
-
-			# We obviously have failed in some other way, if the CERTFILE.new is empty (zero size)
-			# Again, something went awfully wrong, if we end up here...
+			# We obviously have failed in some way if the CERTFILE.new is empty (zero size).
+			# Something went wrong, if we end up here...
 			rm -f $CERTFILE.new
 			log_action_end_msg 1
 			logger -t fetch-ldap-cert "Failed to fetch LDAP SSL certificate from $LDAPSERVER."
 			ERROR=true
-
 		fi
 
 	fi
@@ -168,7 +84,7 @@ do_start() {
 	### PHASE 2: Deploy the obtained CERTFILE to LTSP chroots, if any are present.
 	###
 
-	if [ -d /opt/ltsp ] ; then
+	if [ -d /opt/ltsp ] && [ "$ERROR" = "false" ]; then
 
 		# Loop over all to be found LTSP chroots...
 		for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
@@ -195,58 +111,10 @@ do_start() {
 				fi
 			fi
 
-			if [ ! -f $ltsp_chroot$ROOTCACRT ]; then
-
-				if test -e $ROOTCACRT; then
-
-					# If we retrieved it, we also copy the obtained ROOTCACRT into the LTSP chroot
-					# (containing the self-built rootCA of the Debian Edu site).
-					log_action_begin_msg "Copying Debian Edu rootCA certificate to ltsp-chroot $ltsp_chroot "
-					if test -s $ROOTCACRT; then
-
-						# If the chroot previously had got the BUNDLECERT file installed,
-						# we should make sure here to have it removed. From now on, the LTSP chroot
-						# can operate on the ROOTCACRT file and the BUNDLECERT will never get
-						# update anymore once the ROOTCACRT is available on www.intern.
-						rm -f $ltsp_chroot$BUNDLECRT
-						cp $ROOTCACRT $ltsp_chroot$ROOTCACRT
-						[ "$VERBOSE" != no ] && log_action_end_msg 0
-
-					else
-						log_action_end_msg 1
-						ERROR=true
-					fi
-
-				fi
-
-			fi
-
-			if [ ! -f $ltsp_chroot$BUNDLECRT ] && [ ! -f $ltsp_chroot$ROOTCACRT ]; then
-
-				if test -e $BUNDLECRT; then
-					# If we talked to a Debian Edu 10.0 main server (aka TJENER) above, then we
-					# don't have the ROOTCACRT. We copy the BUNDLECRT file into the LTSP chroot
-					# instead (containing all certificates ever issued for the Debian Edu site).
-					# This is just a fallback, in fact, we need the Debian Edu RootCA.
-
-					# If you end up here, then please upgrade your Debian Edu 10.0 server to a
-					# a newer version (Debian Edu 10.1 and beyond).
-					log_action_begin_msg "Copying TLS certificate bundle to ltsp-chroot $ltsp_chroot "
-					if test -s $BUNDLECRT; then
-						cp $BUNDLECRT $ltsp_chroot$BUNDLECRT
-						[ "$VERBOSE" != no ] && log_action_end_msg 0
-					else
-						log_action_end_msg 1
-						ERROR=true
-					fi
-				fi
-
-			fi
-
 		done
 	fi
 
-	if $ERROR; then
+	if [ "$ERROR" = "true" ]; then
 		return 1
 	fi
 }
@@ -263,4 +131,5 @@ case "$1" in
 		echo "Usage: $0 {start|stop|restart|force-reload}"
 		exit 2
 esac
+
 exit 0


=====================================
debian/debian-edu-config.fetch-rootca-cert
=====================================
@@ -53,7 +53,7 @@ do_start() {
 			if curl -fk https://www.intern/Debian-Edu_rootCA.crt > $LOCALCACRT 2>/dev/null && \
 				grep -q CERTIFICATE $LOCALCACRT ; then
 				# Make rootCA certificate available in /etc/ssl/certs/
-				ln -s $LOCALCACRT $ROOTCACRT
+				ln -nsf $LOCALCACRT $ROOTCACRT
 				# Integrate the rootCA certificate into /etc/ssl/certs/ca-certificates
 				update-ca-certificates
 				logger -t fetch-rootca-cert "Deploy the Debian Edu rootCA certificate fetched from www.intern systemwide."


=====================================
ldap-schemas/gofon.schema
=====================================
@@ -285,29 +285,29 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.13.47 NAME 'goFonHomeServer'
 
 # objectclass 
 objectclass (1.3.6.1.4.1.10098.1.2.3.11 NAME 'goFonAccount' SUP top AUXILIARY
-	DESC 'GOFon Account objectclass (v1.0)'
+	DESC 'GOFon Account objectclass (v2.7)'
 	MUST ( goFonDeliveryMode $ telephoneNumber $ uid )
 	MAY ( goFonFormat $ goFonForwarding $ goFonHardware $ goFonPIN $ goFonVoicemailPIN $ goFonMacro $ goFonHomeServer ))
 
 objectclass (1.3.6.1.4.1.10098.1.2.3.12 NAME 'goFonHardware' SUP top STRUCTURAL
-	DESC 'defines a telephone (v1.0)'
+	DESC 'defines a telephone (v2.7)'
 	MUST ( cn $ macAddress $ ipHostNumber )
 	MAY (description $ goFonType $ goFonDmtfMode $ goFonHost $ goFonDefaultIP $
 		 goFonQualify $ goFonAuth $ goFonSecret $ goFonInkeys $ goFonOutkey $
 		 goFonTrunk $ goFonAccountCode $ goFonMSN $ goFonPermit $ goFonDeny ) )
 
 objectclass (1.3.6.1.4.1.10098.1.2.3.13 NAME 'goFonPickupGroup' SUP top AUXILIARY
-	DESC 'Additive for posixGroups (v1.0)'
+	DESC 'Additive for posixGroups (v2.7)'
 	MUST ( cn $ gidNumber ) )
 
 objectclass (1.3.6.1.4.1.10098.1.2.3.14 NAME 'goFonMacro' SUP top STRUCTURAL
-	DESC 'Macro definitions for asterisk machines (v1.0)'
+	DESC 'Macro definitions for asterisk machines (v2.7)'
 	MUST ( cn ) 
 	MAY ( goFonMacroVisible $ displayName $ goFonMacroContent $ description $
 		  goFonMacroParameter ))
 
 objectclass (1.3.6.1.4.1.10098.1.2.3.15 NAME 'goFonQueue' SUP top AUXILIARY
-	DESC 'Queue definitions for asterisk machines (v1.0)'
+	DESC 'Queue definitions for asterisk machines (v2.7)'
 	MUST ( cn ) 
 	MAY ( goFonTimeOut $ goFonMaxLen $ goFonAnnounceFrequency $ goFonDialOption $
 		  goFonMusiconHold $ goFonWelcomeMusic $ goFonQueueReportHold $
@@ -317,7 +317,7 @@ objectclass (1.3.6.1.4.1.10098.1.2.3.15 NAME 'goFonQueue' SUP top AUXILIARY
 		  goFonQueueRetry $ goFonQueueLessThan $ goFonHomeServer ))
 
 objectclass (1.3.6.1.4.1.10098.1.2.3.16 NAME 'goFonConference' SUP top STRUCTURAL
-	DESC 'Conference definitions for asterisk machines (v1.0)'
+	DESC 'Conference definitions for asterisk machines (v2.7)'
 	MUST ( cn ) 
 	MAY ( description $ goFonConferenceOption $ goFonConferenceTimeout $ goFonPIN $
 		  goFonConferenceOwner $ telephoneNumber $ goFonHomeServer))


=====================================
ldap-schemas/gosa-samba3.schema
=====================================
@@ -272,6 +272,10 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.12.47 NAME 'gosaUserDefinedFilter'
         DESC 'A user defined filter'
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
 
+attributetype ( 1.3.6.1.4.1.10098.1.1.12.48 NAME 'gosaWebDAVQuota'
+        DESC 'Webdav share quota in KB'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
 attributetype ( 1.3.6.1.4.1.10098.1.1.6.2 NAME 'academicTitle'
         DESC 'Field to represent the academic title'
         EQUALITY caseIgnoreMatch
@@ -298,34 +302,42 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.651
 		SUBSTR caseIgnoreIA5SubstringsMatch
 	    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
 
+# alias used to provide alternative rfc822 email addresses for kolab users
+attributetype ( 1.3.6.1.4.1.19414.2.1.3
+        NAME 'alias'
+        DESC 'RFC1274: RFC822 Mailbox'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
 # Classes
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.1 NAME 'gosaObject' SUP top AUXILIARY
-        DESC 'Class for GOsa settings (v2.6.1)'
+        DESC 'Class for GOsa settings (v2.7)'
         MUST ( gosaSubtreeACL ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.2 NAME 'gosaLockEntry' SUP top STRUCTURAL
-        DESC 'Class for GOsa locking (v2.6.1)'
+        DESC 'Class for GOsa locking (v2.7)'
         MUST ( gosaUser $ gosaObject $ cn ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.3 NAME 'gosaCacheEntry' SUP top STRUCTURAL
-        DESC 'Class for GOsa caching (v2.6.1)'
+        DESC 'Class for GOsa caching (v2.7)'
 	MAY  ( gosaUser )
 	MUST ( cn ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY
-        DESC 'Class to mark Departments for GOsa (v2.6.1)'
+        DESC 'Class to mark Departments for GOsa (v2.7)'
 	MUST  ( ou $ description )
 	MAY   ( manager ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.5 NAME 'gosaMailAccount' SUP top AUXILIARY
-        DESC 'Class to mark MailAccounts for GOsa (v2.6.1)'
+        DESC 'Class to mark MailAccounts for GOsa (v2.7)'
 	MUST ( mail $ gosaMailServer $ gosaMailDeliveryMode)
-	MAY  ( gosaMailQuota $ gosaMailAlternateAddress $ gosaMailForwardingAddress $
+	MAY  ( alias $ gosaMailQuota $ gosaMailAlternateAddress $ gosaMailForwardingAddress $
 	       gosaMailMaxSize $ gosaSpamSortLevel $ gosaSpamMailbox $
 	       gosaVacationMessage $ gosaVacationStart $ gosaVacationStop $ gosaSharedFolderTarget $ acl))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount' SUP top AUXILIARY
-        DESC 'Class for GOsa Accounts (v2.6.6)'
+        DESC 'Class for GOsa Accounts (v2.7)'
 	MUST ( uid )
         MAY ( sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ gosaDefaultPrinter $
 	      gosaDefaultLanguage $ academicTitle $ personalTitle $ gosaHostACL $ dateOfBirth $
@@ -333,88 +345,89 @@ objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.6 NAME 'gosaAccount' SUP top AUXILIARY
         gotoLastSystemLogin $ gotoLastSystem $ gosaLoginRestriction ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.7 NAME 'gosaHost' SUP top AUXILIARY
-        DESC 'Class for GOsa Hosts (v2.6.1)'
+        DESC 'Class for GOsa Hosts (v2.7)'
         MUST ( cn )
         MAY ( description $ gosaService ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.8 NAME 'gosaProxyAccount' SUP top AUXILIARY
-        DESC 'Class for GOsa Proxy settings (v2.6.1)'
+        DESC 'Class for GOsa Proxy settings (v2.7)'
         MUST ( gosaProxyAcctFlags )
         MAY ( gosaProxyID $ gosaProxyWorkingStart $ gosaProxyWorkingStop $ gosaProxyQuota $
               gosaProxyQuotaPeriod ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.9 NAME 'gosaApplication' SUP top STRUCTURAL
-        DESC 'Class for GOsa applications (v2.6.1)'
+        DESC 'Class for GOsa applications (v2.7)'
         MUST ( cn $ gosaApplicationExecute )
         MAY ( gosaApplicationName $ gosaApplicationIcon $ gosaApplicationFlags $ gosaApplicationMimeType $
               gosaApplicationParameter $ gotoLogonScript $ description $ gosaApplicationCategory ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.10 NAME 'gosaApplicationGroup' SUP top AUXILIARY
-        DESC 'Class for GOsa application groups (v2.6.1)'
+        DESC 'Class for GOsa application groups (v2.7)'
         MUST ( cn )
         MAY ( gosaMemberApplication $ gosaApplicationParameter ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.11 NAME 'gosaUserTemplate' SUP top AUXILIARY
-        DESC 'Class for GOsa User Templates (v2.6.1)'
+        DESC 'Class for GOsa User Templates (v2.7)'
         MUST ( cn ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames'
-        DESC 'GOsa object grouping (v2.6.1)'
+        DESC 'GOsa object grouping (v2.7)'
 		SUP top STRUCTURAL
 		MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
 
-objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.13 NAME 'gosaWebdavAccount'
-        DESC 'GOsa webdav enabling account (v2.6.1)'
+objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.13 NAME 'gosaWebDAVAccount'
+        DESC 'GOsa webdav enabling account (v2.7)'
         SUP top AUXILIARY
-        MUST ( cn $ uid ))
+        MUST ( cn $ uid )
+        MAY ( gosaWebDAVQuota ) )
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.14 NAME 'gosaIntranetAccount'
-		DESC 'GOsa Inatrent enabling account (v2.6.1)'
+		DESC 'GOsa Inatrent enabling account (v2.7)'
 		SUP top AUXILIARY
 		MUST ( cn $ uid )
 		MAY ( gosaDefaultLanguage ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.15 NAME 'gosaAdministrativeUnit'
-       DESC 'Marker for administrational units (v2.6.1)'
+       DESC 'Marker for administrational units (v2.7)'
            SUP top AUXILIARY
        MUST ( gosaUnitTag ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.16 NAME 'gosaAdministrativeUnitTag'
-       DESC 'Marker for objects below administrational units (v2.6.1)'
+       DESC 'Marker for objects below administrational units (v2.7)'
            SUP top AUXILIARY
        MUST ( gosaUnitTag ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole'
-       DESC 'ACL container to define roles (v2.6.1)' SUP top STRUCTURAL
+       DESC 'ACL container to define roles (v2.7)' SUP top STRUCTURAL
        MUST ( gosaAclTemplate $ cn )
        MAY  ( description ) )
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl'
-       DESC 'ACL container to define single ACLs (v2.6.1)' SUP top AUXILIARY
+       DESC 'ACL container to define single ACLs (v2.7)' SUP top AUXILIARY
        MUST ( gosaAclEntry  ))
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject'
-       DESC 'Container object for undo and snapshot data (v2.6.1)' SUP top STRUCTURAL
+       DESC 'Container object for undo and snapshot data (v2.7)' SUP top STRUCTURAL
        MUST ( gosaSnapshotType $ gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData )
        MAY  ( description ) )
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.20 NAME 'gosaConfig'
-       DESC 'Settings for gosa. Replaces parts of the gosa.conf. (v2.6)' SUP top STRUCTURAL
+       DESC 'Settings for gosa. Replaces parts of the gosa.conf. (v2.7)' SUP top STRUCTURAL
        MUST ( cn ) 
        MAY  ( gosaSetting ) )
 
-# GOto submenu entries
+# GOto submenu entry
 objectclass (1.3.6.1.4.1.10098.1.2.1.43 NAME 'gotoSubmenuEntry'
-        DESC 'GOto - contains environment settings (v2.6)' SUP top STRUCTURAL
+        DESC 'GOto - contains environment settings (v2.7)' SUP top STRUCTURAL
         MUST ( cn )
         MAY ( gosaApplicationIcon $ gosaApplicationPriority ) )
 
-# GOto menu entries
+# GOto menu entry
 objectclass (1.3.6.1.4.1.10098.1.2.1.44 NAME 'gotoMenuEntry'
-        DESC 'GOto - defines a menu entry (v2.6)' SUP top STRUCTURAL
+        DESC 'GOto - defines a menu entry (v2.7)' SUP top STRUCTURAL
         MUST ( cn )
         MAY ( gosaApplicationParameter $ gosaApplicationPriority ) )
 
 objectclass ( 1.3.6.1.4.1.10098.1.2.1.19.21 NAME 'gosaProperties' SUP top AUXILIARY
-        DESC 'Class for GOsa Properties, stores for example user filters (v2.6.8)'
-        MAY ( gosaUserDefinedFilter ) ) 
+        DESC 'Store GOsa properties (v2.7)'
+        MAY ( gosaUserDefinedFilter ) )


=====================================
ldap-schemas/goserver.schema
=====================================
@@ -473,86 +473,86 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.9.82 NAME 'gotoSessionType'
 
 # Terminal Server description 
 objectclass (1.3.6.1.4.1.10098.1.2.1.16 NAME 'goTerminalServer' SUP top AUXILIARY
-	DESC 'Terminal server description (v2.6.1)'
+	DESC 'Terminal server description (v2.7)'
 	MUST ( cn $ goXdmcpIsEnabled )
-	MAY  ( description $ goTerminalServerStatus $ gotoSessionType ))
+	MAY  ( description $ goTerminalServerStatus $ gotoSessionType $ goFontPath ))
 
 # NFS Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.19 NAME 'goNfsServer' SUP top AUXILIARY
-	DESC 'NFS server description (v2.6.1)'
+	DESC 'NFS server description (v2.7)'
 	MUST ( cn )
 	MAY  ( goExportEntry $ description $ goNfsServerStatus ))
 
 # Time Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.20 NAME 'goNtpServer' SUP top AUXILIARY
-	DESC 'Time server description (v2.6.1)'
+	DESC 'Time server description (v2.7)'
 	MUST ( cn )
         MAY  ( goTimeSource $ description $ goNtpServerStatus ))
 
 # Syslog Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.21 NAME 'goSyslogServer' SUP top AUXILIARY
-	DESC 'Syslog server description (v2.6.1)'
+	DESC 'Syslog server description (v2.7)'
 	MUST ( cn )
 	MAY  ( goSyslogSection $ description $ goSyslogServerStatus ))
 
 # LDAP Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.22 NAME 'goLdapServer' SUP top AUXILIARY
-	DESC 'LDAP server description (v2.6.1)'
+	DESC 'LDAP server description (v2.7)'
 	MUST ( cn )
 	MAY  ( goLdapBase $ description $ goLdapServerStatus ))
 
 # CUPS Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.23 NAME 'goCupsServer' SUP top AUXILIARY
-	DESC 'CUPS server description (v2.6.1)'
+	DESC 'CUPS server description (v2.7)'
 	MUST ( cn )
 	MAY  ( description $ goCupsServerStatus ))
 
 # IMAP Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.24 NAME 'goImapServer' SUP top AUXILIARY
-	DESC 'IMAP server description (v2.6.1)'
+	DESC 'IMAP server description (v2.7)'
 	MUST ( cn $ goImapName $ goImapConnect $ goImapAdmin $ goImapPassword )
 	MAY  ( goImapSieveServer $ goImapSievePort $ description $ goImapServerStatus $
 	       cyrusImap $ cyrusImapSSL $ cyrusPop3 $ cyrusPop3SSL ))
 
 # Kerberos Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.25 NAME 'goKrbServer' SUP top AUXILIARY
-	DESC 'Kerberos server description (v2.6.1)'
+	DESC 'Kerberos server description (v2.7)'
 	MUST ( cn $ goKrbRealm )
 	MAY  ( description $ goKrbServerStatus ))
 
 # Fax Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.26 NAME 'goFaxServer' SUP top AUXILIARY
-	DESC 'Fax server description (v2.6.1)'
+	DESC 'Fax server description (v2.7)'
 	MUST ( cn $ goFaxAdmin $ goFaxPassword )
 	MAY  ( description $ goFaxServerStatus ))
 
 # Common server class
 objectclass (1.3.6.1.4.1.10098.1.2.1.27 NAME 'goServer' SUP top AUXILIARY
-	DESC 'Server description (v2.6.1)'
+	DESC 'Server description (v2.7)'
 	MUST ( cn )
 	MAY  ( description $ macAddress $ ipHostNumber ))
 
 # LogDB Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.28 NAME 'goLogDBServer' SUP top AUXILIARY
-	DESC 'Log DB server description (v2.6.1)'
+	DESC 'Log DB server description (v2.7)'
 	MUST ( cn $ gosaLogDB $ goLogAdmin $ goLogPassword )
 	MAY  ( goLogDBServerStatus ))
 
 # Fon Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.29 NAME 'goFonServer' SUP top AUXILIARY
-        DESC 'Fon server description (v2.6.1)'
+        DESC 'Fon server description (v2.7)'
         MUST ( cn $ goFonAdmin $ goFonPassword $ goFonAreaCode $ goFonCountryCode )
         MAY  ( description $ goFonServerStatus ))
 
 # Share Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.33 NAME 'goShareServer' SUP top AUXILIARY
-	DESC 'Share server description (v2.6.1)'
+	DESC 'Share server description (v2.7)'
 	MUST ( cn )
 	MAY  ( description $ goExportEntry $ goShareServerStatus ))
 
 # Mail Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.36 NAME 'goMailServer' SUP top AUXILIARY
-	DESC 'Mail server definition (v2.6.1)'
+	DESC 'Mail server definition (v2.7)'
 	MUST ( cn )
 	MAY  ( description $ goMailServerStatus $ postfixHeaderSizeLimit $
 	       postfixMailboxSizeLimit $ postfixMessageSizeLimit $
@@ -562,20 +562,20 @@ objectclass (1.3.6.1.4.1.10098.1.2.1.36 NAME 'goMailServer' SUP top AUXILIARY
 
 # Glpi Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.37 NAME 'goGlpiServer' SUP top AUXILIARY
-	DESC 'Glpi server definition (v2.6.1)'
+	DESC 'Glpi server definition (v2.7)'
 	MUST ( cn $ goGlpiAdmin $ goGlpiDatabase)
 	MAY  ( description $ goGlpiPassword $ goGlpiServerStatus ) )
 
 # Spamassassin definitions
 objectclass (1.3.6.1.4.1.10098.1.2.1.38 NAME 'goSpamServer' SUP top AUXILIARY
-	DESC 'Spam server definition (v2.6.1)'
+	DESC 'Spam server definition (v2.7)'
 	MUST ( cn )
 	MAY  ( saRewriteHeader $ saTrustedNetworks $ saRequiredScore $ saFlags $
 	       saRule $ saStatus ) )
 
 # Clamav definitions
 objectclass (1.3.6.1.4.1.10098.1.2.1.39 NAME 'goVirusServer' SUP top AUXILIARY
-	DESC 'Virus server definition (v2.6.1)'
+	DESC 'Virus server definition (v2.7)'
 	MUST ( cn )
 	MAY  ( avMaxThreads $ avMaxDirectoryRecursions $ avUser $ avFlags $
                avArchiveMaxFileSize $ avArchiveMaxRecursion $ avArchiveMaxCompressionRatio $
@@ -583,12 +583,12 @@ objectclass (1.3.6.1.4.1.10098.1.2.1.39 NAME 'goVirusServer' SUP top AUXILIARY
 
 # LogDB Server description
 objectclass (1.3.6.1.4.1.10098.1.2.1.40 NAME 'gosaLogServer' SUP top AUXILIARY
-	DESC 'GOsa log server (v2.6)'
+	DESC 'GOsa log server (v2.7)'
 	MUST ( cn $ goLogDB $ goLogDBUser $ goLogDBPassword ))
 
 # Environment Server
 objectclass (1.3.6.1.4.1.10098.1.2.1.41 NAME 'goEnvironmentServer' SUP top AUXILIARY
-	DESC 'Environment server definition (v2.6)'
+	DESC 'Environment server definition (v2.7)'
 	MUST ( cn )
 	MAY  ( gotoKioskProfile ) )
 


=====================================
ldap-schemas/gosystem.schema
=====================================
@@ -333,7 +333,7 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.2.12 NAME 'gotoHardwareChecksum'
 
 # objectclass for Hardware definitions
 objectclass (1.3.6.1.4.1.10098.1.2.1.3 NAME 'GOhard'
-        DESC 'Gonicus Hardware definitions, objectclass (v2.6.1)' SUP top STRUCTURAL
+        DESC 'Gonicus Hardware definitions, objectclass (v2.7)' SUP top STRUCTURAL
         MUST ( cn )
         MAY ( ghGfxAdapter $ ghNetNic $ ghSoundAdapter $ ghIdeDev $ ghScsiDev $
               macAddress $ ghUsbSupport $ ghMemSize $ ghCpuType $ ghInventoryNumber $


=====================================
ldap-schemas/goto-mime.schema
=====================================
@@ -40,7 +40,7 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.14.4 NAME 'gotoMimeEmbeddedApplication'
 #  E: show in external viewer
 #  O: take settings from global mime group
 #  These fields are taken as OR. Additionally you can add a
-#  Q: to ask wether a question should pop up - to save it to
+#  Q: to ask whether a question should pop up - to save it to
 #     the local disc or not.
 attributetype ( 1.3.6.1.4.1.10098.1.1.14.5 NAME 'gotoMimeLeftClickAction'
         DESC 'GOto - Gonicus Terminal Concept, PPD data'
@@ -54,7 +54,7 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.14.6 NAME 'gotoMimeIcon'
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 SINGLE-VALUE)
 
 objectclass (1.3.6.1.4.1.10098.1.2.4.1 NAME 'gotoMimeType'
-        DESC 'Class to represent global mime types (v2.6.1)' SUP top STRUCTURAL
+        DESC 'Class to represent global mime types (v2.7)' SUP top STRUCTURAL
         MUST ( cn $ gotoMimeFilePattern $ gotoMimeGroup )
         MAY  ( description $ gotoMimeIcon $ gotoMimeApplication $
 	       gotoMimeEmbeddedApplication $ gotoMimeLeftClickAction ))


=====================================
ldap-schemas/goto.schema
=====================================
@@ -89,32 +89,32 @@ attributetype ( 1.3.6.1.4.1.10098.1.1.11.18 NAME 'gotoHotplugDeviceDN'
         SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
 
 objectclass (1.3.6.1.4.1.10098.1.2.1.1 NAME 'gotoTerminal'
-        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.6.1)' SUP top AUXILIARY
+        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.7)' SUP top AUXILIARY
         MUST ( cn )
         MAY  ( description $ macAddress $ ipHostNumber $ gotoShare $ goFonHardware ))
 
 # objectclass for the Terminal Conecept
 objectclass (1.3.6.1.4.1.10098.1.2.1.30 NAME 'gotoWorkstation'
-        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.6.1)' SUP top AUXILIARY
+        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.7)' SUP top AUXILIARY
         MUST ( cn )
         MAY  ( description $ macAddress $ ipHostNumber $ gotoShare $ goFonHardware ))
 
 # objectclass for the Terminal Conecept
 objectclass (1.3.6.1.4.1.10098.1.2.1.31 NAME 'gotoPrinter'
-	DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.2)' SUP top STRUCTURAL
+	DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.7)' SUP top STRUCTURAL
 	MUST ( cn )
 	MAY ( labeledURI $ description $ l $ gotoPrinterPPD $ macAddress $ ipHostNumber $ gotoUserPrinter $
 		  gotoUserAdminPrinter $ gotoGroupPrinter $ gotoGroupAdminPrinter ) )
 
 # objectclass for the Terminal Conecept
 objectclass (1.3.6.1.4.1.10098.1.2.1.32 NAME 'gotoEnvironment'
-	DESC 'GOto - contains environment settings (v2.2)' SUP top AUXILIARY
+	DESC 'GOto - contains environment settings (v2.7)' SUP top AUXILIARY
 	MAY ( gotoProfileServer $ gotoProfileFlags $ gotoXResolution $ gotoShare $ gotoLogonScript $
 		  gotoKioskProfile $ gotoHotplugDevice $ gotoProfileQuota $ gotoHotplugDeviceDN ) )
 
 # objectclass for the Terminal Conecept
 objectclass (1.3.6.1.4.1.10098.1.2.1.34 NAME 'gotoWorkstationTemplate'
-        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.6.1)' SUP top AUXILIARY
+        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.7)' SUP top AUXILIARY
         MUST ( cn )
         MAY  ( description $ gotoShare $ goFonHardware $
 	       ghGfxAdapter $ ghNetNic $ ghSoundAdapter $ ghIdeDev $ ghScsiDev $
@@ -131,7 +131,7 @@ objectclass (1.3.6.1.4.1.10098.1.2.1.34 NAME 'gotoWorkstationTemplate'
 
 # objectclass for the Terminal Conecept
 objectclass (1.3.6.1.4.1.10098.1.2.1.35 NAME 'gotoTerminalTemplate'
-        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.6.1)' SUP top AUXILIARY
+        DESC 'GOto - Gonicus Terminal Concept, objectclass (v2.7)' SUP top AUXILIARY
         MUST ( cn )
         MAY  ( description $ gotoShare $ goFonHardware $
 	       ghGfxAdapter $ ghNetNic $ ghSoundAdapter $ ghIdeDev $ ghScsiDev $
@@ -148,7 +148,7 @@ objectclass (1.3.6.1.4.1.10098.1.2.1.35 NAME 'gotoTerminalTemplate'
 
 # objectclass for the Terminal Conecept
 objectclass (1.3.6.1.4.1.10098.1.2.1.42 NAME 'gotoDevice'
-	DESC 'GOto - contains environment settings (v2.6)' SUP top STRUCTURAL
+	DESC 'GOto - contains environment settings (v2.7)' SUP top STRUCTURAL
 	MUST ( cn )
 	MAY ( gotoHotplugDevice $ description ) )
 


=====================================
share/debian-edu-config/tools/clean-up-host-keytabs
=====================================
@@ -50,8 +50,8 @@ hosts_str=$(echo $hosts_str | tr 'A-Z' 'a-z')
 for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
 	match_value=$(echo $i | tr 'A-Z' 'a-z')
 	if [[ ! "${hosts_str},," =~ ",,$match_value,," ]]; then
-		kadmin.local delprinc host/$i.intern at INTERN
-		kadmin.local delprinc nfs/$i.intern at INTERN
+		kadmin.local delprinc host/$i.intern at INTERN || true
+		kadmin.local delprinc nfs/$i.intern at INTERN || true
 		rm /etc/debian-edu/host-keytabs/$i.intern.keytab
 	fi
 done


=====================================
share/debian-edu-config/tools/gosa-remove
=====================================
@@ -29,6 +29,12 @@ MAXAGE_SEC=$(( $MAXAGE_DAYS*24*60*60 ))
 
 PREFIX=/skole
 HOSTNAME=$(hostname -s)
+
+# Obviously a user template was removed. Ignoring.
+echo "$HOMEDIR" | egrep -q "^$PREFIX/$HOSTNAME.*/%uid" && exit 0
+
+# An LDAP user that did not have their home at a place we manage with this script
+# has been removed. This should not happen. Exiting with error.
 echo "$HOMEDIR" | egrep -q "^$PREFIX/$HOSTNAME.*$USERID" || exit 1
 
 ## move mail directory to home directory


=====================================
share/debian-edu-config/tools/setup-roaming
=====================================
@@ -13,7 +13,7 @@ export DEBIAN_FRONTEND
 apt-get install -y host ldap-utils
 
 apt-get install -y libpam-mklocaluser
-apt-get install -y libpam-sss libnss-sss
+apt-get install -y libpam-sss libnss-sss libsss-sudo
 
 # Make sure the NSS module refered below always is installed
 apt-get install -y libnss-myhostname libnss-mdns libnss-ldapd


=====================================
share/debian-edu-config/tools/update-proxy-from-wpad
=====================================
@@ -27,6 +27,18 @@ append_if_missing() {
     fi
 }
 
+remove_if_matches() {
+    file="$1"
+    shift
+    regexp="$@"
+    if [ -e "$file" ] ; then
+	if grep -qE "$regexp" "$file" ; then
+	    log "Removing line matching '$regexp' from $file."
+	    sed -i $file -e "/$regexp/d"
+	fi
+    fi
+}
+
 # Update /etc/environment with the current proxy settings extracted
 # from the WPAD file
 update_etc_environment() {
@@ -54,7 +66,7 @@ update_etc_environment() {
 # /etc/apt/apt.conf is created by debian-installer if a proxy was used
 # during installation, so we update this file.
 update_apt_conf() {
-    file=/etc/apt/apt.conf
+    file=/etc/apt/apt.conf.d/03debian-edu-config
     touch $file
     chmod a+r $file
     sed -e "s%^Acquire::http::Proxy .*%Acquire::http::Proxy \"$http_proxy\";%" \
@@ -71,7 +83,17 @@ update_apt_conf() {
     fi
     append_if_missing $file "Acquire::http::Proxy \"$http_proxy\";"
     append_if_missing $file "Acquire::ftp::Proxy \"$ftp_proxy\";"
-    append_if_missing $file "Acquire::ftp::Proxy \"$https_proxy\";"
+    append_if_missing $file "Acquire::https::Proxy \"$https_proxy\";"
+
+    # Fix main /etc/apt/apt.conf file (which we used until Debian Edu bullseye).
+    #
+    # FIXME: This code portion can be removed in the bookworm+1 release cycle
+    previously_used_file=/etc/apt/apt.conf
+    if [ -e $previously_used_file ]; then
+	remove_if_matches $previously_used_file ".*Acquire::http::Proxy\ .*;"
+	remove_if_matches $previously_used_file ".*Acquire::ftp::Proxy\ .*;"
+	remove_if_matches $previously_used_file ".*Acquire::https::Proxy\ .*;"
+    fi
 }
 
 if [ -r /etc/debian-edu/config ] ; then



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/a9e805a67f0d740022c4914aba9f135f380ddef5...c9a9791cc30e3fdc53c92a8ecc2dd3d5a5a8801d

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/a9e805a67f0d740022c4914aba9f135f380ddef5...c9a9791cc30e3fdc53c92a8ecc2dd3d5a5a8801d
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220211/18c146e8/attachment-0001.htm>


More information about the debian-edu-commits mailing list