Bug#775277: should we split krb5-kpropd into a separate package?

2016-01-18 Thread Michael Weiser 
Hi Sam,

On Fri, Oct 16, 2015 at 01:24:05PM +, Sam Hartman wrote:

> I'm sorry.
> I thought I had responded long ago on this, but apparently not.
> I think the package split makes sense.

I finally got a chance to give this kpropd package split a whirl.
Attached is my first take on a patch.

What's your take on the upgrade path: Do we need to make sure that
someone who's using kpropd now doesn't get it uninstalled upon upgrade
of krb5-kdc? Should we have a preinst script that detects a running
kpropd and print a warning that he'll need to install krb5-kpropd?

Thanks,
-- 
Michael Weiserscience + computing ag
Senior Solutions ArchitectGeschaeftsstelle Duesseldorf
  Faehrstrasse 1
phone: +49 211 302 708 32 D-40221 Duesseldorf
fax:   +49 211 302 708 50 www.science-computing.de
-- 
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Arno Steitz, Yvonne Veyhelmann
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Aufsichtsrat/Supervisory Board:
Katrin James, Winfried Holz
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
>From 1a8ddc544abe303e2929edb6a9e4645e062b4caa Mon Sep 17 00:00:00 2001
From: Mark Proehl <m.pro...@science-computing.de>
Date: Tue, 13 Jan 2015 14:34:50 +0100
Subject: [PATCH] Move kpropd into separate package

This allows for more fine-granular deployment of services and allows easy
integration of init script and systemd unit for kpropd (in addition to existing
inetd example). Fixes #775277.
---
 debian/control  |  21 +++-
 debian/krb5-kdc.install |   2 -
 debian/krb5-kdc.postinst|  12 -
 debian/krb5-kdc.prerm   |   6 ---
 debian/krb5-kpropd.init | 127 
 debian/krb5-kpropd.install  |   2 +
 debian/krb5-kpropd.postinst |  19 +++
 debian/krb5-kpropd.prerm|  13 +
 debian/krb5-kpropd.service  |  14 +
 debian/rules|   1 +
 10 files changed, 196 insertions(+), 21 deletions(-)
 create mode 100755 debian/krb5-kpropd.init
 create mode 100644 debian/krb5-kpropd.install
 create mode 100644 debian/krb5-kpropd.postinst
 create mode 100644 debian/krb5-kpropd.prerm
 create mode 100644 debian/krb5-kpropd.service

diff --git a/debian/control b/debian/control
index e81e946..71c24d9 100644
--- a/debian/control
+++ b/debian/control
@@ -39,7 +39,7 @@ Depends: ${misc:Depends}, ${shlibs:Depends}, libkrb5-3 (= 
${binary:Version}),
  libkadm5srv-mit9,
  krb5-config, krb5-user, lsb-base (>= 3.0-6), libverto-libev1 | 
libverto-libevent1,
  libkdb5-8 (>= 1.13.1+dfsg-1)
-Suggests: openbsd-inetd | inet-superserver, krb5-admin-server,
+Suggests: krb5-kpropd, krb5-admin-server,
  krb5-kdc-ldap (= ${binary:Version})
 Description: MIT Kerberos key server (KDC)
  Kerberos is a system for authenticating users and services on a network.
@@ -92,6 +92,25 @@ Description: MIT Kerberos master server (kadmind)
  slave KDCs.  This package is generally only used on the master KDC for a
  Kerberos realm.
 
+Package: krb5-kpropd
+Architecture: any
+Priority: optional
+Depends: ${misc:Depends}, ${shlibs:Depends},
+ krb5-kdc (= ${binary:Version})
+Suggests: openbsd-inetd | inet-superserver
+Description: MIT Kerberos key server (KDC)
+ Kerberos is a system for authenticating users and services on a network.
+ Kerberos is a trusted third-party service.  That means that there is a
+ third party (the Kerberos server) that is trusted by all the entities on
+ the network (users and services, usually called "principals").
+ .
+ This is the MIT reference implementation of Kerberos V5.
+ .
+ This package contains the Kerberos slave KDC update server (kpropd). The
+ kpropd command runs on the slave KDC server. It listens for update requests
+ made by the kprop program, and periodically requests incremental updates from
+ the master KDC. This package should be installed on slave KDCs.
+
 Package: krb5-multidev
 Section: libdevel
 Architecture: any
diff --git a/debian/krb5-kdc.install b/debian/krb5-kdc.install
index 93aecc4..15b0e83 100644
--- a/debian/krb5-kdc.install
+++ b/debian/krb5-kdc.install
@@ -2,8 +2,6 @@ usr/sbin/kproplog
 usr/share/man/man8/kproplog.8
 usr/sbin/kdb5_util
 usr/share/man/man8/kdb5_util.8
-usr/sbin/kpropd
-usr/share/man/man8/kpropd.8
 usr/sbin/krb5kdc
 usr/share/man/man8/krb5kdc.8
 usr/share/man/man5/kdc.conf.5
diff --git a/debian/krb5-kdc.postinst b/debian/krb5-kdc.postinst
index e90e301..6e5a8be 100644
--- a/debian/krb5-kdc.postinst
+++ b/debian/krb5-kdc.postinst
@@ -46,18 +46,6 @@ EOF
 db_stop
 fi
 
-# Only try to add the inetd line on an initial installation.  Add it
-# commented out in a way that will not be automatically enabled, since the
-# Kerberos administrator should do that manually when ready.
-#
-# If update-inetd isn't available, don't bother, since it's just an example.
-if [ "co

Bug#771818: puppet-module-saz-timezone: changing from ITP to RFP

2015-12-27 Thread Michael Weiser 
Hi Lucas,

On Sun, Dec 27, 2015 at 01:16:58PM +0100, Lucas Nussbaum wrote:

> A long time ago, you expressed interest in packaging 
> puppet-module-saz-timezone. Unfortunately,
> it seems that it did not happen. In Debian, we try not to keep ITP bugs open
> for a too long time, as it might cause other prospective maintainers to
> refrain from packaging the software.

Well, this module as well as the others I opened ITPs for actually *are*
packaged and I do alrady use them in a project. However, they are not
uploaded since I'm no uploader and nobody else seems interested in them.
So basically the only thing needed is someone actually uploading them to
the distribution.

Is there something like an RFU or can you (or I) turn these ITPs into
RFSes?

Thanks,
Michael

> If you are still interested in packaging puppet-module-saz-timezone, please 
> send a mail to
>  with:

>  retitle 771818 ITP: puppet-module-saz-timezone -- Manage timezone settings 
> via Puppet
>  owner 771818 !
>  thanks

> It is also a good idea to document your progress on this ITP from time to
> time, by mailing <771...@bugs.debian.org>.  If you need guidance on how to
> package this software, please reply to this email, and/or contact the
> debian-ment...@lists.debian.org mailing list.

> Thank you for your interest in Debian,

-- 
man liest sich, Micha
> A: Yes.
>> Q: Are you sure?
>>> A: Because it reverses the logical flow of conversation.
 Q: Why is top posting frowned upon?

Bug#775277: should we split krb5-kpropd into a separate package?

2015-10-13 Thread Michael Weiser 
Hi Ben,

> Looking at the patch, it feels awkward to manually install the unit file
> and sysv script to the staging directory.  If we created a new
> krb5-kpropd package to be installed only on slave KDCs, then we could
> benefit from the debian/packagename.init magic and also have the script
> be active by default, since it would only be installed on machines which
> should use it.

Uh, somehow this slipped past me. I like the idea.

What's the status here: Do all agree, a separate package is the way to
go? Is someone even working on it?

I'd be happy to give it a go, separating kpropd with it's init scripts
out into a separate package.

Thanks,
-- 
Michael Weiserscience + computing ag
Senior Solutions ArchitectGeschaeftsstelle Duesseldorf
  Faehrstrasse 1
phone: +49 211 302 708 32 D-40221 Duesseldorf
fax:   +49 211 302 708 50 www.science-computing.de
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Arno Steitz
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196

Bug#801616: ITP: puppet-module-edgester-kerberos -- A puppet module for managing MIT Kerberos clients and servers

2015-10-12 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser <michael.wei...@gmx.de>

* Package name: puppet-module-edgester-kerberos
  Version : 0.2.0
  Upstream Author : Jason Edgecombe <ja...@rampaginggeek.com>
* URL : https://forge.puppetlabs.com/edgester/kerberos
* License : BSD
  Programming Lang: Puppet
  Description : A puppet module for managing MIT Kerberos clients and 
servers

The module supports installation of MIT Kerberos clients and servers. The
server part supports creating the KDC database, starting the necessary daemons
and configuring and triggering replication via kprop. Additional functionality
includes provisioning of principals either locally on the server or remotely
via the admin server as well as creation of keytab files. With properly SSL
certificates this module can also configure and make use of PKINIT internally
for creating a host ticket cache and accessing kadmind for administrative
tasks. Finally, creation of trusts between realms can be set up.

This module provides comprehensive support for managing Kerberos
infrastructures using Puppet. I plan to package and maintain it via the Puppet
Packaging Team on Alioth.

Bug#800366: ITP: puppet-module-pdxcat-nrpe -- This module installs and configures nrpe

2015-09-28 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser <michael.wei...@gmx.de>

* Package name: puppet-module-pdxcat-nrpe
  Version : 2.0.0
  Upstream Author : The Computer Action Team <supp...@cat.pdx.edu>
* URL : https://forge.puppetlabs.com/pdxcat/nrpe
* License : Apache-2
  Programming Lang: Puppet
  Description : This module installs and configures nrpe

Class nrpe installs the packages and configures the daemon. Defined type
nrpe::command can be used to add nrpe commands to the include directory for
nrpe. Defined type nrpe::plugin can be used to install nrpe plugins.

Configuring NRPE for Nagios-Monitoring is a standard systems administration
task and this module implements it nicely. I plan to package and maintain this
module via the Puppet Packaging Team on alioth.

Bug#799159: ITP: puppet-module-puppetlabs-dhcp -- Install and manage a DHCP server

2015-09-16 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser <michael.wei...@gmx.de>

* Package name: puppet-module-puppetlabs-dhcp
  Version : 0.4.0
  Upstream Author : Puppet Labs
* URL : https://forge.puppetlabs.com/puppetlabs/dhcp
* License : Apache-2
  Programming Lang: Puppet
  Description : Install and manage a DHCP server

Installs and manages a DHCP server. It has the following features: Multiple
subnet support, host reservations, secure dynamic DNS updates when combined
with Bind, can create a dummy (ignored) subnet so that the server can be used
only as a helper-address target.

Configuring a DHCP server is a necessary step in setting up network
installation servers which is quite a common task in large environments. I
intend to package and maintain this module inside the puppet packaging team on
alioth.

Bug#799160: ITP: puppet-module-puppetlabs-tftp -- Install and manage a TFTP service and configuration

2015-09-16 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser <michael.wei...@gmx.de>

* Package name: puppet-module-puppetlabs-tftp
  Version : 0.2.3
  Upstream Author : Puppet Labs
* URL : https://forge.puppetlabs.com/puppetlabs/tftp
* License : Apache-2
  Programming Lang: Puppet
  Description : Install and manage a TFTP service and configuration

Install tftp-hpa package and configuration files. This module will install TFTP
as a xinetd service by default. It can be overridden to run as a standalone
daemon by setting the inetd parameter to false.

Configuring a TFTP server is a necessary step in setting up network
installation servers which is quite a common task in large environments. I
intend to package and maintain this module inside the puppet packaging team on
alioth.

Bug#790424: ITP: puppet-module-saz-ssh -- Manage SSH client and server via Puppet

2015-06-29 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-saz-ssh
  Version : 2.8.1
  Upstream Author : Steffen Zieger
* URL : https://forge.puppetlabs.com/saz/ssh
* License : Apache-2.0
  Programming Lang: Puppet
  Description : Manage SSH client and server via Puppet

This Puppet module allows to configure and manage SSH clients and
servers using Puppet. System and per-user configurations as well as host
keys can be managed. Using exported resources, known host files can be
generated automatically.

This is a very useful Puppet module and as far as I can tell the
standard and most powerful module for this kind of functionality in the
Puppet eco-system. I intend to package and maintain it inside the Puppet
packaging team on Alioth.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#790427: ITP: puppet-module-saz-locales -- Manage locales on Linux

2015-06-29 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-saz-locales
  Version : 2.2.2
  Upstream Author : Steffen Zieger
* URL : https://forge.puppetlabs.com/saz/locales
* License : Apache-2.0
  Programming Lang: Puppet
  Description : Manage locales on Linux

This module allows to configure the system locale of Linux systems as well as
generate additional locales that are to be available on the system.

Configuring system locale is a standard administrative task and this module
handles it seamlessly. I intend to package and maintain this module inside the
puppet packaging team on alioth.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#790430: ITP: puppet-module-rgevaert-saslauthd -- Manage saslauthd on Debian like systems

2015-06-29 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-rgevaert-saslauthd
  Version : 1.0.0
  Upstream Author : Rudy Gevaert
* URL : https://forge.puppetlabs.com/rgevaert/saslauthd
* License : GPL-3
  Programming Lang: Puppet
  Description : Manage saslauthd on Debian like systems

The module configures and manages saslauth including installation and LDAP
backend configuration.

This seems to be the only module capable of managing saslauthd which is a quite
common requirement when running LDAP servers in advanced security and
authentication configurations. I intend to package and maintain this module
inside the puppet packaging team on Alioth.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775277: krb5-kdc: kpropd init scripts missing from package

2015-04-15 Thread Michael Weiser 
Hi Sam,

On Wed, Apr 15, 2015 at 09:30:37AM -0400, Sam Hartman wrote:

 Michael Since we have provided a full, self-contained patch that
 Michael seems to solve the issue for good, can you please review
 Michael and comment on it so we can make some progress on getting
 Michael it included into the Debian package?

 Unfortunately, Debian 8.0 is in the final release freeze.  After the
 release of Debian 8.0 later this month, we'll take a look for inclusion
 in the next Debian release.  That's going to be a couple of years out
 though.

Thanks for the quick update.

How likely is it going to be to get this into jessie-backports once 8.0
is out? Obviously we're willing to help with that in terms of patching
and testing.

Can we get the review and integration process started even though 8.0
isn't out yet? This way we could provide updates and fixes as needed
ahead of time and start the backporting to 8.0 as quickly as possible.

At the worst (if refused) we'd at least know not to waste any more
energy and waiting time on it and go looking for a more permanent
workaround than building patched local packages.

Thank you,
-- 
Michael Weiserscience + computing ag
Senior Systems Engineer   Geschaeftsstelle Duesseldorf
  Faehrstrasse 1
phone: +49 211 302 708 32 D-40221 Duesseldorf
fax:   +49 211 302 708 50 www.science-computing.de
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Arno Steitz
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#775277: krb5-kdc: kpropd init scripts missing from package

2015-04-15 Thread Michael Weiser 
Hi,

Mark and I have built and used our own local packages with this patch
applied for some revisions now (at least -17, -18 and -19) and all seems
fine. But it it is quite a hassle to rebuild those local packages on
every Debian update.

Since we have provided a full, self-contained patch that seems to solve
the issue for good, can you please review and comment on it so we can
make some progress on getting it included into the Debian package?

In the meantime I have found
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=734161 which
unfortunately we seem to have duplicated. From what I gather, the same
issue has been discussed but not fixed there as well. Feel free to close
either as duplicate of the other and we will resubmit our patch as
needed.

Thank you,
-- 
Michael Weiserscience + computing ag
Senior Systems Engineer   Geschaeftsstelle Duesseldorf
  Faehrstrasse 1
phone: +49 211 302 708 32 D-40221 Duesseldorf
fax:   +49 211 302 708 50 www.science-computing.de
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Arno Steitz
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#734161: kpropd service

2015-04-15 Thread Michael Weiser 
Hi,

Mark Proehl has provided a patch adding an init script and systemd unit
to the package in
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=775277. Can someone
please review it so we can get it included?

Thanks!
-- 
Michael Weiserscience + computing ag
Senior Systems Engineer   Geschaeftsstelle Duesseldorf
  Faehrstrasse 1
phone: +49 211 302 708 32 D-40221 Duesseldorf
fax:   +49 211 302 708 50 www.science-computing.de
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Arno Steitz
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196


--
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#780209: ITP: puppet-module-jlyheden-pam -- Puppet module for managing PAM

2015-03-12 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-jlyheden-pam
  Version : 0.0.1
  Upstream Author : Johan Lyheden jo...@lyheden.com
* URL : https://github.com/jlyheden/puppet-pam
* License : Apache-2.0
  Programming Lang: Puppet
  Description : Puppet module for managing PAM

The module allows to install and configure PAM modules. At the moment those are
pam_ldap, pam_access and pam_mkhomedir. In particular, the module automatically
registers templates with pam-auth-update so those modules are inserted into the
PAM stack configuration using the system mechanisms.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#778605: ITP: puppet-module-asciiduck-sssd -- Manage the SSSD service

2015-02-17 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-asciiduck-sssd
  Version : 0.1.4
  Upstream Author : Kristopher Kirkland
* URL : https://github.com/ASCIIDuck/asciiduck-sssd
* License : Apache
  Programming Lang: Puppet
  Description : Manage the SSSD service

This module will install, configure and manage the SSSD service, but it will
not touch your nsswitch or your pam configs, that's the job for another module.

This package will allow to configure sssd very elegantly using puppet. I use
it. I plan to package it via the Puppet packaging team.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#778536: ITP: puppet-module-datacentered-ldap -- Module for managing OpenLDAP

2015-02-16 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-datacentered-ldap
  Version : 0.3.0
  Upstream Author : DataCentred Ltd
* URL : https://forge.puppetlabs.com/datacentred/ldap
* License : Apache
  Programming Lang: Puppet
  Description : Module for managing OpenLDAP

The LDAP module manages both the installation and configuration of the LDAP
client and SLAPD service, as well as extends Puppet to allow management of LDAP
resources, such as database structure.

It is a lightweight and easy-to-use module with useful features. I have been
working with the authors to include new ones and they're very responsive and
open for improvement. I plan to create the package and maintain it.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#777761: RFP: ruby-trocla -- Create and store (random) passwords on a central server which can be retrieved by other applications.

2015-02-12 Thread Michael Weiser 
Package: wnpp
Severity: wishlist

* Package name: ruby-trocla
  Version : 0.0.12
  Upstream Author : Marcel Haerry mh+tro...@immerda.ch
* URL : https://github.com/duritong/trocla
* License : GPL
  Programming Lang: Ruby
  Description : Create and store (random) passwords on a central server 
which can be retrieved by other applications.

Trocla provides you a simple way to create and store (random) passwords on a
central server, which can be retrieved by other applications. An example for
such an application is puppet and trocla can help you to not store any
plaintext or hashed passwords in your manifests by keeping these passwords only
on your puppetmaster.

Furthermore it provides you a simple cli that helps you to modify the password
storage from the cli.

In concert with its puppet module it provides a very elegant way to generate
random but from then on fixed passwords for use on possibly multiple puppet
clients on the fly and store them in a reasonably secure way on the server.

I hope that since trocla is available as a gem, packaging effort will be
minimal by using gem2deb. I can help in packaging and maintaining via the
Debian Ruby team if desired.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#777906: ITP: puppet-module-duritong-trocla -- Use trocla password generator and storage from puppet.

2015-02-12 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-duritong-trocla
  Version : 0.0.4
  Upstream Author : Marcel Haerry mh+tro...@immerda.ch
* URL : https://forge.puppetlabs.com/duritong/trocla
* License : GPL
  Programming Lang: Puppet
  Description : Use trocla password generator and storage from puppet.

This is the puppet module to manage a trocla installation on the puppet master.
It also, provides the necessary function to query trocla from puppet.

Trocla provides you a simple way to create and store (random) passwords on a
central server, which can be retrieved by other applications. An example for
such an application is puppet and trocla can help you to not store any
plaintext or hashed passwords in your manifests by keeping these passwords only
on your puppetmaster. For more information see
https://github.com/duritong/trocla.

trocla provides an elegant way to generate and store random but afterwards
fixed passwords for use on possibly multiple clients. Passwords are stored on
the Puppet master and only available to clients they're assigned to via the
manifests.

I'd like to create a Debian package via the Puppet packaging team and can help
in maintenance.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771816: ITP: puppet-module-domcleal-augeasproviders -- Alternative Augeas-based providers for Puppet

2014-12-02 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-domcleal-augeasproviders
  Version : 1.2.0
  Upstream Author : Dominic Cleal
* URL : https://forge.puppetlabs.com/domcleal/augeasproviders
* License : Apache-2.0
  Programming Lang: Ruby
  Description : Alternative Augeas-based providers for Puppet

This module provides alternative providers for core Puppet types such as host
and mailalias using the Augeas configuration library. It also adds some of its
own types for new functionality.

The advantage of using Augeas over the default Puppet parsedfile
implementations is that Augeas will go to great lengths to preserve file
formatting and comments, while also failing safely when needed.

It is a dependency of the puppet-module-jakeb-system package.

Packaging is already underway at
https://anonscm.debian.org/git/pkg-puppet/puppet-module-domcleal-augeasproviders.git/.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771817: ITP: puppet-module-erwbgy-limits -- Puppet module for managing /etc/security/limits.conf

2014-12-02 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-erwbgy-limits
  Version : 0.3.1
  Upstream Author : 2012 Keith Burdis ke...@burdis.org
* URL : https://forge.puppetlabs.com/erwbgy/limits
* License : Apache-2.0
  Programming Lang: Ruby
  Description : Puppet module for managing /etc/security/limits.conf

The module is a dependency of the puppet-module-jakeb-system package.

Packaging is already underway at
https://anonscm.debian.org/git/pkg-puppet/puppet-module-erwbgy-limits.git.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771818: ITP: puppet-module-saz-timezone -- Manage timezone settings via Puppet

2014-12-02 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-saz-timezone
  Version : 3.1.1
  Upstream Author : Steffen Zieger
* URL : https://forge.puppetlabs.com/saz/timezone
* License : Apache-2.0
  Programming Lang: Ruby
  Description : Manage timezone settings via Puppet

This is a puppet module to manage timezone settings.

Packaging is already underway at
https://anonscm.debian.org/cgit/pkg-puppet/puppet-module-saz-timezone.git.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#771819: ITP: puppet-module-jakeb-system -- Manage Linux system resources and services from hiera configuration

2014-12-02 Thread Michael Weiser 
Package: wnpp
Severity: wishlist
Owner: Michael Weiser michael.wei...@gmx.de

* Package name: puppet-module-jakeb-system
  Version : 1.0.0
  Upstream Author : 2013 Jacob Berger jberger.pub...@live.com  
* URL : https://forge.puppetlabs.com/jakeb/system
* License : Apache-2.0
  Programming Lang: Ruby
  Description : Manage Linux system resources and services from hiera 
configuration

The module allows looking up puppet resources from a hiera configuration
database allowing for concise, redundancy-free expression of what to configure
where whilst separating it from the actual logic how to do it. This greatly
enhances puppet usability and maintainability.

Packaging is already underway at
https://anonscm.debian.org/git/pkg-puppet/puppet-module-jakeb-system.git.


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#769107: debian-installer: grub-installer fails if more than 26 SCSI devices are present

2014-11-11 Thread Michael Weiser 
Package: debian-installer
Version: 20141002
Severity: important
Tags: d-i

Dear Maintainer,

installing Debian jessie with weekly snapshot netinst ISO image
http://cdimage.debian.org/cdimage/daily-builds/daily/arch-latest/amd64/iso-cd/debian-testing-amd64-netinst.iso
on an x86_64 Server with lots of SCSI devices as of 2014-10-29 makes
grub-installer croak. Debugging reveals that it stumbles across SCSI devices
/dev/sda[a-z] being present. Patching it as follows (manually from a separate
console in the install system) makes the installtion proceed without problem:

From 4d91c83577a4dbe8c52271bbd157b450b8c7edf3 Mon Sep 17 00:00:00 2001
From: Michael Weiser m.wei...@science-computing.de
Date: Fri, 31 Oct 2014 11:36:10 +0100
Subject: [PATCH] Allow for devices such as /dev/sdaa

---
 grub-installer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-installer b/grub-installer
index 2b61fb6..5bceec6 100755
--- a/grub-installer
+++ b/grub-installer
@@ -252,7 +252,7 @@ case $prefix in
 /dev/mapper)
disc_offered_devfs=$bootfs
;;
-
/dev/[hsv]d[a-z0-9]|/dev/xvd[a-z]|/dev/cciss/c[0-9]d[0-9]*|/dev/ida/c[0-9]d[0-9]*|/dev/rs/c[0-9]d[0-9]*|/dev/mmcblk[0-9]|/dev/ad[0-9]*|/dev/da[0-9]*)
+
/dev/[hsv]d[a-z0-9][a-z0-9]|/dev/xvd[a-z]|/dev/cciss/c[0-9]d[0-9]*|/dev/ida/c[0-9]d[0-9]*|/dev/rs/c[0-9]d[0-9]*|/dev/mmcblk[0-9]|/dev/ad[0-9]*|/dev/da[0-9]*)
disc_offered_devfs=$prefix
;;
 *)
-- 
2.1.1



-- System Information:
Debian Release: jessie/sid
  APT prefers testing-updates
  APT policy: (500, 'testing-updates'), (500, 'testing')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16-3-amd64 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

-- no debconf information
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Michael Heinrichs, Dr. Arno Steitz
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#769107: debian-installer: grub-installer fails if more than 26 SCSI devices are present

2014-11-11 Thread Michael Weiser 
Hi Ben,

On Tue, Nov 11, 2014 at 03:09:42PM +, Ben Hutchings wrote:
  From 4d91c83577a4dbe8c52271bbd157b450b8c7edf3 Mon Sep 17 00:00:00 2001
  From: Michael Weiser m.wei...@science-computing.de
  Date: Fri, 31 Oct 2014 11:36:10 +0100
  Subject: [PATCH] Allow for devices such as /dev/sdaa
 Based on a quick survey of block drivers:

 'sd', 'rssd' and 'vd' may be followed by multiple letters
 'dasd' may be followed by up to 4 letters
 'scm' or 'xvd' may be followed by up to 2 letters

 Please don't just fix the 'sd' 2-letter case!

Okay. New patch attached that should catch /dev/sdxy*, /dev/vdxy* and
/dev/xvdx*. Can't find any place where grub-installer treats rssd, dasd
or scm.

  -
  /dev/[hsv]d[a-z0-9]|/dev/xvd[a-z]|/dev/cciss/c[0-9]d[0-9]*|/dev/ida/c[0-9]d[0-9]*|/dev/rs/c[0-9]d[0-9]*|/dev/mmcblk[0-9]|/dev/ad[0-9]*|/dev/da[0-9]*)
  +
  /dev/[hsv]d[a-z0-9][a-z0-9]|/dev/xvd[a-z]|/dev/cciss/c[0-9]d[0-9]*|/dev/ida/c[0-9]d[0-9]*|/dev/rs/c[0-9]d[0-9]*|/dev/mmcblk[0-9]|/dev/ad[0-9]*|/dev/da[0-9]*)
  disc_offered_devfs=$prefix
This was wrong: Didn't catch /dev/sda anymore. Understood now that it
only worked because I was actually installing grub on /dev/sdaa.

Regards.
-- 
Michael Weiserscience + computing ag
Senior Systems Engineer   Geschaeftsstelle Duesseldorf
  Faehrstrasse 1
phone: +49 211 302 708 32 D-40221 Duesseldorf
fax:   +49 211 302 708 50 www.science-computing.de
-- 
Vorstandsvorsitzender/Chairman of the board of management:
Gerd-Lothar Leonhart
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Michael Heinrichs, Dr. Arno Steitz
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Philippe Miltin
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196
From 333151e5eed04e7ef292bb15109131e731092674 Mon Sep 17 00:00:00 2001
From: Michael Weiser m.wei...@science-computing.de
Date: Tue, 11 Nov 2014 16:59:05 +0100
Subject: [PATCH] Allow for devices with multiple enumeration characters

Allow for installation of grub on devices such as /dev/sdaa or
/dev/xvdab.
---
 grub-installer | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/grub-installer b/grub-installer
index 2b61fb6..cce326f 100755
--- a/grub-installer
+++ b/grub-installer
@@ -252,7 +252,7 @@ case $prefix in
 /dev/mapper)
disc_offered_devfs=$bootfs
;;
-
/dev/[hsv]d[a-z0-9]|/dev/xvd[a-z]|/dev/cciss/c[0-9]d[0-9]*|/dev/ida/c[0-9]d[0-9]*|/dev/rs/c[0-9]d[0-9]*|/dev/mmcblk[0-9]|/dev/ad[0-9]*|/dev/da[0-9]*)
+
/dev/[hsv]d[a-z0-9]|/dev/[sv]d[a-z][a-z]*|/dev/xvd[a-z]*|/dev/cciss/c[0-9]d[0-9]*|/dev/ida/c[0-9]d[0-9]*|/dev/rs/c[0-9]d[0-9]*|/dev/mmcblk[0-9]|/dev/ad[0-9]*|/dev/da[0-9]*)
disc_offered_devfs=$prefix
;;
 *)
-- 
2.1.1

Bug#619889: heimdal-kdc: KDC does not find samba accounts in LDAP backend due to wrong search filter

2011-03-28 Thread Michael Weiser 
Package: heimdal-kdc
Version: 1.4.0~git20100726.dfsg.1-1+b1
Severity: normal
Tags: patch

Hello,

current heimkdal-kdc in Debian 6 (1.4.0~git20100726.dfsg.1-1+b1) is a
pre-release snapshot (1.3.99) of heimdal 1.4. When using an LDAP backend that
contains samba accounts, they are not recognized as principals due to a wrong
search filter. This has been fixed in 1.4 release with commit
https://github.com/heimdal/heimdal/commit/901d655ba7d9dd4f912508b89c6e6803ee95b843#lib/hdb
/hdb-ldap.c. As to be expected, heimdal-kdc 1.4.0-4 in testing does not have
this problem and recognises samba accounts. An update of the package in Debian
6 or backport of this fix would be greatly appreaciated.

Thanks,
Micha

-- System Information:
Debian Release: 6.0
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (i686)

Kernel: Linux 2.6.32-5-686 (SMP w/1 CPU core)
Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages heimdal-kdc depends on:
ii  debconf [d 1.5.36.1  Debian configuration management sy
ii  heimdal-cl 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - clients
ii  krb5-confi 2.2   Configuration files for Kerberos V
ii  libasn1-8- 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - ASN.1 library
ii  libc6  2.11.2-10 Embedded GNU C Library: Shared lib
ii  libdb4.8   4.8.30-2  Berkeley v4.8 Database Libraries [
ii  libedit2   2.11-20080614-2   BSD editline and history libraries
ii  libgssapi2 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - GSSAPI support
ii  libhdb9-he 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - kadmin server l
ii  libkadm5sr 1.4.0~git20100726.dfsg.1-1+b1 Libraries for Heimdal Kerberos
ii  libkdc2-he 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - KDC support lib
ii  libkrb5-26 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - libraries
ii  libroken18 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - roken support l
ii  libsl0-hei 1.4.0~git20100726.dfsg.1-1+b1 Heimdal Kerberos - SL support libr
ii  libssl0.9. 0.9.8o-4  SSL shared libraries
ii  openbsd-in 0.20080125-6  The OpenBSD Internet Superserver

Versions of packages heimdal-kdc recommends:
ii  logrotate 3.7.8-6Log rotation utility

Versions of packages heimdal-kdc suggests:
pn  heimdal-docs  none (no description available)
-- 
Vorstand/Board of Management:
Dr. Bernd Finkbeiner, Dr. Roland Niemeier, 
Dr. Arno Steitz, Dr. Ingrid Zech
Vorsitzender des Aufsichtsrats/
Chairman of the Supervisory Board:
Michel Lepert
Sitz/Registered Office: Tuebingen
Registergericht/Registration Court: Stuttgart
Registernummer/Commercial Register No.: HRB 382196 

--- heimdal-1.3.3/lib/hdb/hdb-ldap.c2010-05-26 23:53:13.0 +0200
+++ heimdal-1.4/lib/hdb/hdb-ldap.c  2010-09-13 09:23:34.0 +0200
@@ -886,7 +886,7 @@
ldap_msgfree(*msg);
*msg = NULL;

-   ret = escape_value(context, princname, quote);
+   ret = escape_value(context, userid, quote);
if (ret)
goto out;

Bug#564069: doesn't sync time with host OS

2010-01-21 Thread Michael Weiser 
Hello,

On Sun, Oct 04, 2009 at 11:50:34PM +0300, Vasilis Pappas wrote in bug
#545222:

 I had the same problem and I think I found a workaround..

 The problem seems to be that vmtoolsd is trying to load .so plugins but the
 plugin-path that is given to it contains other directories. So, it simply
 skips them and does not load any plugins (one of he plugins does the time
 synchronization)

 So, try the following :

 cd /etc/vmware/plugins
 cp vmusr/* vmsvc/* .
 /etc/init.d/open-vm-tools restart

I believe this fix to the cause of bug #564069: 
Putting all plugins together into one plugin directory causes vmtoolsd
to load plugins that require a running X server. Because this is most
likely not the case at boot time, it will bail immediately. In
consequence time synchronisation and all other services provided by
vmtoolsd will not work and VMware will complain about VMtools not
running on the guest.

The only indicator is a warning message when called with the --log
option *without* a running X server:

# vmtoolsd --plugin-path=/etc/vmware-tools/plugins --log
[Jan 20 22:55:55.819: ] [ warning] [Gtk] cannot open display: 

I believe the proper solution to both bugs is as follows:

- leave the plugins in their subdirectories vmsvc and vmusr as installed
  by the Makefile
- remove option --plugin-path /etc/vmware-tools/plugins from
  /etc/init.d/open-vm-tools

This will cause vmtoolsd to find its plugins in
/usr/local/open-vm-tools/vmsvc automagically. The symlink
/etc/vmware-tools/plugins can be removed. With these changes applied,
vmtoolsd starts and runs normally on my system now.
-- 
Thanks in advance,
Micha



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org