-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
Format: 1.8
Date: Thu, 07 Sep 2023 21:16:37 +0200
Source: debian-edu-fai
Architecture: source
Version: 2023.09.07.1
Distribution: unstable
Urgency: medium
Maintainer: Debian Edu Developers <debian-edu@lists.debian.org>
Changed-By: Mike Gabriel <sunweaver@debian.org>
Changes:
debian-edu-fai (2023.09.07.1) unstable; urgency=medium
.
* Debian Edu FAI for Debian bookworm.
.
[ Guido Berhoerster ]
* Rename bin/debian-edu-faiinstall to bin/debian-edu-fai_install for
consistency with debian-edu-router.
* Actually install /etc/security/group.conf on bullseye. From bookworm on this
is handled via cfengine.
* Use non-free-firmware component on bookworm and later.
This is required for installing the firmware packages.
* Add support for memtest86+ x64.
* debian/control: Add explicit dependency on memtest86+.
* Unset TMPDIR when invoking fai-make-nfsroot.
On a DebianEdu installation pam_tmpdir is installed which sets TMPDIR to
/tmp/user/<uid>. This is then propagated from fai-make-nfsroot to
debootstrap which causes maintainer scripts making use of TMPDIR (e.g. by
calling mktemp) to fail because the directory does not exist inside the
chroot.
* Add some documentation about NFS exports to README.md
* Switch to installing bookworm.
* Ensure parent of target directory exists before copying FAI config space
debian-edu-faiinstall does not check whether the parent of the target
directory /srv/fai/config existed before invoking cp -a on the config space.
Thus, if /srv/fai does no exist cp will copy /usr/share/debian-edu-fai/fai
/config to /srv/fai instead of /srv/fai/config which is not detected until
booting a client via PXE. Fix this by ensuring the parent directory of
$FAI_CONFIGDIR_REAL exists.
Additionally do not hardcode /srv/fai which ignores that FAI_CONFIGDIR is
configurable.
* Disable apt proxy by default. Do not assume faiserver.intern exists. The
proxy can be set via /etc/debian-edu/debian-edu-fai.conf.
* Fix instructions in README.md and /etc/debian-edu/debian-edu-fai.conf
The configuration file name is /etc/debian-edu/debian-edu-fai.conf not
/etc/debian-edu/faiinstall.conf.
Improve and shorten the instructions to set up SSH access for the fai user.
* Add primary group fai for the fai user (instead of primary group
nobody).
* Recommend the use of yescrypt password hashes.
This follows the default since Debian bullseye.
* Add note about syntax to configuration.
* Update motd for bookworm.
* README.md: Change instructions to emphasize the need for first time
configuration. Users should not be enticed to blindly run
debian-edu-fai_install before actually configuring the server.
* Ensure debian-edu-fai.conf is not world-readable
It contains password hashes for the root account of installed clients so
like /etc/shadow it should not be world readable.
* Replace fetch-ldap-cert script usage with fetch-rootca-cert
The fetch-ldap-cert init script has been obsolete and was removed
(see #971780).
.
[ Mike Gabriel ]
* bin/debian-edu-fai_install (port over from debian-edu-router's FAI
installation script):
+ Manage config space with ucf.
+ Echo headlines to show where we are in the script.
+ Drop support for Debian versions older than bullseye
+ Mount /proc and /sys in nfsroot
* README.md: Typo fix.
* {README.md,conf/debian-edu/debian-edu-fai.conf}: Adjust files to renaming
of debian-edu-fai_install script (only in docs or comments).
* bin/debian-edu-fai_install: Mount /proc and /sys in nfsroot
Mount prior to creating/updating it. Those mountpoints are needed by
dracut's 45url-libs module.
* debian/control:
+ Bump Standards-Version: to 4.6.2. No changes needed.
* debian/copyright:
+ Update copyright attributions.
* lintian: Override uses-dpkg-database-directly and openpgp-file-has-
implementation-specific-extension for given reasons.
Checksums-Sha1:
fd73b549a3286fcad0b0852d22ea07c7491e0eb2 1730 debian-edu-fai_2023.09.07.1.dsc
db3d86dde749d5d5fc7afd2c8d7f733ce730ea44 73740 debian-edu-fai_2023.09.07.1.tar.xz
b50c66d2b0c3ad5b9ff7c367416495d0e5b4f586 6741 debian-edu-fai_2023.09.07.1_source.buildinfo
Checksums-Sha256:
adc4457b80ee5dfc16ab766a2fd1198ee178e9582113cf401d1394600eb6590e 1730 debian-edu-fai_2023.09.07.1.dsc
0cce2c0c03525a87af6588f44e4d77d78145d69f3c38b11fd49714429f6a68d2 73740 debian-edu-fai_2023.09.07.1.tar.xz
3acbfed5dc7ebd32979f4939e8f740de6af301351e42f42faecf0b75919c411c 6741 debian-edu-fai_2023.09.07.1_source.buildinfo
Files:
6f4673a39f0c0b7d6e066e6258f3f8c3 1730 admin optional debian-edu-fai_2023.09.07.1.dsc
1011767407c0a1945bae4942a3fa6183 73740 admin optional debian-edu-fai_2023.09.07.1.tar.xz
4578312836d5cc507ccd78a485376c28 6741 admin optional debian-edu-fai_2023.09.07.1_source.buildinfo
-----BEGIN PGP SIGNATURE-----
iQJJBAEBCAAzFiEEm/uu6GwKpf+/IgeCmvRrMCV3GzEFAmT6MjsVHHN1bndlYXZl
ckBkZWJpYW4ub3JnAAoJEJr0azAldxsxYN8P/0zz1bkToPCNXF+DeIppGMI4m8Nu
L+RygLC9FNL/w5DpeYhQP9VYDGEo0QPlbk13kPt4JfH9FQOdtbXXubVTJ//3iC5E
DfpVTPCsoJt63SDh/6sIV2AuVWoh8v6+8PPmCvxOQMkPnu9xQPeZKo3SAyuRT7E1
9mWGpELCAKP68w2+tWpHK04b0mZ0Szm/OV16gWajgRD3iIGkZjh8BJdrEo7Ta+2+
SaoyZ3JkLV2e300V+2px8p2ntGw1YyJqqw78JWyEpAPxie0iphCvQ8sVY2+yp/eK
DPBu9sZM1YF+pc1NWDx1YuVpV6QVHiAEs8nX4X9BkKORJ7CYnL/mSLGCOOaJ+q2c
wlABpsURJ8KBkhvgTJsFMDe8NUSADSWaNKyhucxahJV0poVzOcU3RbkbVZoEuLZj
j2gsv/e6S5W9v4ye+yvq9kugUQZUHZw00EUaa8TGtDQRiJ57KMU28LPykEjIunKH
58DZBzoQwzlXk6lPL9KIhgNwj1454gHTvf2f2WvEhPQTHtJ9F1nFMMhAYAu80E/B
5VXLI+qChN3nmi8jgP8q3WrwXvBpqI8IYOLQJqM8wrOZJy54YcyfmHMxgn4pQRxF
f8OO/uQ/eZdcWerP4sBY9kqYAbaf4h6lK9iJdcNXIEzN2Q7cEz+GJ0XRDGlPYThA
K9lZhH7uFY+VZ9Gh
=ekql
-----END PGP SIGNATURE-----
