Differences between revisions 182 and 184 (spanning 2 versions)
Revision 182 as of 2020-09-26 18:20:17
Size: 13145
Editor: ?WolfgangSchweer
Comment: update exim4 instructions to fix sending internal email (buster-backports)
Revision 184 as of 2020-09-27 08:47:06
Size: 13243
Editor: ?WolfgangSchweer
Comment: 10.6 ISOs are now in place
Deletions are marked like this. Additions are marked like this.
Line 36: Line 36:
No Debian Edu specific changes. See the related [[https://www.debian.org/News/2020/20200926|announcement]]; there are no changes concerning Debian Edu packages.
Line 43: Line 43:
Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places ('''updated to Debian Edu 10.5'''): Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places ('''updated to Debian Edu 10.6'''):
Line 61: Line 61:
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-10.5.0-amd64-netinst.iso debian-edu-10.5.0-amd64-netinst.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-10.5.0-i386-netinst.iso debian-edu-10.5.0-i386-netinst.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-10.6.0-amd64-netinst.iso debian-edu-10.6.0-amd64-netinst.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-10.6.0-i386-netinst.iso debian-edu-10.6.0-i386-netinst.iso}}}
Line 64: Line 64:
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-10.5.0-amd64-BD-1.iso debian-edu-10.5.0-amd64-BD-1.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-10.5.0-i386-BD-1.iso debian-edu-10.5.0-i386-BD-1.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-10.6.0-amd64-BD-1.iso debian-edu-10.6.0-amd64-BD-1.iso}}}
  {{{rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-10.6.0-i386-BD-1.iso debian-edu-10.6.0-i386-BD-1.iso}}}
Line 69: Line 69:
 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/10.5.0+nonfree/amd64/iso-cd/
 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/10.5.0+nonfree/amd64/iso-bd/
 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/10.6.0+nonfree/amd64/iso-cd/
 * http://get.debian.org/cdimage/unofficial/non-free/cd-including-firmware/10.6.0+nonfree/amd64/iso-bd/

Debian Edu Installer Logo

Status of Debian Edu "Buster"

(development started in July 2017)

Released at the Debian 10 Buster release date (July 06 2019)
See the release announcement.

Updated at Debian 10.1 Buster point release date (September 07 2019)
Among others, the packages debian-edu-config, gosa* and debian-edu-doc* have been updated. It is recommended to update the main server first, then LTSP chroots (in case they exist) and other clients (like workstations) in the Debian Edu network.
Please note that the updated debian-edu-config package includes CFengine configuration file changes, so cf-agent -I -D installation needs to be run after upgrading the package (see the Buster manual Maintenance chapter).

Updated at Debian 10.2 Buster point release date (November 16 2019)
Among others, the packages debian-edu-config and standardskriver have been updated, see the related announcement.

Updated at Debian 10.3 Buster point release date (February 08 2020)
Among others, the package debian-edu-config has been updated, see the related announcement.

Updated at Debian 10.4 Buster point release date (May 09 2020)
Among others, the package debian-edu-config has been updated, see the related announcement. New users are no longer forced to accept the self-signed certificate as an insecure one (Firefox-ESR and Thunderbird).

Updated at Debian 10.5 Buster point release date (Aug 01 2020)
Among others, the package debian-edu-config has been updated, see the related announcement. The loss of dynamically allocated IPv4 addresses has been fixed.

Updated at Debian 10.6 Buster point release date (Sep 26 2020)
See the related announcement; there are no changes concerning Debian Edu packages.


Instead of the default xfce desktop environment, mate, gnome, lxde, lxqt or kde can be used by editing the kernel desktop parameter (default: desktop=xfce). See the Buster manual installation chapter how to edit kernel command line parameters.

Debian Edu ISOs for 64-bit and 32-bit PCs (both AMD and Intel processors) are available from the usual Debian places (updated to Debian Edu 10.6):

Download using http

The netinst iso image can be used for installation from CD/DVD and USB flash drives and is available for two Debian architectures: amd64 (64-bit) or i386 (32-bit). As the name implies, Internet access is required for the installation.

The BD images are 5.3 GB (amd64) / 5.4 GB (i386) large and can be used for installation of amd64 or i386 machines, also without access to the Internet. Like the netinst image it can be installed on USB flash drives or disk media of sufficient size.

Download using rsync

Also recommended to update an already existing image.

  • rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-cd/debian-edu-10.6.0-amd64-netinst.iso debian-edu-10.6.0-amd64-netinst.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-cd/debian-edu-10.6.0-i386-netinst.iso debian-edu-10.6.0-i386-netinst.iso

    rsync -v --progress cdimage.debian.org::cdimage/release/current/amd64/iso-bd/debian-edu-10.6.0-amd64-BD-1.iso debian-edu-10.6.0-amd64-BD-1.iso rsync -v --progress cdimage.debian.org::cdimage/release/current/i386/iso-bd/debian-edu-10.6.0-i386-BD-1.iso debian-edu-10.6.0-i386-BD-1.iso

Unofficial images including non-free firmware - use only if really needed

Verify the downloaded image file

Detailed instructions for verifying these images are part of the Debian-CD FAQ.

Known problems we want to fix

  • GOsa²: Fatal error when opening user list, see 941165 (also for a possible workaround).

Known problems that can be fixed locally

  • Sending email inside the internal network doesn't work for users. This is due to exim4 changes shortly before the Buster release, breaking at least the Debian Edu specific setup. Installing exim4-daemon-heavy from buster-backports on the main server will allow one to send email. See the related manual chapter for details about using backports. Please note: after upgrading to exim4 4.94 via backports, this adjusted server configuration is needed: https://salsa.debian.org/debian-edu/debian-edu-config/-/raw/master/etc/exim4/exim-ldap-server-v4.conf

  • On a separate LTSP server, the DHCP server configuration is wrong. Instead of the default one, the Debian Edu specific configuration needs to be activated:

cd /etc/dhcp
mv dhcpd.conf dhcpd.conf.cfsaved
ln -s debian-edu-dhcpd.conf dhcpd.conf
service isc-dhcp-server restart

Known problems that need to be fixed elsewhere

  • X2Go doesn't register users with utmp/wtmp, see 890517. Remove the killer package (or disable the killer cron job) on the related LTSP server to avoid user sessions to be kicked out.

  • Icinga doesn't use authentication, see 939056. [Unlikely to be fixed in Buster, Icinga is EOL]. As a workaround edit /etc/icinga/apache2.conf: drop the line containing Require all granted.

Known problems we fixed via workarounds, real fix needed elsewhere

  • Squid needs to be started manually after reboots due to 911325 (patch available). [Unlikely to be fixed in Buster.]

  • Mounting removable media (like USB sticks) fails on diskless workstations; for details and workarounds, see 913774. [Unlikely to be fixed in Buster.]

  • Xfce is missing a volume control in the panel, see 913610. [Unlikely to be fixed in Buster.]

  • Xfce is missing a screenserver if Lightdm isn't used (e.g. LTSP clients, remote sessions), see 922718. [Unlikely to be fixed in Buster.]

Fixed + done (related packages migrated to buster or unstable)

  • Loss of dynamically allocated v4 IP address after 30 minutes, see 966129. As a workaound, run rm etc/network/if-up.d/wpad-proxy-update as root on the affected system and reboot the system. For details concerning the script removal, see this mail.

  • Fix fetch-ldap-cert to improve security, see 931413.

  • Fix sudo-ldap configuration, see 929964.

  • Fix LTSP related PXE configuration, see 928756.

  • Fix Firefox NFS related issue, see 930122.

  • Fix krb5 related logging configuration, see 931366.

  • Set LTSP chroot path in /etc/exports file if LTSP server has i386 arch, see 931680.

  • Include the LDAP server certificate in initial LTSP chroot image, see 932828.

  • Provide Debian Edu RootCA certificate for download, see 933183.

  • Fix loss of dynamically allocated v4 IP address, see 933580.

  • LTSP code to detect the DIST value is broken, see 925173.

  • GOsa (upgrade from Stretch): the password entry field is missing, see 918578. The related manual chapter contains information how to upgrade from Stretch despite this bug.

  • GOsa (upgrade from Stretch): crypto-transition not possible, see 925138. The related manual chapter contains information how to upgrade from Stretch despite this bug.

  • LTSP client boot is broken due to a new busybox version: 924374. See the bug log for a temporary workaround.

  • Broken PXE installation framework, see 924927.

  • Apache on tjener stops responding at midnight due to a logrotate happening at 0:00 sharp (segfaults, remaining parts causing high fork rates, making system nearly unresponsive) (#902658). [Real culprit is 904808 ; as a workaround edit /etc/logrotate.d/apache2 and replace reload with restart.]

  • The added LXQt desktop environment lacks desktop-base support, see 914345.

  • the USB-offline installation media (also known as Bluray media) is still too big, see 846006

  • Proper Buster artwork is still missing as it depends on currently still missing Debian artwork for Buster, for now the Debian Edu Buster artwork is based upon the futurePrototype proposal.

  • The added metapackages (video, primaryschool) are missing education menu integration.
  • The desktop profiles concept (kiosk) seems to be outdated since years.
  • The favorites configuration (most DEs?) needs love.
  • *_proxy variables in /etc/environment for some reason do not make it into the LTSP squashfs image when this is built during installation. They appear in the chroot tree after installation and an ltsp-update-image correctly carries them to the squashfs.
  • we are able to install Debian Edu with d-i from cdimage.debian.org, see 846006

  • finish the SVN2Git Migration Status

  • Even if deselected, the LTSP installation step is reported as 'failed'; see: 888583. Workaround: When the Debian Edu profile screen is shown, open up a Debian Installer shell and run 'rm /var/lib/dpkg/info/kbd-chooser.*'

  • GOsa² access to LDAP is broken. This happens because password decryption doesn't work; see 892546. Workaround: After booting the main server for the first time, run:

cp /etc/gosa/gosa.conf.orig /etc/gosa/gosa.conf
cat /dev/null > /etc/gosa/gosa.secrets
service apache2 reload

Please note that this change disables gosa-admin password encryption (GOsa² -> LDAP connection); the generated (random) password is used in this case.

  • Installation is broken since PHP7.2 has entered testing. This happens because mcrypt support has been removed from PHP while gosa-encrypt-password depends on it; see 889811. Workaround: While the Debian Installer is busy installing software, open up a shell and use 'nano target/usr/bin/ldap-debian-edu-install' to replace gosa-encrypt-passwords > /dev/null with #gosa-encrypt-passwords > /dev/null and to add the line touch /etc/gosa/gosa.secrets below the commented one. Please note that this change disables password encryption to access the GOsa² web interface; use only for testing.

  • The usbstick ISO image should allow installations including the 'LTSP server' profile without internet connection; atm about 300 MiB need to be downloaded. This happens right after the base system has been installed successfully in the LTSP chroot, later in the process packages are fetched again from the mounted image. [Reason was that the first part (when the 'debian-edu-install' package gets installed) has been moved to LTSP client build stage 'install)' where the CDROM and required mounts are not yet available. Moving this part to 'after-install)' (or all parts to 'finalization)' like it has been before commit 57a5c24f) allows to use '/media/cdrom' throughout. Also, '-o acquire::check-valid-until=0' needs to be added to APT_GET_OPTS to be really able to use '/media/cdrom' as local file type repo.] See: 867271, fixed in Buster (d-e-c commits 2278d78b and 5c1b880d).

  • Fix personal web pages configuration; see 866228. As a workaround run these commands on the main server:

rm /etc/apache2/mods-available/userdir.load 
cp /etc/apache2/mods-available/status.load /etc/apache2/mods-available/userdir.load 
sed -i 's/status/userdir/g' /etc/apache2/mods-available/userdir.load 
ln -s /etc/apache2/mods-available/userdir.load /etc/apache2/mods-available/debian-edu-userdir.load 
a2enmod debian-edu-userdir
  • adjust the Samba configuration file to be able to join recent clients to the SKOLELINUX domain out-of-the-box; see 864663.