[debian-edu-commits] [Git][debian-edu/debian-edu-config][mr/debian-edu-router] 22 commits: cf3/cf.homes: White-space amendments.
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Fri Mar 13 14:21:08 GMT 2026
Mike Gabriel pushed to branch mr/debian-edu-router at Debian Edu / debian-edu-config
Commits:
5b6b9bdc by Mike Gabriel at 2025-06-02T10:06:13+02:00
cf3/cf.homes: White-space amendments.
- - - - -
1e53770d by Mike Gabriel at 2025-06-02T10:06:41+02:00
cf3/cf.homes: Assure that /etc/default/autofs has the LDAPBASE variable configured.
- - - - -
6a88387d by Mike Gabriel at 2025-06-02T10:08:48+02:00
d/changelog: update from Git history, bump to v2.13.0
- - - - -
41f573ba by Mike Gabriel at 2025-06-02T12:08:40+02:00
debian/control: Add to D: curl. Required by wpad-extract and fetch-rootca-cert scripts.
- - - - -
dbfd3647 by Mike Gabriel at 2025-06-02T16:26:10+02:00
release 2.12.900
- - - - -
63523d4c by Mike Gabriel at 2025-06-13T09:58:54+02:00
etc/dovecot/local.conf: Adapt to config setting changes in Dovecot 2.4.x.
- - - - -
858a9689 by Mike Gabriel at 2025-06-13T10:00:11+02:00
cf3/: Stop installing packages via cfengine3. The required packages should have been pulled in via meta-packages already (and if not, then this needs to be amended in debian-edu src:pkg).
- - - - -
07d7cda0 by Mike Gabriel at 2025-06-13T10:06:04+02:00
upload to unstable (debian/2.12.901)
- - - - -
648e0663 by Mike Gabriel at 2025-06-13T11:16:39+02:00
Makefile: Drop removed file cf.desktop-networked.
- - - - -
897b56af by Mike Gabriel at 2025-06-13T11:19:25+02:00
release 2.12.902
- - - - -
69f0f3ee by Mike Gabriel at 2025-09-04T13:15:53+02:00
etc/apache2/sites-available/debian-edu-default.conf: Use SERVER_ADDRESS in RewriteRule instead of hard-coded 'www'. Supports https redirection if connected to e.g. a VPN IP owned by TJENER.
- - - - -
3ef70d6a by Mike Gabriel at 2025-09-15T09:05:50+02:00
cf3/promises.cf: Regression fix: Drop desktop bundle from bundlesequence. The desktop bundle has been removed since d-e-c 2.12.901.
- - - - -
94d361c9 by Mike Gabriel at 2025-09-15T09:09:04+02:00
release 2.12.903
- - - - -
ecbbcc57 by Mike Gabriel at 2025-09-15T13:45:00+02:00
share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override: Drop file. This setting is theme-specific and should be shipped in debian-edu-artwork-<THEME> if diverting from system defaults.
Also, it seems that this file was inert all the time due to wrong file naming (<nn>-<description>.gschema.override instead of <nn>_<description>.gschema.override).
- - - - -
8dbb5ef0 by Mike Gabriel at 2025-09-15T15:23:31+02:00
cf3/: Support recognizing FAI based installations of Debian Edu systems (except from main server).
- - - - -
4c259cd2 by Mike Gabriel at 2025-09-15T15:24:23+02:00
release 2.12.904
- - - - -
1afb50ce by Mike Gabriel at 2025-09-16T10:32:22+02:00
sbin/debian-edu-fsautoresize: Avoid division by zero error on unused mountpoints.
- - - - -
5d768f5f by Mike Gabriel at 2025-09-16T17:43:41+02:00
sbin/debian-edu-pxeinstall: Support overriding tasksel/desktop selection via mydesktop parameter in /etc/debian-edu/pxeinstall.conf.
- - - - -
c7974f2a by Mike Gabriel at 2025-09-16T17:48:09+02:00
sbin/debian-edu-pxeinstall: Fix comment about mapping debconf template keywords to kernel cmdline keywords and drop unused variable assignment.
- - - - -
730df785 by Mike Gabriel at 2025-09-16T21:28:46+02:00
sbin/debian-edu-pxeinstall: Regression fix, only adjust desktop to mydesktop from pxeinstall.conf if we are processing the tasksel/desktop setting.
- - - - -
9ac26bf5 by Daniel Teichmann at 2026-03-13T14:21:03+00:00
Add new file 'debian-edu-router.ldif'. Empty proxy groups should be installed on all new Tjeners.
These are preconfigured empty proxy groups for the use in Debian Edu Router.
See Debian Edu Router Plugin: Content filter at https://salsa.debian.org/debian-edu/debian-edu-router/-/tree/master/docs.
- - - - -
686ca8cd by Daniel Teichmann at 2026-03-13T14:21:03+00:00
ldap-bootstrap/debian-edu-router.ldif: Add 'server-hosts' nisNetgroup to 'proxy-trusted' nisNetgroup, via 'memberNisNetgroup' attribute.
- - - - -
18 changed files:
- Makefile
- − cf3/cf.desktop-networked
- cf3/cf.finalize
- cf3/cf.grub
- cf3/cf.homes
- cf3/cf.icinga
- cf3/cf.ntp
- cf3/edu.cf
- cf3/promises.cf
- debian/changelog
- debian/control
- etc/apache2/sites-available/debian-edu-default.conf
- etc/dovecot/local.conf
- + ldap-bootstrap/debian-edu-router.ldif
- ldap-tools/ldap-debian-edu-install
- sbin/debian-edu-fsautoresize
- sbin/debian-edu-pxeinstall
- − share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override
Changes:
=====================================
Makefile
=====================================
@@ -54,7 +54,6 @@ CF3FILES = \
cf.apache2 \
cf.cfengine3 \
cf.cups \
- cf.desktop-networked \
cf.dhcpserver \
cf.exim \
cf.imap \
@@ -196,6 +195,7 @@ LDIFS = \
ltsp.ldif \
gosa.ldif \
gosa-server.ldif \
+ debian-edu-router.ldif \
$(NULL)
LDAPPROGRAMS = \
@@ -388,7 +388,6 @@ install: install-testsuite
share/firefox-esr/distribution/policies.json \
share/glib-2.0/schemas/21_debian-edu+gdm.gschema.override \
share/glib-2.0/schemas/31_debian-edu+mate.gschema.override \
- share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override \
share/mate-panel/layouts/debian-edu-mate.layout \
; do \
$(INSTALL_DATA) $$f $(DESTDIR)/usr/$$f ; \
=====================================
cf3/cf.desktop-networked deleted
=====================================
@@ -1,11 +0,0 @@
-bundle agent desktop
-{
-# Install desktop related packages, suited only for networked machines.
-
-commands:
-
- debian.desktopintern.installation::
-
- "/usr/bin/apt-get install -y jxplorer gosa-desktop krb5-auth-dialog"
- contain => in_shell;
-}
=====================================
cf3/cf.finalize
=====================================
@@ -111,10 +111,8 @@ commands:
# used during an installation with Main server or LTSP server profile to avoid
# broken network setup.
- debian.(server|ltspserver).lxqt.di.installation::
+ debian.(server|ltspserver).lxqt.(di|fai).installation::
- "/usr/bin/apt-get install -y network-manager-gnome"
- contain => in_shell;
"/usr/bin/apt-get purge -y connman"
contain => in_shell;
}
=====================================
cf3/cf.grub
=====================================
@@ -7,24 +7,24 @@ bundle agent grub
files:
- debian.(standalone|roaming).di.installation::
+ debian.(standalone|roaming).(di|fai).installation::
"/etc/default/grub"
edit_line => grub_conf1;
- debian.workstation.!server.!standalone.!roaming.di.installation::
+ debian.workstation.!server.!standalone.!roaming.(di|fai).installation::
"/etc/default/grub"
edit_line => grub_conf2;
- debian.(server|minimal).di.installation::
+ debian.(server|minimal).(di|fai).installation::
"/etc/default/grub"
edit_line => grub_conf3;
commands:
- debian.di.installation::
+ debian.(di|fai).installation::
"/usr/sbin/update-grub"
contain => in_shell;
=====================================
cf3/cf.homes
=====================================
@@ -37,8 +37,9 @@ bundle agent editline_homes
{
vars:
- "fstab" string => "/skole/tjener/home0 /srv/nfs4/home0 none bind 0 0";
- "autofs" string => "LDAPURI=ldap://$(edu.ldapserver)";
+ "fstab" string => "/skole/tjener/home0 /srv/nfs4/home0 none bind 0 0";
+ "autofs" slist => { "LDAPURI=ldap://$(edu.ldapserver)",
+ "LDAPBASE=\"$(edu.ldapbase)\"" };
files:
@@ -55,6 +56,5 @@ files:
"/etc/default/autofs"
create => "true",
- edit_line => append_if_no_line("$(autofs)");
+ edit_line => append_if_no_lines("@(editline_homes.autofs)");
}
-
=====================================
cf3/cf.icinga
=====================================
@@ -6,11 +6,6 @@ commands:
debian.server.di.installation::
- # Install package needed for Icinga Ido-Mysql functionality.
- # Needs to be done here and not by the tool below (due to debconf use).
- "DEBIAN_FRONTEND=noninteractive apt-get install -y icinga2-ido-mysql"
- contain => in_shell;
-
# Run the setup tool.
"/usr/share/debian-edu-config/tools/edu-icinga-setup"
contain => in_shell;
=====================================
cf3/cf.ntp
=====================================
@@ -21,13 +21,4 @@ files:
"/usr/lib/systemd/timesyncd.conf.d/debian-edu-timesyncd.conf"
copy_from => local_cp("/usr/share/debian-edu-config/debian-edu-timesyncd.conf"),
perms => mog("644","root","root");
-
-commands:
-
- # Make sure ntpsec gets installed
-
- debian.server.installation::
-
- "/usr/bin/apt-get install -y ntpsec"
- contain => in_shell;
}
=====================================
cf3/edu.cf
=====================================
@@ -31,7 +31,9 @@ bundle common edu
# Set if the Squid cache exists; used to conditionally link Debian Edu configuration.
"squidcache" expression => isdir("/var/spool/squid");
# Set if running inside Debian Installer; used to avoid useless LDAP setup upon main server upgrade.
- "di" expression => fileexists("/etc/apt/apt.conf.d/00IgnoreTimeConflict");
+ "di" expression => fileexists("/etc/apt/apt.conf.d/00IgnoreTimeConflict");
+ # Set if running inside FAI Installer; used to setup grub correctly
+ "fai" expression => isdir("/var/lib/fai/config");
# Set for networked workstation if the 'education-desktop-other' package is installed.
"desktopintern" and => { isdir("/usr/share/doc/education-desktop-other"), isdir("/usr/share/doc/education-networked") };
# Set if xfce4 is installed; used to conditionally configure settings.
=====================================
cf3/promises.cf
=====================================
@@ -53,7 +53,6 @@ body common control
icinga,
ldapserver,
ldapclient,
- desktop,
ntp,
squid,
sshd,
@@ -80,7 +79,6 @@ body common control
"debian-edu/cf.chromium",
"debian-edu/cf.cups",
"debian-edu/cf.samba",
- "debian-edu/cf.desktop-networked",
"debian-edu/cf.dhcpserver",
"debian-edu/cf.exim",
"debian-edu/cf.firefox-esr",
=====================================
debian/changelog
=====================================
@@ -1,3 +1,59 @@
+debian-edu-config (2.12.904) unstable; urgency=medium
+
+ * share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override:
+ + Drop file. This setting is theme-specific and should be shipped in
+ debian-edu-artwork-<THEME> if diverting from system defaults.
+ * cf3/:
+ + Support recognizing FAI based installations of Debian Edu systems (except
+ from main server).
+
+ -- Mike Gabriel <sunweaver at debian.org> Mon, 15 Sep 2025 15:22:48 +0200
+
+debian-edu-config (2.12.903) unstable; urgency=medium
+
+ * etc/apache2/sites-available/debian-edu-default.conf: Use SERVER_ADDRESS in
+ RewriteRule instead of hard-coded 'www'. Supports https redirection if
+ connected to e.g. a VPN IP owned by TJENER.
+ * cf3/promises.cf: Regression fix: Drop desktop bundle from bundlesequence.
+ The desktop bundle has been removed since d-e-c 2.12.901.
+
+ -- Mike Gabriel <sunweaver at debian.org> Mon, 15 Sep 2025 09:05:59 +0200
+
+debian-edu-config (2.12.902) unstable; urgency=medium
+
+ * Makefile: Drop removed file cf.desktop-networked.
+
+ -- Mike Gabriel <sunweaver at debian.org> Fri, 13 Jun 2025 11:16:43 +0200
+
+debian-edu-config (2.12.901) unstable; urgency=medium
+
+ * etc/dovecot/local.conf:
+ - Adapt to config setting changes in Dovecot 2.4.x.
+ * cf3/:
+ - Stop installing packages via cfengine3. The required packages should
+ have been pulled in via meta-packages already (and if not, then this
+ needs to be amended in debian-edu src:pkg).
+
+ -- Mike Gabriel <sunweaver at debian.org> Fri, 13 Jun 2025 10:03:03 +0200
+
+debian-edu-config (2.12.900) unstable; urgency=medium
+
+ * Debian Edu 13 development has started.
+
+ * debian/control:
+ + Add to D: field: bind9-dnsutils. The 'dig' utility is required by fetch-
+ rootca-cert script and various test scripts.
+ + Drop from D: field: libproxy1-plugin-*. All of them are transitional
+ packages and libproxy has been replaced by libpacparser1 (using its
+ pactester tool) ages ago. (Closes: #1064900).
+ + Add to D: curl. Required by wpad-extract and fetch-rootca-cert scripts.
+ * cf3/cf.homes:
+ - White-space amendments.
+ - Assure that /etc/default/autofs has the LDAPBASE variable configured.
+ This fixes LDAP automounting on workstation hosts.
+
+ -- Mike Gabriel <sunweaver at debian.org> Mon, 02 Jun 2025 16:16:08 +0200
+
debian-edu-config (2.12.46) unstable; urgency=medium
[ Holger Levsen ]
=====================================
debian/control
=====================================
@@ -23,6 +23,7 @@ Depends: ${misc:Depends},
bind9-host,
bind9-dnsutils,
cfengine3,
+ curl,
debconf-utils,
debian-edu-artwork,
e2fsprogs,
=====================================
etc/apache2/sites-available/debian-edu-default.conf
=====================================
@@ -8,7 +8,7 @@
RewriteEngine On
RewriteCond %{SERVER_PORT} 80
RewriteCond %{REQUEST_URI} !\.dat$
- RewriteRule ^(.*)$ https://www/$1 [R=301,L]
+ RewriteRule ^(.*)$ https://%{SERVER_ADDRESS}/$1 [R=301,L]
Options Indexes FollowSymLinks MultiViews
AllowOverride None
Require all granted
=====================================
etc/dovecot/local.conf
=====================================
@@ -4,7 +4,9 @@
auth_krb5_keytab = /etc/krb5.keytab.imap
auth_mechanisms = gssapi
auth_gssapi_hostname = postoffice.intern
-mail_location = maildir:~/Maildir:INBOX=/var/mail/%u
+mail_driver = maildir
+mail_path = ~/Maildir
+mail_inbox_path = /var/mail/%u
passdb {
args = uid=uid home=homeDirectory
driver = static
=====================================
ldap-bootstrap/debian-edu-router.ldif
=====================================
@@ -0,0 +1,37 @@
+dn: cn=proxy-trusted,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+cn: proxy-trusted
+description: Completely unfiltered internet access (+ bypasses NAT/T-P-M) - ProxyTrusted{User,Client} - Debian Edu Router Plugin: Content filter
+# This should enable direct unNAT'ted (bypasses transparent-proxy-mode) internet access to all internal servers in the Debian Edu network.
+memberNisNetgroup: server-hosts
+
+dn: cn=proxy-allow,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+cn: proxy-allow
+description: Generally unfiltered internet access - ProxyAllow{User,Client} - Debian Edu Router Plugin: Content filter
+
+dn: cn=proxy-deny,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+cn: proxy-deny
+description: Disables internet access completely - ProxyDeny{User,Client} - Debian Edu Router Plugin: Content filter
+
+dn: cn=proxy-blacklist,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+cn: proxy-blacklist
+description: Allows all but specific blacklisted websites - ProxyBlacklist{User,Client} - Debian Edu Router Plugin: Content filter
+
+dn: cn=proxy-whitelist,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+cn: proxy-whitelist
+description: Allows nothing but specific whitelisted websites - ProxyWhitelist{User,Client} - Debian Edu Router Plugin: Content filter
+
+dn: cn=proxy-noauth-client,ou=netgroup,dc=skole,dc=skolelinux,dc=no
+objectClass: top
+objectClass: nisNetgroup
+cn: proxy-noauth-client
+description: Fully disable auth. for these clients (BYOD Clients?) - ProxyNoauthClient - Debian Edu Router Plugin: Content filter
=====================================
ldap-tools/ldap-debian-edu-install
=====================================
@@ -282,7 +282,8 @@ EOF
/etc/ldap/gosa-server.ldif \
/etc/ldap/ltsp.ldif \
/etc/ldap/firstuser.ldif \
- /etc/ldap/krb5.ldif
+ /etc/ldap/krb5.ldif \
+ /etc/ldap/debian-edu-router.ldif
do
if cat $ldif | sed -e "s:\$ROOTPWDHASH:$ROOTPWDHASH:" \
-e "s/\$MAC/$MAC/" \
=====================================
sbin/debian-edu-fsautoresize
=====================================
@@ -226,7 +226,7 @@ sub supported_mountpoints {
$size = $volsizeblocks/2;
}
- my $fracavail = 100 * $avail / $size;
+ my $fracavail = 100 * $avail / ( $size + 1 );
print STDERR " A: $size $used $avail ($fracavail%)\n" if $opts{v};
my %minfo =
(
=====================================
sbin/debian-edu-pxeinstall
=====================================
@@ -57,11 +57,13 @@ else
dist=$(lsb_release -sc)
fi
+default_mydesktop="xfce"
+
[ "$archs" ] || archs="amd64 i386"
[ "$mirrorurl" ] || mirrorurl=http://deb.debian.org/debian
[ "$hostname" ] || hostname=pxeinstall
[ "$domain" ] || domain=intern
-[ "$mydesktop" ] || mydesktop=xfce
+[ "$mydesktop" ] || mydesktop="${default_mydesktop}"
[ "$graphicdi" ] || graphicdi=false
[ "$dailydi" ] || dailydi=false
[ "$theme" ] || theme="$(ls -L /etc/alternatives/desktop-theme/plymouth 2>/dev/null | grep script | cut -d'.' -f 1)"
@@ -86,21 +88,22 @@ fi
# debian-edu-install, copying the files a bit earlier.
installconfig=""
for template in debian-installer/locale \
- keyboard-configuration/xkb-keymap \
- tasksel/desktop; do
+ keyboard-configuration/xkb-keymap \
+ tasksel/desktop; do
value="$(debconf-get-selections --installer | grep $template | awk '{print $4}')"
if [ -z "$value" ] ; then
# If there is no value in the installer debconf database, set the default one.
# Useful if modular main server installation has been used (no desktop).
- value="$mydesktop"
+ value="${default_mydesktop}"
fi
- # Using desktop= as kernel argument work, while tasksel/desktop=
- # do not. No idea why, but lets use the one that work.
- if [ "tasksel/desktop" = $template ] ; then template=desktop ; desktop=$value; fi
+ if [ "tasksel/desktop" = $template ] && [ "${mydesktop}" != "${default_mydesktop}" ]; then
+ # Let setting from /etc/debian-edu/pxeinstall.conf override tasksel/desktop.
+ value="${mydesktop}"
+ fi
- # Map the long name to the short alias, to keep the argument list
- # shorter.
+ # Map the long debconf names to the keywords supported in the kernel cmdline.
+ if [ "tasksel/desktop" = $template ] ; then template=desktop; fi
if [ "debian-installer/locale" = $template ] ; then template=locale; fi
if [ "keyboard-configuration/xkb-keymap" = $template ] ; then template=keymap; fi
=====================================
share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override deleted
=====================================
@@ -1,2 +0,0 @@
-[org.ArcticaProject.arctica-greeter]
-logo=''
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/b84cbec2c151da42d4872bac7e50116e2f804bbc...686ca8cd5a4affb78799cf596c1801efa85052fb
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/b84cbec2c151da42d4872bac7e50116e2f804bbc...686ca8cd5a4affb78799cf596c1801efa85052fb
You're receiving this email because of your account on salsa.debian.org.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20260313/a861d7b4/attachment-0001.htm>
More information about the debian-edu-commits
mailing list