[debian-edu-commits] [Git][debian-edu/debian-edu-config][master] 2 commits: d-i/finish install: remove kdc and ldap passwords from debconf after setting...

Mon Feb 13 15:31:13 GMT 2023


Holger Levsen pushed to branch master at Debian Edu / debian-edu-config


Commits:
e4fcf6c9 by Holger Levsen at 2023-02-13T16:28:08+01:00
d-i/finish install: remove kdc and ldap passwords from debconf after setting them in the system. Thanks to Wolfgang Schweer.

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -
9840c47a by Holger Levsen at 2023-02-13T16:30:02+01:00
d-i/pre-pkgsel: only set kdc and ldap passwords on main-server, thanks Wolfgang Schweer.

Signed-off-by: Holger Levsen <holger at layer-acht.org>

- - - - -


2 changed files:

- share/debian-edu-config/d-i/finish-install
- share/debian-edu-config/d-i/pre-pkgsel


Changes:

=====================================
share/debian-edu-config/d-i/finish-install
=====================================
@@ -96,13 +96,41 @@ fi
 # Make sure the root password is gone from debconf after the
 # installation, in case ldap-debian-edu-install and kerberos-init-kdc 
 # scripts failed when cf-agent was executed.
-# Ignore errors as these templates do not exist on standalone installs
-db_set debian-edu-config/ldap-password '' || true
-db_set debian-edu-config/ldap-password-again '' || true
-db_set debian-edu-config/kdc-password '' || true
-db_set debian-edu-config/kdc-password-again '' || true
+# This needs to be done in the target system
+file=/tmp/edu-passwords
+	cat > $file <<EOF
+debian-edu-config debian-edu-config/kdc-password password
+debian-edu-config debian-edu-config/kdc-password-again password
+debian-edu-config debian-edu-config/ldap-password password
+debian-edu-config debian-edu-config/ldap-password-again password
+EOF
+# Pass above debconf information into the target
+cat $file | LANG=C chroot /target debconf-set-selections || \
+	error "Failed to clear kerberos and ldap passwords from debconf."
+rm $file
 log "info: Ensuring KDC and LDAP passwords are cleared from debconf database"
 
+# Special case first user: the homedir is missing if LDAP setup failed; the
+# /etc/krb5.keytab file is missing if Kerberos setup failed.
+# In case the installation succeeds, the password is kept to be able to create
+# the first-user Samba account at first boot (tools/run-at-firstboot, where the
+# password is cleared afterwards).
+if db_get passwd/username && [ "$RET" ] ; then
+	FIRSTUSERNAME="$RET"
+fi
+if [ ! -d /target/skole/tjener/home0/"$FIRSTUSERNAME" ] || \
+		[ ! -f /etc/krb5.keytab ] ; then
+	file=/tmp/firstuser-password
+	cat > $file <<EOF
+debian-edu-config debian-edu-config/first-user-password password
+EOF
+	# Pass above debconf information into the target
+	cat $file | LANG=C chroot /target debconf-set-selections || \
+	error "Failed to clear first-user password from debconf."
+	rm $file
+	log "info: Installation is broken; all passwords cleared from debconf database."
+fi
+
 echo "info: processes using mount point below /target"
 mountpoints="$(grep " /target" /proc/mounts | cut -d" " -f2 | sed s%/target%%g)"
 LANG=C chroot /target fuser -mv $mountpoints 2>&1 | sed 's/^/info: /'


=====================================
share/debian-edu-config/d-i/pre-pkgsel
=====================================
@@ -340,11 +340,14 @@ configure_network
 
 edu-etcvcs commit
 
+if echo "$PROFILE" | grep -q Main-Server ; then
+	set_kerberos_ldap_passwords
+fi
+
 for p in $(echo $PROFILE | tr , " ") ; do
     case $p in
 	# Only do this for the networked tasks, not for standalone
 	Main-Server|Workstation|Roaming-Workstation|LTSP-Server|Minimal)
-	    set_kerberos_ldap_passwords
 	    #create_initial_localadmin_user
 	    in-target /usr/share/debian-edu-config/tools/preseed-ldap-kerberos
 	    in-target /usr/share/debian-edu-config/tools/preseed-sitesummary



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/1c659decf5fb03201533f0d973a8a37049a7ae27...9840c47ab6095c7e5dffccd3923448a70edcb8f4

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/1c659decf5fb03201533f0d973a8a37049a7ae27...9840c47ab6095c7e5dffccd3923448a70edcb8f4
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230213/2044f394/attachment-0001.htm>
