[debian-edu-commits] [Git][debian-edu/debian-edu-config][personal/gber/system-trusted-certs] 29 commits: cf3/cf.homes: White-space amendments.
Mike Gabriel (@sunweaver)
gitlab at salsa.debian.org
Fri May 22 23:31:30 BST 2026
Mike Gabriel pushed to branch personal/gber/system-trusted-certs at Debian Edu / debian-edu-config
Commits:
5b6b9bdc by Mike Gabriel at 2025-06-02T10:06:13+02:00
cf3/cf.homes: White-space amendments.
- - - - -
1e53770d by Mike Gabriel at 2025-06-02T10:06:41+02:00
cf3/cf.homes: Assure that /etc/default/autofs has the LDAPBASE variable configured.
- - - - -
6a88387d by Mike Gabriel at 2025-06-02T10:08:48+02:00
d/changelog: update from Git history, bump to v2.13.0
- - - - -
41f573ba by Mike Gabriel at 2025-06-02T12:08:40+02:00
debian/control: Add to D: curl. Required by wpad-extract and fetch-rootca-cert scripts.
- - - - -
dbfd3647 by Mike Gabriel at 2025-06-02T16:26:10+02:00
release 2.12.900
- - - - -
63523d4c by Mike Gabriel at 2025-06-13T09:58:54+02:00
etc/dovecot/local.conf: Adapt to config setting changes in Dovecot 2.4.x.
- - - - -
858a9689 by Mike Gabriel at 2025-06-13T10:00:11+02:00
cf3/: Stop installing packages via cfengine3. The required packages should have been pulled in via meta-packages already (and if not, then this needs to be amended in debian-edu src:pkg).
- - - - -
07d7cda0 by Mike Gabriel at 2025-06-13T10:06:04+02:00
upload to unstable (debian/2.12.901)
- - - - -
648e0663 by Mike Gabriel at 2025-06-13T11:16:39+02:00
Makefile: Drop removed file cf.desktop-networked.
- - - - -
897b56af by Mike Gabriel at 2025-06-13T11:19:25+02:00
release 2.12.902
- - - - -
69f0f3ee by Mike Gabriel at 2025-09-04T13:15:53+02:00
etc/apache2/sites-available/debian-edu-default.conf: Use SERVER_ADDRESS in RewriteRule instead of hard-coded 'www'. Supports https redirection if connected to e.g. a VPN IP owned by TJENER.
- - - - -
3ef70d6a by Mike Gabriel at 2025-09-15T09:05:50+02:00
cf3/promises.cf: Regression fix: Drop desktop bundle from bundlesequence. The desktop bundle has been removed since d-e-c 2.12.901.
- - - - -
94d361c9 by Mike Gabriel at 2025-09-15T09:09:04+02:00
release 2.12.903
- - - - -
ecbbcc57 by Mike Gabriel at 2025-09-15T13:45:00+02:00
share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override: Drop file. This setting is theme-specific and should be shipped in debian-edu-artwork-<THEME> if diverting from system defaults.
Also, it seems that this file was inert all the time due to wrong file naming (<nn>-<description>.gschema.override instead of <nn>_<description>.gschema.override).
- - - - -
8dbb5ef0 by Mike Gabriel at 2025-09-15T15:23:31+02:00
cf3/: Support recognizing FAI based installations of Debian Edu systems (except from main server).
- - - - -
4c259cd2 by Mike Gabriel at 2025-09-15T15:24:23+02:00
release 2.12.904
- - - - -
1afb50ce by Mike Gabriel at 2025-09-16T10:32:22+02:00
sbin/debian-edu-fsautoresize: Avoid division by zero error on unused mountpoints.
- - - - -
5d768f5f by Mike Gabriel at 2025-09-16T17:43:41+02:00
sbin/debian-edu-pxeinstall: Support overriding tasksel/desktop selection via mydesktop parameter in /etc/debian-edu/pxeinstall.conf.
- - - - -
c7974f2a by Mike Gabriel at 2025-09-16T17:48:09+02:00
sbin/debian-edu-pxeinstall: Fix comment about mapping debconf template keywords to kernel cmdline keywords and drop unused variable assignment.
- - - - -
730df785 by Mike Gabriel at 2025-09-16T21:28:46+02:00
sbin/debian-edu-pxeinstall: Regression fix, only adjust desktop to mydesktop from pxeinstall.conf if we are processing the tasksel/desktop setting.
- - - - -
e7f8fe8b by Daniel Teichmann at 2026-03-13T16:54:07+01:00
Add new file 'debian-edu-router.ldif'. Empty proxy groups should be installed on all new Tjeners.
These are preconfigured empty proxy groups for the use in Debian Edu Router.
See Debian Edu Router Plugin: Content filter at https://salsa.debian.org/debian-edu/debian-edu-router/-/tree/master/docs.
- - - - -
1342f54b by Daniel Teichmann at 2026-03-13T16:54:10+01:00
ldap-bootstrap/debian-edu-router.ldif: Add 'server-hosts' nisNetgroup to 'proxy-trusted' nisNetgroup, via 'memberNisNetgroup' attribute.
- - - - -
ae91d71a by Daniel Teichmann at 2026-03-13T16:54:10+01:00
share/debian-edu-config/gosa.conf.template: Activate nisNetgroup tab for user accounts.
This makes it possible to add a user into a nisNetgroup while editing a user.
This is a fine addition to the already present 'NIS Netgroup' tab on the left.
- - - - -
c53528cf by Mike Gabriel at 2026-05-07T22:28:30+02:00
share/debian-edu-config/tools/copy-host-keytab: Support SSH publickey login to tjener, if this is possible (e.g. if admin is using SSH agent forwarding).
- - - - -
b892e2fa by Daniel Teichmann at 2026-05-22T22:28:45+00:00
apache2 debian-edu-default.conf: Do not force HTTPS on *.crt (including Debian-Edu_rootCA.crt).
Closes: #1068388
- - - - -
a624dc1c by Daniel Teichmann at 2026-05-22T22:29:28+00:00
etc/dovecot/local.conf: Fix passdb block syntax for Dovecot 2.4.x compatibility.
Dovecot 2.4.x introduced a breaking change to the passdb/userdb
configuration block syntax. A prior commit 63523d4c partially adapted
etc/dovecot/local.conf to Dovecot 2.4.x by splitting mail_location
into mail_driver, mail_path, and mail_inbox_path, but did not update
the passdb block, leaving the configuration broken.
This causes Dovecot to fail immediately at startup with:
- doveconf: Fatal: Error in configuration file /etc/dovecot/local.conf line 10: passdb { }
- dovecot.service: Main process exited, code=exited, status=89/n/a
- - - - -
17c18602 by Daniel Teichmann at 2026-05-22T22:30:02+00:00
debian/control: Add 'Conflicts: firefox-esr-mobile-config'.
This ensures that /usr/share/firefox-esr/distribution/policies.json
will not be overwritten by the other package.
Closes: #1126881
- - - - -
489172c6 by Guido Berhoerster at 2026-05-22T22:31:29+00:00
Make libnssckbi.so consumers trust system root certificate store
Add debian-edu-config-p11-kit-nssckbi subpackage which contains a diversion for
libnssckbi.so and replaces it with symlink to p11-kit-trust.so in order to work
around #704180. Note that it is important to keep the renamed file outside of
/usr/lib/<arch>/ in order to prevent ldconfig from overwriting the symlink.
- - - - -
28d7a3cc by Guido Berhoerster at 2026-05-22T22:31:29+00:00
Stop adding the DebianEdu root CA to NSS shared database
NSS consumers like Firefox, Thunderbird, Chromium should use the system trusted
root CA store via p11-kit (Closes: #926388).
- - - - -
35 changed files:
- Makefile
- − bin/debian-edu-copy-pki
- − cf3/cf.desktop-networked
- cf3/cf.finalize
- cf3/cf.grub
- cf3/cf.homes
- cf3/cf.icinga
- cf3/cf.ntp
- cf3/edu.cf
- cf3/promises.cf
- debian/changelog
- debian/control
- + debian/debian-edu-config-p11-kit-nssckbi.links
- + debian/debian-edu-config-p11-kit-nssckbi.postrm.in
- + debian/debian-edu-config-p11-kit-nssckbi.preinst.in
- debian/debian-edu-config.lintian-overrides
- debian/rules
- etc/apache2/sites-available/debian-edu-default.conf
- etc/dovecot/local.conf
- + ldap-bootstrap/debian-edu-router.ldif
- ldap-tools/ldap-createuser-krb5
- ldap-tools/ldap-debian-edu-install
- − lib/thunderbird/distribution/policies.json
- sbin/debian-edu-fsautoresize
- sbin/debian-edu-ltsp-install
- sbin/debian-edu-pxeinstall
- share/debian-edu-config/gosa.conf.template
- share/debian-edu-config/tools/copy-host-keytab
- share/debian-edu-config/tools/create-debian-edu-certs
- − share/debian-edu-config/tools/create-user-nssdb
- share/debian-edu-config/tools/gosa-create
- − share/debian-edu-config/tools/update-cert-dbs
- share/firefox-esr/distribution/policies.json
- − share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override
- − share/man/man1/debian-edu-copy-pki.1
The diff was not included because it is too large.
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/909c45c1bbc30a57ab510ed9eb2c4aa80375c6d9...28d7a3cca794779a06679e631faa715ddee4ee7f
--
View it on GitLab: https://salsa.debian.org/debian-edu/debian-edu-config/-/compare/909c45c1bbc30a57ab510ed9eb2c4aa80375c6d9...28d7a3cca794779a06679e631faa715ddee4ee7f
You're receiving this email because of your account on salsa.debian.org. Manage all notifications: https://salsa.debian.org/-/profile/notifications | Help: https://salsa.debian.org/help
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://alioth-lists.debian.net/pipermail/debian-edu-commits/attachments/20260522/2f9f63d9/attachment-0001.htm>
More information about the debian-edu-commits
mailing list