--- Begin Message ---
- To: Debian Bug Tracking System <submit@bugs.debian.org>
- Subject: bookworm-pu: package debian-edu-fai/2023.11.19.1~deb12u1
- From: Mike Gabriel <sunweaver@debian.org>
- Date: Thu, 30 Nov 2023 09:33:23 +0100
- Message-id: <170133320312.29072.8397160288392801908.reportbug@sunobo.fritz.box>
Package: release.debian.org
Severity: normal
Tags: bookworm
User: release.debian.org@packages.debian.org
Usertags: pu
X-Debbugs-Cc: debian-edu-fai@packages.debian.org, debian-edu@lists.debian.org
Control: affects -1 + src:debian-edu-fai
This upload provides an updated version of Debian Edu FAI (zero-click
installation of Debian Edu clients on the Debian Edu school network).
This upload is part of the Debian Edu 12 release and provides various
improvements and esp. compatibility fixes when used with FAI 6.x (which
is the version shipped in Debian 12).
[ Reason ]
We are delayed with Debian Edu 12, compared to the Debian release flow.
This upload of Debian Edu FAI has been thoroughly tested against Debian
12 and finally makes installation of Debian Edu 12 devices without admin
interaction during the install process work/possible.
[ Impact ]
People will need to obtain debian-edu-fai from Git if this upload will
not get accepted.
[ Tests ]
Plenty of test installation tests of MATE Desktop, GNOME Desktop.and
minimal Debian Edu systems have been performed. At one customer we
have taken the code in this version of Debian Edu FAI already into
production.
[ Risks ]
Only for Debian Edu users and only if they choose Debian Edu FAI as their
method of installing workstations on the network.
[ Checklist ]
[x] *all* changes are documented in the d/changelog
[x] I reviewed all changes and I approve them
[x] attach debdiff against the package in (old)stable
[x] the issue is verified as fixed in unstable
[ Changes ]
+debian-edu-fai (2023.11.19.1~deb12u1) bookworm; urgency=medium
+
+ * Release to Debian bookworm.
+
+ -- Mike Gabriel <sunweaver@debian.org> Thu, 30 Nov 2023 09:14:29 +0100
+
+debian-edu-fai (2023.11.19.1) unstable; urgency=medium
+
+ * bin/debian-edu-router-fai_updateconfigspace:
+ - Fix quoting typo in git command.
+
+ -- Mike Gabriel <sunweaver@debian.org> Sun, 19 Nov 2023 09:51:33 +0100
+
+debian-edu-fai (2023.10.03.1) unstable; urgency=medium
+
+ * fai/config/_obsolete-files.d/debian-edu-fai.removed:
+ - Add .asc files which got replaced by .gpg files.
+ * fai/config/scripts/*/20-update-security-group-conf:
+ - Don't fail script if not on DEBIAN_11.
+ * fai/config/disk_config:
+ - LVM_EDU_MINIMAL: Fix LV name (home -> srv).
+ - Enlarge system partitions generously, so that system installation don't
+ fail because of low-disk space.
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 03 Oct 2023 23:14:29 +0200
+
+debian-edu-fai (2023.09.26.3) unstable; urgency=medium
+
+ * debian/control:
+ + Move memtest86+ (for archs amd64 + i386) to Recommends: field as we can't
+ have arch-specific dependencies in arch-all bin:pkgs. (Closes: #1052957).
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 26 Sep 2023 16:53:13 +0200
+
+debian-edu-fai (2023.09.26.2) unstable; urgency=medium
+
+ * debian/control:
+ + Fix installability on non-x86 architectures. People should at least be
+ able to test those platforms.
+
+ -- Mike Gabriel <sunweaver@debian.org> Mon, 25 Sep 2023 09:30:53 +0200
+
+debian-edu-fai (2023.09.26.1) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Improve OS detection for loading profiles
+
+ [ Mike Gabriel ]
+ * ChangeLog: update post-release
+ * bin/debian-edu-fai_install: Promote http_proxy settings into FAI config
+ space and set APTPROXY variable accordingly.
+ * fai/config/hooks/updatebase.DEBIAN: Debian Edu sets up http proxy
+ configuration via 03debian-edu-config. To override this (which we want),
+ we need to move 02proxy to 04proxy in /etc/apt/apt.conf.d/.
+
+ -- Mike Gabriel <sunweaver@debian.org> Mon, 25 Sep 2023 09:01:00 +0200
+
+debian-edu-fai (2023.09.19.1) unstable; urgency=medium
+
+ [ Mike Gabriel ]
+ * {bin/debian-edu-fai_install,fai/config/class/DEBIAN.var.in}:
+ + Propagate mirrorurl from debian-edu-fai.conf into FAI config space.
+ + Don't use @mirrorurl@, use internally derived @apt_cdn@ variable instead.
+ * files/etc/apt/sources.list.d/fai-mirror.list/FAI_MIRROR:
+ + Use more generic mirror (path) URL.
+ * APT sources: Use {%apt_cdn%} variable instead of hard-coded servername.
+ * bin/debian-edu-fai_install:
+ + Fix config file's name in comment.
+ * bin/debian-edu-fai_updateconfigspace:
+ + More reliably detect if we are in a Git working copy.
+ * fai/config/class:
+ + Add OS detection code to 40-parse-profiles.sh to support OS + version specific
+ installation profiles (detect from FAI nfsroot OS + version).
+ * fai/config/class:
+ + Rename / add profile files, now OS + version specific.
+
+ [ Guido Berhörster ]
+ * fai/config/class/40-parse-profiles.sh:
+ + Adjust OS_VERSION_MAJOR population.
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 19 Sep 2023 22:05:11 +0200
+
+debian-edu-fai (2023.09.13.1) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Replace nullmailer with exim4
+ This corresponds to a manual installation and avoids problems with nullmailer
+ such as excessive delivery attempts of all queued messages at once and
+ excessive logging of such events (see discussion in #1051461).
+
+ -- Mike Gabriel <sunweaver@debian.org> Wed, 13 Sep 2023 08:55:53 +0200
+
+debian-edu-fai (2023.09.09.1) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Fix nullmailer configuration
+ Configure the nullmailer relayhost (the default is mail.<domain>) in order to
+ allow clients to actually send mail and explicitly set /etc/mailname
+ (Closes: #1051461).
+ * Do not append the hostname to /etc/mailname
+ Do not append to /etc/mailname, the file should contain a single hostname.
+ Rather create it with the default "postoffice.intern" if it does not exist yet.
+ This is consistent with manual installations of Debian Edu.
+
+ -- Mike Gabriel <sunweaver@debian.org> Sat, 09 Sep 2023 22:51:26 +0200
+
+debian-edu-fai (2023.09.07.1) unstable; urgency=medium
+
+ * Debian Edu FAI for Debian bookworm.
+
+ [ Guido Berhoerster ]
+ * Rename bin/debian-edu-faiinstall to bin/debian-edu-fai_install for
+ consistency with debian-edu-router.
+ * Actually install /etc/security/group.conf on bullseye. From bookworm on this
+ is handled via cfengine.
+ * Use non-free-firmware component on bookworm and later.
+ This is required for installing the firmware packages.
+ * Add support for memtest86+ x64.
+ * debian/control: Add explicit dependency on memtest86+.
+ * Unset TMPDIR when invoking fai-make-nfsroot.
+ On a DebianEdu installation pam_tmpdir is installed which sets TMPDIR to
+ /tmp/user/<uid>. This is then propagated from fai-make-nfsroot to
+ debootstrap which causes maintainer scripts making use of TMPDIR (e.g. by
+ calling mktemp) to fail because the directory does not exist inside the
+ chroot.
+ * Add some documentation about NFS exports to README.md
+ * Switch to installing bookworm.
+ * Ensure parent of target directory exists before copying FAI config space
+ debian-edu-faiinstall does not check whether the parent of the target
+ directory /srv/fai/config existed before invoking cp -a on the config space.
+ Thus, if /srv/fai does no exist cp will copy /usr/share/debian-edu-fai/fai
+ /config to /srv/fai instead of /srv/fai/config which is not detected until
+ booting a client via PXE. Fix this by ensuring the parent directory of
+ $FAI_CONFIGDIR_REAL exists.
+ Additionally do not hardcode /srv/fai which ignores that FAI_CONFIGDIR is
+ configurable.
+ * Disable apt proxy by default. Do not assume faiserver.intern exists. The
+ proxy can be set via /etc/debian-edu/debian-edu-fai.conf.
+ * Fix instructions in README.md and /etc/debian-edu/debian-edu-fai.conf
+ The configuration file name is /etc/debian-edu/debian-edu-fai.conf not
+ /etc/debian-edu/faiinstall.conf.
+ Improve and shorten the instructions to set up SSH access for the fai user.
+ * Add primary group fai for the fai user (instead of primary group
+ nobody).
+ * Recommend the use of yescrypt password hashes.
+ This follows the default since Debian bullseye.
+ * Add note about syntax to configuration.
+ * Update motd for bookworm.
+ * README.md: Change instructions to emphasize the need for first time
+ configuration. Users should not be enticed to blindly run
+ debian-edu-fai_install before actually configuring the server.
+ * Ensure debian-edu-fai.conf is not world-readable
+ It contains password hashes for the root account of installed clients so
+ like /etc/shadow it should not be world readable.
+ * Replace fetch-ldap-cert script usage with fetch-rootca-cert
+ The fetch-ldap-cert init script has been obsolete and was removed
+ (see #971780).
+
+ [ Mike Gabriel ]
+ * bin/debian-edu-fai_install (port over from debian-edu-router's FAI
+ installation script):
+ + Manage config space with ucf.
+ + Echo headlines to show where we are in the script.
+ + Drop support for Debian versions older than bullseye
+ + Mount /proc and /sys in nfsroot
+ * README.md: Typo fix.
+ * {README.md,conf/debian-edu/debian-edu-fai.conf}: Adjust files to renaming
+ of debian-edu-fai_install script (only in docs or comments).
+ * bin/debian-edu-fai_install: Mount /proc and /sys in nfsroot
+ Mount prior to creating/updating it. Those mountpoints are needed by
+ dracut's 45url-libs module.
+ * debian/control:
+ + Bump Standards-Version: to 4.6.2. No changes needed.
+ * debian/copyright:
+ + Update copyright attributions.
+ * lintian: Override uses-dpkg-database-directly and openpgp-file-has-
+ implementation-specific-extension for given reasons.
+
+ -- Mike Gabriel <sunweaver@debian.org> Thu, 07 Sep 2023 21:16:37 +0200
+
[ Other info ]
Attached you find the .debdiff between the current bookworm version of
debian-edu-fai and the bookworm-pu version.
One long script file (bin/debian-edu-fai_install) has been renamed in
this upload and I failed to provide a proper .diff with debdiff for this
file. To visualize the changes on the renamed file, I attached an
individual .diff (generated from Git) for debian-edu-fai_install to this
mail.
diff -Nru debian-edu-fai-2023.05.16.1/AUTHORS debian-edu-fai-2023.11.19.1~deb12u1/AUTHORS
--- debian-edu-fai-2023.05.16.1/AUTHORS 2023-05-16 23:00:47.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/AUTHORS 2023-11-19 09:52:01.000000000 +0100
@@ -1 +1,3 @@
+Guido Berhoerster <guido+freiesoftware@berhoerster.name>
+Guido Berhörster <guido+debian.org@berhoerster.name>
Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
diff -Nru debian-edu-fai-2023.05.16.1/bin/debian-edu-fai_install debian-edu-fai-2023.11.19.1~deb12u1/bin/debian-edu-fai_install
--- debian-edu-fai-2023.05.16.1/bin/debian-edu-fai_install 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/bin/debian-edu-fai_install 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,435 @@
+#!/bin/sh
+#
+# Prepare for FAI installation of Debian Edu.
+
+set -x
+
+LC_ALL=C
+export LC_ALL
+
+## FIXME: Why is resolv.conf empty or missing? Because network
+## was started in the chroot (target)?
+## Try to find the DNS from the leases file, if that fails use
+## default DNS:
+if [ ! -s /etc/resolv.conf ] ; then
+ DNS="10.0.2.2"
+ LEASEDIR=/var/lib/dhcp/
+ if [ -d $LEASEDIR ] ; then
+ LEASEFILE=$LEASEDIR`ls -tr -1 $LEASEDIR | tail -n 1`
+ if [ -r $LEASEFILE ] ; then
+ if DNSLEASE=`cat $LEASEFILE | grep domain-name-servers | \
+ tail -n 1 | \
+ grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+"` ; then
+ DNS=$DNSLEASE
+ echo "info: Found leases file and domain-name-server: $DNS."
+ else
+ echo "info: Could not extract DNS from leases file."
+ fi
+ fi
+ fi
+ echo "info: Create temporary /etc/resolv.conf with DNS: $DNS."
+ cat >> /etc/resolv.conf <<EOF
+## This is a temporary resolv.conf created by $0.
+## If you find it after installation, something went wrong. Try to replace it
+## by a symlink: /etc/resolv.conf -> /etc/resolvconf/run/resolv.conf, i.e.:
+## rm /etc/resolv.conf; ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
+nameserver $DNS
+search intern
+EOF
+ fi
+
+# Make sure the created directories and files are readable by tfptd
+# run as user nobody.
+umask 022
+
+# Fetch ftp_proxy and http_proxy if set globally
+if [ -f /etc/environment ] ; then
+ . /etc/environment
+fi
+
+###
+### FAI Setup
+###
+
+[ "$archs" ] || archs=$(command -V dpkg 1>/dev/null 2>/dev/null && dpkg --print-architecture || uname -m)
+[ "$codenames" ] || codenames=$(cat /etc/os-release | grep VERSION_CODENAME | cut -d "=" -f2)
+[ "$http_proxy" ] || unset http_proxy
+[ "$ftp_proxy" ] || unset ftp_proxy
+[ "$mirrorurl" ] || mirrorurl=http://deb.debian.org/debian
+[ "$rootpw" ] || rootpw=""
+[ "$localuser" ] || localuser=""
+[ "$localuserpw" ] || localuserpw=""
+[ "$wifi_essid" ] || wifi_essid=""
+[ "$wifi_passphrase" ] || wifi_passphrase=""
+[ "$tftpdir" ] || tftpdir="/srv/tftp"
+[ "$fai_logserver" ] || unset fai_logserver
+[ "$fai_loguser" ] || unset fai_loguser
+[ "$school_tag" ] || school_tag="SKOLE"
+[ "$http_proxy" ] || unset http_proxy
+
+# required for pre-selecting the default boot item in iPXE config
+[ "$default_arch" ] || default_arch="$(echo ${archs} | cut -d " " -f1)"
+[ "$default_codename" ] || default_codename=$(echo ${codenames} | cut -d " " -f1)
+
+# only set plymouth theme if known by the desktop-theme ...
+if [ -e /etc/alternatives/desktop-theme/plymouth ]; then
+ [ "$theme" ] || theme="$(ls -L /etc/alternatives/desktop-theme/plymouth | grep script | cut -d'.' -f 1)"
+fi
+
+# source Debian Edu's config file
+if [ -f /etc/debian-edu/config ] ; then
+ . /etc/debian-edu/config
+fi
+
+# source debian-edu-fai's config file
+# Allow site specific overrides to the variables
+if [ -f /etc/debian-edu/debian-edu-fai.conf ] ; then
+ . /etc/debian-edu/debian-edu-fai.conf
+fi
+
+# derived from mirrorurl...
+[ "$apt_cdn" ] || apt_cdn="$(echo "$mirrorurl" | sed -E -e 's@(.*://[^/]+)/.*@\1@g')"
+
+# keep a copy of /srv/tftp/ltsp if this is the first attempt to deploy
+# debian-edu-fai on this system
+if [ -d "${tftpdir}/debian-edu-fai" ] && [ ! -h "${tftpdir}/debian-edu-fai" ]; then
+ mv "${tftpdir}/ltsp" "${tftpdir}/ltsp.moved-aside-by-debian-edu-fai"
+elif [ -h "${tftpdir}/debian-edu-fai" ]; then
+ rm "${tftpdir}/debian-edu-fai"
+fi
+
+# For Debian Edu, we will create the FAI tftp boot dir in subfolder ltsp/.
+mkdir -p "${tftpdir}/ltsp/"
+# and symlink that to what really is inside...
+ln -nsf "ltsp" "${tftpdir}/debian-edu-fai"
+
+# Start from a clean state after any configuration changes have been made.
+rm -f $tftpdir/ltsp/fai-installers.cfg.~
+rm -f $tftpdir/ltsp/fai-menuitems.cfg.~
+rm -f $tftpdir/ltsp/debian-edu-fai.ipxe
+rm -f $tftpdir/ltsp/ltsp.ipxe
+rm -f $tftpdir/ltsp/memtest*
+rm -f $tftpdir/ltsp/snponly.efi
+rm -f $tftpdir/ltsp/undionly.kpxe
+
+# prepare menufile creation (always start fresh)
+menuitems=${tftpdir}/debian-edu-fai/fai-menuitems.cfg
+menuindex=1
+menufile=${tftpdir}/debian-edu-fai/fai-installers.cfg
+if [ -e "${menuitems}" ]; then
+ mv "${menuitems}" "${menuitems}.~"
+fi
+if [ -e "${menufile}" ]; then
+ mv "${menufile}" "${menufile}.~"
+fi
+touch "${menuitems}"
+touch "${menufile}"
+
+for codename in ${codenames}; do
+
+ # skip codenames that don't sound like Debian suites...
+ if ! echo "bullseye bookworm sid unstable" | grep -q "${codename}"; then
+ echo "WARNING: The name '${codename}' is not a known and recent Debian distribution codename. Skipping..."
+ continue
+ fi
+
+ # iterate over configured FAI client architectures...
+ for arch in ${archs}; do
+
+ set +x
+
+ echo
+ echo "###"
+ echo "### Creating/updating FAI server configuration"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+
+ set -x
+
+ # create codename based fai base config
+ faiconfig="/etc/debian-edu/fai/debian-edu-fai.${arch}+${codename}"
+ if [ -d /etc/debian-edu/fai/debian-edu-fai.TEMPLATE ]; then
+ if [ -d "${faiconfig}" ]; then
+ rm -Rf "${faiconfig}"
+ fi
+ cp -a /etc/debian-edu/fai/debian-edu-fai.TEMPLATE "${faiconfig}"
+ touch "${faiconfig}/DONT_MODIFY_FILES_IN_THIS_DIRECTORY"
+ else
+ echo "ERROR: Failed to create FAI configuration in ${faiconfig}, no debian-edu-fai.TEMPLATE directory found"
+ exit 1
+ fi
+
+ # fill in placeholders (@rootpw@, @codename@ and @arch@) in nfsroot.conf.in
+ find "${faiconfig}" -name '*.in' | while read file_to_adapt; do
+
+ cp ${file_to_adapt} ${file_to_adapt%.in}
+
+ [ "$rootpw" ] && export rootpw && perl -p -e "s/\@rootpw\@/\$ENV{rootpw}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$mirrorurl" ] && export mirrorurl && perl -p -e "s/\@mirrorurl\@/\$ENV{mirrorurl}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$codename" ] && export codename && perl -p -e "s/\@codename\@/\$ENV{codename}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$arch" ] && export arch && perl -p -e "s/\@arch\@/\$ENV{arch}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+
+ # FIXME: also comment out variables that are not set (anymore) in /etc/debian-edu/faiinstall.cfg
+
+ [ "$fai_logserver" ] && export fai_logserver && perl -p -e "s/^(#|)LOGSERVER=.{0,1}\@fai_logserver\@.{0,1}\s*\$/LOGSERVER=\'\$ENV{fai_logserver}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$fai_loguser" ] && export fai_loguser && perl -p -e "s/^(#|)LOGUSER=.{0,1}\@fai_loguser\@.{0,1}\s*\$/LOGUSER=\'\$ENV{fai_loguser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+
+ # hack for non-free-firmware repo area added since Debian 12 (aka bookworm) [we only support Debian 11 (aka bullseye) and upwards]
+ if [ "$codename" = "bullseye" ]; then
+ perl -p -e "s/ non-free-firmware//g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ fi
+
+ chown root:root ${file_to_adapt%.in}
+ chmod 0600 ${file_to_adapt%.in}
+ rm ${file_to_adapt}
+
+ done
+
+ # source the NFS conf file... this might override our FAI_CONFIGDIR
+ # (but should not as recommended in our nfsroot.conf.in template)
+ if [ -f "$faiconfig/nfsroot.conf" ]; then
+ . $faiconfig/nfsroot.conf
+ else
+ echo "ERROR: No nfsroot.conf file found in $faiconfig/, can't continue..."
+ exit 1
+ fi
+
+ # hard-code some sensible defaults in case they have been commented out in $faiconfig/nfsroot.conf
+ [ "$FAI_DEBOOTSTRAP" ] || FAI_DEBOOTSTRAP="${codename} http://deb.debian.org/debian";
+ [ "$FAI_ROOTPW" ] || FAI_ROOTPW="${rootpw}"
+ [ "$NFSROOT" ] || NFSROOT="/srv/fai/nfsroot.debian-edu-fai/${arch}+${codename}"
+ [ "$TFTPROOT" ] || TFTPROOT="${tftpdir}/debian-edu-fai.${arch}+${codename}"
+ [ "$NFSROOT_HOOKS" ] || NFSROOT_HOOKS="/etc/debian-edu/fai/debian-edu-fai.${arch}+${codename}/"
+ [ "$FAI_DEBOOTSTRAP_OPTS" ] || FAI_DEBOOTSTRAP_OPTS="--arch=${arch}"
+ [ "$FAI_CONFIGDIR" ] || FAI_CONFIGDIR="/srv/fai/config"
+
+ FAI_CONFIGDIR_REAL="${FAI_CONFIGDIR}"
+ # if FAI_CONFIGDIR is a symlink, we need to find the real location...
+ if [ -h ${FAI_CONFIGDIR} ]; then
+ FAI_CONFIGDIR_REAL="$(readlink ${FAI_CONFIGDIR})"
+ fi
+
+ set +x
+
+ echo
+ echo "###"
+ echo "### Installing/updating FAI config space (this takes some time)"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+ debian-edu-fai_updateconfigspace "${FAI_CONFIGDIR_REAL}"
+
+ set -x
+
+ # Update variables to be customized in FAI config space
+
+ # This code block might be executed on the same FAI_CONFIGDIR several times
+ # (once per arch and codename).
+ # This is a known issue and works as designed. People might have chosen to
+ # use difference FAI_CONFIGDIR values for different environments and with
+ # such a choice executing the below per arch and per codename makes sense.
+
+ set +x
+
+ echo
+ echo "###"
+ echo "### Tweaking FAI config space"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+
+ set -x
+
+ find ${FAI_CONFIGDIR_REAL} -name '*.in' | while read file_to_adapt; do
+
+ cp ${file_to_adapt} ${file_to_adapt%.in}
+
+ # FIXME: also comment out variables that are not set (anymore) in /etc/debian-edu/debian-edu-fai.conf
+
+ [ "$rootpw" ] && export rootpw && perl -p -e "s/^(#|)ROOTPW=.{0,1}\@rootpw\@.{0,1}\s*\$/ROOTPW=\'\$ENV{rootpw}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$localuser" ] && export localuser && perl -p -e "s/^(#|)username=.{0,1}\@localuser\@.{0,1}\s*\$/username=\'\$ENV{localuser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$localuserpw" ] && export localuserpw && perl -p -e "s/^(#|)USERPW=.{0,1}\@localuserpw\@.{0,1}\s*\$/USERPW=\'\$ENV{localuserpw}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$wifi_essid" ] && export wifi_essid && perl -p -e "s/^(#|)wifi_essid=.{0,1}\@wifi_essid\@.{0,1}\s*\$/wifi_essid=\'\$ENV{wifi_essid}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$wifi_passphrase" ] && export wifi_passphrase && perl -p -e "s/^(#|)wifi_passphrase=.{0,1}\@wifi_passphrase\@.{0,1}\s*\$/wifi_passphrase=\'\$ENV{wifi_passphrase}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$fai_logserver" ] && export fai_logserver && perl -p -e "s/^(#|)LOGSERVER=.{0,1}\@fai_logserver\@.{0,1}\s*\$/LOGSERVER=\'\$ENV{fai_logserver}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$fai_loguser" ] && export fai_loguser && perl -p -e "s/^(#|)LOGUSER=.{0,1}\@fai_loguser\@.{0,1}\s*\$/LOGUSER=\'\$ENV{fai_loguser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$school_tag" ] && export school_tag && perl -p -e "s/\@school_tag\@/\$ENV{school_tag}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$mirrorurl" ] && export mirrorurl && perl -p -e "s/\@mirrorurl\@/\$ENV{mirrorurl}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$apt_cdn" ] && export apt_cdn && perl -p -e "s/\@apt_cdn\@/\$ENV{apt_cdn}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$http_proxy" ] && export http_proxy && perl -p -e "s/^(#|)APTPROXY=\@http_proxy\@/APTPROXY=\$ENV{http_proxy}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+
+ chown root:root ${file_to_adapt}
+ chmod 0600 ${file_to_adapt}
+
+ done
+
+ # set APTPROXY for use by fai-make-nfsroot...
+ if [ -n "${http_proxy}" ]; then
+ export APTPROXY="${http_proxy}"
+ export http_proxy
+ fi
+
+ set +x
+
+ echo
+ echo "###"
+ echo "### Creating FAI nfsroot installer environment"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+
+ # the NFSROOT variable we should have obtained from sourcing $faiconfig/nfsroot.conf
+ # (aka /etc/fai/nfsroot.conf) above...
+ if [ -n "${NFSROOT}" ] && [ -n "${codename}" ]; then
+
+ # create nfs-root from scratch (if not present or not fully created in a previous run)
+
+ # Create a ".DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED" file at the end
+ # of fai-make-nfsroot and check for the presence of that file for detecting
+ # whether a fresh NFSROOT setup is required or just an NFSROOT update/upgrade.
+ if [ ! -f "${NFSROOT}/.DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED" ]; then
+
+ # enforce NFSROOT re-creation (or initial creation)
+ mkdir -p "${NFSROOT}/proc"
+ mount -t proc proc "${NFSROOT}/proc"
+ TMPDIR=/tmp fai-make-nfsroot -v -f -N -C ${faiconfig}
+ touch "${NFSROOT}/.DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED"
+ else
+ mount -t proc proc "${NFSROOT}/proc"
+ # update packages (and clean old kernel images) in NFSROOT
+ TMPDIR=/tmp fai-make-nfsroot -v -k -N -C ${faiconfig}
+ # adjust nfsroot configuration (SSH pubkeys, rootpw, etc.)
+ TMPDIR=/tmp fai-make-nfsroot -v -a -C ${faiconfig}
+
+ fi
+ [ -d "${NFSROOT}/proc/self" ] && umount "${NFSROOT}/proc"
+ [ -d "${NFSROOT}/sys/class" ] && umount "${NFSROOT}/sys"
+
+ # Remove /srv/tftp/debian-edu-fai.ARCH+CODENAME after NFSROOT creation.
+ # We don't need that as we use our own iPXE boot config (instead
+ # of syslinux which is used by FAI by default).
+ if [ -d "${TFPTROOT}/" ]; then
+ rm -Rf "${TFTPROOT}/"
+ fi
+
+ # symlink kernel and initrd files into
+ if [ -e "${NFSROOT}/vmlinuz" ] && [ -e "${NFSROOT}/initrd.img" ]; then
+
+ # create kernel dir in tftp area
+ mkdir -p "${tftpdir}/debian-edu-fai/${arch}+${codename}/"
+
+ # symlink vmlinuz / initrd in the NFSROOT
+ if [ -e "${tftpdir}/debian-edu-fai/${arch}+${codename}/vmlinuz" ]; then
+ rm "${tftpdir}/debian-edu-fai/${arch}+${codename}/vmlinuz"
+ fi
+ cp -a "${NFSROOT}/$(readlink "${NFSROOT}/vmlinuz")" "${tftpdir}/debian-edu-fai/${arch}+${codename}/vmlinuz"
+ if [ -e "${tftpdir}/debian-edu-fai/${arch}+${codename}/initrd.img" ]; then
+ rm "${tftpdir}/debian-edu-fai/${arch}+${codename}/initrd.img"
+ fi
+ cp -a "${NFSROOT}/$(readlink "${NFSROOT}/initrd.img")" "${tftpdir}/debian-edu-fai/${arch}+${codename}/initrd.img"
+
+ fi
+ fi
+
+ cat >> "${menuitems}" <<EOF
+item --key ${menuindex} ${arch}+${codename} Install Debian Edu (${arch}, ${codename}) via FAI
+EOF
+ menuindex=$((menuindex+1))
+
+ # create ipxe menu entry for this FAI installer variant...
+ cat >> "${menufile}" <<EOF
+
+:${arch}+${codename}
+set params net.ifnames=0 ip=dhcp root=$(hostname -i):${NFSROOT}:vers=3 rootovl FAI_FLAGS=verbose,sshd,createvt,menu FAI_CONFIG_SRC=nfs://$(hostname -f)/${FAI_CONFIGDIR} FAI_ACTION=install quiet rd.net.timeout.carrier=15
+kernel /debian-edu-fai/${arch}+${codename}/vmlinuz initrd=initrd.img \${params}
+initrd /debian-edu-fai/${arch}+${codename}/initrd.img
+boot || goto failed
+EOF
+
+ set -x
+
+ done
+done
+
+###
+### TFTP / iPXE Setup
+###
+
+if [ ! -z "$theme" ] ; then
+ cp /usr/share/pixmaps/$theme-syslinux.png $tftpdir/debian-edu/debian-edu-fai.png
+fi
+
+# Generate/modify the iPXE menu file
+# generate ipxe menu on a plain main server for PXE installations
+cp /usr/lib/ipxe/undionly.kpxe "${tftpdir}/debian-edu-fai/"
+cp /usr/lib/ipxe/snponly.efi "${tftpdir}/debian-edu-fai/"
+for memtest_bios in memtest86+x64.bin memtest86+.bin; do
+ [ -f "/boot/${memtest_bios}" ] && break
+done
+cp "/boot/${memtest_bios}" "${tftpdir}/debian-edu-fai/"
+memtest_efi="${memtest_bios%.bin}.efi"
+[ -f "/boot/${memtest_efi}" ] && cp "/boot/${memtest_efi}" "${tftpdir}/debian-edu-fai/"
+echo "Generating ${tftpdir}/debian-edu-fai/ltsp.ipxe"
+cat <<EOF > "${tftpdir}/debian-edu-fai/ltsp.ipxe"
+#!ipxe
+#
+# Configure iPXE for network installations
+
+# Set the default image (img) based on arch, or to root-path if it's not empty
+#cpuid --ext 29 && set img amd64+${codename} || set img i386+${codename}
+
+# choose default boot entry (via configurable variables, see /etc/debian-edu/debian-edu-fai.conf)
+set img ${default_arch}+${default_codename}
+
+goto start
+
+:start
+# To completely hide the menu, set menu-timeout to -1
+isset \${menu-timeout} || set menu-timeout 5000
+iseq "\${menu-timeout}" "-1" && goto \${img} ||
+menu Debian Edu iPXE boot menu || goto \${img}
+item
+item --gap Debian Edu installation:
+$(cat ${menuitems})
+item
+item --gap Other options:
+item --key m memtest Memory test
+item --key c config Enter iPXE configuration
+item --key s shell Drop to iPXE shell
+item --key d disk Boot from the first local disk
+item
+item --key x exit Exit iPXE and continue BIOS boot
+choose --timeout \${menu-timeout} --default \${img} img || goto cancel
+goto \${img}
+
+:memtest
+iseq \${platform} pcbios && kernel ${memtest_bios} || kernel ${memtest_efi}
+# Boot "fails" on normal memtest exit with Esc, so show the menu again
+boot ||
+goto start
+
+:config
+config
+goto start
+
+:shell
+echo Type 'exit' to get the back to the menu
+shell
+goto start
+
+:disk
+# Boot the first local HDD
+sanboot --no-describe --drive 0x80 || goto failed
+
+:exit
+exit 1
+
+:cancel
+echo You cancelled the menu, dropping to a shell
+goto shell
+
+:failed
+echo Booting failed, dropping to a shell
+goto shell
+EOF
+
+cat $menufile >> "${tftpdir}/debian-edu-fai/ltsp.ipxe"
+
+ln -sf ltsp.ipxe "${tftpdir}/debian-edu-fai/debian-edu-fai.ipxe"
diff -Nru debian-edu-fai-2023.05.16.1/bin/debian-edu-faiinstall debian-edu-fai-2023.11.19.1~deb12u1/bin/debian-edu-faiinstall
--- debian-edu-fai-2023.05.16.1/bin/debian-edu-faiinstall 2023-05-16 22:59:12.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/bin/debian-edu-faiinstall 1970-01-01 01:00:00.000000000 +0100
@@ -1,382 +0,0 @@
-#!/bin/sh
-#
-# Prepare for FAI installation of Debian Edu.
-
-set -ex
-
-LC_ALL=C
-export LC_ALL
-
-## FIXME: Why is resolv.conf empty or missing? Because network
-## was started in the chroot (target)?
-## Try to find the DNS from the leases file, if that fails use
-## default DNS:
-if [ ! -s /etc/resolv.conf ] ; then
- DNS="10.0.2.2"
- LEASEDIR=/var/lib/dhcp/
- if [ -d $LEASEDIR ] ; then
- LEASEFILE=$LEASEDIR`ls -tr -1 $LEASEDIR | tail -n 1`
- if [ -r $LEASEFILE ] ; then
- if DNSLEASE=`cat $LEASEFILE | grep domain-name-servers | \
- tail -n 1 | \
- grep -o "[0-9]\+\.[0-9]\+\.[0-9]\+\.[0-9]\+"` ; then
- DNS=$DNSLEASE
- echo "info: Found leases file and domain-name-server: $DNS."
- else
- echo "info: Could not extract DNS from leases file."
- fi
- fi
- fi
- echo "info: Create temporary /etc/resolv.conf with DNS: $DNS."
- cat >> /etc/resolv.conf <<EOF
-## This is a temporary resolv.conf created by $0.
-## If you find it after installation, something went wrong. Try to replace it
-## by a symlink: /etc/resolv.conf -> /etc/resolvconf/run/resolv.conf, i.e.:
-## rm /etc/resolv.conf; ln -s /etc/resolvconf/run/resolv.conf /etc/resolv.conf
-nameserver $DNS
-search intern
-EOF
- fi
-
-# Make sure the created directories and files are readable by tfptd
-# run as user nobody.
-umask 022
-
-# Fetch ftp_proxy and http_proxy if set globally
-if [ -f /etc/environment ] ; then
- . /etc/environment
-fi
-
-###
-### FAI Setup
-###
-
-[ "$archs" ] || archs=$(command -V dpkg 1>/dev/null 2>/dev/null && dpkg --print-architecture || uname -m)
-[ "$codenames" ] || codenames=$(cat /etc/os-release | grep VERSION_CODENAME | cut -d "=" -f2)
-[ "$http_proxy" ] || unset http_proxy
-[ "$ftp_proxy" ] || unset ftp_proxy
-[ "$mirrorurl" ] || mirrorurl=http://deb.debian.org/debian
-[ "$rootpw" ] || rootpw=""
-[ "$localuser" ] || localuser=""
-[ "$localuserpw" ] || localuserpw=""
-[ "$wifi_essid" ] || wifi_essid=""
-[ "$wifi_passphrase" ] || wifi_passphrase=""
-[ "$tftpdir" ] || tftpdir="/srv/tftp"
-[ "$fai_logserver" ] || unset fai_logserver
-[ "$fai_loguser" ] || unset fai_loguser
-[ "$school_tag" ] || school_tag="SKOLE"
-
-# required for pre-selecting the default boot item in iPXE config
-[ "$default_arch" ] || default_arch="$(echo ${archs} | cut -d " " -f1)"
-[ "$default_codename" ] || default_codename=$(echo ${codenames} | cut -d " " -f1)
-
-# only set plymouth theme if known by the desktop-theme ...
-if [ -e /etc/alternatives/desktop-theme/plymouth ]; then
- [ "$theme" ] || theme="$(ls -L /etc/alternatives/desktop-theme/plymouth | grep script | cut -d'.' -f 1)"
-fi
-
-# source Debian Edu's config file
-if [ -f /etc/debian-edu/config ] ; then
- . /etc/debian-edu/config
-fi
-
-# source debian-edu-fai's config file
-# Allow site specific overrides to the variables
-if [ -f /etc/debian-edu/debian-edu-fai.conf ] ; then
- . /etc/debian-edu/debian-edu-fai.conf
-fi
-
-# keep a copy of /srv/tftp/ltsp if this is the first attempt to deploy
-# debian-edu-fai on this system
-if [ -d "${tftpdir}/debian-edu-fai" ] && [ ! -h "${tftpdir}/debian-edu-fai" ]; then
- mv "${tftpdir}/ltsp" "${tftpdir}/ltsp.moved-aside-by-debian-edu-fai"
-elif [ -h "${tftpdir}/debian-edu-fai" ]; then
- rm "${tftpdir}/debian-edu-fai"
-fi
-
-# For Debian Edu, we will create the FAI tftp boot dir in subfolder ltsp/.
-mkdir -p "${tftpdir}/ltsp/"
-# and symlink that to what really is inside...
-ln -nsf "ltsp" "${tftpdir}/debian-edu-fai"
-
-# Start from a clean state after any configuration changes have been made.
-rm -f $tftpdir/ltsp/fai-installers.cfg.~
-rm -f $tftpdir/ltsp/fai-menuitems.cfg.~
-rm -f $tftpdir/ltsp/debian-edu-fai.ipxe
-rm -f $tftpdir/ltsp/ltsp.ipxe
-rm -f $tftpdir/ltsp/memtest*
-rm -f $tftpdir/ltsp/snponly.efi
-rm -f $tftpdir/ltsp/undionly.kpxe
-
-# prepare menufile creation (always start fresh)
-menuitems=${tftpdir}/debian-edu-fai/fai-menuitems.cfg
-menuindex=1
-menufile=${tftpdir}/debian-edu-fai/fai-installers.cfg
-if [ -e "${menuitems}" ]; then
- mv "${menuitems}" "${menuitems}.~"
-fi
-if [ -e "${menufile}" ]; then
- mv "${menufile}" "${menufile}.~"
-fi
-touch "${menuitems}"
-touch "${menufile}"
-
-for codename in ${codenames}; do
-
- # skip codenames that don't sound like Debian suites...
- if ! echo "jessie stretch buster bullseye bookworm sid unstable" | grep -q "${codename}"; then
- echo "WARNING: The name '${codename}' is not a known and recent Debian distribution codename. Skipping..."
- continue
- fi
-
- # iterate over configured FAI client architectures...
- for arch in ${archs}; do
-
- # create codename based fai base config
- faiconfig="/etc/debian-edu/fai/debian-edu-fai.${arch}+${codename}"
- if [ -d /etc/debian-edu/fai/debian-edu-fai.TEMPLATE ]; then
- if [ -d "${faiconfig}" ]; then
- rm -Rf "${faiconfig}"
- fi
- cp -a /etc/debian-edu/fai/debian-edu-fai.TEMPLATE "${faiconfig}"
- touch "${faiconfig}/DONT_MODIFY_FILES_IN_THIS_DIRECTORY"
- else
- echo "ERROR: Failed to create FAI configuration in ${faiconfig}, no debian-edu-fai.TEMPLATE directory found"
- exit 1
- fi
-
- # fill in placeholders (@rootpw@, @codename@ and @arch@) in nfsroot.conf.in
- find "${faiconfig}" -name '*.in' | while read file_to_adapt; do
-
- cp ${file_to_adapt} ${file_to_adapt%.in}
-
- [ "$rootpw" ] && export rootpw && perl -p -e "s/\@rootpw\@/\$ENV{rootpw}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$mirrorurl" ] && export mirrorurl && perl -p -e "s/\@mirrorurl\@/\$ENV{mirrorurl}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$codename" ] && export codename && perl -p -e "s/\@codename\@/\$ENV{codename}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$arch" ] && export arch && perl -p -e "s/\@arch\@/\$ENV{arch}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
-
- # FIXME: also comment out variables that are not set (anymore) in /etc/debian-edu/faiinstall.cfg
-
- [ "$fai_logserver" ] && export fai_logserver && perl -p -e "s/^(#|)LOGSERVER=.{0,1}\@fai_logserver\@.{0,1}\s*\$/LOGSERVER=\'\$ENV{fai_logserver}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$fai_loguser" ] && export fai_loguser && perl -p -e "s/^(#|)LOGUSER=.{0,1}\@fai_loguser\@.{0,1}\s*\$/LOGUSER=\'\$ENV{fai_loguser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
-
- chown root:root ${file_to_adapt%.in}
- chmod 0600 ${file_to_adapt%.in}
- rm ${file_to_adapt}
-
- done
-
- # source the NFS conf file... this might override our FAI_CONFIGDIR
- # (but should not as recommended in our nfsroot.conf.in template)
- if [ -f "$faiconfig/nfsroot.conf" ]; then
- . $faiconfig/nfsroot.conf
- else
- echo "ERROR: No nfsroot.conf file found in $faiconfig/, can't continue..."
- exit 1
- fi
-
- # hard-code some sensible defaults in case they have been commented out in $faiconfig/nfsroot.conf
- [ "$FAI_DEBOOTSTRAP" ] || FAI_DEBOOTSTRAP="${codename} http://deb.debian.org/debian";
- [ "$FAI_ROOTPW" ] || FAI_ROOTPW="${rootpw}"
- [ "$NFSROOT" ] || NFSROOT="/srv/fai/nfsroot.debian-edu-fai/${arch}+${codename}"
- [ "$TFTPROOT" ] || TFTPROOT="${tftpdir}/debian-edu-fai.${arch}+${codename}"
- [ "$NFSROOT_HOOKS" ] || NFSROOT_HOOKS="/etc/debian-edu/fai/debian-edu-fai.${arch}+${codename}/"
- [ "$FAI_DEBOOTSTRAP_OPTS" ] || FAI_DEBOOTSTRAP_OPTS="--arch=${arch}"
- [ "$FAI_CONFIGDIR" ] || FAI_CONFIGDIR="/srv/fai/config"
-
- FAI_CONFIGDIR_REAL="${FAI_CONFIGDIR}"
- # if FAI_CONFIGDIR is a symlink, we need to find the real location...
- if [ -h ${FAI_CONFIGDIR} ]; then
- FAI_CONFIGDIR_REAL="$(readlink ${FAI_CONFIGDIR})"
- fi
-
- # Copy FAI config space into /srv/fai/config if not already present
- if [ ! -d "${FAI_CONFIGDIR_REAL}" ]; then
- if [ -d /usr/share/debian-edu-fai/fai/config ]; then
- cp -a /usr/share/debian-edu-fai/fai/config /srv/fai/
- else
- echo "ERROR: Package debian-edu-fai is not installed, please install it first"
- exit 1
- fi
- fi
-
- # Update variables to be customized in FAI config space
-
- # This code block might be executed on the same FAI_CONFIGDIR several times
- # (once per arch and codename).
- # This is a known issue and works as designed. People might have chosen to
- # use difference FAI_CONFIGDIR values for different environments and with
- # such a choice executing the below per arch and per codename makes sense.
- find ${FAI_CONFIGDIR_REAL} -name '*.in' | while read file_to_adapt; do
-
- cp ${file_to_adapt} ${file_to_adapt%.in}
-
- # FIXME: also comment out variables that are not set (anymore) in /etc/debian-edu/faiinstall.cfg
-
- [ "$rootpw" ] && export rootpw && perl -p -e "s/^(#|)ROOTPW=.{0,1}\@rootpw\@.{0,1}\s*\$/ROOTPW=\'\$ENV{rootpw}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$localuser" ] && export localuser && perl -p -e "s/^(#|)username=.{0,1}\@localuser\@.{0,1}\s*\$/username=\'\$ENV{localuser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$localuserpw" ] && export localuserpw && perl -p -e "s/^(#|)USERPW=.{0,1}\@localuserpw\@.{0,1}\s*\$/USERPW=\'\$ENV{localuserpw}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$wifi_essid" ] && export wifi_essid && perl -p -e "s/^(#|)wifi_essid=.{0,1}\@wifi_essid\@.{0,1}\s*\$/wifi_essid=\'\$ENV{wifi_essid}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$wifi_passphrase" ] && export wifi_passphrase && perl -p -e "s/^(#|)wifi_passphrase=.{0,1}\@wifi_passphrase\@.{0,1}\s*\$/wifi_passphrase=\'\$ENV{wifi_passphrase}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$fai_logserver" ] && export fai_logserver && perl -p -e "s/^(#|)LOGSERVER=.{0,1}\@fai_logserver\@.{0,1}\s*\$/LOGSERVER=\'\$ENV{fai_logserver}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$fai_loguser" ] && export fai_loguser && perl -p -e "s/^(#|)LOGUSER=.{0,1}\@fai_loguser\@.{0,1}\s*\$/LOGUSER=\'\$ENV{fai_loguser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
- [ "$school_tag" ] && export school_tag && perl -p -e "s/\@school_tag\@/\$ENV{school_tag}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
-
- chown root:root ${file_to_adapt}
- chmod 0600 ${file_to_adapt}
-
- done
-
- # set APTPROXY for use by fai-make-nfsroot...
- if [ -n "${http_proxy}" ]; then
- export APTPROXY="${http_proxy}"
- export http_proxy
- fi
-
- # the NFSROOT variable we should have obtained from sourcing $faiconfig/nfsroot.conf
- # (aka /etc/fai/nfsroot.conf) above...
- if [ -n "${NFSROOT}" ] && [ -n "${codename}" ]; then
-
- # create nfs-root from scratch (if not present or not fully created in a previous run)
-
- # Create a ".DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED" file at the end
- # of fai-make-nfsroot and check for the presence of that file for detecting
- # whether a fresh NFSROOT setup is required or just an NFSROOT update/upgrade.
- if [ ! -f "${NFSROOT}/.DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED" ]; then
-
- # enforce NFSROOT re-creation (or initial creation)
- fai-make-nfsroot -v -f -N -C ${faiconfig}
- touch "${NFSROOT}/.DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED"
-
- else
-
- # update packages (and clean old kernel images) in NFSROOT
- fai-make-nfsroot -v -k -N -C ${faiconfig}
- # adjust nfsroot configuration (SSH pubkeys, rootpw, etc.)
- fai-make-nfsroot -v -a -C ${faiconfig}
-
- fi
-
- # Remove /srv/tftp/debian-edu-fai.ARCH+CODENAME after NFSROOT creation.
- # We don't need that as we use our own iPXE boot config (instead
- # of syslinux which is used by FAI by default).
- if [ -d "${TFPTROOT}/" ]; then
- rm -Rf "${TFTPROOT}/"
- fi
-
- # symlink kernel and initrd files into
- if [ -e "${NFSROOT}/vmlinuz" ] && [ -e "${NFSROOT}/initrd.img" ]; then
-
- # create kernel dir in tftp area
- mkdir -p "${tftpdir}/debian-edu-fai/${arch}+${codename}/"
-
- # symlink vmlinuz / initrd in the NFSROOT
- if [ -e "${tftpdir}/debian-edu-fai/${arch}+${codename}/vmlinuz" ]; then
- rm "${tftpdir}/debian-edu-fai/${arch}+${codename}/vmlinuz"
- fi
- cp -a "${NFSROOT}/$(readlink "${NFSROOT}/vmlinuz")" "${tftpdir}/debian-edu-fai/${arch}+${codename}/vmlinuz"
- if [ -e "${tftpdir}/debian-edu-fai/${arch}+${codename}/initrd.img" ]; then
- rm "${tftpdir}/debian-edu-fai/${arch}+${codename}/initrd.img"
- fi
- cp -a "${NFSROOT}/$(readlink "${NFSROOT}/initrd.img")" "${tftpdir}/debian-edu-fai/${arch}+${codename}/initrd.img"
-
- fi
- fi
-
- cat >> "${menuitems}" <<EOF
-item --key ${menuindex} ${arch}+${codename} Install Debian Edu (${arch}, ${codename}) via FAI
-EOF
- menuindex=$((menuindex+1))
-
- # create ipxe menu entry for this FAI installer variant...
- cat >> "${menufile}" <<EOF
-
-:${arch}+${codename}
-set params net.ifnames=0 ip=dhcp root=$(hostname -i):${NFSROOT}:vers=3 rootovl FAI_FLAGS=verbose,sshd,createvt,menu FAI_CONFIG_SRC=nfs://$(hostname -f)/${FAI_CONFIGDIR} FAI_ACTION=install quiet rd.net.timeout.carrier=15
-kernel /debian-edu-fai/${arch}+${codename}/vmlinuz initrd=initrd.img \${params}
-initrd /debian-edu-fai/${arch}+${codename}/initrd.img
-boot || goto failed
-EOF
- done
-done
-
-###
-### TFTP / iPXE Setup
-###
-
-if [ ! -z "$theme" ] ; then
- cp /usr/share/pixmaps/$theme-syslinux.png $tftpdir/debian-edu/debian-edu-fai.png
-fi
-
-# Generate/modify the iPXE menu file
-# generate ipxe menu on a plain main server for PXE installations
-cp /usr/lib/ipxe/undionly.kpxe "${tftpdir}/debian-edu-fai/"
-cp /usr/lib/ipxe/snponly.efi "${tftpdir}/debian-edu-fai/"
-cp /boot/memtest86+.bin "${tftpdir}/debian-edu-fai/"
-echo "Generating ${tftpdir}/debian-edu-fai/ltsp.ipxe"
-cat <<EOF > "${tftpdir}/debian-edu-fai/ltsp.ipxe"
-#!ipxe
-#
-# Configure iPXE for network installations
-
-# Set the default image (img) based on arch, or to root-path if it's not empty
-#cpuid --ext 29 && set img amd64+${codename} || set img i386+${codename}
-
-# choose default boot entry (via configurable variables, see /etc/debian-edu/debian-edu-fai.conf)
-set img ${default_arch}+${default_codename}
-
-goto start
-
-:start
-# To completely hide the menu, set menu-timeout to -1
-isset \${menu-timeout} || set menu-timeout 5000
-iseq "\${menu-timeout}" "-1" && goto \${img} ||
-menu Debian Edu iPXE boot menu || goto \${img}
-item
-item --gap Debian Edu installation:
-$(cat ${menuitems})
-item
-item --gap Other options:
-item --key m memtest Memory test
-item --key c config Enter iPXE configuration
-item --key s shell Drop to iPXE shell
-item --key d disk Boot from the first local disk
-item
-item --key x exit Exit iPXE and continue BIOS boot
-choose --timeout \${menu-timeout} --default \${img} img || goto cancel
-goto \${img}
-
-:memtest
-iseq \${platform} pcbios && kernel memtest86+.bin || kernel memtest.efi
-# Boot "fails" on normal memtest exit with Esc, so show the menu again
-boot ||
-goto start
-
-:config
-config
-goto start
-
-:shell
-echo Type 'exit' to get the back to the menu
-shell
-goto start
-
-:disk
-# Boot the first local HDD
-sanboot --no-describe --drive 0x80 || goto failed
-
-:exit
-exit 1
-
-:cancel
-echo You cancelled the menu, dropping to a shell
-goto shell
-
-:failed
-echo Booting failed, dropping to a shell
-goto shell
-EOF
-
-cat $menufile >> "${tftpdir}/debian-edu-fai/ltsp.ipxe"
-
-ln -sf ltsp.ipxe "${tftpdir}/debian-edu-fai/debian-edu-fai.ipxe"
diff -Nru debian-edu-fai-2023.05.16.1/bin/debian-edu-fai_updateconfigspace debian-edu-fai-2023.11.19.1~deb12u1/bin/debian-edu-fai_updateconfigspace
--- debian-edu-fai-2023.05.16.1/bin/debian-edu-fai_updateconfigspace 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/bin/debian-edu-fai_updateconfigspace 2023-11-30 09:14:12.000000000 +0100
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Copyright (C) 2010-2023 Pädagogisches Landesinstitut Rheinland-Pfalz
+# Copyright (C) 2022-2023 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Sync FAI config space files from DATADIR/fai/config/ to
+# /srv/fai/config. For this, the 'ucf' tool is used, three-way
+# patching is supported for this.
+
+set -e
+
+LC_ALL=C
+export LC_ALL
+
+if [ -z "$1" ]; then
+ echo "usage: $(basename $0) <FAI_CONFIGDIR>"
+ exit 1
+fi
+
+# first parameter is the configspace's target dir
+FAI_CONFIGDIR="$1"
+
+FAI_CONFIGDIR_REAL="${FAI_CONFIGDIR}"
+# if FAI_CONFIGDIR is a symlink, we need to find the real location...
+if [ -h ${FAI_CONFIGDIR} ]; then
+ FAI_CONFIGDIR_REAL="$(readlink ${FAI_CONFIGDIR})"
+fi
+
+# Copy FAI config space into /srv/fai/config if not already present
+if [ "${FAI_CONFIGDIR_REAL}" = "/usr/share/debian-edu-fai/fai/config" ]; then
+ echo "ERROR: FAI_CONFIGDIR points to '${FAI_CONFIGDIR_REAL}'."
+ echo "ERROR: Such a setup is not supported..."
+ exit 1
+elif command -v git 1>/dev/null && [ "$(git rev-parse --is-inside-work-tree 2>/dev/null)" = "true" ]; then
+ # FAI config space is managed by Git, don't do anything then...
+ :
+else
+ # create config space's base directory if it does not yet exist
+ if [ ! -d "${FAI_CONFIGDIR_REAL}" ]; then
+ mkdir -p "${FAI_CONFIGDIR_REAL}"
+ fi
+
+ # remove obsolete files used in previous FAI configspace versions
+ cd "${FAI_CONFIGDIR_REAL}"
+ cat /usr/share/debian-edu-fai/fai/config/_obsolete-files.d/*.removed | while read obsolete_configspace_file; do
+ rm -fv "${obsolete_configspace_file}"
+ # purge file's hash from ucf hash list
+ ucf -p "${FAI_CONFIGDIR_REAL}/${obsolete_configspace_file}"
+ # try to remove non-used / empty directories
+ if [ -d "$(dirname ${obsolete_configspace_file})" ]; then
+ rmdir --parents --ignore-fail-on-non-empty "$(dirname ${obsolete_configspace_file})"
+ fi
+ done
+ cd - 1>/dev/null
+
+ # managed FAI config space with 'ucf'...
+ cd "/usr/share/debian-edu-fai/fai/config"
+ find . -type f | grep -v "_obsolete-files.d/" | while read new_configspace_file; do
+ # handle files that shall become a directory gracefully
+ target_dir="${FAI_CONFIGDIR_REAL}/$(dirname "${new_configspace_file}")"
+ if [ -e "${target_dir}" ] && [ ! -d "${target_dir}" ]; then
+ mv -v "${target_dir}" "${target_dir}.moved-out-of-the-way"
+ fi
+ mkdir -p "${FAI_CONFIGDIR_REAL}/$(dirname "${new_configspace_file}")"
+ if [ -e "${target_dir}.moved-out-of-the-way" ]; then
+ mv -v "${target_dir}.moved-out-of-the-way" "${target_dir}/OBSOLETE"
+ fi
+ # install/update configspace file via ucf
+ ucf --state-dir "/var/lib/debian-edu-fai/ucf/" --three-way "$new_configspace_file" "${FAI_CONFIGDIR_REAL}/${new_configspace_file}"
+ done
+ cd - 1>/dev/null
+
+ # clean-up ucf backup files... (they confuse FAI)
+ cd "${FAI_CONFIGDIR_REAL}"
+ find . -name "*.ucf-*" -delete
+ cd - 1>/dev/null
+fi
diff -Nru debian-edu-fai-2023.05.16.1/ChangeLog debian-edu-fai-2023.11.19.1~deb12u1/ChangeLog
--- debian-edu-fai-2023.05.16.1/ChangeLog 2023-05-16 23:00:47.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/ChangeLog 2023-11-30 09:14:12.000000000 +0100
@@ -1,6 +1,202 @@
+2023-11-19 Mike Gabriel
+
+ * release 2023.11.19.1 (HEAD -> master, tag: 2023.11.19.1)
+ * bin/debian-edu-router-fai_updateconfigspace: Fix quoting typo in
+ git command. (bec92b6)
+
+2023-10-03 Mike Gabriel
+
+ * release 2023.10.03.1 (b0fe4d5) (tag: 2023.10.03.1)
+ * fai/config/disk_config: Enlarge system partitions generously, so
+ that system installation don't fail because of low-disk
+ space. (a04cb5a)
+
+2023-10-02 Mike Gabriel
+
+ * fai/config/disk_config/LVM_EDU_MINIMAL: Fix LV name (home -> srv).
+ (a5a7448)
+
+2023-09-29 Mike Gabriel
+
+ * fai/config/scripts/*/20-update-security-group-conf: Don't fail
+ script if not on DEBIAN_11. (9154560)
+
+2023-09-27 Mike Gabriel
+
+ * fai/config/_obsolete-files.d/debian-edu-fai.removed: Add .asc files
+ which got replaced by .gpg files. (dbdf2c7)
+
+2023-09-26 Mike Gabriel
+
+ * upload to unstable (debian/2023.09.26.3) (85527cd) (tag:
+ 2023.09.26.3)
+ * debian/control: Move memtest86+ (for archs amd64 + i386) to
+ Recommends: field as we can't have arch-specific
+ dependencies in arch-all bin:pkgs. (Closes: #1052957).
+ (d3d0e7c)
+
+2023-09-25 Mike Gabriel
+
+ * release 2023.09.26.2 (ff9ab9d) (tag: 2023.09.26.2)
+ * debian/control: Fix installability on non-x86 architectures. People
+ should at least be able to test those platforms. (63b4890)
+ * release 2023.09.26.1 (3d4cefc) (tag: 2023.09.26.1)
+
+2023-09-23 Mike Gabriel
+
+ * fai/config/hooks/updatebase.DEBIAN: Debian Edu sets up http proxy
+ configuration via 03debian-edu-config. To override this
+ (which we want), we need to move 02proxy to 04proxy in
+ /etc/apt/apt.conf.d/. (2a0242a)
+ * bin/debian-edu-fai_install: Promote http_proxy settings into FAI
+ config space and set APTPROXY variable accordingly.
+ (3926deb)
+
+2023-09-20 Guido Berhoerster
+
+ * Improve OS detection for loading profiles (93aff93)
+
+2023-09-19 Mike Gabriel
+
+ * ChangeLog: update post-release (417ffdd)
+ * release 2023.09.19.1 (2a9e698) (tag: 2023.09.19.1)
+
+2023-09-19 Guido Berhörster
+
+ * fai/config/class/40-parse-profiles.sh: Adjust OS_VERSION_MAJOR
+ population. (f1bbf19)
+
+2023-09-14 Mike Gabriel
+
+ * fai/config/class: Rename / add profile files, now OS + version
+ specific. (2d0a394)
+ * fai/config/class: Add OS detection code to 40-parse-profiles.sh to
+ support OS + version specific installation profiles
+ (detect from FAI nfsroot OS + version). (666aa66)
+ * bin/debian-edu-fai_updateconfigspace: More reliably detect if we
+ are in a Git working copy. (5a319c0)
+
+2022-09-17 Mike Gabriel
+
+ * bin/debian-edu-fai_install: Fix config file's name in comment.
+ (73b8ac4)
+
+2022-09-18 Mike Gabriel
+
+ * APT sources: Use {%apt_cdn%} variable instead of hard-coded
+ servername. (c4aa9a9)
+
+2022-01-04 Mike Gabriel
+
+ * files/etc/apt/sources.list.d/fai-mirror.list/FAI_MIRROR: Use more
+ generic mirror (path) URL. (48ed9a5)
+
+2022-09-18 Mike Gabriel
+
+ * {bin/debian-edu-fai_install,fai/config/class/DEBIAN.var.in}: Don't
+ use @mirrorurl@, use internally derived @apt_cdn@ variable
+ instead. (f2a43df)
+
+2022-09-17 Mike Gabriel
+
+ * {bin/debian-edu-fai_install,fai/config/class/DEBIAN.var.in}:
+ Propagate mirrorurl from debian-edu-fai.conf into FAI
+ config space. (fb9b1ba)
+
+2023-09-13 Mike Gabriel
+
+ * ChangeLog: update post-release (59f82a7)
+ * release 2023.09.13.1 (1f147f5) (tag: 2023.09.13.1)
+
+2023-09-11 Guido Berhoerster
+
+ * Replace nullmailer with exim4 (0cc6fe4)
+
+2023-09-09 Mike Gabriel
+
+ * upload to unstable (debian/2023.09.09.1) (df2b1e8) (tag:
+ 2023.09.09.1)
+
+2023-09-08 Guido Berhoerster
+
+ * Do not append the hostname to /etc/mailname (4c9e66b)
+ * Fix nullmailer configuration (9223282)
+
+2023-09-07 Mike Gabriel
+
+ * release 2023.09.07.1 (92ddbdd) (tag: 2023.09.07.1)
+ * lintian: Override uses-dpkg-database-directly and
+ openpgp-file-has-implementation-specific-extension for
+ given reasons. (253caaf)
+ * debian/copyright: Update copyright attributions. (2104386)
+ * debian/control: Bump Standards-Version: to 4.6.2. No changes
+ needed. (7ecf9f0)
+ * chmod a+x bin/debian-edu-fai_updateconfigspace (7ab10aa)
+ * {README.md,conf/debian-edu/debian-edu-fai.conf}: Adjust files to
+ renaming of debian-edu-fai_install script (only in docs or
+ comments). (8d4d831)
+ * README.md: Typo fix. (c659279)
+
+2023-09-05 Guido Berhoerster
+
+ * Replace fetch-ldap-cert script usage with fetch-rootca-cert
+ (4938961)
+ * Rename bin/debian-edu-faiinstall to bin/debian-edu-fai_install for
+ consistency (094a2f0)
+
+2023-09-05 Mike Gabriel
+
+ * bin/debian-edu-faiinstall: Mount /proc and /sys in nfsroot
+ (f1ae3f8)
+ * bin/debian-edu-router-faiinstall: Drop support for Debian versions
+ older than bullseye (6b2eb0b)
+
+2023-09-04 Mike Gabriel
+
+ * bin/debian-edu-faiinstall: Echo headlines to show where we are in
+ the script (889a6ce)
+ * bin/debian-edu-faiinstall: Manage config space with ucf (c1f2924)
+
+2023-09-04 Guido Berhoerster
+
+ * Ensure debian-edu-fai.conf is not world-readable (0b635dd)
+
+2023-08-31 Guido Berhoerster
+
+ * Change instructions to emphasize the need for first time
+ configuration (bcc1419)
+
+2023-08-25 Guido Berhoerster
+
+ * Update motd for bookworm (ae53ac0)
+ * Add note about syntax to configuration (39eaabb)
+
+2023-08-24 Guido Berhoerster
+
+ * Recommend the use of yescrypt password hashes (30c32ed)
+ * Add primary group for the fai user (e70b9d9)
+ * Fix instructions in README.md and
+ /etc/debian-edu/debian-edu-fai.conf (701d379)
+ * Disable apt proxy by default (0fc425f)
+ * Ensure parent of target directory exists before copying FAI config
+ space (d075d69)
+ * Switch to installing bookworm (80deeb5)
+
+2023-08-23 Guido Berhoerster
+
+ * Add some documentation about NFS exports to README.md (7b19c84)
+ * Unset TMPDIR when invoking fai-make-nfsroot (417b723)
+ * Add explicit dependency on memtest86+ (eb0fb9f)
+ * Add support for memtest86+ 6 (9d09117)
+ * Use non-free-firmware component on bookworm and later (9f8a332)
+
+2023-09-06 Guido Berhoerster
+
+ * Actually install /etc/security/group.conf on bullseye (c9af1e8)
+
2023-05-16 Mike Gabriel
- * release 2023.05.16.1 (HEAD -> master, tag: 2023.05.16.1)
+ * release 2023.05.16.1 (7b3f31c) (tag: 2023.05.16.1)
* debian/postrm: Ignore failures during execution of
deluser/delgroup: (Closes: #1035292). (bee8be2)
@@ -11,7 +207,7 @@
2022-09-16 Mike Gabriel
- * release debian/2022.04.14.1 (9b87327) (tag: debian/2022.04.14.1)
+ * release debian/2022.04.14.1 (9b87327) (tag: 2022.04.14.1)
* debian/control: Add Rules-Requires-Root: field and set it to 'no'.
(6593c3e)
* debian/control: Bump Standards-Version: to 4.6.1. No changes
@@ -54,7 +250,7 @@
2022-02-22 Mike Gabriel
- * release debian/2022.02.22.1 (b911c85) (tag: debian/2022.02.22.1)
+ * release debian/2022.02.22.1 (b911c85) (tag: 2022.02.22.1)
* debian/postinst: Fix add user call, add user account name (which
was obviously missing). (82d6f58)
@@ -76,7 +272,7 @@
2022-02-09 Mike Gabriel
- * release 2022.02.09.1 (7078eef) (tag: debian/2022.02.09.1)
+ * release 2022.02.09.1 (7078eef) (tag: 2022.02.09.1)
* fai/config/package_config/STANDARD: python{,-minimal} are virtual,
let's use python3{,-minimal} instead. (a97eaac)
* bin/debian-edu-faiinstall: Fix school_tag here, too. (6745dee)
@@ -92,7 +288,7 @@
2022-01-31 Mike Gabriel
- * release 2022.01.31.1 (76f787b) (tag: debian/2022.01.31.1)
+ * release 2022.01.31.1 (76f787b) (tag: 2022.01.31.1)
* debian/control: Move from R: to D: adduser, fai-server, ipxe.
(0a93d80)
* fai/config/files/etc/security/group.conf/: Use same group.conf for
diff -Nru debian-edu-fai-2023.05.16.1/conf/debian-edu/debian-edu-fai.conf debian-edu-fai-2023.11.19.1~deb12u1/conf/debian-edu/debian-edu-fai.conf
--- debian-edu-fai-2023.05.16.1/conf/debian-edu/debian-edu-fai.conf 2022-03-03 21:35:25.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/conf/debian-edu/debian-edu-fai.conf 2023-09-25 09:48:22.000000000 +0200
@@ -1,7 +1,11 @@
# Examples for local settings that can customize the
-# 'debian-edu-faiinstall' script.
+# 'debian-edu-fai_install' script.
-# Run 'debian-edu-faiinstall' to re-generate the netboot
+# IMPORTANT: This file is included as a shell script, the settings are shell
+# variables. If you don't use single quotes the shell will do parameter
+# expansion, command substitution, and arithmetic expansion.
+
+# Run 'debian-edu-fai_install' to re-generate the netboot
# environment and the iPXE menu each time any changes have
# been made...
@@ -10,16 +14,14 @@
# some manual steps are required:
#
# IMPORTANT: These steps are required _before_ creating any nfsroot
-# installer chroots (i.e. before running the debian-edu-faiinstall script).
+# installer chroots (i.e. before running the debian-edu-fai_install script).
#
# 1. Comment out fai_logserver and fai_loguser below.
-# 2. adduser --system --home /var/log/fai/client-logs --shell /bin/bash fai
-# 3. su - fai
-# 4. ssh-keygen
-# 5. cat ~fai/.ssh/id_rsa.pub > ~fai/.ssh/authorized_keys
-# 6. Create ~fai/.ssh/known_hosts by...
-# 7. (as user 'fai'): ssh fai@$(hostname -f)
-# 8. Accept host key and by that add it to ~fai/.ssh/known_hosts
+# 2. Run:
+# runuser -u fai -- sh -c 'umask 077;
+# ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N "" &&
+# cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys &&
+# ssh-keyscan -H "$(hostname -f)" >> ~/.ssh/known_hosts'
#
# FAI server:
@@ -57,7 +59,7 @@
#
# If your FAI installer host is amd64 and you want to create i386 installer NFSROOTs then
# make sure to run dpkg --add-architecture i386 on the FAI installer host before running
-# the 'debian-edu-faiinstall' script (otherwise, debootstrap will run as qemu-debootstrap
+# the 'debian-edu-fai_install' script (otherwise, debootstrap will run as qemu-debootstrap
# and that will be reallllyyyy slow).
#archs="amd64 i386"
@@ -65,12 +67,12 @@
#default_arch="i386"
# Password for the root account of FAI-installed devices (and for the installer chroot).
-# Use '$ echo "yoursecrectpassword" | mkpasswd -m md5 -s' to create the pwhash.
+# Use 'mkpasswd -m yescrypt' to create the pwhash.
# If not specified, the host's root password will be used...
#rootpw='<pwhash-for-root-account>'
# For a local user account that can get created
-# Use '$ echo "yoursecrectpassword" | mkpasswd -m md5 -s' to create the pwhash.
+# Use 'mkpasswd -m yescrypt' to create the pwhash.
# If not specified, no local user account will be added to the FAI-installed system.
#localuser='<localuser>'
#localuserpw='<pwhash-for-localuser-account>'
diff -Nru debian-edu-fai-2023.05.16.1/conf/debian-edu/fai/debian-edu-fai.TEMPLATE/apt/sources.list.in debian-edu-fai-2023.11.19.1~deb12u1/conf/debian-edu/fai/debian-edu-fai.TEMPLATE/apt/sources.list.in
--- debian-edu-fai-2023.05.16.1/conf/debian-edu/fai/debian-edu-fai.TEMPLATE/apt/sources.list.in 2022-01-05 08:26:52.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/conf/debian-edu/fai/debian-edu-fai.TEMPLATE/apt/sources.list.in 2023-09-25 09:48:22.000000000 +0200
@@ -1,11 +1,11 @@
# These lines should work for many sites
-deb @mirrorurl@ @codename@ main contrib non-free
-deb @mirrorurl@-security @codename@-security main contrib non-free
-#deb @mirrorurl@ @codename@-backports main contrib non-free
+deb @mirrorurl@ @codename@ main non-free-firmware contrib non-free
+deb @mirrorurl@-security @codename@-security main non-free-firmware contrib non-free
+#deb @mirrorurl@ @codename@-backports main non-free-firmware contrib non-free
# from @codename@ on you need
-#deb @mirrorurl@-security @codename@-security main contrib non-free
+#deb @mirrorurl@-security @codename@-security main non-free-firmware contrib non-free
# repository that may contain newer fai packages for @codename@
#deb http://fai-project.org/download @codename@ koeln
diff -Nru debian-edu-fai-2023.05.16.1/debian/changelog debian-edu-fai-2023.11.19.1~deb12u1/debian/changelog
--- debian-edu-fai-2023.05.16.1/debian/changelog 2023-05-16 23:00:47.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/changelog 2023-11-30 09:14:29.000000000 +0100
@@ -1,3 +1,183 @@
+debian-edu-fai (2023.11.19.1~deb12u1) bookworm; urgency=medium
+
+ * Release to Debian bookworm.
+
+ -- Mike Gabriel <sunweaver@debian.org> Thu, 30 Nov 2023 09:14:29 +0100
+
+debian-edu-fai (2023.11.19.1) unstable; urgency=medium
+
+ * bin/debian-edu-router-fai_updateconfigspace:
+ - Fix quoting typo in git command.
+
+ -- Mike Gabriel <sunweaver@debian.org> Sun, 19 Nov 2023 09:51:33 +0100
+
+debian-edu-fai (2023.10.03.1) unstable; urgency=medium
+
+ * fai/config/_obsolete-files.d/debian-edu-fai.removed:
+ - Add .asc files which got replaced by .gpg files.
+ * fai/config/scripts/*/20-update-security-group-conf:
+ - Don't fail script if not on DEBIAN_11.
+ * fai/config/disk_config:
+ - LVM_EDU_MINIMAL: Fix LV name (home -> srv).
+ - Enlarge system partitions generously, so that system installation don't
+ fail because of low-disk space.
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 03 Oct 2023 23:14:29 +0200
+
+debian-edu-fai (2023.09.26.3) unstable; urgency=medium
+
+ * debian/control:
+ + Move memtest86+ (for archs amd64 + i386) to Recommends: field as we can't
+ have arch-specific dependencies in arch-all bin:pkgs. (Closes: #1052957).
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 26 Sep 2023 16:53:13 +0200
+
+debian-edu-fai (2023.09.26.2) unstable; urgency=medium
+
+ * debian/control:
+ + Fix installability on non-x86 architectures. People should at least be
+ able to test those platforms.
+
+ -- Mike Gabriel <sunweaver@debian.org> Mon, 25 Sep 2023 09:30:53 +0200
+
+debian-edu-fai (2023.09.26.1) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Improve OS detection for loading profiles
+
+ [ Mike Gabriel ]
+ * ChangeLog: update post-release
+ * bin/debian-edu-fai_install: Promote http_proxy settings into FAI config
+ space and set APTPROXY variable accordingly.
+ * fai/config/hooks/updatebase.DEBIAN: Debian Edu sets up http proxy
+ configuration via 03debian-edu-config. To override this (which we want),
+ we need to move 02proxy to 04proxy in /etc/apt/apt.conf.d/.
+
+ -- Mike Gabriel <sunweaver@debian.org> Mon, 25 Sep 2023 09:01:00 +0200
+
+debian-edu-fai (2023.09.19.1) unstable; urgency=medium
+
+ [ Mike Gabriel ]
+ * {bin/debian-edu-fai_install,fai/config/class/DEBIAN.var.in}:
+ + Propagate mirrorurl from debian-edu-fai.conf into FAI config space.
+ + Don't use @mirrorurl@, use internally derived @apt_cdn@ variable instead.
+ * files/etc/apt/sources.list.d/fai-mirror.list/FAI_MIRROR:
+ + Use more generic mirror (path) URL.
+ * APT sources: Use {%apt_cdn%} variable instead of hard-coded servername.
+ * bin/debian-edu-fai_install:
+ + Fix config file's name in comment.
+ * bin/debian-edu-fai_updateconfigspace:
+ + More reliably detect if we are in a Git working copy.
+ * fai/config/class:
+ + Add OS detection code to 40-parse-profiles.sh to support OS + version specific
+ installation profiles (detect from FAI nfsroot OS + version).
+ * fai/config/class:
+ + Rename / add profile files, now OS + version specific.
+
+ [ Guido Berhörster ]
+ * fai/config/class/40-parse-profiles.sh:
+ + Adjust OS_VERSION_MAJOR population.
+
+ -- Mike Gabriel <sunweaver@debian.org> Tue, 19 Sep 2023 22:05:11 +0200
+
+debian-edu-fai (2023.09.13.1) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Replace nullmailer with exim4
+ This corresponds to a manual installation and avoids problems with nullmailer
+ such as excessive delivery attempts of all queued messages at once and
+ excessive logging of such events (see discussion in #1051461).
+
+ -- Mike Gabriel <sunweaver@debian.org> Wed, 13 Sep 2023 08:55:53 +0200
+
+debian-edu-fai (2023.09.09.1) unstable; urgency=medium
+
+ [ Guido Berhoerster ]
+ * Fix nullmailer configuration
+ Configure the nullmailer relayhost (the default is mail.<domain>) in order to
+ allow clients to actually send mail and explicitly set /etc/mailname
+ (Closes: #1051461).
+ * Do not append the hostname to /etc/mailname
+ Do not append to /etc/mailname, the file should contain a single hostname.
+ Rather create it with the default "postoffice.intern" if it does not exist yet.
+ This is consistent with manual installations of Debian Edu.
+
+ -- Mike Gabriel <sunweaver@debian.org> Sat, 09 Sep 2023 22:51:26 +0200
+
+debian-edu-fai (2023.09.07.1) unstable; urgency=medium
+
+ * Debian Edu FAI for Debian bookworm.
+
+ [ Guido Berhoerster ]
+ * Rename bin/debian-edu-faiinstall to bin/debian-edu-fai_install for
+ consistency with debian-edu-router.
+ * Actually install /etc/security/group.conf on bullseye. From bookworm on this
+ is handled via cfengine.
+ * Use non-free-firmware component on bookworm and later.
+ This is required for installing the firmware packages.
+ * Add support for memtest86+ x64.
+ * debian/control: Add explicit dependency on memtest86+.
+ * Unset TMPDIR when invoking fai-make-nfsroot.
+ On a DebianEdu installation pam_tmpdir is installed which sets TMPDIR to
+ /tmp/user/<uid>. This is then propagated from fai-make-nfsroot to
+ debootstrap which causes maintainer scripts making use of TMPDIR (e.g. by
+ calling mktemp) to fail because the directory does not exist inside the
+ chroot.
+ * Add some documentation about NFS exports to README.md
+ * Switch to installing bookworm.
+ * Ensure parent of target directory exists before copying FAI config space
+ debian-edu-faiinstall does not check whether the parent of the target
+ directory /srv/fai/config existed before invoking cp -a on the config space.
+ Thus, if /srv/fai does no exist cp will copy /usr/share/debian-edu-fai/fai
+ /config to /srv/fai instead of /srv/fai/config which is not detected until
+ booting a client via PXE. Fix this by ensuring the parent directory of
+ $FAI_CONFIGDIR_REAL exists.
+ Additionally do not hardcode /srv/fai which ignores that FAI_CONFIGDIR is
+ configurable.
+ * Disable apt proxy by default. Do not assume faiserver.intern exists. The
+ proxy can be set via /etc/debian-edu/debian-edu-fai.conf.
+ * Fix instructions in README.md and /etc/debian-edu/debian-edu-fai.conf
+ The configuration file name is /etc/debian-edu/debian-edu-fai.conf not
+ /etc/debian-edu/faiinstall.conf.
+ Improve and shorten the instructions to set up SSH access for the fai user.
+ * Add primary group fai for the fai user (instead of primary group
+ nobody).
+ * Recommend the use of yescrypt password hashes.
+ This follows the default since Debian bullseye.
+ * Add note about syntax to configuration.
+ * Update motd for bookworm.
+ * README.md: Change instructions to emphasize the need for first time
+ configuration. Users should not be enticed to blindly run
+ debian-edu-fai_install before actually configuring the server.
+ * Ensure debian-edu-fai.conf is not world-readable
+ It contains password hashes for the root account of installed clients so
+ like /etc/shadow it should not be world readable.
+ * Replace fetch-ldap-cert script usage with fetch-rootca-cert
+ The fetch-ldap-cert init script has been obsolete and was removed
+ (see #971780).
+
+ [ Mike Gabriel ]
+ * bin/debian-edu-fai_install (port over from debian-edu-router's FAI
+ installation script):
+ + Manage config space with ucf.
+ + Echo headlines to show where we are in the script.
+ + Drop support for Debian versions older than bullseye
+ + Mount /proc and /sys in nfsroot
+ * README.md: Typo fix.
+ * {README.md,conf/debian-edu/debian-edu-fai.conf}: Adjust files to renaming
+ of debian-edu-fai_install script (only in docs or comments).
+ * bin/debian-edu-fai_install: Mount /proc and /sys in nfsroot
+ Mount prior to creating/updating it. Those mountpoints are needed by
+ dracut's 45url-libs module.
+ * debian/control:
+ + Bump Standards-Version: to 4.6.2. No changes needed.
+ * debian/copyright:
+ + Update copyright attributions.
+ * lintian: Override uses-dpkg-database-directly and openpgp-file-has-
+ implementation-specific-extension for given reasons.
+
+ -- Mike Gabriel <sunweaver@debian.org> Thu, 07 Sep 2023 21:16:37 +0200
+
debian-edu-fai (2023.05.16.1) unstable; urgency=medium
* bin/debian-edu-faiinstall: Make sure FAI_CONFIGDIR_REAL is set before it
diff -Nru debian-edu-fai-2023.05.16.1/debian/control debian-edu-fai-2023.11.19.1~deb12u1/debian/control
--- debian-edu-fai-2023.05.16.1/debian/control 2023-05-16 22:59:12.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/control 2023-11-19 09:40:59.000000000 +0100
@@ -4,7 +4,7 @@
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Uploaders: Mike Gabriel <sunweaver@debian.org>
Build-Depends: debhelper-compat (= 13)
-Standards-Version: 4.6.1
+Standards-Version: 4.6.2
Rules-Requires-Root: no
Homepage: https://wiki.debian.org/DebianEdu
Vcs-Browser: https://salsa.debian.org/debian-edu/debian-edu-fai
@@ -19,6 +19,7 @@
${misc:Depends},
${perl:Depends},
Recommends: qemu-user-static,
+ memtest86+,
Description: FAI config space for setting up Debian Edu workstations
The Debian Edu project provides Debian based systems customized for
schools and other education facilities.
diff -Nru debian-edu-fai-2023.05.16.1/debian/copyright debian-edu-fai-2023.11.19.1~deb12u1/debian/copyright
--- debian-edu-fai-2023.05.16.1/debian/copyright 2022-03-03 21:35:25.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/copyright 2023-09-25 09:48:22.000000000 +0200
@@ -4,13 +4,14 @@
Files: *
Copyright: 2011-2018, Thomas Lange
- 2019-2022, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+ 2019-2023, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+ 2023, Guido Berhörster <guido+freiesoftware@berhoerster.name>
License: GPL-3.0+
Comment:
Except classes provided by FAI (cf. fai-doc package).
Files: debian/*
-Copyright: 2019-2022, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+Copyright: 2019-2023, Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
License: GPL-3.0+
License: GPL-3.0+
diff -Nru debian-edu-fai-2023.05.16.1/debian/dirs debian-edu-fai-2023.11.19.1~deb12u1/debian/dirs
--- debian-edu-fai-2023.05.16.1/debian/dirs 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/dirs 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,2 @@
+/var/lib/debian-edu-fai/
+/var/lib/debian-edu-fai/ucf/
diff -Nru debian-edu-fai-2023.05.16.1/debian/install debian-edu-fai-2023.11.19.1~deb12u1/debian/install
--- debian-edu-fai-2023.05.16.1/debian/install 2022-03-03 21:36:24.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/install 2023-09-25 09:48:22.000000000 +0200
@@ -2,4 +2,5 @@
conf/debian-edu/fai/ etc/debian-edu/
conf/exports.d/debian-edu-fai.exports usr/share/debian-edu-fai/exports.d/
fai/config usr/share/debian-edu-fai/fai/
-bin/debian-edu-faiinstall usr/sbin/
+bin/debian-edu-fai_install usr/sbin/
+bin/debian-edu-fai_updateconfigspace usr/sbin/
diff -Nru debian-edu-fai-2023.05.16.1/debian/lintian-overrides debian-edu-fai-2023.11.19.1~deb12u1/debian/lintian-overrides
--- debian-edu-fai-2023.05.16.1/debian/lintian-overrides 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/lintian-overrides 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,9 @@
+# 06400 permission of etc/debian-edu/debian-edu-fai.conf due to password hashes
+non-standard-file-perm 0640 != 0644 [etc/debian-edu/debian-edu-fai.conf]
+
+# Ignore! This file is part of the FAI config space, a configuration used for
+# installing Debian systems. This needs to perform direct access to dpkg database.
+debian-edu-fai: uses-dpkg-database-directly [usr/share/debian-edu-fai/fai/config/scripts/LAST/50-misc]
+
+# Ignore! FAI (for apt) only supports .gpg files...
+debian-edu-fai: openpgp-file-has-implementation-specific-extension [etc/debian-edu/fai/debian-edu-fai.TEMPLATE/apt/trusted.gpg.d/fai-project.gpg]
diff -Nru debian-edu-fai-2023.05.16.1/debian/postinst debian-edu-fai-2023.11.19.1~deb12u1/debian/postinst
--- debian-edu-fai-2023.05.16.1/debian/postinst 2022-03-03 21:35:25.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/postinst 2023-09-25 09:48:22.000000000 +0200
@@ -25,9 +25,15 @@
if ! getent 'passwd' 'fai' >'/dev/null'; then
echo 'Creating fai system user.' >&2
- adduser --system --home /var/log/fai/client-logs \
+ adduser --system --group \
+ --home /var/log/fai/client-logs \
--disabled-password --shell /bin/bash fai
fi
+
+ ##
+ ## fix permissions on upgrade
+ ##
+ chmod 640 /etc/debian-edu/debian-edu-fai.conf
;;
'abort-upgrade'|'abort-remove'|'abort-deconfigure')
;;
diff -Nru debian-edu-fai-2023.05.16.1/debian/rules debian-edu-fai-2023.11.19.1~deb12u1/debian/rules
--- debian-edu-fai-2023.05.16.1/debian/rules 2019-10-03 09:06:05.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/debian/rules 2023-09-25 09:48:22.000000000 +0200
@@ -11,3 +11,8 @@
%:
dh $@
+
+override_dh_fixperms:
+ dh_fixperms
+ # contains password hashes
+ chmod 640 debian/debian-edu-fai/etc/debian-edu/debian-edu-fai.conf
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/40-parse-profiles.sh debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/40-parse-profiles.sh
--- debian-edu-fai-2023.05.16.1/fai/config/class/40-parse-profiles.sh 2019-09-18 14:17:47.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/40-parse-profiles.sh 2023-09-25 09:48:22.000000000 +0200
@@ -4,6 +4,8 @@
#
# (c) 2015 by Thomas Lange, lange@informatik.uni-koeln.de
# Universitaet zu Koeln
+# (c) 2023 by Mike Gabriel, mike.gabriel@das-netzwerkteam.de
+# Fre(i)e Software GmbH
if [ X$FAI_ACTION = Xinstall -o X$FAI_ACTION = Xdirinstall -o X$FAI_ACTION = X ]; then
:
@@ -114,6 +116,8 @@
newclasses="${arclasses[$res]}"
}
+# a very simple OS + version detection mechanism
+OS_SUFFIX="$(source /etc/os-release 2>/dev/null && printf "%s_%s" "${ID^^}" "${VERSION_ID}")"
# read all files with name matching *.profile
_parsed=0
@@ -122,6 +126,12 @@
parse_profile $_f
_parsed=1
done
+
+# additionally read all files with name matching *.profile.<OS_SUFFIX>
+for _f in *.profile.${OS_SUFFIX}; do
+ parse_profile $_f
+ _parsed=1
+done
unset _f
# do nothing if no profile was read
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/DEBIAN_10.var debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/DEBIAN_10.var
--- debian-edu-fai-2023.05.16.1/fai/config/class/DEBIAN_10.var 2020-07-20 00:13:50.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/DEBIAN_10.var 1970-01-01 01:00:00.000000000 +0100
@@ -1 +0,0 @@
-release=buster
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/DEBIAN.var debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/DEBIAN.var
--- debian-edu-fai-2023.05.16.1/fai/config/class/DEBIAN.var 2020-07-20 00:11:16.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/DEBIAN.var 1970-01-01 01:00:00.000000000 +0100
@@ -1,18 +0,0 @@
-apt_cdn=http://deb.debian.org
-security_cdn=http://security.debian.org
-
-CONSOLEFONT=
-KEYMAP=us-latin1
-
-# MODULESLIST contains modules that will be loaded by the new system,
-# not during installation these modules will be written to /etc/modules
-# If you need a module during installation, add it to $kernelmodules
-# in 20-hwdetect.sh.
-MODULESLIST="usbhid psmouse"
-
-# if you have enough RAM (>2GB) you may want to enable this line. It
-# also puts /var/cache into a ramdisk.
-#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
-
-# if you want to use the faiserver as APT proxy
-APTPROXY=http://faiserver:8000
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/DEBIAN.var.in debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/DEBIAN.var.in
--- debian-edu-fai-2023.05.16.1/fai/config/class/DEBIAN.var.in 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/DEBIAN.var.in 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,18 @@
+apt_cdn=@apt_cdn@
+security_cdn=http://security.debian.org
+
+CONSOLEFONT=
+KEYMAP=us-latin1
+
+# MODULESLIST contains modules that will be loaded by the new system,
+# not during installation these modules will be written to /etc/modules
+# If you need a module during installation, add it to $kernelmodules
+# in 20-hwdetect.sh.
+MODULESLIST="usbhid psmouse"
+
+# if you have enough RAM (>2GB) you may want to enable this line. It
+# also puts /var/cache into a ramdisk.
+#FAI_RAMDISKS="$target/var/lib/dpkg $target/var/cache"
+
+# if you want to use the faiserver as APT proxy
+#APTPROXY=@http_proxy@
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/z20_debian-edu.profile debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z20_debian-edu.profile
--- debian-edu-fai-2023.05.16.1/fai/config/class/z20_debian-edu.profile 2022-03-03 21:35:25.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z20_debian-edu.profile 1970-01-01 01:00:00.000000000 +0100
@@ -1,45 +0,0 @@
-Default: GNOME Workstation
-
-Name: MATE Workstation
-Description: Debian Edu powered by MATE Desktop Environment
-Short: Debian Edu workstation with Mate desktop will be installed
-Long: Debian Edu workstation with Mate desktop will be installed.
-Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU WORKSTATION XORG MATE LVM LVM_EDU NONFREE NONFREE_11
-
-Name: MATE Roaming WS
-Description: Debian Edu powered by MATE Desktop Environment
-Short: Debian Edu roaming workstation with Mate desktop will be installed
-Long: Debian Edu roaming workstation with Mate desktop will be installed.
-Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU ROAMING_WORKSTATION XORG MATE LVM LVM_EDU_ROAMING NONFREE NONFREE_11
-
-Name: GNOME Workstation
-Description: Debian Edu powered by GNOME Desktop Environment
-Short: Debian Edu workstation with Gnome desktop will be installed
-Long: Debian Edu workstation with Gnome desktop will be installed.
-Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU WORKSTATION XORG GNOME LVM LVM_EDU NONFREE NONFREE_11
-
-Name: GNOME Roaming WS
-Description: Debian Edu powered by GNOME Desktop Environment
-Short: Debian Edu roaming workstation with Gnome desktop will be installed
-Long: Debian Edu roaming workstation with Gnome desktop will be installed.
-Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU ROAMING_WORKSTATION XORG GNOME LVM LVM_EDU_ROAMING NONFREE NONFREE_11
-
-Name: Minimal
-Description: Debian Edu - additional server host
-Short: Installs a Debian Edu client system, text console only
-Long: Installs a Debian Edu client system, text console only.
-Use this installation profile for server-like systems that do not
-need a graphical login.
-Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU MINIMAL LVM LVM_EDU_MINIMAL NONFREE NONFREE_11
-
-Name: Inventory
-Description: Show hardware info
-Short: Show some basic hardware infos
-Long: Execute commands for showing hardware info
-Classes: INVENTORY
-
-Name: Sysinfo
-Description: Show detailed system information
-Short: Show detailed hardware and system information
-Long: Execute a lot of commands for collecting system information
-Classes: SYSINFO
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/z20_debian-edu.profile.DEBIAN_11 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z20_debian-edu.profile.DEBIAN_11
--- debian-edu-fai-2023.05.16.1/fai/config/class/z20_debian-edu.profile.DEBIAN_11 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z20_debian-edu.profile.DEBIAN_11 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,33 @@
+Default: GNOME Workstation
+
+Name: MATE Workstation
+Description: Debian Edu powered by MATE Desktop Environment
+Short: Debian Edu workstation with Mate desktop will be installed
+Long: Debian Edu workstation with Mate desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU WORKSTATION XORG MATE LVM LVM_EDU NONFREE NONFREE_11
+
+Name: MATE Roaming WS
+Description: Debian Edu powered by MATE Desktop Environment
+Short: Debian Edu roaming workstation with Mate desktop will be installed
+Long: Debian Edu roaming workstation with Mate desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU ROAMING_WORKSTATION XORG MATE LVM LVM_EDU_ROAMING NONFREE NONFREE_11
+
+Name: GNOME Workstation
+Description: Debian Edu powered by GNOME Desktop Environment
+Short: Debian Edu workstation with Gnome desktop will be installed
+Long: Debian Edu workstation with Gnome desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU WORKSTATION XORG GNOME LVM LVM_EDU NONFREE NONFREE_11
+
+Name: GNOME Roaming WS
+Description: Debian Edu powered by GNOME Desktop Environment
+Short: Debian Edu roaming workstation with Gnome desktop will be installed
+Long: Debian Edu roaming workstation with Gnome desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU ROAMING_WORKSTATION XORG GNOME LVM LVM_EDU_ROAMING NONFREE NONFREE_11
+
+Name: Minimal
+Description: Debian Edu - additional server host
+Short: Installs a Debian Edu client system, text console only
+Long: Installs a Debian Edu client system, text console only.
+Use this installation profile for server-like systems that do not
+need a graphical login.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_11 EDU MINIMAL LVM LVM_EDU_MINIMAL NONFREE NONFREE_11
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/z20_debian-edu.profile.DEBIAN_12 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z20_debian-edu.profile.DEBIAN_12
--- debian-edu-fai-2023.05.16.1/fai/config/class/z20_debian-edu.profile.DEBIAN_12 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z20_debian-edu.profile.DEBIAN_12 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,45 @@
+Default: GNOME Workstation
+
+Name: MATE Workstation
+Description: Debian Edu powered by MATE Desktop Environment
+Short: Debian Edu workstation with Mate desktop will be installed
+Long: Debian Edu workstation with Mate desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_12 EDU WORKSTATION XORG MATE LVM LVM_EDU NONFREE NONFREE_12
+
+Name: MATE Roaming WS
+Description: Debian Edu powered by MATE Desktop Environment
+Short: Debian Edu roaming workstation with Mate desktop will be installed
+Long: Debian Edu roaming workstation with Mate desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_12 EDU ROAMING_WORKSTATION XORG MATE LVM LVM_EDU_ROAMING NONFREE NONFREE_12
+
+Name: GNOME Workstation
+Description: Debian Edu powered by GNOME Desktop Environment
+Short: Debian Edu workstation with Gnome desktop will be installed
+Long: Debian Edu workstation with Gnome desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_12 EDU WORKSTATION XORG GNOME LVM LVM_EDU NONFREE NONFREE_12
+
+Name: GNOME Roaming WS
+Description: Debian Edu powered by GNOME Desktop Environment
+Short: Debian Edu roaming workstation with Gnome desktop will be installed
+Long: Debian Edu roaming workstation with Gnome desktop will be installed.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_12 EDU ROAMING_WORKSTATION XORG GNOME LVM LVM_EDU_ROAMING NONFREE NONFREE_12
+
+Name: Minimal
+Description: Debian Edu - additional server host
+Short: Installs a Debian Edu client system, text console only
+Long: Installs a Debian Edu client system, text console only.
+Use this installation profile for server-like systems that do not
+need a graphical login.
+Classes: INSTALL FAIBASE DEBIAN DEBIAN_12 EDU MINIMAL LVM LVM_EDU_MINIMAL NONFREE NONFREE_12
+
+Name: Inventory
+Description: Show hardware info
+Short: Show some basic hardware infos
+Long: Execute commands for showing hardware info
+Classes: INVENTORY
+
+Name: Sysinfo
+Description: Show detailed system information
+Short: Show detailed hardware and system information
+Long: Execute a lot of commands for collecting system information
+Classes: SYSINFO
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile
--- debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile 2022-03-03 21:35:25.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile 1970-01-01 01:00:00.000000000 +0100
@@ -1,11 +0,0 @@
-Name: FAI Client Inventory
-Description: Show hardware info
-Short: Show some basic hardware infos
-Long: Execute commands for showing hardware info
-Classes: INVENTORY
-
-Name: FAI Client Sysinfo
-Description: Show detailed system information
-Short: Show detailed hardware and system information
-Long: Execute a lot of commands for collecting system information
-Classes: SYSINFO
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile._ANY_ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile._ANY_
--- debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile._ANY_ 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile._ANY_ 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,11 @@
+Name: FAI Client Inventory
+Description: Show hardware info
+Short: Show some basic hardware infos
+Long: Execute commands for showing hardware info
+Classes: INVENTORY
+
+Name: FAI Client Sysinfo
+Description: Show detailed system information
+Short: Show detailed hardware and system information
+Long: Execute a lot of commands for collecting system information
+Classes: SYSINFO
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile.DEBIAN_11 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile.DEBIAN_11
--- debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile.DEBIAN_11 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile.DEBIAN_11 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,11 @@
+Name: FAI Client Inventory
+Description: Show hardware info
+Short: Show some basic hardware infos
+Long: Execute commands for showing hardware info
+Classes: INVENTORY
+
+Name: FAI Client Sysinfo
+Description: Show detailed system information
+Short: Show detailed hardware and system information
+Long: Execute a lot of commands for collecting system information
+Classes: SYSINFO
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile.DEBIAN_12 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile.DEBIAN_12
--- debian-edu-fai-2023.05.16.1/fai/config/class/z90_fai.profile.DEBIAN_12 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/class/z90_fai.profile.DEBIAN_12 2023-09-25 09:48:22.000000000 +0200
@@ -0,0 +1,11 @@
+Name: FAI Client Inventory
+Description: Show hardware info
+Short: Show some basic hardware infos
+Long: Execute commands for showing hardware info
+Classes: INVENTORY
+
+Name: FAI Client Sysinfo
+Description: Show detailed system information
+Short: Show detailed hardware and system information
+Long: Execute a lot of commands for collecting system information
+Classes: SYSINFO
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU
--- debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU 2022-01-05 08:26:52.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU 2023-11-19 09:40:59.000000000 +0100
@@ -1,11 +1,11 @@
disk_config disk1 disklabel:gpt-bios bootable:1 fstabkey:uuid
primary /boot/efi 512M vfat rw
-primary /boot 512M-2G ext4 rw
+primary /boot 1G-3G ext4 rw
primary - 0- - -
disk_config lvm
vg vg_system disk1.3
-vg_system-root / 2G-4G ext4 errors=remount-ro
+vg_system-root / 3G-5G ext4 errors=remount-ro
vg_system-swap_1 swap RAM:150% swap sw
-vg_system-usr /usr 28G-36G ext4 defaults
-vg_system-var /var 8G-10G ext4 defaults
+vg_system-usr /usr 32G-36G ext4 defaults
+vg_system-var /var 11G-14G ext4 defaults
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU_MINIMAL debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU_MINIMAL
--- debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU_MINIMAL 2022-01-05 08:26:52.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU_MINIMAL 2023-11-19 09:40:59.000000000 +0100
@@ -9,4 +9,4 @@
vg_system-swap_1 swap RAM:150% swap sw
vg_system-usr /usr 8G-12G ext4 defaults
vg_system-var /var 8G-10G ext4 defaults
-vg_system-home /srv 4G-6G ext4 defaults
+vg_system-srv /srv 4G-6G ext4 defaults
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU_ROAMING debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU_ROAMING
--- debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU_ROAMING 2022-01-05 08:26:52.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU_ROAMING 2023-11-19 09:40:59.000000000 +0100
@@ -1,12 +1,12 @@
disk_config disk1 disklabel:gpt-bios bootable:1 fstabkey:uuid
primary /boot/efi 512M vfat rw
-primary /boot 512M-2G ext4 rw
+primary /boot 1G-3G ext4 rw
primary - 0- - -
disk_config lvm
vg vg_system disk1.3
-vg_system-root / 2G-4G ext4 errors=remount-ro
+vg_system-root / 3G-5G ext4 errors=remount-ro
vg_system-swap_1 swap RAM:150% swap sw
-vg_system-usr /usr 28G-36G ext4 defaults
-vg_system-var /var 8G-10G ext4 defaults
+vg_system-usr /usr 32G-36G ext4 defaults
+vg_system-var /var 11G-14G ext4 defaults
vg_system-home /home 4G-70% ext4 defaults
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU_TABLET debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU_TABLET
--- debian-edu-fai-2023.05.16.1/fai/config/disk_config/LVM_EDU_TABLET 2022-01-05 08:26:52.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/disk_config/LVM_EDU_TABLET 2023-11-19 09:40:59.000000000 +0100
@@ -1,9 +1,9 @@
disk_config disk1 disklabel:gpt-bios bootable:1 fstabkey:uuid
primary /boot/efi 512M vfat rw
-primary /boot 512M-2G ext4 rw
+primary /boot 1G-3G ext4 rw
primary - 0- - -
disk_config lvm
vg vg_system disk1.3
-vg_system-root / 12G-80G ext4 errors=remount-ro
+vg_system-root / 16G-80G ext4 errors=remount-ro
vg_system-swap_1 swap RAM:150% swap sw
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list/DEBIAN_10 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list/DEBIAN_10
--- debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list/DEBIAN_10 2020-07-20 00:13:50.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list/DEBIAN_10 2023-09-25 09:48:22.000000000 +0200
@@ -1,5 +1,5 @@
-deb http://deb.debian.org/debian {%release%} main
-deb http://deb.debian.org/debian {%release%}-updates main
+deb {%apt_cdn%}/debian {%release%} main
+deb {%apt_cdn%}/debian {%release%}-updates main
# this URL will change in Debian 11...
deb {%security_cdn%}/debian-security {%release%}/updates main
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list/DEBIAN_11 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list/DEBIAN_11
--- debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list/DEBIAN_11 2020-07-20 00:13:50.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list/DEBIAN_11 2023-09-25 09:48:22.000000000 +0200
@@ -1,5 +1,5 @@
-deb http://deb.debian.org/debian {%release%} main
-deb http://deb.debian.org/debian {%release%}-updates main
+deb {%apt_cdn%}/debian {%release%} main
+deb {%apt_cdn%}/debian {%release%}-updates main
# different from the URL required for Debian 10
deb {%security_cdn%}/debian-security {%release%}-security main
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list/DEBIAN_12 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list/DEBIAN_12
--- debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list/DEBIAN_12 2021-09-06 14:08:48.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list/DEBIAN_12 2023-09-25 09:48:22.000000000 +0200
@@ -1,5 +1,5 @@
-deb http://deb.debian.org/debian {%release%} main
-deb http://deb.debian.org/debian {%release%}-updates main
+deb {%apt_cdn%}/debian {%release%} main non-free-firmware
+deb {%apt_cdn%}/debian {%release%}-updates main non-free-firmware
# different from the URL required for Debian 10
-deb {%security_cdn%}/debian-security {%release%}-security main
+deb {%security_cdn%}/debian-security {%release%}-security main non-free-firmware
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list.d/fai-mirror.list/FAI_MIRROR debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list.d/fai-mirror.list/FAI_MIRROR
--- debian-edu-fai-2023.05.16.1/fai/config/files/etc/apt/sources.list.d/fai-mirror.list/FAI_MIRROR 2020-07-20 00:14:12.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/apt/sources.list.d/fai-mirror.list/FAI_MIRROR 2023-09-25 09:48:22.000000000 +0200
@@ -1 +1 @@
-deb [trusted=yes arch=amd64] http://faiserver.intern/mirror-deb11-gnome cskoeln main
+deb [trusted=yes arch=amd64] http://faiserver.intern/mirror cskoeln main
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/files/etc/motd/DEBIAN_12 debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/motd/DEBIAN_12
--- debian-edu-fai-2023.05.16.1/fai/config/files/etc/motd/DEBIAN_12 2021-09-06 14:08:48.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/files/etc/motd/DEBIAN_12 2023-09-25 09:48:22.000000000 +0200
@@ -1,3 +1,3 @@
-Debian Edu 12.x (testing/unstable) installed with FAI...
+Debian Edu 12.x installed with FAI...
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/hooks/updatebase.DEBIAN debian-edu-fai-2023.11.19.1~deb12u1/fai/config/hooks/updatebase.DEBIAN
--- debian-edu-fai-2023.05.16.1/fai/config/hooks/updatebase.DEBIAN 2019-10-03 09:06:33.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/hooks/updatebase.DEBIAN 2023-09-25 09:48:22.000000000 +0200
@@ -1,9 +1,9 @@
#! /bin/bash
if [ -n "$APTPROXY" ]; then
- echo "Acquire::http::Proxy \"$APTPROXY\";" > $target/etc/apt/apt.conf.d/02proxy
+ echo "Acquire::http::Proxy \"$APTPROXY\";" > $target/etc/apt/apt.conf.d/04proxy
else
- rm -f $target/etc/apt/apt.conf.d/02proxy
+ rm -f $target/etc/apt/apt.conf.d/04proxy
fi
echo force-unsafe-io > $target/etc/dpkg/dpkg.cfg.d/unsafe-io
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/_obsolete-files.d/debian-edu-fai.removed debian-edu-fai-2023.11.19.1~deb12u1/fai/config/_obsolete-files.d/debian-edu-fai.removed
--- debian-edu-fai-2023.05.16.1/fai/config/_obsolete-files.d/debian-edu-fai.removed 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/_obsolete-files.d/debian-edu-fai.removed 2023-11-19 09:40:59.000000000 +0100
@@ -0,0 +1,2 @@
+class/DEBIAN_10.var
+package_config/DEBIAN.asc
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/package_config/DEBIAN debian-edu-fai-2023.11.19.1~deb12u1/fai/config/package_config/DEBIAN
--- debian-edu-fai-2023.05.16.1/fai/config/package_config/DEBIAN 2020-07-20 00:11:16.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/package_config/DEBIAN 2023-09-25 09:48:22.000000000 +0200
@@ -8,7 +8,6 @@
openssh-client openssh-server
time
procinfo
-nullmailer
eject
locales
console-setup kbd
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/scripts/DEBIAN/40-misc debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/DEBIAN/40-misc
--- debian-edu-fai-2023.05.16.1/fai/config/scripts/DEBIAN/40-misc 2019-10-03 09:06:33.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/DEBIAN/40-misc 2023-09-25 09:48:22.000000000 +0200
@@ -11,7 +11,9 @@
done
fcopy -Mv /etc/hostname || echo $HOSTNAME > $target/etc/hostname
-ainsl -a /etc/mailname ${HOSTNAME}
+if [ ! -e $target/etc/mailname ]; then
+ printf 'postoffice.intern\n' > $target/etc/mailname
+fi
if [ ! -e $target/etc/adjtime ]; then
printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
fi
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/scripts/EDU/40-cfengine-debian-edu-postinstall debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/EDU/40-cfengine-debian-edu-postinstall
--- debian-edu-fai-2023.05.16.1/fai/config/scripts/EDU/40-cfengine-debian-edu-postinstall 2021-09-06 14:08:48.000000000 +0200
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/EDU/40-cfengine-debian-edu-postinstall 2023-09-25 09:48:22.000000000 +0200
@@ -29,8 +29,8 @@
# Do the conversion of the vanilla Debian system to a Debian Edu system
chroot $target /usr/bin/cf-agent -I -D installation
-# fetch LDAP certs
-chroot $target /etc/init.d/fetch-ldap-cert start
+# fetch DebianEdu root CA certs
+chroot $target /usr/share/debian-edu-config/tools/fetch-rootca-cert
sed -i $target/etc/wgetrc \
-e "s@^http_proxy\s*=.*@http_proxy = $http_proxy@" \
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/scripts/LAST/50-misc debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/LAST/50-misc
--- debian-edu-fai-2023.05.16.1/fai/config/scripts/LAST/50-misc 2019-03-26 16:32:51.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/LAST/50-misc 2023-09-25 09:48:22.000000000 +0200
@@ -72,7 +72,7 @@
return
fi
- dists="jessie stretch buster bullseye bookworm bionic xenial trusty"
+ dists="bullseye bookworm bionic xenial trusty"
for d in $dists; do
if grep -iq $d $target/etc/os-release; then
release=$d
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/scripts/ROAMING_WORKSTATION/20-update-security-group-conf debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/ROAMING_WORKSTATION/20-update-security-group-conf
--- debian-edu-fai-2023.05.16.1/fai/config/scripts/ROAMING_WORKSTATION/20-update-security-group-conf 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/ROAMING_WORKSTATION/20-update-security-group-conf 2023-11-19 09:40:59.000000000 +0100
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# on bookworm and later this is handled through cfengine
+if ifclass DEBIAN_11; then
+ fcopy -iM /etc/security/group.conf
+fi
diff -Nru debian-edu-fai-2023.05.16.1/fai/config/scripts/WORKSTATION/20-update-security-group-conf debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/WORKSTATION/20-update-security-group-conf
--- debian-edu-fai-2023.05.16.1/fai/config/scripts/WORKSTATION/20-update-security-group-conf 1970-01-01 01:00:00.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/fai/config/scripts/WORKSTATION/20-update-security-group-conf 2023-11-19 09:40:59.000000000 +0100
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# on bookworm and later this is handled through cfengine
+if ifclass DEBIAN_11; then
+ fcopy -iM /etc/security/group.conf
+fi
diff -Nru debian-edu-fai-2023.05.16.1/README.md debian-edu-fai-2023.11.19.1~deb12u1/README.md
--- debian-edu-fai-2023.05.16.1/README.md 2022-03-03 21:35:25.000000000 +0100
+++ debian-edu-fai-2023.11.19.1~deb12u1/README.md 2023-09-25 09:48:22.000000000 +0200
@@ -1,50 +1,60 @@
# Debian Edu FAI Installer
-## Setup with script 'debian-edu-faiinstall'
+## Setup with script 'debian-edu-fai_install'
-To setup a Debian Edu machine as FAI installer for Debian Edu, simply run
-the ``debian-edu-faiinstall`` script either on a the Debian Edu mainserver
-or on a dedicated Debian Edu machine that shall act as a FAI server on
-the network.
+To setup a Debian Edu machine as FAI installer for Debian Edu, the
+``debian-edu-fai_install`` script can be used, either on a the Debian Edu
+mainserver or on a dedicated Debian Edu machine that shall act as a FAI server
+on the network.
-The ``debian-edu-faiinstall`` is (i.e. should be) idempotent. So, it is
+Before using ``debian-edu-fai_install`` for the first time a few manual steps
+need to be taken to prepare the server. Please see below for the details.
+
+The ``debian-edu-fai_install`` is (i.e. should be) idempotent. So, it is
possible to execute it several times and it won't do any damage when
running repeatedly (except from re-creating all configs related to FAI).
-When running ``debian-edu-faiinstall`` on a machine that already ships a
+When running ``debian-edu-fai_install`` on a machine that already ships a
TFTP configuration for LTSP (which is the case for the Debian Edu mainserver
and for Debian Edu Terminal Servers) it will move that configuration out
of the way and replace it by the Debian Edu FAI configuration.
-## Manual steps
+### Manual steps
+
+#### Adjust the Debian Edu FAI configuration
-Only a few steps are required manually before executing
-``debian-edu-faiinstall`` the first time.
+Before running ``debian-edu-fai_install``, please adjust the configuration file
+`/etc/debian-edu/debian-edu-fai.conf`. That configuration file contains
+parameter documentation in its comments, please follow suggestions etc. given
+there.
-### Adjust the Debian Edu FAI configuration
+#### Configure NFS exports
-Before running ``debian-edu-faiinstall``, please adjust the configuration file
-``/etc/debian-edu/faiinstall.conf``. That configuration file contains parameter
-documentation in its comments, please follow suggestions etc. given there.
+The directories `/srv/fai/config` and `/srv/fai/nfsroots.debian-edu-fai` need
+to be exported via NFS. There is a corresponding `exports` file
+`/usr/share/debian-edu-fai/exports.d/debian-edu-fai.exports` which can be
+copied to `/etc/exports.d`, afterwards `exportfs -ra` needs to be run for the
+change to take effect.
-### SSH access of the FAI installer to the FAI server
+#### SSH access of the FAI installer to the FAI server
At the end of a FAI installation, the FAI installer attempts to write its
installation logs back to the FAI server. This is done via SSH (using
pub/priv SSH key authentication).
-To include this feature in your setup, please run these commands (with
-some interactions of pressing the <ENTER> key) from the command line as
-super-user root on your FAI server:
+To include this feature in your setup, make sure the following configuration
+options are set in `/etc/debian-edu/debian-edu-fai.conf`:
+
+```
+fai_logserver="$(hostname -f)"
+fai_loguser='fai'
+```
+
+and run the follwoing command as root:
```
-$ su - fai
-$ ssh-keygen
-$ cat ~fai/.ssh/id_rsa.pub >> ~fai/.ssh/authorized_keys
-$ ssh fai@$(hostname -s)
-### accept host key with 'yes'
-$ ssh fai@$(hostname -f)
-### accept host key with 'yes'
-$ ssh fai@$(hostname -I | cut -d" " -f1)
-### accept host key with 'yes'
+runuser -u fai -- sh -c 'umask 077;
+ ssh-keygen -q -t rsa -f ~/.ssh/id_rsa -N "" &&
+ cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys &&
+ ssh-keyscan -H "$(hostname -f)" >> ~/.ssh/known_hosts'
```
diff --git a/bin/debian-edu-faiinstall b/bin/debian-edu-fai_install
similarity index 84%
rename from bin/debian-edu-faiinstall
rename to bin/debian-edu-fai_install
index 7eb38d4..812c0ad 100755
--- a/bin/debian-edu-faiinstall
+++ b/bin/debian-edu-fai_install
@@ -2,7 +2,7 @@
#
# Prepare for FAI installation of Debian Edu.
-set -ex
+set -x
LC_ALL=C
export LC_ALL
@@ -65,6 +65,7 @@ fi
[ "$fai_logserver" ] || unset fai_logserver
[ "$fai_loguser" ] || unset fai_loguser
[ "$school_tag" ] || school_tag="SKOLE"
+[ "$http_proxy" ] || unset http_proxy
# required for pre-selecting the default boot item in iPXE config
[ "$default_arch" ] || default_arch="$(echo ${archs} | cut -d " " -f1)"
@@ -86,6 +87,9 @@ if [ -f /etc/debian-edu/debian-edu-fai.conf ] ; then
. /etc/debian-edu/debian-edu-fai.conf
fi
+# derived from mirrorurl...
+[ "$apt_cdn" ] || apt_cdn="$(echo "$mirrorurl" | sed -E -e 's@(.*://[^/]+)/.*@\1@g')"
+
# keep a copy of /srv/tftp/ltsp if this is the first attempt to deploy
# debian-edu-fai on this system
if [ -d "${tftpdir}/debian-edu-fai" ] && [ ! -h "${tftpdir}/debian-edu-fai" ]; then
@@ -124,7 +128,7 @@ touch "${menufile}"
for codename in ${codenames}; do
# skip codenames that don't sound like Debian suites...
- if ! echo "jessie stretch buster bullseye bookworm sid unstable" | grep -q "${codename}"; then
+ if ! echo "bullseye bookworm sid unstable" | grep -q "${codename}"; then
echo "WARNING: The name '${codename}' is not a known and recent Debian distribution codename. Skipping..."
continue
fi
@@ -132,6 +136,16 @@ for codename in ${codenames}; do
# iterate over configured FAI client architectures...
for arch in ${archs}; do
+ set +x
+
+ echo
+ echo "###"
+ echo "### Creating/updating FAI server configuration"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+
+ set -x
+
# create codename based fai base config
faiconfig="/etc/debian-edu/fai/debian-edu-fai.${arch}+${codename}"
if [ -d /etc/debian-edu/fai/debian-edu-fai.TEMPLATE ]; then
@@ -160,6 +174,11 @@ for codename in ${codenames}; do
[ "$fai_logserver" ] && export fai_logserver && perl -p -e "s/^(#|)LOGSERVER=.{0,1}\@fai_logserver\@.{0,1}\s*\$/LOGSERVER=\'\$ENV{fai_logserver}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
[ "$fai_loguser" ] && export fai_loguser && perl -p -e "s/^(#|)LOGUSER=.{0,1}\@fai_loguser\@.{0,1}\s*\$/LOGUSER=\'\$ENV{fai_loguser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ # hack for non-free-firmware repo area added since Debian 12 (aka bookworm) [we only support Debian 11 (aka bullseye) and upwards]
+ if [ "$codename" = "bullseye" ]; then
+ perl -p -e "s/ non-free-firmware//g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ fi
+
chown root:root ${file_to_adapt%.in}
chmod 0600 ${file_to_adapt%.in}
rm ${file_to_adapt}
@@ -190,15 +209,16 @@ for codename in ${codenames}; do
FAI_CONFIGDIR_REAL="$(readlink ${FAI_CONFIGDIR})"
fi
- # Copy FAI config space into /srv/fai/config if not already present
- if [ ! -d "${FAI_CONFIGDIR_REAL}" ]; then
- if [ -d /usr/share/debian-edu-fai/fai/config ]; then
- cp -a /usr/share/debian-edu-fai/fai/config /srv/fai/
- else
- echo "ERROR: Package debian-edu-fai is not installed, please install it first"
- exit 1
- fi
- fi
+ set +x
+
+ echo
+ echo "###"
+ echo "### Installing/updating FAI config space (this takes some time)"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+ debian-edu-fai_updateconfigspace "${FAI_CONFIGDIR_REAL}"
+
+ set -x
# Update variables to be customized in FAI config space
@@ -207,11 +227,22 @@ for codename in ${codenames}; do
# This is a known issue and works as designed. People might have chosen to
# use difference FAI_CONFIGDIR values for different environments and with
# such a choice executing the below per arch and per codename makes sense.
+
+ set +x
+
+ echo
+ echo "###"
+ echo "### Tweaking FAI config space"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+
+ set -x
+
find ${FAI_CONFIGDIR_REAL} -name '*.in' | while read file_to_adapt; do
cp ${file_to_adapt} ${file_to_adapt%.in}
- # FIXME: also comment out variables that are not set (anymore) in /etc/debian-edu/faiinstall.cfg
+ # FIXME: also comment out variables that are not set (anymore) in /etc/debian-edu/debian-edu-fai.conf
[ "$rootpw" ] && export rootpw && perl -p -e "s/^(#|)ROOTPW=.{0,1}\@rootpw\@.{0,1}\s*\$/ROOTPW=\'\$ENV{rootpw}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
[ "$localuser" ] && export localuser && perl -p -e "s/^(#|)username=.{0,1}\@localuser\@.{0,1}\s*\$/username=\'\$ENV{localuser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
@@ -221,6 +252,9 @@ for codename in ${codenames}; do
[ "$fai_logserver" ] && export fai_logserver && perl -p -e "s/^(#|)LOGSERVER=.{0,1}\@fai_logserver\@.{0,1}\s*\$/LOGSERVER=\'\$ENV{fai_logserver}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
[ "$fai_loguser" ] && export fai_loguser && perl -p -e "s/^(#|)LOGUSER=.{0,1}\@fai_loguser\@.{0,1}\s*\$/LOGUSER=\'\$ENV{fai_loguser}\'\n/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
[ "$school_tag" ] && export school_tag && perl -p -e "s/\@school_tag\@/\$ENV{school_tag}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$mirrorurl" ] && export mirrorurl && perl -p -e "s/\@mirrorurl\@/\$ENV{mirrorurl}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$apt_cdn" ] && export apt_cdn && perl -p -e "s/\@apt_cdn\@/\$ENV{apt_cdn}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
+ [ "$http_proxy" ] && export http_proxy && perl -p -e "s/^(#|)APTPROXY=\@http_proxy\@/APTPROXY=\$ENV{http_proxy}/g" "${file_to_adapt%.in}" > "${file_to_adapt%.in}.new" && mv "${file_to_adapt%.in}.new" "${file_to_adapt%.in}"
chown root:root ${file_to_adapt}
chmod 0600 ${file_to_adapt}
@@ -233,6 +267,14 @@ for codename in ${codenames}; do
export http_proxy
fi
+ set +x
+
+ echo
+ echo "###"
+ echo "### Creating FAI nfsroot installer environment"
+ echo "### (codename: ${codename}, architecture: ${arch})"
+ echo "###"
+
# the NFSROOT variable we should have obtained from sourcing $faiconfig/nfsroot.conf
# (aka /etc/fai/nfsroot.conf) above...
if [ -n "${NFSROOT}" ] && [ -n "${codename}" ]; then
@@ -245,17 +287,20 @@ for codename in ${codenames}; do
if [ ! -f "${NFSROOT}/.DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED" ]; then
# enforce NFSROOT re-creation (or initial creation)
- fai-make-nfsroot -v -f -N -C ${faiconfig}
+ mkdir -p "${NFSROOT}/proc"
+ mount -t proc proc "${NFSROOT}/proc"
+ TMPDIR=/tmp fai-make-nfsroot -v -f -N -C ${faiconfig}
touch "${NFSROOT}/.DEBIAN_EDU_FAI_NFSROOT_INSTALLATION_COMPLETED"
-
else
-
+ mount -t proc proc "${NFSROOT}/proc"
# update packages (and clean old kernel images) in NFSROOT
- fai-make-nfsroot -v -k -N -C ${faiconfig}
+ TMPDIR=/tmp fai-make-nfsroot -v -k -N -C ${faiconfig}
# adjust nfsroot configuration (SSH pubkeys, rootpw, etc.)
- fai-make-nfsroot -v -a -C ${faiconfig}
+ TMPDIR=/tmp fai-make-nfsroot -v -a -C ${faiconfig}
fi
+ [ -d "${NFSROOT}/proc/self" ] && umount "${NFSROOT}/proc"
+ [ -d "${NFSROOT}/sys/class" ] && umount "${NFSROOT}/sys"
# Remove /srv/tftp/debian-edu-fai.ARCH+CODENAME after NFSROOT creation.
# We don't need that as we use our own iPXE boot config (instead
@@ -297,6 +342,9 @@ kernel /debian-edu-fai/${arch}+${codename}/vmlinuz initrd=initrd.img \${params}
initrd /debian-edu-fai/${arch}+${codename}/initrd.img
boot || goto failed
EOF
+
+ set -x
+
done
done
@@ -312,7 +360,12 @@ fi
# generate ipxe menu on a plain main server for PXE installations
cp /usr/lib/ipxe/undionly.kpxe "${tftpdir}/debian-edu-fai/"
cp /usr/lib/ipxe/snponly.efi "${tftpdir}/debian-edu-fai/"
-cp /boot/memtest86+.bin "${tftpdir}/debian-edu-fai/"
+for memtest_bios in memtest86+x64.bin memtest86+.bin; do
+ [ -f "/boot/${memtest_bios}" ] && break
+done
+cp "/boot/${memtest_bios}" "${tftpdir}/debian-edu-fai/"
+memtest_efi="${memtest_bios%.bin}.efi"
+[ -f "/boot/${memtest_efi}" ] && cp "/boot/${memtest_efi}" "${tftpdir}/debian-edu-fai/"
echo "Generating ${tftpdir}/debian-edu-fai/ltsp.ipxe"
cat <<EOF > "${tftpdir}/debian-edu-fai/ltsp.ipxe"
#!ipxe
@@ -347,7 +400,7 @@ choose --timeout \${menu-timeout} --default \${img} img || goto cancel
goto \${img}
:memtest
-iseq \${platform} pcbios && kernel memtest86+.bin || kernel memtest.efi
+iseq \${platform} pcbios && kernel ${memtest_bios} || kernel ${memtest_efi}
# Boot "fails" on normal memtest exit with Esc, so show the menu again
boot ||
goto start
diff --git a/bin/debian-edu-fai_updateconfigspace b/bin/debian-edu-fai_updateconfigspace
new file mode 100755
index 0000000..eea0e6b
--- /dev/null
+++ b/bin/debian-edu-fai_updateconfigspace
@@ -0,0 +1,92 @@
+#!/bin/sh
+
+# Copyright (C) 2010-2023 Pädagogisches Landesinstitut Rheinland-Pfalz
+# Copyright (C) 2022-2023 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the
+# Free Software Foundation, Inc.,
+# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
+
+# Sync FAI config space files from DATADIR/fai/config/ to
+# /srv/fai/config. For this, the 'ucf' tool is used, three-way
+# patching is supported for this.
+
+set -e
+
+LC_ALL=C
+export LC_ALL
+
+if [ -z "$1" ]; then
+ echo "usage: $(basename $0) <FAI_CONFIGDIR>"
+ exit 1
+fi
+
+# first parameter is the configspace's target dir
+FAI_CONFIGDIR="$1"
+
+FAI_CONFIGDIR_REAL="${FAI_CONFIGDIR}"
+# if FAI_CONFIGDIR is a symlink, we need to find the real location...
+if [ -h ${FAI_CONFIGDIR} ]; then
+ FAI_CONFIGDIR_REAL="$(readlink ${FAI_CONFIGDIR})"
+fi
+
+# Copy FAI config space into /srv/fai/config if not already present
+if [ "${FAI_CONFIGDIR_REAL}" = "/usr/share/debian-edu-fai/fai/config" ]; then
+ echo "ERROR: FAI_CONFIGDIR points to '${FAI_CONFIGDIR_REAL}'."
+ echo "ERROR: Such a setup is not supported..."
+ exit 1
+elif command -v git 1>/dev/null && [ "$(git rev-parse --is-inside-work-tree 2>/dev/null)" = "true" ]; then
+ # FAI config space is managed by Git, don't do anything then...
+ :
+else
+ # create config space's base directory if it does not yet exist
+ if [ ! -d "${FAI_CONFIGDIR_REAL}" ]; then
+ mkdir -p "${FAI_CONFIGDIR_REAL}"
+ fi
+
+ # remove obsolete files used in previous FAI configspace versions
+ cd "${FAI_CONFIGDIR_REAL}"
+ cat /usr/share/debian-edu-fai/fai/config/_obsolete-files.d/*.removed | while read obsolete_configspace_file; do
+ rm -fv "${obsolete_configspace_file}"
+ # purge file's hash from ucf hash list
+ ucf -p "${FAI_CONFIGDIR_REAL}/${obsolete_configspace_file}"
+ # try to remove non-used / empty directories
+ if [ -d "$(dirname ${obsolete_configspace_file})" ]; then
+ rmdir --parents --ignore-fail-on-non-empty "$(dirname ${obsolete_configspace_file})"
+ fi
+ done
+ cd - 1>/dev/null
+
+ # managed FAI config space with 'ucf'...
+ cd "/usr/share/debian-edu-fai/fai/config"
+ find . -type f | grep -v "_obsolete-files.d/" | while read new_configspace_file; do
+ # handle files that shall become a directory gracefully
+ target_dir="${FAI_CONFIGDIR_REAL}/$(dirname "${new_configspace_file}")"
+ if [ -e "${target_dir}" ] && [ ! -d "${target_dir}" ]; then
+ mv -v "${target_dir}" "${target_dir}.moved-out-of-the-way"
+ fi
+ mkdir -p "${FAI_CONFIGDIR_REAL}/$(dirname "${new_configspace_file}")"
+ if [ -e "${target_dir}.moved-out-of-the-way" ]; then
+ mv -v "${target_dir}.moved-out-of-the-way" "${target_dir}/OBSOLETE"
+ fi
+ # install/update configspace file via ucf
+ ucf --state-dir "/var/lib/debian-edu-fai/ucf/" --three-way "$new_configspace_file" "${FAI_CONFIGDIR_REAL}/${new_configspace_file}"
+ done
+ cd - 1>/dev/null
+
+ # clean-up ucf backup files... (they confuse FAI)
+ cd "${FAI_CONFIGDIR_REAL}"
+ find . -name "*.ucf-*" -delete
+ cd - 1>/dev/null
+fi
--- End Message ---