[debian-edu-commits] [Git][debian-edu/debian-edu-config][bullseye] 8 commits: share/debian-edu-config/squid.conf: Prefer DNSv4 lookups over DNSv6. Debian...
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Wed Mar 23 12:37:04 GMT 2022
Mike Gabriel pushed to branch bullseye at Debian Edu / debian-edu-config
Commits:
35e260ed by Mike Gabriel at 2022-03-23T11:29:20+01:00
share/debian-edu-config/squid.conf: Prefer DNSv4 lookups over DNSv6. Debian Edu does not yet fully support IPv6 and many schools still use IPv4 primarily. This gives a great performance boost to squid installations if IPv6 internet is not fully available for whatever reason. (Closes: #1006375).
- - - - -
dc3d6476 by Mike Gabriel at 2022-03-23T11:34:27+01:00
sbin/update-hostname-from-ip: Simply if-then-else-clauses, reduce number of exit calls, don't exit with non-zero exit code. Improve syslog messages if things fail. (Closes: #1006604).
- - - - -
485dc7fb by Mike Gabriel at 2022-03-23T11:38:35+01:00
share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}: Don't fail if proxy update is not possible, only send warnings to stderr and syslog. Don't source wpad-extra script, execute it instead and capture stdout. (Closes: #1008067).
- - - - -
52730eb8 by Mike Gabriel at 2022-03-23T11:49:36+01:00
ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup during LDAP bootstrap.
- - - - -
2b803138 by Mike Gabriel at 2022-03-23T11:55:18+01:00
debian/debian-edu-config.postinst: Fix some typos.
- - - - -
98127ab8 by Mike Gabriel at 2022-03-23T11:55:24+01:00
d/changelog: add Kerberized DLW changelog items
- - - - -
0742521e by Mike Gabriel at 2022-03-23T12:27:02+01:00
share/debian-edu-config/tools/gosa-remove-host: fix path in comment
- - - - -
1b10b14c by Mike Gabriel at 2022-03-23T13:21:41+01:00
upload to bullseye (debian/2.11.56+deb11u4)
- - - - -
9 changed files:
- debian/changelog
- debian/debian-edu-config.postinst
- ldap-bootstrap/netgroup.ldif
- sbin/update-hostname-from-ip
- share/debian-edu-config/squid.conf
- share/debian-edu-config/tools/gosa-remove-host
- share/debian-edu-config/tools/update-proxy-from-wpad
- share/debian-edu-config/tools/wpad-extract
- testsuite/webcache
Changes:
=====================================
debian/changelog
=====================================
@@ -1,4 +1,4 @@
-debian-edu-config (2.11.56+deb11u4) UNRELEASED; urgency=medium
+debian-edu-config (2.11.56+deb11u4) bullseye; urgency=medium
[ Wolfgang Schweer ]
* etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal
@@ -34,6 +34,14 @@ debian-edu-config (2.11.56+deb11u4) UNRELEASED; urgency=medium
named 03debian-edu-config rather than meddling with /etc/apt/apt.conf
directly. Clean up any earlier meddling from apt.conf, as well. (Closes:
#1003560).
+ * share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}:
+ - Don't fail if proxy update is not possible, only send warnings to stderr
+ and syslog. Don't source wpad-extra script, execute it instead and capture
+ stdout. (Closes: #1008067).
+ * sbin/update-hostname-from-ip:
+ - Simply if-then-else-clauses, reduce number of exit calls, don't exit with
+ non-zero exitcode. Improve syslog messages if things fail. (Closes:
+ #1006604).
* share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed
on Roaming Workstation. (Closes: #1004605).
* share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user
@@ -53,14 +61,28 @@ debian-edu-config (2.11.56+deb11u4) UNRELEASED; urgency=medium
#1006362).
- Silence stderr output if the artwork theme lacks a plymouth subfolder.
This can be silently ignored and should not trouble Debian Edu admins.
- * share/debian-edu-config/tools/: Add update-dlw-krb5-keytabs script and
- call it (with delay) from gosa-modify-host hook script. (Closes: #613167,
- #1002018).
+ * Support krb5i on Diskless Workstations (aka LTSP FAT Clients):
+ - ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup
+ during LDAP bootstrap.
+ - debian/debian-edu-config.{postinst,postrm}: Create non-privileged
+ debian-edu system user account on Debian Edu mainserver (for distribution
+ of host keytabs to diskless workstations aka LTSP fat clients).
+ - share/debian-edu-config/tools/: Add update-dlw-krb5-keytabs script and
+ call it (with delay) from gosa-modify-host hook script. (Closes: #613167,
+ #1002018).
* Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/
and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes:
#1002019).
-
- -- Mike Gabriel <sunweaver at debian.org> Fri, 14 Dec 2021 22:21:50 +0100
+ * share/debian-edu-config/squid.conf:
+ - Prefer DNSv4 lookups over DNSv6. Debian Edu does not yet fully support
+ IPv6 and many schools still use IPv4 primarily. This gives a great
+ performance boost to squid installations if IPv6 internet is not fully
+ available for whatever reason. (Closes: #1006375).
+ * share/debian-edu-config/tools/list-gosa-systems:
+ - Drop immature list-gosa-systems script again that got sneaked in via
+ upload of 2.11.56+deb11u3. We apologize for the noise.
+
+ -- Mike Gabriel <sunweaver at debian.org> Wed, 23 Mar 2022 12:28:00 +0100
debian-edu-config (2.11.56+deb11u3) bullseye-security; urgency=medium
=====================================
debian/debian-edu-config.postinst
=====================================
@@ -179,8 +179,8 @@ configure)
fi
# On Debian Edu main servers create a debian-edu system user account with
- # limit privileges for publishing host keytabs to diskless workstation (this
- # is the initial use case. Further use cases might pop up later.
+ # limited privileges for publishing host keytabs to diskless workstations (this
+ # is the initial use case, further use cases might pop up later).
if [ -s /etc/debian-edu/config ] && grep -Eq "(Main-Server)" /etc/debian-edu/config ; then
if ! getent 'passwd' 'debian-edu' >'/dev/null'; then
=====================================
ldap-bootstrap/netgroup.ldif
=====================================
@@ -15,6 +15,12 @@ objectClass: nisNetgroup
description: All workstations
cn: workstation-hosts
+dn: cn=diskless-workstation-hosts,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+description: All diskless workstations
+cn: diskless-workstation-hosts
+
dn: cn=ltsp-server-hosts,ou=netgroup,dc=skole,dc=skolelinux,dc=no
objectClass: top
objectClass: nisNetgroup
=====================================
sbin/update-hostname-from-ip
=====================================
@@ -14,6 +14,10 @@ onlyprint=false
DNSDOMAIN=intern
+### IMPORTANT: We don't want this script to fail with a non-zero exitcode.
+### All problems should be reported as warnings, not errors.
+### See https://bugs.debian.org/1006604 for details.
+
log() {
$QUIET "$2"
logger -t update-hostname-from-ip "$1"
@@ -56,8 +60,8 @@ sethostname() {
echo $hostname > /etc/hostname
log "info: changing hostname to $hostname based on $namesource"
else
- log "error: unable to set hostname to $hostname."
- exit 1
+ log "warning: unable to set hostname to $hostname."
+ return -1
fi
}
@@ -108,11 +112,6 @@ fi
if [ "$IP" ] ; then
HOSTNAME=$(ip2hostname $IP)
SOURCE="reverse DNS of $IP"
-elif $USEMAC ; then
- HOSTNAME=$(ether2hostname $MAC)
- SOURCE="hardware MAC address"
-else
- exit 1
fi
if $USEMAC && [ -z "$HOSTNAME" ] ; then
@@ -123,7 +122,6 @@ fi
if [ "$HOSTNAME" ]; then
if $onlyprint ; then
echo $HOSTNAME
- exit 0
else
# Already got the correct host name?
if [ "$HOSTNAME" != "$(uname -n)" ] ; then
@@ -131,7 +129,7 @@ if [ "$HOSTNAME" ]; then
fi
fi
else
- exit 1
+ log "warning: failed to detect (and set) hostname from IP or MAC address"
fi
exit 0
=====================================
share/debian-edu-config/squid.conf
=====================================
@@ -6,6 +6,11 @@ maximum_object_size 153600 KB
# - Appends .intern to hostnames without any dots in them.
append_domain .intern
+# Currently, Debian Edu does not support IPv6 on the internal network
+# thus, we should try to use DNSv4 preferrably for the http proxy.
+# See https://bugs.debian.org/1006375
+dns_v4_first on
+
# Adjust cache size to fit size of /var/spool/squid, the initial capacity value
# is dynamically updated using
# /usr/share/debian-edu-config/tools/squid-update-cachedir
=====================================
share/debian-edu-config/tools/gosa-remove-host
=====================================
@@ -6,7 +6,7 @@ set -ex
## Make sure that malicious execution cannot hurt.
##
## This script removes the host and nfs principals for hosts removed with gosa.
-## It also removes the host specific keytab file (tjener:/var/lib/debian-edu/$fqdn.keytab).
+## It also removes the host specific keytab file (tjener:/var/lib/debian-edu/host-keytabs/$fqdn.keytab).
HOST="$1"
=====================================
share/debian-edu-config/tools/update-proxy-from-wpad
=====================================
@@ -9,11 +9,11 @@ log() {
logger -t update-proxy-from-wpad "$@"
}
-error() {
- if [ -t 1 ] ; then # Only print errors when stdout is a tty
- echo "error: $@"
+warning() {
+ if [ -t 1 ] ; then # Only print warnings when stdout is a tty
+ echo "warning: $@" 1>/dev/stderr
fi
- logger -t update-proxy-from-wpad "error: $@"
+ logger -t update-proxy-from-wpad "warning: $@"
}
append_if_missing() {
@@ -103,9 +103,14 @@ fi
# Make sure to fetch the wpad file without proxy settings, to behave
# like browsers who need to get their proxy settings without using a
# proxy.
-http_proxy=
+http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
+
+if [ -z "$http_proxy" ]; then
+
+ warning "Failed to extract proxy host from WPAD data. Not configuring proxy usage."
+
+else
-. /usr/share/debian-edu-config/tools/wpad-extract >/dev/null || exit 1
ftp_proxy=$http_proxy
https_proxy=$http_proxy
@@ -118,3 +123,4 @@ if echo "$PROFILE" | egrep -q 'Roaming-Workstation|Standalone' ; then
else
update_etc_environment
fi
+fi
=====================================
share/debian-edu-config/tools/wpad-extract
=====================================
@@ -13,8 +13,7 @@ proxy_url=$(curl -s http://wpad/wpad.dat | pactester -p - \
-u http://130.89.148.14 | awk '{print $2}' | cut -d';' -f1)
if [ "$proxy_url" ]; then
- http_proxy=http://$proxy_url
- echo http_proxy=$http_proxy
+ echo "http://$proxy_url"
else
- return 1
+ exit 1
fi
=====================================
testsuite/webcache
=====================================
@@ -69,8 +69,8 @@ if HEAD $HEADOPTS $url > /dev/null 2>&1 ; then
# Subshell to avoid leaking http_proxy and ftp_proxy variables to
# the rest of this script
(
- . /usr/share/debian-edu-config/tools/wpad-extract >/dev/null
- if [ "$http_proxy" ] ; then
+ http_proxy=$(/usr/share/debian-edu-config/tools/wpad-extract 2>/dev/null || true)
+ if [ -n "$http_proxy" ] ; then
echo "success: $0: WPAD file '$url' includes HTTP proxy info."
else
echo "error: $0: WPAD file '$url' is missing HTTP proxy info. (#644373?)"
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/711666b2e85b917c5f3890acd14372b306be6a69...1b10b14cce1b2ebd70ccc61f4fc4b550b6921850
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/711666b2e85b917c5f3890acd14372b306be6a69...1b10b14cce1b2ebd70ccc61f4fc4b550b6921850
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20220323/2e495018/attachment-0001.htm>
More information about the debian-edu-commits
mailing list