[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 6 commits: share/debian-edu-config/tools/{update-proxy-from-wpad, wpad-extra}: Don't fail...

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Tue Mar 22 08:56:14 GMT 2022



Mike Gabriel pushed to branch master at Debian Edu / debian-edu-config


Commits:
f827feba by Mike Gabriel at 2022-03-21T20:37:40+01:00
share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}: Don't fail if proxy update is not possible, only send warnings to stderr and syslog. Don't source wpad-extra script, execute it instead and capture stdout. (Closes: #1008067).

- - - - -
215d8dd9 by Mike Gabriel at 2022-03-21T20:38:02+01:00
share/debian-edu-config/tools/update-proxy-from-wpad: White-space clean-up (use only tabs for indentation).

- - - - -
dd2a1c79 by Mike Gabriel at 2022-03-22T09:27:04+01:00
Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/ and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes: #1002019).

- - - - -
0e3432df by Mike Gabriel at 2022-03-22T09:36:39+01:00
Makefile: Re-arrange installation of some files that are scripts and need exec filesystem permissions. Adjust lintian overrides for these, too.

- - - - -
de68f478 by Mike Gabriel at 2022-03-22T09:53:55+01:00
lintian: Update some override phrases (adjustments to the most recent lintian version).

- - - - -
eddbed27 by Mike Gabriel at 2022-03-22T09:54:39+01:00
release as 2.12.18

Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>

- - - - -


18 changed files:

- Makefile
- debian/changelog
- debian/debian-edu-config.links
- debian/debian-edu-config.lintian-overrides
- debian/debian-edu-config.maintscript
- debian/debian-edu-config.postinst
- debian/debian-edu-config.preinst
- debian/debian-edu-config.prerm
- debian/dirs
- share/debian-edu-config/tools/clean-up-host-keytabs
- share/debian-edu-config/tools/copy-host-keytab
- share/debian-edu-config/tools/edu-ldap-from-scratch
- share/debian-edu-config/tools/gosa-create-host
- share/debian-edu-config/tools/gosa-modify-host
- share/debian-edu-config/tools/gosa-remove-host
- share/debian-edu-config/tools/update-proxy-from-wpad
- share/debian-edu-config/tools/wpad-extract
- testsuite/webcache


Changes:

=====================================
Makefile
=====================================
@@ -89,10 +89,6 @@ SYSCONFFILES = \
 	cups/cupsd-debian-edu.conf \
 	cups/cups-files-debian-edu.conf \
 	cups/cups-browsed-debian-edu.conf \
-	dhcp/dhclient-exit-hooks.d/autofs-reload \
-	dhcp/dhclient-exit-hooks.d/wpad-proxy-update \
-	dhcp/dhclient-exit-hooks.d/fetch-ldap-cert \
-	dhcp/dhclient-exit-hooks.d/hostname \
 	dhcp/dhcpd-debian-edu.conf \
 	dhcp/dhclient-debian-edu.conf \
 	dovecot/local.conf \
@@ -137,6 +133,10 @@ SYSCONFFILES = \
 	polkit-1/localauthority.conf.d/80-edu-admin.conf
 
 SYSCONFSCRIPTS = \
+	dhcp/dhclient-exit-hooks.d/autofs-reload \
+	dhcp/dhclient-exit-hooks.d/wpad-proxy-update \
+	dhcp/dhclient-exit-hooks.d/fetch-ldap-cert \
+	dhcp/dhclient-exit-hooks.d/hostname \
 	mklocaluser.d/20-debian-edu-config \
 	shutdown-at-night/clients-generator \
 	resolvconf/update.d/bind-debian-edu \
@@ -260,6 +260,7 @@ install: install-testsuite
 	set -e ; for f in \
 		share/debian-edu-config/d-i/finish-install \
 		share/debian-edu-config/d-i/pre-pkgsel \
+		share/debian-edu-config/killer.cron \
 		share/debian-edu-config/tools/passwd \
 		share/debian-edu-config/tools/clean-up-host-keytabs \
 		share/debian-edu-config/tools/configure-edu-gateway \
@@ -342,7 +343,6 @@ install: install-testsuite
 		share/debian-edu-config/sudo-ldap.conf \
 		share/debian-edu-config/isc-dhcp-server.service \
 		share/debian-edu-config/isc-dhcp-server.service.eth1_only \
-		share/debian-edu-config/killer.cron \
 		share/pam-configs/edu-group \
 		share/pam-configs/edu-umask \
 		share/perl5/Debian/Edu.pm \


=====================================
debian/changelog
=====================================
@@ -1,4 +1,4 @@
-debian-edu-config (2.12.18) UNRELEASED; urgency=medium
+debian-edu-config (2.12.18) unstable; urgency=medium
 
   * etc/cups/cups-browsed-debian-edu.conf:
     - Let TJENER's print queues appear on Debian Edu clients, use same
@@ -20,8 +20,18 @@ debian-edu-config (2.12.18) UNRELEASED; urgency=medium
       IPv6 and many schools still use IPv4 primarily. This gives a great
       performance boost to squid installations if IPv6 internet is not fully
       available for whatever reason. (Closes: #1006375).
-
- -- Mike Gabriel <sunweaver at debian.org>  Sun, 20 Feb 2022 19:35:36 +0100
+  * share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}:
+    - Don't fail if proxy update is not possible, only send warnings to stderr
+      and syslog. Don't source wpad-extra script, execute it instead and capture
+      stdout. (Closes: #1008067).
+    - White-space clean-up (use only tabs for indentation).
+  * Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/
+    and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes:
+    #1002019).
+  * lintian: Update some override phrases (adjustments to the most recent
+    lintian version).
+
+ -- Mike Gabriel <sunweaver at debian.org>  Tue, 22 Mar 2022 09:53:57 +0100
 
 debian-edu-config (2.12.17) unstable; urgency=medium
 


=====================================
debian/debian-edu-config.links
=====================================
@@ -1,3 +1,2 @@
 usr/share/debian-edu-config/tools/ldapdump.sh etc/slbackup/pre.d/ldapdump.sh
 etc/debian-edu/www/index.html.nb-no etc/debian-edu/www/index.html.no
-


=====================================
debian/debian-edu-config.lintian-overrides
=====================================
@@ -1,7 +1,3 @@
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/autofs-reload
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/hostname
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
 debian-edu-config binary: non-standard-apache2-configuration-name debian-edu-config-doc.conf != debian-edu-config.conf
 debian-edu-config binary: debconf-is-not-a-registry usr/bin/ldap-debian-edu-install
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/d-i/finish-install
@@ -9,12 +5,11 @@ debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/tools/kerberos-kdc-init
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/tools/edu-icinga-setup
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/tools/run-at-firstboot
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/chromium-ldapconf chromium-ldapconf
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/enable-nat enable-nat
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/fetch-ldap-cert fetch-ldap-cert
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/fetch-rootca-cert fetch-rootca-cert
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/firefox-ldapconf firefox-ldapconf
-debian-edu-config binary: script-not-executable usr/share/debian-edu-config/killer.cron
-debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [control/postinst:171]
-debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [control/postinst:176]
-debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [control/postinst:178]
+debian-edu-config binary: missing-systemd-service-for-init.d-script chromium-ldapconf [etc/init.d/chromium-ldapconf]
+debian-edu-config binary: missing-systemd-service-for-init.d-script enable-nat [etc/init.d/enable-nat]
+debian-edu-config binary: missing-systemd-service-for-init.d-script fetch-ldap-cert [etc/init.d/fetch-ldap-cert]
+debian-edu-config binary: missing-systemd-service-for-init.d-script fetch-rootca-cert [etc/init.d/fetch-rootca-cert]
+debian-edu-config binary: missing-systemd-service-for-init.d-script firefox-ldapconf [etc/init.d/firefox-ldapconf]
+debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:179]
+debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:184]
+debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:186]


=====================================
debian/debian-edu-config.maintscript
=====================================
@@ -1,3 +1,4 @@
 rm_conffile /share/debian-edu-config/debian-edu.addmachine.template 2.12.5
 rm_conffile /share/debian-edu-config/debian-edu.ldapscripts.passwd 2.12.5
 rm_conffile /etc/cfengine3/debian-edu/cf.ldapscripts 2.12.5
+dir_to_symlink /etc/debian-edu/host-keytabs /var/lib/debian-edu/host-keytabs 2.12.17


=====================================
debian/debian-edu-config.postinst
=====================================
@@ -135,6 +135,7 @@ configure)
 	# limit privileges for publishing host keytabs to diskless workstation (this
 	# is the initial use case. Further use cases might pop up later.
 	if [ -s /etc/debian-edu/config ] && grep -Eq "(Main-Server)" /etc/debian-edu/config ; then
+
 	    if ! getent 'passwd' 'debian-edu' >'/dev/null'; then
 		echo 'Creating debian-edu user.' >&2
 		adduser --system --home /var/lib/debian-edu \
@@ -147,6 +148,13 @@ configure)
 		    usermod --gid 'debian-edu' 'debian-edu'
 		fi
 	    fi
+
+	    # Assure that permissions of /var/lib/debian-edu/ are appropriate
+	    if [ -d /var/lib/debian-edu/ ]; then
+		chown debian-edu:debian-edu /var/lib/debian-edu/
+		chmod 0755 /var/lib/debian-edu/
+	    fi
+
 	fi
 
     # silence dovecot's message: if you have trouble with authentication failures,
@@ -196,6 +204,14 @@ esac
 
 #DEBHELPER#
 
+# On the main-server, point from the old keytab location /etc/debian-edu/host-keytabs to the new
+# keytab location at /var/lib/debian-edu/host-keytabs...
+if grep -q Main-Server /etc/debian-edu/config; then
+	if [ ! -e /etc/debian-edu/host-keytabs ] && [ -d /var/lib/debian-edu/host-keytabs ]; then
+		ln -s /var/lib/debian-edu/host-keytabs /etc/debian-edu/host-keytabs
+	fi
+fi
+
 # Register all changes done by this postinst script
 if command -v etckeeper > /dev/null ; then
     etckeeper commit "end of debian-edu-config postinst" || true


=====================================
debian/debian-edu-config.preinst
=====================================
@@ -44,6 +44,19 @@ upgrade)
     if dpkg --compare-versions "$2" le "2.11.16" ; then
         rm -rf /etc/ltspfs
     fi
+
+    # Move .keytab files from /etc/debian-edu/host-keytabs to
+    # /var/lib/debian-edu/host-keytabs before dpkg-maintscript-helper moves
+    # the /etc/debian-edu/host-keytabs dir and replaces it by a symlink...
+    # We have to move the .keytab files manually, because they are not owned
+    # by debian-edu-config.
+    if dpkg --compare-versions "$2" le "2.12.17"; then
+        if [ -d /etc/debian-edu/host-keytabs ] && find /etc/debian-edu/host-keytabs/* 1>/dev/null 2>/dev/null; then
+            mkdir -p /var/lib/debian-edu/host-keytabs/
+            mv /etc/debian-edu/host-keytabs/*.keytab /var/lib/debian-edu/host-keytabs/
+        fi
+    fi
+
     ;;
 esac
 


=====================================
debian/debian-edu-config.prerm
=====================================
@@ -16,6 +16,11 @@ case "$1" in
 	    rm /usr/share/pam-configs/edu-nopwdchange
 	fi
 	pam-auth-update --package --remove edu-group edu-umask
+
+	# drop /etc/debian-edu/host-keytabs symlink
+	if [ -h /etc/debian-edu/host-keytabs ]; then
+		rm /etc/debian-edu/host-keytabs
+	fi
 	;;
 esac
 


=====================================
debian/dirs
=====================================
@@ -6,7 +6,6 @@ etc/chromium/policies/managed
 etc/cron.d
 etc/cups
 etc/debian-edu
-etc/debian-edu/host-keytabs
 etc/default
 etc/exports.d
 etc/firefox-esr
@@ -26,3 +25,4 @@ usr/share/debian-edu-config/tools
 usr/share/doc/debian-edu-config
 usr/share/man
 usr/share/man/man8
+var/lib/debian-edu/host-keytabs


=====================================
share/debian-edu-config/tools/clean-up-host-keytabs
=====================================
@@ -18,7 +18,7 @@
 # Free Software Foundation, Inc.,
 # 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
 
-# This script cleans up /etc/debian-edu/host-keytabs/. It looks into TJENER's
+# This script cleans up /var/lib/debian-edu/host-keytabs/. It looks into TJENER's
 # LDAP tree (objectClass=dhcpHost) and removes all keytab files (and host
 # principals) that don't have a dhcpHost object (anymore).
 #
@@ -47,12 +47,12 @@ hosts[$num_hosts+1]=tjener
 printf -v hosts_str -- ',,%q' "${hosts[@]}"
 hosts_str=$(echo $hosts_str | tr 'A-Z' 'a-z')
 
-for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
+for i in $(basename -a /var/lib/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
 	match_value=$(echo $i | tr 'A-Z' 'a-z')
 	if [[ ! "${hosts_str},," =~ ",,$match_value,," ]]; then
 		kadmin.local delprinc host/$i.intern at INTERN || true
 		kadmin.local delprinc nfs/$i.intern at INTERN || true
-		rm /etc/debian-edu/host-keytabs/$i.intern.keytab
+		rm /var/lib/debian-edu/host-keytabs/$i.intern.keytab
 	fi
 done
 


=====================================
share/debian-edu-config/tools/copy-host-keytab
=====================================
@@ -1,7 +1,7 @@
 #!/bin/sh
 set -e
 kinit
-scp tjener:/etc/debian-edu/host-keytabs/$(hostname -s).intern.keytab /etc/krb5.keytab
+scp tjener:/var/lib/debian-edu/host-keytabs/$(hostname -s).intern.keytab /etc/krb5.keytab
 
 # Special case separate LTSP server.
 if [ -f /srv/ltsp/dlw/etc/ltsp/ltsp.conf ] ; then


=====================================
share/debian-edu-config/tools/edu-ldap-from-scratch
=====================================
@@ -53,7 +53,7 @@ rm -rf /var/lib/ldap/*
 if [ -e /etc/krb5kdc/stash ] ; then
     rm /etc/krb5kdc/stash
     rm /etc/krb5.keyt*
-    rm -f /etc/debian-edu/host-keytabs/*.*
+    rm -f /var/lib/debian-edu/host-keytabs/*.*
 fi
 ldap-debian-edu-install
 # send mail to first user (initialize /var/mail/<first-user uid>);


=====================================
share/debian-edu-config/tools/gosa-create-host
=====================================
@@ -49,8 +49,8 @@ while read KEY VALUE ; do
 			    logger -t gosa-create-host -p notice Krb5 principal \'host/$FQDN\' created.
 			    kadmin.local -q "add_principal -policy hosts -randkey nfs/$FQDN"
 			    logger -t gosa-create-host -p notice Krb5 principal \'nfs/$FQDN\' created.
-			    kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$FQDN.keytab host/$FQDN"
-			    kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$FQDN.keytab nfs/$FQDN"
+			    kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$FQDN.keytab host/$FQDN"
+			    kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$FQDN.keytab nfs/$FQDN"
 			    logger -t gosa-create-host -p notice Krb5 keytab file for \'$FQDN\' created.
 			fi
 			;;


=====================================
share/debian-edu-config/tools/gosa-modify-host
=====================================
@@ -12,12 +12,12 @@ HOST="$1"
 # by the gosa-host-create hook script.
 if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null  | grep -q "^Principal: host/$HOST.intern at .*"; then
 	kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
-	kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
+	kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
 	logger -t gosa-modify-host -p notice Krb5 host principal \'host/$HOST.intern\' created and added to host-specific keytab file.
 fi
 if ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null  | grep -q "^Principal: nfs/$HOST.intern at .*"; then
 	kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
-	kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
+	kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
 	logger -t gosa-modify-host -p notice Krb5 service principal \'nfs/$HOST.intern\' created and added to host-specific keytab file.
 fi
 


=====================================
share/debian-edu-config/tools/gosa-remove-host
=====================================
@@ -6,7 +6,7 @@ set -ex
 ## Make sure that malicious execution cannot hurt.
 ##
 ## This script removes the host and nfs principals for hosts removed with gosa.
-## It also removes the host specific keytab file (tjener:/etc/$fqdn.keytab).
+## It also removes the host specific keytab file (tjener:/var/lib/debian-edu/$fqdn.keytab).
 
 
 HOST="$1"
@@ -16,7 +16,7 @@ if $(kadmin.local listprincs | grep -q $HOST) ; then
     for i in $(kadmin.local listprincs | grep $HOST) ; do
         kadmin.local delprinc $i
     done
-    rm /etc/debian-edu/host-keytabs/$(ls -l /etc/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
+    rm /var/lib/debian-edu/host-keytabs/$(ls -l /var/lib/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
     logger -t gosa-remove-host -p notice Krb5 principals and keytab file for host \'$HOST\' removed.
 fi
 #


=====================================
share/debian-edu-config/tools/update-proxy-from-wpad
=====================================
@@ -6,115 +6,121 @@
 set -e
 
 log() {
-    logger -t update-proxy-from-wpad "$@"
+	logger -t update-proxy-from-wpad "$@"
 }
 
-error() {
-    if [ -t 1 ] ; then # Only print errors when stdout is a tty
-	echo "error: $@"
-    fi
-    logger -t update-proxy-from-wpad "error: $@"
+warning() {
+	if [ -t 1 ] ; then # Only print warnings when stdout is a tty
+		echo "warning: $@"
+	fi
+	logger -t update-proxy-from-wpad "warning: $@"
 }
 
 append_if_missing() {
-    file="$1"
-    string="$2"
-    if [ -e "$file" ] ; then
-	if ! grep -qxF "$string" "$file" ; then
-	    log "Appending '$string' to $file."
-	    echo "$string" >> $file
+	file="$1"
+	string="$2"
+	if [ -e "$file" ] ; then
+		if ! grep -qxF "$string" "$file" ; then
+			log "Appending '$string' to $file."
+			echo "$string" >> $file
+		fi
 	fi
-    fi
 }
 
 remove_if_matches() {
-    file="$1"
-    shift
-    regexp="$@"
-    if [ -e "$file" ] ; then
-	if grep -qE "$regexp" "$file" ; then
-	    log "Removing line matching '$regexp' from $file."
-	    sed -i $file -e "/$regexp/d"
+	file="$1"
+	shift
+	regexp="$@"
+	if [ -e "$file" ] ; then
+		if grep -qE "$regexp" "$file" ; then
+			log "Removing line matching '$regexp' from $file."
+			sed -i $file -e "/$regexp/d"
+		fi
 	fi
-    fi
 }
 
 # Update /etc/environment with the current proxy settings extracted
 # from the WPAD file
 update_etc_environment() {
-    file=/etc/environment
-    touch $file
-    chmod a+r $file
-    sed -e "s%^http_proxy=.*%http_proxy=$http_proxy%" \
-	-e "s%^ftp_proxy=.*%ftp_proxy=$ftp_proxy%" \
-	-e "s%^https_proxy=.*%https_proxy=$https_proxy%" \
-	< $file > $file.new && chmod a+r $file.new
-
-# Only replace if new file have content and is different from the old
-# file
-    if [ ! -s $file.new ] || cmp -s $file.new $file ; then
-	rm $file.new
-    else
-	mv $file.new $file
-    fi
-    append_if_missing $file http_proxy=$http_proxy
-    append_if_missing $file ftp_proxy=$ftp_proxy
-    append_if_missing $file https_proxy=$https_proxy
+	file=/etc/environment
+	touch $file
+	chmod a+r $file
+	sed -e "s%^http_proxy=.*%http_proxy=$http_proxy%" \
+	    -e "s%^ftp_proxy=.*%ftp_proxy=$ftp_proxy%" \
+	    -e "s%^https_proxy=.*%https_proxy=$https_proxy%" \
+	    < $file > $file.new && chmod a+r $file.new
+
+	# Only replace if new file have content and is different from the old
+	# file
+	if [ ! -s $file.new ] || cmp -s $file.new $file ; then
+		rm $file.new
+	else
+		mv $file.new $file
+	fi
+	append_if_missing $file http_proxy=$http_proxy
+	append_if_missing $file ftp_proxy=$ftp_proxy
+	append_if_missing $file https_proxy=$https_proxy
 }
 
 # Make sure APT used from cron also get the wanted proxy settings
 # /etc/apt/apt.conf is created by debian-installer if a proxy was used
 # during installation, so we update this file.
 update_apt_conf() {
-    file=/etc/apt/apt.conf.d/03debian-edu-config
-    touch $file
-    chmod a+r $file
-    sed -e "s%^Acquire::http::Proxy .*%Acquire::http::Proxy \"$http_proxy\";%" \
-	-e "s%^Acquire::ftp::Proxy .*%Acquire::ftp::Proxy \"$ftp_proxy\";%" \
-	-e "s%^Acquire::https::Proxy .*%Acquire::https::Proxy \"$https_proxy\";%" \
-	< $file > $file.new && chmod a+r $file.new
-
-    # Only replace if new file have content and is different from the
-    # old file
-    if [ ! -s $file.new ] || cmp -s $file.new $file ; then
-	rm $file.new
-    else
-	mv $file.new $file
-    fi
-    append_if_missing $file "Acquire::http::Proxy \"$http_proxy\";"
-    append_if_missing $file "Acquire::ftp::Proxy \"$ftp_proxy\";"
-    append_if_missing $file "Acquire::https::Proxy \"$https_proxy\";"
-
-    # Fix main /etc/apt/apt.conf file (which we used until Debian Edu bullseye).
-    #
-    # FIXME: This code portion can be removed in the bookworm+1 release cycle
-    previously_used_file=/etc/apt/apt.conf
-    if [ -e $previously_used_file ]; then
-	remove_if_matches $previously_used_file ".*Acquire::http::Proxy\ .*;"
-	remove_if_matches $previously_used_file ".*Acquire::ftp::Proxy\ .*;"
-	remove_if_matches $previously_used_file ".*Acquire::https::Proxy\ .*;"
-    fi
+	file=/etc/apt/apt.conf.d/03debian-edu-config
+	touch $file
+	chmod a+r $file
+	sed -e "s%^Acquire::http::Proxy .*%Acquire::http::Proxy \"$http_proxy\";%" \
+	    -e "s%^Acquire::ftp::Proxy .*%Acquire::ftp::Proxy \"$ftp_proxy\";%" \
+	    -e "s%^Acquire::https::Proxy .*%Acquire::https::Proxy \"$https_proxy\";%" \
+	    < $file > $file.new && chmod a+r $file.new
+
+	# Only replace if new file have content and is different from the
+	# old file
+	if [ ! -s $file.new ] || cmp -s $file.new $file ; then
+		rm $file.new
+	else
+		mv $file.new $file
+	fi
+	append_if_missing $file "Acquire::http::Proxy \"$http_proxy\";"
+	append_if_missing $file "Acquire::ftp::Proxy \"$ftp_proxy\";"
+	append_if_missing $file "Acquire::https::Proxy \"$https_proxy\";"
+
+	# Fix main /etc/apt/apt.conf file (which we used until Debian Edu bullseye).
+	#
+	# FIXME: This code portion can be removed in the bookworm+1 release cycle
+	previously_used_file=/etc/apt/apt.conf
+	if [ -e $previously_used_file ]; then
+		remove_if_matches $previously_used_file ".*Acquire::http::Proxy\ .*;"
+		remove_if_matches $previously_used_file ".*Acquire::ftp::Proxy\ .*;"
+		remove_if_matches $previously_used_file ".*Acquire::https::Proxy\ .*;"
+	fi
 }
 
 if [ -r /etc/debian-edu/config ] ; then
-    . /etc/debian-edu/config
+	. /etc/debian-edu/config
 fi
 
 # Make sure to fetch the wpad file without proxy settings, to behave
 # like browsers who need to get their proxy settings without using a
 # proxy.
-http_proxy=
+http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
 
-. /usr/share/debian-edu-config/tools/wpad-extract >/dev/null || exit 1
-ftp_proxy=$http_proxy
-https_proxy=$http_proxy
+if [ -z "$http_proxy" ]; then
 
-update_apt_conf
+	warning "Failed to extract proxy host from WPAD data. Not configuring proxy usage."
 
-# Do not set proxy in /etc/environment for machines that move around,
-# as the value will be wrong when arriving at a new network.
-if echo "$PROFILE" | egrep -q 'Roaming-Workstation|Standalone' ; then
-    :
 else
-    update_etc_environment
+
+	ftp_proxy=$http_proxy
+	https_proxy=$http_proxy
+
+	update_apt_conf
+
+	# Do not set proxy in /etc/environment for machines that move around,
+	# as the value will be wrong when arriving at a new network.
+	if echo "$PROFILE" | egrep -q 'Roaming-Workstation|Standalone' ; then
+		:
+	else
+		update_etc_environment
+	fi
 fi


=====================================
share/debian-edu-config/tools/wpad-extract
=====================================
@@ -13,8 +13,7 @@ proxy_url=$(curl -s http://wpad/wpad.dat | pactester -p - \
             -u http://130.89.148.14 | awk '{print $2}' | cut -d';' -f1)
 
 if [ "$proxy_url" ]; then
-    http_proxy=http://$proxy_url
-    echo http_proxy=$http_proxy
+	echo "http://$proxy_url"
 else
-    return 1
+	exit 1
 fi


=====================================
testsuite/webcache
=====================================
@@ -69,8 +69,8 @@ if HEAD $HEADOPTS $url > /dev/null 2>&1 ; then
     # Subshell to avoid leaking http_proxy and ftp_proxy variables to
     # the rest of this script
     (
-	. /usr/share/debian-edu-config/tools/wpad-extract >/dev/null
-	if [ "$http_proxy" ] ; then
+	http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
+	if [ -n "$http_proxy" ] ; then
 	    echo "success: $0: WPAD file '$url' includes HTTP proxy info."
 	else
 	    echo "error: $0: WPAD file '$url' is missing HTTP proxy info. (#644373?)"



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/8d625df4fd6e50e72dd7e4d1579a698169472fb3...eddbed2732c51d4e193e8977a2c1540325aed9b5

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/8d625df4fd6e50e72dd7e4d1579a698169472fb3...eddbed2732c51d4e193e8977a2c1540325aed9b5
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220322/0de82f39/attachment-0001.htm>


More information about the debian-edu-commits mailing list