[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 6 commits: share/debian-edu-config/tools/{update-proxy-from-wpad, wpad-extra}: Don't fail...
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Tue Mar 22 08:56:14 GMT 2022
Mike Gabriel pushed to branch master at Debian Edu / debian-edu-config
Commits:
f827feba by Mike Gabriel at 2022-03-21T20:37:40+01:00
share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}: Don't fail if proxy update is not possible, only send warnings to stderr and syslog. Don't source wpad-extra script, execute it instead and capture stdout. (Closes: #1008067).
- - - - -
215d8dd9 by Mike Gabriel at 2022-03-21T20:38:02+01:00
share/debian-edu-config/tools/update-proxy-from-wpad: White-space clean-up (use only tabs for indentation).
- - - - -
dd2a1c79 by Mike Gabriel at 2022-03-22T09:27:04+01:00
Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/ and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes: #1002019).
- - - - -
0e3432df by Mike Gabriel at 2022-03-22T09:36:39+01:00
Makefile: Re-arrange installation of some files that are scripts and need exec filesystem permissions. Adjust lintian overrides for these, too.
- - - - -
de68f478 by Mike Gabriel at 2022-03-22T09:53:55+01:00
lintian: Update some override phrases (adjustments to the most recent lintian version).
- - - - -
eddbed27 by Mike Gabriel at 2022-03-22T09:54:39+01:00
release as 2.12.18
Signed-off-by: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
- - - - -
18 changed files:
- Makefile
- debian/changelog
- debian/debian-edu-config.links
- debian/debian-edu-config.lintian-overrides
- debian/debian-edu-config.maintscript
- debian/debian-edu-config.postinst
- debian/debian-edu-config.preinst
- debian/debian-edu-config.prerm
- debian/dirs
- share/debian-edu-config/tools/clean-up-host-keytabs
- share/debian-edu-config/tools/copy-host-keytab
- share/debian-edu-config/tools/edu-ldap-from-scratch
- share/debian-edu-config/tools/gosa-create-host
- share/debian-edu-config/tools/gosa-modify-host
- share/debian-edu-config/tools/gosa-remove-host
- share/debian-edu-config/tools/update-proxy-from-wpad
- share/debian-edu-config/tools/wpad-extract
- testsuite/webcache
Changes:
=====================================
Makefile
=====================================
@@ -89,10 +89,6 @@ SYSCONFFILES = \
cups/cupsd-debian-edu.conf \
cups/cups-files-debian-edu.conf \
cups/cups-browsed-debian-edu.conf \
- dhcp/dhclient-exit-hooks.d/autofs-reload \
- dhcp/dhclient-exit-hooks.d/wpad-proxy-update \
- dhcp/dhclient-exit-hooks.d/fetch-ldap-cert \
- dhcp/dhclient-exit-hooks.d/hostname \
dhcp/dhcpd-debian-edu.conf \
dhcp/dhclient-debian-edu.conf \
dovecot/local.conf \
@@ -137,6 +133,10 @@ SYSCONFFILES = \
polkit-1/localauthority.conf.d/80-edu-admin.conf
SYSCONFSCRIPTS = \
+ dhcp/dhclient-exit-hooks.d/autofs-reload \
+ dhcp/dhclient-exit-hooks.d/wpad-proxy-update \
+ dhcp/dhclient-exit-hooks.d/fetch-ldap-cert \
+ dhcp/dhclient-exit-hooks.d/hostname \
mklocaluser.d/20-debian-edu-config \
shutdown-at-night/clients-generator \
resolvconf/update.d/bind-debian-edu \
@@ -260,6 +260,7 @@ install: install-testsuite
set -e ; for f in \
share/debian-edu-config/d-i/finish-install \
share/debian-edu-config/d-i/pre-pkgsel \
+ share/debian-edu-config/killer.cron \
share/debian-edu-config/tools/passwd \
share/debian-edu-config/tools/clean-up-host-keytabs \
share/debian-edu-config/tools/configure-edu-gateway \
@@ -342,7 +343,6 @@ install: install-testsuite
share/debian-edu-config/sudo-ldap.conf \
share/debian-edu-config/isc-dhcp-server.service \
share/debian-edu-config/isc-dhcp-server.service.eth1_only \
- share/debian-edu-config/killer.cron \
share/pam-configs/edu-group \
share/pam-configs/edu-umask \
share/perl5/Debian/Edu.pm \
=====================================
debian/changelog
=====================================
@@ -1,4 +1,4 @@
-debian-edu-config (2.12.18) UNRELEASED; urgency=medium
+debian-edu-config (2.12.18) unstable; urgency=medium
* etc/cups/cups-browsed-debian-edu.conf:
- Let TJENER's print queues appear on Debian Edu clients, use same
@@ -20,8 +20,18 @@ debian-edu-config (2.12.18) UNRELEASED; urgency=medium
IPv6 and many schools still use IPv4 primarily. This gives a great
performance boost to squid installations if IPv6 internet is not fully
available for whatever reason. (Closes: #1006375).
-
- -- Mike Gabriel <sunweaver at debian.org> Sun, 20 Feb 2022 19:35:36 +0100
+ * share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}:
+ - Don't fail if proxy update is not possible, only send warnings to stderr
+ and syslog. Don't source wpad-extra script, execute it instead and capture
+ stdout. (Closes: #1008067).
+ - White-space clean-up (use only tabs for indentation).
+ * Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/
+ and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes:
+ #1002019).
+ * lintian: Update some override phrases (adjustments to the most recent
+ lintian version).
+
+ -- Mike Gabriel <sunweaver at debian.org> Tue, 22 Mar 2022 09:53:57 +0100
debian-edu-config (2.12.17) unstable; urgency=medium
=====================================
debian/debian-edu-config.links
=====================================
@@ -1,3 +1,2 @@
usr/share/debian-edu-config/tools/ldapdump.sh etc/slbackup/pre.d/ldapdump.sh
etc/debian-edu/www/index.html.nb-no etc/debian-edu/www/index.html.no
-
=====================================
debian/debian-edu-config.lintian-overrides
=====================================
@@ -1,7 +1,3 @@
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/autofs-reload
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/fetch-ldap-cert
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/hostname
-debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
debian-edu-config binary: non-standard-apache2-configuration-name debian-edu-config-doc.conf != debian-edu-config.conf
debian-edu-config binary: debconf-is-not-a-registry usr/bin/ldap-debian-edu-install
debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/d-i/finish-install
@@ -9,12 +5,11 @@ debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/
debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/tools/kerberos-kdc-init
debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/tools/edu-icinga-setup
debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/tools/run-at-firstboot
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/chromium-ldapconf chromium-ldapconf
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/enable-nat enable-nat
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/fetch-ldap-cert fetch-ldap-cert
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/fetch-rootca-cert fetch-rootca-cert
-debian-edu-config binary: missing-systemd-service-for-init.d-script etc/init.d/firefox-ldapconf firefox-ldapconf
-debian-edu-config binary: script-not-executable usr/share/debian-edu-config/killer.cron
-debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [control/postinst:171]
-debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [control/postinst:176]
-debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [control/postinst:178]
+debian-edu-config binary: missing-systemd-service-for-init.d-script chromium-ldapconf [etc/init.d/chromium-ldapconf]
+debian-edu-config binary: missing-systemd-service-for-init.d-script enable-nat [etc/init.d/enable-nat]
+debian-edu-config binary: missing-systemd-service-for-init.d-script fetch-ldap-cert [etc/init.d/fetch-ldap-cert]
+debian-edu-config binary: missing-systemd-service-for-init.d-script fetch-rootca-cert [etc/init.d/fetch-rootca-cert]
+debian-edu-config binary: missing-systemd-service-for-init.d-script firefox-ldapconf [etc/init.d/firefox-ldapconf]
+debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:179]
+debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:184]
+debian-edu-config binary: possibly-insecure-handling-of-tmp-files-in-maintainer-script $TMPDIR/all.ldif [postinst:186]
=====================================
debian/debian-edu-config.maintscript
=====================================
@@ -1,3 +1,4 @@
rm_conffile /share/debian-edu-config/debian-edu.addmachine.template 2.12.5
rm_conffile /share/debian-edu-config/debian-edu.ldapscripts.passwd 2.12.5
rm_conffile /etc/cfengine3/debian-edu/cf.ldapscripts 2.12.5
+dir_to_symlink /etc/debian-edu/host-keytabs /var/lib/debian-edu/host-keytabs 2.12.17
=====================================
debian/debian-edu-config.postinst
=====================================
@@ -135,6 +135,7 @@ configure)
# limit privileges for publishing host keytabs to diskless workstation (this
# is the initial use case. Further use cases might pop up later.
if [ -s /etc/debian-edu/config ] && grep -Eq "(Main-Server)" /etc/debian-edu/config ; then
+
if ! getent 'passwd' 'debian-edu' >'/dev/null'; then
echo 'Creating debian-edu user.' >&2
adduser --system --home /var/lib/debian-edu \
@@ -147,6 +148,13 @@ configure)
usermod --gid 'debian-edu' 'debian-edu'
fi
fi
+
+ # Assure that permissions of /var/lib/debian-edu/ are appropriate
+ if [ -d /var/lib/debian-edu/ ]; then
+ chown debian-edu:debian-edu /var/lib/debian-edu/
+ chmod 0755 /var/lib/debian-edu/
+ fi
+
fi
# silence dovecot's message: if you have trouble with authentication failures,
@@ -196,6 +204,14 @@ esac
#DEBHELPER#
+# On the main-server, point from the old keytab location /etc/debian-edu/host-keytabs to the new
+# keytab location at /var/lib/debian-edu/host-keytabs...
+if grep -q Main-Server /etc/debian-edu/config; then
+ if [ ! -e /etc/debian-edu/host-keytabs ] && [ -d /var/lib/debian-edu/host-keytabs ]; then
+ ln -s /var/lib/debian-edu/host-keytabs /etc/debian-edu/host-keytabs
+ fi
+fi
+
# Register all changes done by this postinst script
if command -v etckeeper > /dev/null ; then
etckeeper commit "end of debian-edu-config postinst" || true
=====================================
debian/debian-edu-config.preinst
=====================================
@@ -44,6 +44,19 @@ upgrade)
if dpkg --compare-versions "$2" le "2.11.16" ; then
rm -rf /etc/ltspfs
fi
+
+ # Move .keytab files from /etc/debian-edu/host-keytabs to
+ # /var/lib/debian-edu/host-keytabs before dpkg-maintscript-helper moves
+ # the /etc/debian-edu/host-keytabs dir and replaces it by a symlink...
+ # We have to move the .keytab files manually, because they are not owned
+ # by debian-edu-config.
+ if dpkg --compare-versions "$2" le "2.12.17"; then
+ if [ -d /etc/debian-edu/host-keytabs ] && find /etc/debian-edu/host-keytabs/* 1>/dev/null 2>/dev/null; then
+ mkdir -p /var/lib/debian-edu/host-keytabs/
+ mv /etc/debian-edu/host-keytabs/*.keytab /var/lib/debian-edu/host-keytabs/
+ fi
+ fi
+
;;
esac
=====================================
debian/debian-edu-config.prerm
=====================================
@@ -16,6 +16,11 @@ case "$1" in
rm /usr/share/pam-configs/edu-nopwdchange
fi
pam-auth-update --package --remove edu-group edu-umask
+
+ # drop /etc/debian-edu/host-keytabs symlink
+ if [ -h /etc/debian-edu/host-keytabs ]; then
+ rm /etc/debian-edu/host-keytabs
+ fi
;;
esac
=====================================
debian/dirs
=====================================
@@ -6,7 +6,6 @@ etc/chromium/policies/managed
etc/cron.d
etc/cups
etc/debian-edu
-etc/debian-edu/host-keytabs
etc/default
etc/exports.d
etc/firefox-esr
@@ -26,3 +25,4 @@ usr/share/debian-edu-config/tools
usr/share/doc/debian-edu-config
usr/share/man
usr/share/man/man8
+var/lib/debian-edu/host-keytabs
=====================================
share/debian-edu-config/tools/clean-up-host-keytabs
=====================================
@@ -18,7 +18,7 @@
# Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
-# This script cleans up /etc/debian-edu/host-keytabs/. It looks into TJENER's
+# This script cleans up /var/lib/debian-edu/host-keytabs/. It looks into TJENER's
# LDAP tree (objectClass=dhcpHost) and removes all keytab files (and host
# principals) that don't have a dhcpHost object (anymore).
#
@@ -47,12 +47,12 @@ hosts[$num_hosts+1]=tjener
printf -v hosts_str -- ',,%q' "${hosts[@]}"
hosts_str=$(echo $hosts_str | tr 'A-Z' 'a-z')
-for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
+for i in $(basename -a /var/lib/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do
match_value=$(echo $i | tr 'A-Z' 'a-z')
if [[ ! "${hosts_str},," =~ ",,$match_value,," ]]; then
kadmin.local delprinc host/$i.intern at INTERN || true
kadmin.local delprinc nfs/$i.intern at INTERN || true
- rm /etc/debian-edu/host-keytabs/$i.intern.keytab
+ rm /var/lib/debian-edu/host-keytabs/$i.intern.keytab
fi
done
=====================================
share/debian-edu-config/tools/copy-host-keytab
=====================================
@@ -1,7 +1,7 @@
#!/bin/sh
set -e
kinit
-scp tjener:/etc/debian-edu/host-keytabs/$(hostname -s).intern.keytab /etc/krb5.keytab
+scp tjener:/var/lib/debian-edu/host-keytabs/$(hostname -s).intern.keytab /etc/krb5.keytab
# Special case separate LTSP server.
if [ -f /srv/ltsp/dlw/etc/ltsp/ltsp.conf ] ; then
=====================================
share/debian-edu-config/tools/edu-ldap-from-scratch
=====================================
@@ -53,7 +53,7 @@ rm -rf /var/lib/ldap/*
if [ -e /etc/krb5kdc/stash ] ; then
rm /etc/krb5kdc/stash
rm /etc/krb5.keyt*
- rm -f /etc/debian-edu/host-keytabs/*.*
+ rm -f /var/lib/debian-edu/host-keytabs/*.*
fi
ldap-debian-edu-install
# send mail to first user (initialize /var/mail/<first-user uid>);
=====================================
share/debian-edu-config/tools/gosa-create-host
=====================================
@@ -49,8 +49,8 @@ while read KEY VALUE ; do
logger -t gosa-create-host -p notice Krb5 principal \'host/$FQDN\' created.
kadmin.local -q "add_principal -policy hosts -randkey nfs/$FQDN"
logger -t gosa-create-host -p notice Krb5 principal \'nfs/$FQDN\' created.
- kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$FQDN.keytab host/$FQDN"
- kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$FQDN.keytab nfs/$FQDN"
+ kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$FQDN.keytab host/$FQDN"
+ kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$FQDN.keytab nfs/$FQDN"
logger -t gosa-create-host -p notice Krb5 keytab file for \'$FQDN\' created.
fi
;;
=====================================
share/debian-edu-config/tools/gosa-modify-host
=====================================
@@ -12,12 +12,12 @@ HOST="$1"
# by the gosa-host-create hook script.
if ! LANG=C kadmin.local -q "get_principal host/$HOST.intern" 2>/dev/null | grep -q "^Principal: host/$HOST.intern at .*"; then
kadmin.local -q "add_principal -policy hosts -randkey host/$HOST.intern"
- kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
+ kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$HOST.intern.keytab host/$HOST.intern"
logger -t gosa-modify-host -p notice Krb5 host principal \'host/$HOST.intern\' created and added to host-specific keytab file.
fi
if ! LANG=C kadmin.local -q "get_principal nfs/$HOST.intern" 2>/dev/null | grep -q "^Principal: nfs/$HOST.intern at .*"; then
kadmin.local -q "add_principal -policy hosts -randkey nfs/$HOST.intern"
- kadmin.local -q "ktadd -k /etc/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
+ kadmin.local -q "ktadd -k /var/lib/debian-edu/host-keytabs/$HOST.intern.keytab nfs/$HOST.intern"
logger -t gosa-modify-host -p notice Krb5 service principal \'nfs/$HOST.intern\' created and added to host-specific keytab file.
fi
=====================================
share/debian-edu-config/tools/gosa-remove-host
=====================================
@@ -6,7 +6,7 @@ set -ex
## Make sure that malicious execution cannot hurt.
##
## This script removes the host and nfs principals for hosts removed with gosa.
-## It also removes the host specific keytab file (tjener:/etc/$fqdn.keytab).
+## It also removes the host specific keytab file (tjener:/var/lib/debian-edu/$fqdn.keytab).
HOST="$1"
@@ -16,7 +16,7 @@ if $(kadmin.local listprincs | grep -q $HOST) ; then
for i in $(kadmin.local listprincs | grep $HOST) ; do
kadmin.local delprinc $i
done
- rm /etc/debian-edu/host-keytabs/$(ls -l /etc/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
+ rm /var/lib/debian-edu/host-keytabs/$(ls -l /var/lib/debian-edu/host-keytabs | grep $HOST | awk '{print $9}')
logger -t gosa-remove-host -p notice Krb5 principals and keytab file for host \'$HOST\' removed.
fi
#
=====================================
share/debian-edu-config/tools/update-proxy-from-wpad
=====================================
@@ -6,115 +6,121 @@
set -e
log() {
- logger -t update-proxy-from-wpad "$@"
+ logger -t update-proxy-from-wpad "$@"
}
-error() {
- if [ -t 1 ] ; then # Only print errors when stdout is a tty
- echo "error: $@"
- fi
- logger -t update-proxy-from-wpad "error: $@"
+warning() {
+ if [ -t 1 ] ; then # Only print warnings when stdout is a tty
+ echo "warning: $@"
+ fi
+ logger -t update-proxy-from-wpad "warning: $@"
}
append_if_missing() {
- file="$1"
- string="$2"
- if [ -e "$file" ] ; then
- if ! grep -qxF "$string" "$file" ; then
- log "Appending '$string' to $file."
- echo "$string" >> $file
+ file="$1"
+ string="$2"
+ if [ -e "$file" ] ; then
+ if ! grep -qxF "$string" "$file" ; then
+ log "Appending '$string' to $file."
+ echo "$string" >> $file
+ fi
fi
- fi
}
remove_if_matches() {
- file="$1"
- shift
- regexp="$@"
- if [ -e "$file" ] ; then
- if grep -qE "$regexp" "$file" ; then
- log "Removing line matching '$regexp' from $file."
- sed -i $file -e "/$regexp/d"
+ file="$1"
+ shift
+ regexp="$@"
+ if [ -e "$file" ] ; then
+ if grep -qE "$regexp" "$file" ; then
+ log "Removing line matching '$regexp' from $file."
+ sed -i $file -e "/$regexp/d"
+ fi
fi
- fi
}
# Update /etc/environment with the current proxy settings extracted
# from the WPAD file
update_etc_environment() {
- file=/etc/environment
- touch $file
- chmod a+r $file
- sed -e "s%^http_proxy=.*%http_proxy=$http_proxy%" \
- -e "s%^ftp_proxy=.*%ftp_proxy=$ftp_proxy%" \
- -e "s%^https_proxy=.*%https_proxy=$https_proxy%" \
- < $file > $file.new && chmod a+r $file.new
-
-# Only replace if new file have content and is different from the old
-# file
- if [ ! -s $file.new ] || cmp -s $file.new $file ; then
- rm $file.new
- else
- mv $file.new $file
- fi
- append_if_missing $file http_proxy=$http_proxy
- append_if_missing $file ftp_proxy=$ftp_proxy
- append_if_missing $file https_proxy=$https_proxy
+ file=/etc/environment
+ touch $file
+ chmod a+r $file
+ sed -e "s%^http_proxy=.*%http_proxy=$http_proxy%" \
+ -e "s%^ftp_proxy=.*%ftp_proxy=$ftp_proxy%" \
+ -e "s%^https_proxy=.*%https_proxy=$https_proxy%" \
+ < $file > $file.new && chmod a+r $file.new
+
+ # Only replace if new file have content and is different from the old
+ # file
+ if [ ! -s $file.new ] || cmp -s $file.new $file ; then
+ rm $file.new
+ else
+ mv $file.new $file
+ fi
+ append_if_missing $file http_proxy=$http_proxy
+ append_if_missing $file ftp_proxy=$ftp_proxy
+ append_if_missing $file https_proxy=$https_proxy
}
# Make sure APT used from cron also get the wanted proxy settings
# /etc/apt/apt.conf is created by debian-installer if a proxy was used
# during installation, so we update this file.
update_apt_conf() {
- file=/etc/apt/apt.conf.d/03debian-edu-config
- touch $file
- chmod a+r $file
- sed -e "s%^Acquire::http::Proxy .*%Acquire::http::Proxy \"$http_proxy\";%" \
- -e "s%^Acquire::ftp::Proxy .*%Acquire::ftp::Proxy \"$ftp_proxy\";%" \
- -e "s%^Acquire::https::Proxy .*%Acquire::https::Proxy \"$https_proxy\";%" \
- < $file > $file.new && chmod a+r $file.new
-
- # Only replace if new file have content and is different from the
- # old file
- if [ ! -s $file.new ] || cmp -s $file.new $file ; then
- rm $file.new
- else
- mv $file.new $file
- fi
- append_if_missing $file "Acquire::http::Proxy \"$http_proxy\";"
- append_if_missing $file "Acquire::ftp::Proxy \"$ftp_proxy\";"
- append_if_missing $file "Acquire::https::Proxy \"$https_proxy\";"
-
- # Fix main /etc/apt/apt.conf file (which we used until Debian Edu bullseye).
- #
- # FIXME: This code portion can be removed in the bookworm+1 release cycle
- previously_used_file=/etc/apt/apt.conf
- if [ -e $previously_used_file ]; then
- remove_if_matches $previously_used_file ".*Acquire::http::Proxy\ .*;"
- remove_if_matches $previously_used_file ".*Acquire::ftp::Proxy\ .*;"
- remove_if_matches $previously_used_file ".*Acquire::https::Proxy\ .*;"
- fi
+ file=/etc/apt/apt.conf.d/03debian-edu-config
+ touch $file
+ chmod a+r $file
+ sed -e "s%^Acquire::http::Proxy .*%Acquire::http::Proxy \"$http_proxy\";%" \
+ -e "s%^Acquire::ftp::Proxy .*%Acquire::ftp::Proxy \"$ftp_proxy\";%" \
+ -e "s%^Acquire::https::Proxy .*%Acquire::https::Proxy \"$https_proxy\";%" \
+ < $file > $file.new && chmod a+r $file.new
+
+ # Only replace if new file have content and is different from the
+ # old file
+ if [ ! -s $file.new ] || cmp -s $file.new $file ; then
+ rm $file.new
+ else
+ mv $file.new $file
+ fi
+ append_if_missing $file "Acquire::http::Proxy \"$http_proxy\";"
+ append_if_missing $file "Acquire::ftp::Proxy \"$ftp_proxy\";"
+ append_if_missing $file "Acquire::https::Proxy \"$https_proxy\";"
+
+ # Fix main /etc/apt/apt.conf file (which we used until Debian Edu bullseye).
+ #
+ # FIXME: This code portion can be removed in the bookworm+1 release cycle
+ previously_used_file=/etc/apt/apt.conf
+ if [ -e $previously_used_file ]; then
+ remove_if_matches $previously_used_file ".*Acquire::http::Proxy\ .*;"
+ remove_if_matches $previously_used_file ".*Acquire::ftp::Proxy\ .*;"
+ remove_if_matches $previously_used_file ".*Acquire::https::Proxy\ .*;"
+ fi
}
if [ -r /etc/debian-edu/config ] ; then
- . /etc/debian-edu/config
+ . /etc/debian-edu/config
fi
# Make sure to fetch the wpad file without proxy settings, to behave
# like browsers who need to get their proxy settings without using a
# proxy.
-http_proxy=
+http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
-. /usr/share/debian-edu-config/tools/wpad-extract >/dev/null || exit 1
-ftp_proxy=$http_proxy
-https_proxy=$http_proxy
+if [ -z "$http_proxy" ]; then
-update_apt_conf
+ warning "Failed to extract proxy host from WPAD data. Not configuring proxy usage."
-# Do not set proxy in /etc/environment for machines that move around,
-# as the value will be wrong when arriving at a new network.
-if echo "$PROFILE" | egrep -q 'Roaming-Workstation|Standalone' ; then
- :
else
- update_etc_environment
+
+ ftp_proxy=$http_proxy
+ https_proxy=$http_proxy
+
+ update_apt_conf
+
+ # Do not set proxy in /etc/environment for machines that move around,
+ # as the value will be wrong when arriving at a new network.
+ if echo "$PROFILE" | egrep -q 'Roaming-Workstation|Standalone' ; then
+ :
+ else
+ update_etc_environment
+ fi
fi
=====================================
share/debian-edu-config/tools/wpad-extract
=====================================
@@ -13,8 +13,7 @@ proxy_url=$(curl -s http://wpad/wpad.dat | pactester -p - \
-u http://130.89.148.14 | awk '{print $2}' | cut -d';' -f1)
if [ "$proxy_url" ]; then
- http_proxy=http://$proxy_url
- echo http_proxy=$http_proxy
+ echo "http://$proxy_url"
else
- return 1
+ exit 1
fi
=====================================
testsuite/webcache
=====================================
@@ -69,8 +69,8 @@ if HEAD $HEADOPTS $url > /dev/null 2>&1 ; then
# Subshell to avoid leaking http_proxy and ftp_proxy variables to
# the rest of this script
(
- . /usr/share/debian-edu-config/tools/wpad-extract >/dev/null
- if [ "$http_proxy" ] ; then
+ http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
+ if [ -n "$http_proxy" ] ; then
echo "success: $0: WPAD file '$url' includes HTTP proxy info."
else
echo "error: $0: WPAD file '$url' is missing HTTP proxy info. (#644373?)"
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/8d625df4fd6e50e72dd7e4d1579a698169472fb3...eddbed2732c51d4e193e8977a2c1540325aed9b5
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/8d625df4fd6e50e72dd7e4d1579a698169472fb3...eddbed2732c51d4e193e8977a2c1540325aed9b5
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220322/0de82f39/attachment-0001.htm>
More information about the debian-edu-commits
mailing list