Differences between revisions 123 and 124
Revision 123 as of 2017-05-18 15:19:13
Size: 9316
Editor: ?WolfgangSchweer
Comment: add instructions for exim4 security fix.
Revision 124 as of 2017-05-18 15:20:42
Size: 9337
Editor: ?WolfgangSchweer
Comment: formatting fix.
Deletions are marked like this. Additions are marked like this.
Line 35: Line 35:
!#!/bin/sh
#
# migrate iceweasel customization to firefox-esr.
# the cert_override.txt file is already located in the right place
# (directory /etc/skel on tjener) to work ok, so is skipped here.
# proxy settings are pulled via wpad and/or /etc/environment.
set -e
# check if host has networked profile; and yes, it's 'iceweacel-networked-prefs.js'
# by intention, the file is shipped like this since years, I guess.
if [ -e /etc/iceweasel/pref/debian-edu-networked.js ] && [ ! -e /etc/firefox-esr/debian-edu-networked.js ]; then
    ln -s /usr/share/debian-edu-config/iceweacel-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
    sed -i 's#iceweasel/pref#firefox-esr#' /usr/share/debian-edu-config/tools/update-iceweasel-homepage
    /etc/init.d/iceweasel-ldapconf force-reload
if [ -d /opt/ltsp ] ; then
        for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
            chroot $ltsp_chroot ln -s /usr/share/debian-edu-config/iceweacel-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
            chroot $ltsp_chroot sed -i 's#iceweasel/pref#firefox-esr#' /usr/share/debian-edu-config/tools/update-iceweasel-homepage
            chroot $ltsp_chroot /etc/init.d/iceweasel-ldapconf force-reload
        done
    fi
fi
 #!/bin/sh
 #
 
# migrate iceweasel customization to firefox-esr.
 # the cert_override.txt file is already located in the right place
 # (directory /etc/skel on tjener) to work ok, so is skipped here.
 # proxy settings are pulled via wpad and/or /etc/environment.
 set -e
 
# check if host has networked profile; and yes, it's 'iceweacel-networked- prefs.js'
 # by intention, the file is shipped like this since years, I guess.
 if [ -e /etc/iceweasel/pref/debian-edu-networked.js ] && [ ! -e /etc/firefox-esr/debian-edu-networked.js ]; then
     ln -s /usr/share/debian-edu-config/iceweacel-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
     sed -i 's#iceweasel/pref#firefox-esr#' /usr/share/debian-edu-config/tools/update-iceweasel-homepage
     /etc/init.d/iceweasel-ldapconf force-reload
 
if [ -d /opt/ltsp ] ; then
  for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
             chroot $ltsp_chroot ln -s /usr/share/debian-edu-config/iceweacel-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
             chroot $ltsp_chroot sed -i 's#iceweasel/pref#firefox-esr#' /usr/share/debian-edu-config/tools/update-iceweasel-homepage
             chroot $ltsp_chroot /etc/init.d/iceweasel-ldapconf force-reload
         done
     fi
 fi

Debian Edu Wheezy

Wheezy has been released and so have we! \o/

FIXME: link to debian-news about the event

Known problems in edu0 we might fix

  • installation on too small disk, fixed in wheezy-test images? (please comment)
  • With the security update for exim4 (fixing CVE-2016-1531), the Exim environment is purged. To be still able to use Kerberos authentication, the environment has to be created inside the runtime chroot. Also, the configuration file needs one additional line.
    • Use this script to create the environment:

 #!/bin/bash
 #
 # Create Kerberos environment for exim4 chroot. This is needed
 # to cope with the exim4 security fix for CVE-2016-1531. 
 set -e
 DIR="/var/lib/exim4/etc"
 FILE="krb5.keytab.smtp"
 if [ ! -f $DIR/$FILE ]; then
     if [ ! -d $DIR ] ; then
         mkdir $DIR
     fi
 fi
 cp /etc/$FILE $DIR
 chown Debian-exim:Debian-exim $DIR/$FILE
 echo "Successfully created the Exim4 environment."
  • Add a line to /etc/exim4/exim-ldap-server-v4.conf after the line containing # LDAP server info:

    • keep_environment = KRB5_KTNAME : PWD : ^LDAP

    Run service exim4 restart.

  • With the re-rename of Iceweasel to Firefox in Wheezy (via security update), the setting of the Iceweasel default homepage and the feature to configure this URL in LDAP is gone (827448). As a workaround this script might be used (on tjener) until a proper fix is available:

 #!/bin/sh
 #
 # migrate iceweasel customization to firefox-esr.
 # the cert_override.txt file is already located in the right place
 # (directory /etc/skel on tjener) to work ok, so is skipped here.
 # proxy settings are pulled via wpad and/or /etc/environment.
 set -e
 # check if host has networked profile; and yes, it's 'iceweacel-networked- prefs.js'
 # by intention, the file is shipped like this since years, I guess.
 if [ -e /etc/iceweasel/pref/debian-edu-networked.js ] && [ ! -e /etc/firefox-esr/debian-edu-networked.js ]; then
     ln -s /usr/share/debian-edu-config/iceweacel-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
     sed -i 's#iceweasel/pref#firefox-esr#' /usr/share/debian-edu-config/tools/update-iceweasel-homepage
     /etc/init.d/iceweasel-ldapconf force-reload
     if [ -d /opt/ltsp ] ; then
         for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
             chroot $ltsp_chroot ln -s /usr/share/debian-edu-config/iceweacel-networked-prefs.js /etc/firefox-esr/debian-edu-networked.js
             chroot $ltsp_chroot sed -i 's#iceweasel/pref#firefox-esr#' /usr/share/debian-edu-config/tools/update-iceweasel-homepage
             chroot $ltsp_chroot /etc/init.d/iceweasel-ldapconf force-reload
         done
     fi
 fi

Known problems, unlikely to be fixed

We should probably mention them in debian-edu-doc and get over them for wheezy...

  • Using KDE on standalone and roaming workstations, at least Konqueror, Chromium and Step sometimes fail to work out-of-the box when the machines are used outside the backbone network, proxy use is required to use the other network but no wpad.dat information is found. [Item mentioned in the manual.]
  • If KDE is used, booting a diskless workstation is slow, and logging in takes a long time (>60 seconds) (Xfce and LXDE sessions start up time is much faster.) - Workaround: Boot computers before pupils enter the classroom.

  • manual:
    • three FIXMEs (about Windows clients)
    • incomplete translations Norwegian Bokmal and Spanish, for which localised screenshots are lacking too as for Italian and Danish
  • still no live-CD again :( could be added later though...

Fixed + done

  • During an Debian Edu installation sometimes (depending on language and moon phase settings) there is a debconf question from dictionaries-common about setting the default dictionary.
    • we still have an open bug about this which should be closed once we are reasonable sure its fixed: 664976

    • this seems to be fixed as of 2013-06-17
    • This is related to 566912. It is also related to the old 277410.

    • The question can be supressed by preseeding like this:

        dictionaries-common dictionaries-common/default-wordlist select Manual symlink setting
  • we decided: we want to release an amd64/i386 usbstick image (behaving like the old DVD image, just bigger in size) plus the i386 netinst CD. Dropped the DVD image,
    • updated the documentation accordingly
  • Gnome is unstallable (at least Norwegian standalone installation), because installing debian-edu-artwork before gdm3 causes gdm3 to ask a conffile question wich block the installation.
  • LTSP diskless workstation login using ldm (with sshfs) end up without kerberos tickets, and krb5-auth-dialog crash when trying to get one (part of 714825, only the crash problem is fixed in unstable). Might partly be fixable by making our own krb5.conf.

  • All screenshots were redone for wheezy \o/
  • this has been documented: login as user on a freshly installed combi server does not work if the password entered is too short. (what exactly *is* too short?) (minimum 5 chars, according to: https://wiki.debian.org/DebianEdu/Documentation/Wheezy/Installation) - this is especially confusing as these passwords work in standalone... they also worked on a combi server for root logins on the text console.

  • mass import feature (ldif and csv) is missing in gosa-plugin-ldapmanager. (698840)

  • this has been documented: if install (dvd or netinst) happens on a box containing more than one NIC, after reboot network interfaces may have a different order. This won't happen if pxe installation is used (once tjener is up and running).
  • note that the wheezy build uses the debian-edu package source in svn for squeeze. ie the packages added for wheezy do not make it to the dvd when we start to build dvds. this should be fixed (so that the wheezy build uses the packages from the svn wheezy branch and this needs to happen in build/CD-administrator/ somewhere
  • KDE Debian submenu lacks icons (502192). The menu-xdg maintainer do not want to fix it. An alternative is to not install menu-xdg at all, removing the Debian submenu from KDE.

  • grub logo is the new Joy theme logo. we should try to get Joy+edu theme.
  • Netinst CD missing etckeeper, causing error during installation. The package is installed from the net instead, so the error is not fatal.
  • slbackup.php login failure needs to be fixed (700257)

    • main-server used to show problems connecting to sitesummary, because the installer tried to submit to sitesummary even if it was going to become its own sitesummary collector, and thus lacked the receiver end before the installation was done. This no longer happen.
  • there was still some squeeze in sources.lists...
  • make it easier to use a different IP network - (done for Squeeze already)
  • no mandatory login (into KDE) as root) - (done for Squeeze already)
  • selecting profile standalone results in an error free install, but the education-standalone package is not installed (nor any other education* package
  • same with workstation profile
    • maybe this is because recommends are not installed?
  • #695726 archive key will expire during wheezy's lifetime
  • If a uid is known, smbclient -k //tjener/<uid> -U <uid> allows read/write access. Using a Windows client, same thing is possible using null password.

  • d-e-artwork
    • needs update for new green joy based artwork
  • Iceweasel do not update its default start page from LDAP at boot like it did in Squeeze. This make it impossible for the school admin to centrally set the default browser start page 717263.

  • KDE applications (at least konqueror and step) do not use the proxy by default, and automatic proxy configuration do not work, making these tools useless on a network where proxy use is required. Looks like KDE do not understand our wpad.dat file? (If KDE is pointed to the correct URL, wpad.dat is understood and used; so it seems that KDE can't find the file using the DNS method.)
  • apt-get update fetches translation updates for several languages despite I just want German / my language. [Several language packages are installed with the intention to be available...]

Further ideas

Mostly stuff for Jessie (the release after Wheezy)

  • make it easier to use another, already existing, directory server, be it LDAP or AD.
  • Include FAI to easily install customized machines (Skolelinux RLP and Musterösung BW use Images (why?), can we do something comparable with FAI?
  • Make the installer more flexible. Make it possible to choose KDE/GNOME/all educational packages/Debian default. (Waiting several hours installing Tjener+LTSP seems to scare away testers and developers).
  • Continue cleanup. What is left back in our d-e-packages that's not needed anymore? Strip down things to the necessary, we are not able to maintain more. What can and should be addressed in Debian?
  • Preconfigured LXDE by default as Thin-Client?
  • Preconfigured educational desktop (if chosen in the installer).
  • Make it possible to choose LTSP chroot arch (i386/amd64)