[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/systemd] 2 commits: Drop init script for fetching LDAP SSL public key from legacy main servers
Guido Berhörster (@gber)
gitlab at salsa.debian.org
Fri Jul 21 07:22:01 BST 2023
Guido Berhörster pushed to branch personal/gber/systemd at Debian Edu / debian-edu-config
Commits:
234ca7cd by Guido Berhoerster at 2023-07-21T08:21:23+02:00
Drop init script for fetching LDAP SSL public key from legacy main servers
This drops support for clients running behind a main server based on DebianEdu
stretch (closes: #1030116).
- - - - -
54965e9c by Guido Berhoerster at 2023-07-21T08:21:48+02:00
Update debian/rules for init scripts and systemd services
Closes: #1039166
- - - - -
2 changed files:
- − debian/debian-edu-config.fetch-ldap-cert
- debian/rules
Changes:
=====================================
debian/debian-edu-config.fetch-ldap-cert deleted
=====================================
@@ -1,135 +0,0 @@
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides: fetch-ldap-cert
-# Required-Start: $local_fs $remote_fs
-# Required-Stop: $local_fs $remote_fs
-# Should-Start: $network $syslog $named slapd
-# Default-Start: 2 3 4 5
-# Default-Stop:
-# Short-Description: Fetch LDAP SSL public key from the server
-# Description:
-# Start before krb5-kdc to give slapd time to become operational
-# before krb5-kdc try to connect to the LDAP server as a workaround
-# for #589915.
-# X-Start-Before: isc-dhcp-server krb5-kdc nslcd
-### END INIT INFO
-#
-# Author: Petter Reinholdtsen <pere at hungry.com>
-# Date: 2007-06-09
-#
-# Author: Mike Gabriel <mike.gabriel at das-netzwerkteam.de>
-# Date: 2022-01-06
-
-###
-### FIXME: Legacy init script for Debian Edu clients.
-###
-### --- Remove for Debian Edu bookworm+1 ---
-###
-### Warning: Removing this script will drop support for clients running
-### against Debian Edu main servers based on Debian Edu stretch and
-### earlier.
-###
-
-set -e
-
-. /lib/lsb/init-functions
-
-CERTFILE=/etc/ssl/certs/debian-edu-server.crt
-
-do_start() {
-
- # Locate LDAP server
- LDAPSERVER=$(debian-edu-ldapserver)
- LDAPPORT=636 # ldaps
- ERROR=false
-
- ###
- ### PHASE 1: LDAP server cert retrieval
- ###
-
- if ( [ ! -f $CERTFILE ] || [ ! -f $ROOTCACRT ] ) && [ -f /etc/nslcd.conf ] &&
- grep -q /etc/ssl/certs/debian-edu-server.crt /etc/nslcd.conf ; then
-
- # LDAP server host not known/found, bailing out...
- if [ -z "$LDAPSERVER" ] ; then
- msg="Failed to locate LDAP server"
- log_action_begin_msg "$msg"
- log_action_end_msg 1
- logger -t fetch-ldap-cert "$msg."
- return 1
- fi
-
- [ "$VERBOSE" != no ] && log_action_begin_msg "Fetching LDAP SSL certificate."
-
- # Fetch LDAP certificate from the Debian Edu main server (i.e. from the LDAP server)
- /usr/share/debian-edu-config/tools/ldap-server-getcert $LDAPSERVER > $CERTFILE.new
- chmod 644 $CERTFILE.new
-
- if test -s $CERTFILE.new ; then
- mv $CERTFILE.new $CERTFILE
- [ "$VERBOSE" != no ] && log_action_end_msg 0
- logger -t fetch-ldap-cert "Fetched LDAP SSL certificate from $LDAPSERVER."
- else
- # We obviously have failed in some way if the CERTFILE.new is empty (zero size).
- # Something went wrong, if we end up here...
- rm -f $CERTFILE.new
- log_action_end_msg 1
- logger -t fetch-ldap-cert "Failed to fetch LDAP SSL certificate from $LDAPSERVER."
- ERROR=true
- fi
-
- fi
-
- ###
- ### PHASE 2: Deploy the obtained CERTFILE to LTSP chroots, if any are present.
- ###
-
- if [ -d /opt/ltsp ] && [ "$ERROR" = "false" ]; then
-
- # Loop over all to be found LTSP chroots...
- for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
-
- if [ ! -d $ltsp_chroot/etc/ssl/certs/ ]; then
- # likely not a chroot dir, skipping...
- continue
- fi
-
- # Only install the CERTFILE into this chroot, if not already present...
- if [ ! -f $ltsp_chroot$CERTFILE ] && [ -f $ltsp_chroot/etc/nslcd.conf ] &&
- grep -q /etc/ssl/certs/debian-edu-server.crt $ltsp_chroot/etc/nslcd.conf ; then
-
- # Copy the obtained CERTFILE into the LTSP chroot (containing the LDAP server's
- # certificate.
- log_action_begin_msg "Copying LDAP SSL certificate to ltsp-chroot $ltsp_chroot "
- [ "$VERBOSE" != no ] &&
- if test -s $CERTFILE; then
- cp $CERTFILE $ltsp_chroot$CERTFILE
- [ "$VERBOSE" != no ] && log_action_end_msg 0
- else
- log_action_end_msg 1
- ERROR=true
- fi
- fi
-
- done
- fi
-
- if [ "$ERROR" = "true" ]; then
- return 1
- fi
-}
-
-case "$1" in
- start)
- do_start
- ;;
- stop)
- ;;
- restart|force-reload)
- ;;
- *)
- echo "Usage: $0 {start|stop|restart|force-reload}"
- exit 2
-esac
-
-exit 0
=====================================
debian/rules
=====================================
@@ -10,13 +10,18 @@ override_dh_auto_install:
override_dh_installinit:
# Start it after 15bind9 and 19slapd
- dh_installinit --init-script fetch-ldap-cert -r --no-start
dh_installinit --init-script fetch-rootca-cert -r --no-start
# Start it after 15bind9, 19slapd and 95fetch-ldap-cert, and add some to be sure
dh_installinit --init-script firefox-ldapconf -r --no-start
dh_installinit --init-script chromium-ldapconf -r --no-start
dh_installinit --init-script enable-nat --no-start
+override_dh_installsystemd:
+ dh_installsystemd --no-start --name chromium-ldapconf
+ dh_installsystemd --no-start --name enable-nat
+ dh_installsystemd --no-start --name fetch-rootca-cert
+ dh_installsystemd --no-start --name firefox-ldapconf
+
override_dh_installman:
dh_installman
help2man -N -n "ldap-add-host-to-netgroup - Adds a host as a member in the given netgroup" \
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/6cc3d9499c3764b194aada87e3b89b06a82a56d7...54965e9c330b63d9aa9490ce5b16730b95e13f7e
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/6cc3d9499c3764b194aada87e3b89b06a82a56d7...54965e9c330b63d9aa9490ce5b16730b95e13f7e
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20230721/3cb9069c/attachment-0001.htm>
More information about the debian-edu-commits
mailing list