[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/systemd] 2 commits: Drop init script for fetching LDAP SSL public key from legacy main servers

Guido Berhörster (@gber) gitlab at salsa.debian.org
Fri Jul 21 07:22:01 BST 2023



Guido Berhörster pushed to branch personal/gber/systemd at Debian Edu / debian-edu-config


Commits:
234ca7cd by Guido Berhoerster at 2023-07-21T08:21:23+02:00
Drop init script for fetching LDAP SSL public key from legacy main servers

This drops support for clients running behind a main server based on DebianEdu
stretch (closes: #1030116).

- - - - -
54965e9c by Guido Berhoerster at 2023-07-21T08:21:48+02:00
Update debian/rules for init scripts and systemd services

Closes: #1039166

- - - - -


2 changed files:

- − debian/debian-edu-config.fetch-ldap-cert
- debian/rules


Changes:

=====================================
debian/debian-edu-config.fetch-ldap-cert deleted
=====================================
@@ -1,135 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides:          fetch-ldap-cert
-# Required-Start:    $local_fs $remote_fs
-# Required-Stop:     $local_fs $remote_fs
-# Should-Start:      $network $syslog $named slapd
-# Default-Start:     2 3 4 5
-# Default-Stop:
-# Short-Description: Fetch LDAP SSL public key from the server
-# Description:
-#   Start before krb5-kdc to give slapd time to become operational
-#   before krb5-kdc try to connect to the LDAP server as a workaround
-#   for #589915.
-# X-Start-Before:    isc-dhcp-server krb5-kdc nslcd
-### END INIT INFO
-#
-# Author: Petter Reinholdtsen <pere at hungry.com>
-# Date:   2007-06-09
-#
-# Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
-# Date:   2022-01-06
-
-###
-### FIXME: Legacy init script for Debian Edu clients.
-###
-###        --- Remove for Debian Edu bookworm+1 ---
-###
-###        Warning: Removing this script will drop support for clients running
-###        against Debian Edu main servers based on Debian Edu stretch and
-###        earlier.
-###
-
-set -e
-
-. /lib/lsb/init-functions
-
-CERTFILE=/etc/ssl/certs/debian-edu-server.crt
-
-do_start() {
-
-	# Locate LDAP server
-	LDAPSERVER=$(debian-edu-ldapserver)
-	LDAPPORT=636 # ldaps
-	ERROR=false
-
-	###
-	### PHASE 1: LDAP server cert retrieval
-	###
-
-	if ( [ ! -f $CERTFILE ] || [ ! -f $ROOTCACRT ] ) && [ -f /etc/nslcd.conf ] &&
-	    grep -q /etc/ssl/certs/debian-edu-server.crt /etc/nslcd.conf ; then
-
-		# LDAP server host not known/found, bailing out...
-		if [ -z "$LDAPSERVER" ] ; then
-			msg="Failed to locate LDAP server"
-			log_action_begin_msg "$msg"
-			log_action_end_msg 1
-			logger -t fetch-ldap-cert "$msg."
-			return 1
-		fi
-
-		[ "$VERBOSE" != no ] && log_action_begin_msg "Fetching LDAP SSL certificate."
-
-		# Fetch LDAP certificate from the Debian Edu main server (i.e. from the LDAP server)
-		/usr/share/debian-edu-config/tools/ldap-server-getcert $LDAPSERVER > $CERTFILE.new
-		chmod 644 $CERTFILE.new
-
-		if test -s $CERTFILE.new ; then
-			mv $CERTFILE.new $CERTFILE
-			[ "$VERBOSE" != no ] && log_action_end_msg 0
-			logger -t fetch-ldap-cert "Fetched LDAP SSL certificate from $LDAPSERVER."
-		else
-			# We obviously have failed in some way if the CERTFILE.new is empty (zero size).
-			# Something went wrong, if we end up here...
-			rm -f $CERTFILE.new
-			log_action_end_msg 1
-			logger -t fetch-ldap-cert "Failed to fetch LDAP SSL certificate from $LDAPSERVER."
-			ERROR=true
-		fi
-
-	fi
-
-	###
-	### PHASE 2: Deploy the obtained CERTFILE to LTSP chroots, if any are present.
-	###
-
-	if [ -d /opt/ltsp ] && [ "$ERROR" = "false" ]; then
-
-		# Loop over all to be found LTSP chroots...
-		for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
-
-			if [ ! -d $ltsp_chroot/etc/ssl/certs/ ]; then
-				# likely not a chroot dir, skipping...
-				continue
-			fi
-
-			# Only install the CERTFILE into this chroot, if not already present...
-			if [ ! -f $ltsp_chroot$CERTFILE ] && [ -f $ltsp_chroot/etc/nslcd.conf ] &&
-			    grep -q /etc/ssl/certs/debian-edu-server.crt $ltsp_chroot/etc/nslcd.conf ; then
-
-				# Copy the obtained CERTFILE into the LTSP chroot (containing the LDAP server's
-				# certificate.
-				log_action_begin_msg "Copying LDAP SSL certificate to ltsp-chroot $ltsp_chroot "
-				[ "$VERBOSE" != no ] &&
-				if test -s $CERTFILE; then
-					cp $CERTFILE $ltsp_chroot$CERTFILE
-					[ "$VERBOSE" != no ] && log_action_end_msg 0
-				else
-					log_action_end_msg 1
-					ERROR=true
-				fi
-			fi
-
-		done
-	fi
-
-	if [ "$ERROR" = "true" ]; then
-		return 1
-	fi
-}
-
-case "$1" in
-	start)
-		do_start
-		;;
-	stop)
-		;;
-	restart|force-reload)
-		;;
-	*)
-		echo "Usage: $0 {start|stop|restart|force-reload}"
-		exit 2
-esac
-
-exit 0


=====================================
debian/rules
=====================================
@@ -10,13 +10,18 @@ override_dh_auto_install:
 
 override_dh_installinit:
 	# Start it after 15bind9 and 19slapd
-	dh_installinit --init-script fetch-ldap-cert -r --no-start
 	dh_installinit --init-script fetch-rootca-cert -r --no-start
 	# Start it after 15bind9, 19slapd and 95fetch-ldap-cert, and add some to be sure
 	dh_installinit --init-script firefox-ldapconf -r --no-start
 	dh_installinit --init-script chromium-ldapconf -r --no-start
 	dh_installinit --init-script enable-nat --no-start
 
+override_dh_installsystemd:
+	dh_installsystemd --no-start --name chromium-ldapconf
+	dh_installsystemd --no-start --name enable-nat
+	dh_installsystemd --no-start --name fetch-rootca-cert
+	dh_installsystemd --no-start --name firefox-ldapconf
+
 override_dh_installman:
 	dh_installman
 	help2man -N -n "ldap-add-host-to-netgroup - Adds a host as a member in the given netgroup" \



View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/6cc3d9499c3764b194aada87e3b89b06a82a56d7...54965e9c330b63d9aa9490ce5b16730b95e13f7e

-- 
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/6cc3d9499c3764b194aada87e3b89b06a82a56d7...54965e9c330b63d9aa9490ce5b16730b95e13f7e
You're receiving this email because of your account on salsa.debian.org.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230721/3cb9069c/attachment-0001.htm>


More information about the debian-edu-commits mailing list