- Status of Debian Edu "Buster"
- Known problems that need to be fixed elsewhere
- Known problems we fixed via workarounds, real fix needed elsewhere
- Fixed + done (related packages migrated to buster or unstable)
Status of Debian Edu "Buster"
(development started in July 2017)
Released at the Debian 10 Buster release date (July 06 2019)
See the release announcement.
Updated at Debian 10.1 Buster point release date (September 07 2019)
Among others, the packages debian-edu-config, gosa* and debian-edu-doc* have been updated. It is recommended to update the main server first, then LTSP chroots (in case they exist) and other clients (like workstations) in the Debian Edu network.
Please note that the updated debian-edu-config package includes CFengine configuration file changes, so cf-agent -I -D installation needs to be run after upgrading the package (see the Buster manual Maintenance chapter).
Updated at Debian 10.2 Buster point release date (November 16 2019)
Among others, the packages debian-edu-config and standardskriver have been updated, see the related announcement.
Instead of the default xfce desktop environment, mate, gnome, lxde, lxqt or kde can be used by editing the kernel desktop parameter (default: desktop=xfce). See the Buster manual installation chapter how to edit kernel command line parameters.
Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places (updated to Debian Edu 10.2):
Download using http
The netinst iso image can be used for installation from CD/DVD and USB flash drives and is available for two Debian architectures: amd64 (64-bit) or i386 (32-bit). As the name implies, Internet access is required for the installation.
The BD image is approximately 5 GB large and can be used for installation of amd64 or i386 machines, also without access to the Internet. Like the netinst image it can be installed on USB flash drives or disk media of sufficient size.
Download using rsync
Also recommended to update an already existing image.
rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-10.2.0-amd64-netinst.iso debian-edu-10.2.0-amd64-netinst.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-10.2.0-i386-netinst.iso debian-edu-10.2.0-i386-netinst.iso
rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-10.2.0-amd64-BD-1.iso debian-edu-10.2.0-amd64-BD-1.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-10.2.0-i386-BD-1.iso debian-edu-10.2.0-i386-BD-1.iso
Unofficial images including non-free firmware - use only if really needed
Verify the downloaded image file
Detailed instructions for verifying these images are part of the Debian-CD FAQ.
Known problems that need to be fixed elsewhere
X2Go doesn't register users with utmp/wtmp, see 890517. Remove the killer package (or disable the killer cron job) on the related LTSP server to avoid user sessions to be kicked out.
Icinga doesn't use authentication, see 939056. [Unlikely to be fixed in Buster, Icinga is EOL]. As a workaround edit /etc/icinga/apache2.conf: drop the line containing Require all granted.
Known problems we fixed via workarounds, real fix needed elsewhere
Squid needs to be started manually after reboots due to 911325 (patch available). [Unlikely to be fixed in Buster.]
Mounting removable media (like USB sticks) fails on diskless workstations; for details and workarounds, see 913774. [Unlikely to be fixed in Buster.]
Xfce is missing a volume control in the panel, see 913610. [Unlikely to be fixed in Buster.]
Xfce is missing a screenserver if Lightdm isn't used (e.g. LTSP clients, remote sessions), see 922718. [Unlikely to be fixed in Buster.]
Fixed + done (related packages migrated to buster or unstable)
Fix fetch-ldap-cert to improve security, see 931413.
Fix sudo-ldap configuration, see 929964.
Fix LTSP related PXE configuration, see 928756.
Fix Firefox NFS related issue, see 930122.
Fix krb5 related logging configuration, see 931366.
Set LTSP chroot path in /etc/exports file if LTSP server has i386 arch, see 931680.
Include the LDAP server certificate in initial LTSP chroot image, see 932828.
Provide Debian Edu RootCA certificate for download, see 933183.
Fix loss of dynamically allocated v4 IP address, see 933580.
LTSP code to detect the DIST value is broken, see 925173.
LTSP client boot is broken due to a new busybox version: 924374. See the bug log for a temporary workaround.
Broken PXE installation framework, see 924927.
Apache on tjener stops responding at midnight due to a logrotate happening at 0:00 sharp (segfaults, remaining parts causing high fork rates, making system nearly unresponsive) (#902658). [Real culprit is 904808 ; as a workaround edit /etc/logrotate.d/apache2 and replace reload with restart.]
The added LXQt desktop environment lacks desktop-base support, see 914345.
the USB-offline installation media (also known as Bluray media) is still too big, see 846006
Proper Buster artwork is still missing as it depends on currently still missing Debian artwork for Buster, for now the Debian Edu Buster artwork is based upon the futurePrototype proposal.
- The added metapackages (video, primaryschool) are missing education menu integration.
- The desktop profiles concept (kiosk) seems to be outdated since years.
- The favorites configuration (most DEs?) needs love.
- *_proxy variables in /etc/environment for some reason do not make it into the LTSP squashfs image when this is built during installation. They appear in the chroot tree after installation and an ltsp-update-image correctly carries them to the squashfs.
we are able to install Debian Edu with d-i from cdimage.debian.org, see 846006
finish the SVN2Git Migration Status
Even if deselected, the LTSP installation step is reported as 'failed'; see: 888583. Workaround: When the Debian Edu profile screen is shown, open up a Debian Installer shell and run 'rm /var/lib/dpkg/info/kbd-chooser.*'
GOsa² access to LDAP is broken. This happens because password decryption doesn't work; see 892546. Workaround: After booting the main server for the first time, run:
cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf cat /dev/null > /etc/gosa/gosa.secrets service apache2 reload
Please note that this change disables gosa-admin password encryption (GOsa² -> LDAP connection); the generated (random) password is used in this case.
Installation is broken since PHP7.2 has entered testing. This happens because mcrypt support has been removed from PHP while gosa-encrypt-password depends on it; see 889811. Workaround: While the Debian Installer is busy installing software, open up a shell and use 'nano target/usr/bin/ldap-debian-edu-install' to replace gosa-encrypt-passwords > /dev/null with #gosa-encrypt-passwords > /dev/null and to add the line touch /etc/gosa/gosa.secrets below the commented one. Please note that this change disables password encryption to access the GOsa² web interface; use only for testing.
The usbstick ISO image should allow installations including the 'LTSP server' profile without internet connection; atm about 300 MiB need to be downloaded. This happens right after the base system has been installed successfully in the LTSP chroot, later in the process packages are fetched again from the mounted image. [Reason was that the first part (when the 'debian-edu-install' package gets installed) has been moved to LTSP client build stage 'install)' where the CDROM and required mounts are not yet available. Moving this part to 'after-install)' (or all parts to 'finalization)' like it has been before commit 57a5c24f) allows to use '/media/cdrom' throughout. Also, '-o acquire::check-valid-until=0' needs to be added to APT_GET_OPTS to be really able to use '/media/cdrom' as local file type repo.] See: 867271, fixed in Buster (d-e-c commits 2278d78b and 5c1b880d).
Fix personal web pages configuration; see 866228. As a workaround run these commands on the main server:
rm /etc/apache2/mods-available/userdir.load cp /etc/apache2/mods-available/status.load /etc/apache2/mods-available/userdir.load sed -i 's/status/userdir/g' /etc/apache2/mods-available/userdir.load ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-available/debian-edu-userdir.load a2enmod debian-edu-userdir
adjust the Samba configuration file to be able to join recent clients to the SKOLELINUX domain out-of-the-box; see 864663.