[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye] 8 commits: share/debian-edu-config/squid.conf: Prefer DNSv4 lookups over DNSv6. Debian...

Mike Gabriel (@sunweaver) gitlab at salsa.debian.org
Wed Mar 23 12:37:04 GMT 2022



Mike Gabriel pushed to branch bullseye at Debian Edu / debian-edu-config


Commits:
35e260ed by Mike Gabriel at 2022-03-23T11:29:20+01:00
share/debian-edu-config/squid.conf: Prefer DNSv4 lookups over DNSv6. Debian Edu does not yet fully support IPv6 and many schools still use IPv4 primarily. This gives a great performance boost to squid installations if IPv6 internet is not fully available for whatever reason. (Closes: #1006375).

- - - - -
dc3d6476 by Mike Gabriel at 2022-03-23T11:34:27+01:00
sbin/update-hostname-from-ip: Simply if-then-else-clauses, reduce number of exit calls, don't exit with non-zero exit code. Improve syslog messages if things fail. (Closes: #1006604).

- - - - -
485dc7fb by Mike Gabriel at 2022-03-23T11:38:35+01:00
share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}: Don't fail if proxy update is not possible, only send warnings to stderr and syslog. Don't source wpad-extra script, execute it instead and capture stdout. (Closes: #1008067).

- - - - -
52730eb8 by Mike Gabriel at 2022-03-23T11:49:36+01:00
ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup during LDAP bootstrap.

- - - - -
2b803138 by Mike Gabriel at 2022-03-23T11:55:18+01:00
debian/debian-edu-config.postinst: Fix some typos.

- - - - -
98127ab8 by Mike Gabriel at 2022-03-23T11:55:24+01:00
d/changelog: add Kerberized DLW changelog items

- - - - -
0742521e by Mike Gabriel at 2022-03-23T12:27:02+01:00
share/debian-edu-config/tools/gosa-remove-host: fix path in comment

- - - - -
1b10b14c by Mike Gabriel at 2022-03-23T13:21:41+01:00
upload to bullseye (debian/2.11.56+deb11u4)

- - - - -


9 changed files:

- debian/changelog
- debian/debian-edu-config.postinst
- ldap-bootstrap/netgroup.ldif
- sbin/update-hostname-from-ip
- share/debian-edu-config/squid.conf
- share/debian-edu-config/tools/gosa-remove-host
- share/debian-edu-config/tools/update-proxy-from-wpad
- share/debian-edu-config/tools/wpad-extract
- testsuite/webcache


Changes:

=====================================
debian/changelog
=====================================
@@ -1,4 +1,4 @@
-debian-edu-config (2.11.56+deb11u4) UNRELEASED; urgency=medium
+debian-edu-config (2.11.56+deb11u4) bullseye; urgency=medium
 
   [ Wolfgang Schweer ]
   * etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal
@@ -34,6 +34,14 @@ debian-edu-config (2.11.56+deb11u4) UNRELEASED; urgency=medium
       named 03debian-edu-config rather than meddling with /etc/apt/apt.conf
       directly. Clean up any earlier meddling from apt.conf, as well. (Closes:
       #1003560).
+  * share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}:
+    - Don't fail if proxy update is not possible, only send warnings to stderr
+      and syslog. Don't source wpad-extra script, execute it instead and capture
+      stdout. (Closes: #1008067).
+  * sbin/update-hostname-from-ip:
+    - Simply if-then-else-clauses, reduce number of exit calls, don't exit with
+      non-zero exitcode. Improve syslog messages if things fail. (Closes:
+      #1006604).
   * share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed
     on Roaming Workstation. (Closes: #1004605).
   * share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user
@@ -53,14 +61,28 @@ debian-edu-config (2.11.56+deb11u4) UNRELEASED; urgency=medium
       #1006362).
     - Silence stderr output if the artwork theme lacks a plymouth subfolder.
       This can be silently ignored and should not trouble Debian Edu admins.
-  * share/debian-edu-config/tools/: Add update-dlw-krb5-keytabs script and
-    call it (with delay) from gosa-modify-host hook script. (Closes: #613167,
-    #1002018).
+  * Support krb5i on Diskless Workstations (aka LTSP FAT Clients):
+    - ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup
+      during LDAP bootstrap.
+    - debian/debian-edu-config.{postinst,postrm}: Create non-privileged
+      debian-edu system user account on Debian Edu mainserver (for distribution
+      of host keytabs to diskless workstations aka LTSP fat clients).
+    - share/debian-edu-config/tools/: Add update-dlw-krb5-keytabs script and
+      call it (with delay) from gosa-modify-host hook script. (Closes: #613167,
+      #1002018).
   * Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/
     and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes:
     #1002019).
-
- -- Mike Gabriel <sunweaver at debian.org>  Fri, 14 Dec 2021 22:21:50 +0100
+  * share/debian-edu-config/squid.conf:
+    - Prefer DNSv4 lookups over DNSv6. Debian Edu does not yet fully support
+      IPv6 and many schools still use IPv4 primarily. This gives a great
+      performance boost to squid installations if IPv6 internet is not fully
+      available for whatever reason. (Closes: #1006375).
+  * share/debian-edu-config/tools/list-gosa-systems:
+    - Drop immature list-gosa-systems script again that got sneaked in via
+      upload of 2.11.56+deb11u3. We apologize for the noise.
+
+ -- Mike Gabriel <sunweaver at debian.org>  Wed, 23 Mar 2022 12:28:00 +0100
 
 debian-edu-config (2.11.56+deb11u3) bullseye-security; urgency=medium
 


=====================================
debian/debian-edu-config.postinst
=====================================
@@ -179,8 +179,8 @@ configure)
 	fi
 
 	# On Debian Edu main servers create a debian-edu system user account with
-	# limit privileges for publishing host keytabs to diskless workstation (this
-	# is the initial use case. Further use cases might pop up later.
+	# limited privileges for publishing host keytabs to diskless workstations (this
+	# is the initial use case, further use cases might pop up later).
 	if [ -s /etc/debian-edu/config ] && grep -Eq "(Main-Server)" /etc/debian-edu/config ; then
 
 	    if ! getent 'passwd' 'debian-edu' >'/dev/null'; then


=====================================
ldap-bootstrap/netgroup.ldif
=====================================
@@ -15,6 +15,12 @@ objectClass: nisNetgroup
 description: All workstations
 cn: workstation-hosts
 
+dn: cn=diskless-workstation-hosts,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+description: All diskless workstations
+cn: diskless-workstation-hosts
+
 dn: cn=ltsp-server-hosts,ou=netgroup,dc=skole,dc=skolelinux,dc=no
 objectClass: top
 objectClass: nisNetgroup


=====================================
sbin/update-hostname-from-ip
=====================================
@@ -14,6 +14,10 @@ onlyprint=false
 
 DNSDOMAIN=intern
 
+### IMPORTANT: We don't want this script to fail with a non-zero exitcode.
+###            All problems should be reported as warnings, not errors.
+###            See https://bugs.debian.org/1006604 for details.
+
 log() {
     $QUIET "$2"
     logger -t update-hostname-from-ip "$1"
@@ -56,8 +60,8 @@ sethostname() {
 	echo $hostname > /etc/hostname
 	log "info: changing hostname to $hostname based on $namesource"
     else
-	log "error: unable to set hostname to $hostname."
-	exit 1
+	log "warning: unable to set hostname to $hostname."
+	return -1
     fi
 }
 
@@ -108,11 +112,6 @@ fi
 if [ "$IP" ] ; then
     HOSTNAME=$(ip2hostname $IP)
     SOURCE="reverse DNS of $IP"
-elif $USEMAC ; then
-    HOSTNAME=$(ether2hostname $MAC)
-    SOURCE="hardware MAC address"
-else
-    exit 1
 fi
 
 if $USEMAC && [ -z "$HOSTNAME" ] ; then
@@ -123,7 +122,6 @@ fi
 if [ "$HOSTNAME" ]; then
     if $onlyprint ; then
 	echo $HOSTNAME
-	exit 0
     else
         # Already got the correct host name?
         if [ "$HOSTNAME" != "$(uname -n)" ] ; then
@@ -131,7 +129,7 @@ if [ "$HOSTNAME" ]; then
         fi
     fi
 else
-    exit 1
+    log "warning: failed to detect (and set) hostname from IP or MAC address"
 fi
 
 exit 0


=====================================
share/debian-edu-config/squid.conf
=====================================
@@ -6,6 +6,11 @@ maximum_object_size 153600 KB
 #  - Appends .intern to hostnames without any dots in them.
 append_domain .intern
 
+# Currently, Debian Edu does not support IPv6 on the internal network
+# thus, we should try to use DNSv4 preferrably for the http proxy.
+# See https://bugs.debian.org/1006375
+dns_v4_first on
+
 # Adjust cache size to fit size of /var/spool/squid, the initial capacity value
 # is dynamically updated using
 # /usr/share/debian-edu-config/tools/squid-update-cachedir


=====================================
share/debian-edu-config/tools/gosa-remove-host
=====================================
@@ -6,7 +6,7 @@ set -ex
 ## Make sure that malicious execution cannot hurt.
 ##
 ## This script removes the host and nfs principals for hosts removed with gosa.
-## It also removes the host specific keytab file (tjener:/var/lib/debian-edu/$fqdn.keytab).
+## It also removes the host specific keytab file (tjener:/var/lib/debian-edu/host-keytabs/$fqdn.keytab).
 
 
 HOST="$1"


=====================================
share/debian-edu-config/tools/update-proxy-from-wpad
=====================================
@@ -9,11 +9,11 @@ log() {
     logger -t update-proxy-from-wpad "$@"
 }
 
-error() {
-    if [ -t 1 ] ; then # Only print errors when stdout is a tty
-	echo "error: $@"
+warning() {
+    if [ -t 1 ] ; then # Only print warnings when stdout is a tty
+	echo "warning: $@" 1>/dev/stderr
     fi
-    logger -t update-proxy-from-wpad "error: $@"
+    logger -t update-proxy-from-wpad "warning: $@"
 }
 
 append_if_missing() {
@@ -103,9 +103,14 @@ fi
 # Make sure to fetch the wpad file without proxy settings, to behave
 # like browsers who need to get their proxy settings without using a
 # proxy.
-http_proxy=
+http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
+
+if [ -z "$http_proxy" ]; then
+
+	warning "Failed to extract proxy host from WPAD data. Not configuring proxy usage."
+
+else
 
-. /usr/share/debian-edu-config/tools/wpad-extract >/dev/null || exit 1
 ftp_proxy=$http_proxy
 https_proxy=$http_proxy
 
@@ -118,3 +123,4 @@ if echo "$PROFILE" | egrep -q 'Roaming-Workstation|Standalone' ; then
 else
     update_etc_environment
 fi
+fi


=====================================
share/debian-edu-config/tools/wpad-extract
=====================================
@@ -13,8 +13,7 @@ proxy_url=$(curl -s http://wpad/wpad.dat | pactester -p - \
             -u http://130.89.148.14 | awk '{print $2}' | cut -d';' -f1)
 
 if [ "$proxy_url" ]; then
-    http_proxy=http://$proxy_url
-    echo http_proxy=$http_proxy
+	echo "http://$proxy_url"
 else
-    return 1
+	exit 1
 fi


=====================================
testsuite/webcache
=====================================
@@ -69,8 +69,8 @@ if HEAD $HEADOPTS $url > /dev/null 2>&1 ; then
     # Subshell to avoid leaking http_proxy and ftp_proxy variables to
     # the rest of this script
     (
-	. /usr/share/debian-edu-config/tools/wpad-extract >/dev/null
-	if [ "$http_proxy" ] ; then
+	http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
+	if [ -n "$http_proxy" ] ; then
 	    echo "success: $0: WPAD file '$url' includes HTTP proxy info."
 	else
 	    echo "error: $0: WPAD file '$url' is missing HTTP proxy info. (#644373?)"



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/711666b2e85b917c5f3890acd14372b306be6a69...1b10b14cce1b2ebd70ccc61f4fc4b550b6921850

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/711666b2e85b917c5f3890acd14372b306be6a69...1b10b14cce1b2ebd70ccc61f4fc4b550b6921850
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220323/2e495018/attachment-0001.htm>


More information about the debian-edu-commits mailing list