Bug#1059589: [INTL:ro] Romanian debconf templates translation of "sitesummary"
[Remus-Gabriel Chelu 2023-12-28] > Please find attached the Romanian translation of the «sitesummary_debconf» > file. Thank you very much. I've added the file to git, to make sure it is included in the next upload. -- Happy hacking Petter Reinholdtsen
Re: Skolelinux logo history
[Trond Kjetil Bremnes] > I'm currently doing some research into Skolelinux and its inception, Skolelinux inception happend when NUUG came up with the concept Teach the teacher, and its labour happened at a party held by Håkon Wium Lie after the demonstration against Microsoft being allowed to 'define what Internet is', and its birth was a few weeks after the party when Knut Yrvin called for a meeting to start the Skolelinux project. Around the same time Raphael Hertzog started the Debian Edu metapackage initiative, and after a while the two initiatives merged. The rest is, as they say, history. :) > and I'm in that connection curious about the old (Debian-less) > Skolelinux logo. > > Does anyone know anything about the history of this logo? Who made it, > and when? Based on old email, I believe it was created by Vidar Tyldum in 2001 or 2002 using Photoshop, and recreated by Herman Robak using Gimp soon after the first edition showed up. > Also, and perhaps more importantly, does anyone know the license for > distributing this logo, and if it is OK to publish it on Wikimedia > Commons for use in Wikipedia, Wikidata etc.? My quick email search did not show anything about license. I believe it can be considered licensed the same way as the mascot, which I believe was discussed on this mailing list a while back. I was not able to find the mail thread, but perhaps someone else remember the details. -- Happy hacking Petter Reinholdtsen
Re: Unlocking Japanese and French translations of Debian Edu manuals on hosted-weblate
[Frans Spiesschaert] > However, the French and Japanese translations have not received any > updates in the past year. Therefore, I think it is harmless to unlock > those two translations on hosted-weblate. > > If nobody objects, I plan to unlock them in a few days. I normally solve such issues by locking everything on weblate, pull from webl ate and clean up any merge conflicts before pushing the changes to git before reseting the repo on weblate and finally unlock weblate. I suspect such approach might work better. -- Kind regards, Frans Spiesschaert
Bug#942202: sitesummary-client: sitesummary-upload missing https support
Control: tags -1 + patch
I believe the following patch will solve the issue. I tested it
locally.
diff --git a/sitesummary-upload b/sitesummary-upload
index 28c19d6..846cac9 100755
--- a/sitesummary-upload
+++ b/sitesummary-upload
@@ -23,7 +23,7 @@ EOF
my ($submiturl) = $opts{'u'} ||
"http://localhost/cgi-bin/sitesummary-collector.cgi;;
my ($file) = $opts{'f'} || "-";
-my ($host) = $submiturl =~ m%http://([^/]+)%;
+my ($host) = $submiturl =~ m%https?://([^/]+)%;
print "Unable to parse url\n" if ($opts{'d'} && ! $host);
--
Happy hacking
Petter Reinholdtsen
Re: SimulIDE could (should?) be updated but seems unmaintained
[Ben Tris] > Just a notice. I see you got no response on this one. > SimulIDE version 1.0.0 2023 > Debion simulide version 0.1.7 2018 > https://tracker.debian.org/pkg/simulide Perhaps its maintainer Milen should be told too? Adding him to reciver list. > https://www.simulide.com/p/home.html > https://launchpad.net/simulide > Old: > https://sourceforge.net/projects/simulide/ > > SimulIDE is a simple real time electronic circuit simulator, intended > for hobbyist or students to learn and experiment with simple electronic > circuits and microcontrollers, supporting PIC, AVR and Arduino. > > This is not an accurate simulator for circuit analysis, it aims to be > fast, simple and easy to use, this means simple and not very accurate > electronic models and limited features. Quite some changes has happened since 2018, so I guess it might be time to update it. Perhaps you want to help the current maintainer with it, or you want to take over maintenance? If the latter and Milen do not object, I would be happy to sponsor your uploads according to my sponsoring preferences, http://www.hungry.com/~pere/debian-sponsoring.html > -- Vennlig hilsen Petter Reinholdtsen
Re: arm64 images to boot raspberry pi's
[Roman Meier] > AFAIK debian edu currently only supports amd64 and i386. > > Is it possible to add arm64 to be used e.g. with raspberry pi's? You might find something useful on https://wiki.debian.org/DebianEdu/HowTo/RaspberryPiWorkstation >. -- Happy hacking Petter Reinholdtsen
Re: Gaia Sky
Hi. Since no-one else seem interested in replying, I'll give it a go. [Toni Sagristà Sellés] > Do you think there's still interest to make it happen? Would Gaia Sky be > a good candidate for Debian Edu Astronomy? If you want to spend the time needed to get the package into Debian, I am willing to help. My sponsoring preferences are available from http://www.hungry.com/~pere/debian-sponsoring.html >. I do not know the program nor how well it fit in any Debian Edu package portfolio, so I can not answer those parts of your questions. -- Happy hacking Petter Reinholdtsen
Re: First login with libpam-mklocaluser always fails
[Guido Berhoerster] > When logging in with LightDM the first login always fails due to a > discrepancy between the the home directory obtained from LDAP via > getpwent() and the newly created home directory. Specifically, the > LightDM daemon communicates the absolute path of the Xauthority file to > the session child process and sets the HOME environment variable to the > value obtained via getpwent() and uses that value to change the working > directory, all resulting in fatal errors. There used to be code in libpam-mklocaluser to throw the user out after the home directory is created, to ensure that the user is not logged in with the wrong $HOME set. Is this not happening with LightDM? Because $HOME change after some processes read it, it is not possible to both create the local home directory and continue with the login. Or are you talking about being thrown out by libpam-mklocaluser when logging in for the first time? This is by design and intented due to the protocol provided by PAM. -- Happy hacking Petter Reinholdtsen
Bug#1051841: debian-edu-testsuite reports errors
[Guido Berhoerster] >> error: ./ldap-client: Not only one PAM module of krb5, ldap and sss is >> enabled > > /etc/pam.d/common-auth contains: > > … > auth[success=3 default=ignore] pam_krb5.so minimum_uid=1000 > auth[success=2 default=ignore] pam_unix.so nullok try_first_pass > auth[success=1 default=ignore] pam_ldap.so minimum_uid=1000 > use_first_pass > … > > So PAM tries them in the given order until one succeeds, I'm not sure > what is wrong with that. The git history of testsuite/ldap-client is > not helpful either why this was added. The pam_ldap.so line should be removed. The LDAP authentication send the password over to the LDAP server for verification, hopefully via an TLS channel, allowing a rouge server to collect user passwords, while Kerberos only send an encrypted timestamp to the server. Because of this Debian Edu do not want LDAP authentication enabled, and uses Kerberos exclusively over the network. >> error: ./rdp-server: xrdp service is not listening on 3389/tcp.' > > This can be probably be ignored as I have set up FAI on top of my LTSP > setup. I do not understand what you mean here. How is this relevant? -- Happy hacking Petter Reinholdtsen
Re: Goodbye Wolfgang!!!
[Dashamir Hoxha] > That's why I included the instructions. Thank you very much for including the instructions. The only package I failed to find from the Debian archive is glab, and as far as I can tell this is just a fancy way to clone a git repository, as gource seem to work well with any existing git repo I have laying around. I am already playing with it to visualize my projects. :) Oh, and good speed, Wolfgang. I wish you the best of luck in your future endaviours. -- Happy hacking Petter Reinholdtsen
Re: User Docs for DebianEdu
While it is unclear to me if it is a good idea to leave the Debian wiki when writing documentation, I leave that to others to figure out. I just wanted to point out that when selecting source format for the documentation, I strongly recommend using a format that can be converted to docobok using pandoc, to be able to create good looking documentation in both HTML, PDF and ePub format. It is also a very good idea to ensure the format selected is well handled by po4a to allow the documents to be translated into non-English languages using the tools currently used by translators of both the Debian Edu documentation and free software, ref https://people.skolelinux.org/pere/blog/From_English_wiki_to_translated_PDF_and_epub_via_Docbook.html >. Note, since the blog post was written, we started using Hosted Weblate to handle most translations, see https://hosted.weblate.org/projects/debian-edu-documentation/ > for the current status. Personally I would recommend Restructured text (rst) over markdown, as it has a richer vocabulary than markdown. I recommend Restructured text over Asciidoc as the latter is less well supported by po4a. -- Happy hacking Petter Reinholdtsen
Re: Transfer storage from home to var
[Roman Meier] > However, extending the size of /var didn't work: > > sudo lvextend -L+5G /dev/vg_system/var > Insufficient free space: 1280 extents needed, but only 138 available I would strongly recommend not using lvextend, and instead use lvresize -r. I suspect the underlying LVM logical volume is already increased, but the file system on top is not, and thus you do not see the space. Perhaps 'lvresize -r -L+1M /dev/vg_system/var' work better. -- Happy hacking Petter Reinholdtsen
Re: Transfer storage from home to var
[Roman Meier] > As mentioned in my email, I was able to reduce the size of > /skole/jener/home0. I therefore logged in als root and unmounted > /skole/jener/home0. OK, then I misunderstood. I read your email to say that you chould not find a way to reduce the size. > For unknown reasons this space is however not made available to be > reassigned to /dev resulting in the error message mentioned. Reducing home in LVM would just make ununsed space available to LVM, visible using vgs. This unused space chan then be allocated to other partitions using lvresize on this partition. You might want to check if you really need space on /dev/, it seem like the wrong partition to extend. -- Happy hacking Petter Reinholdtsen
Re: Transfer storage from home to var
[Roman Meier] > I have run out of storage on /var and I can't extend size because all > on the harddrive has been used already. > > I have about 50G unused space on /skole/jener/home0 but I find it > difficult to transfer storage from /skole/jener/home to /dev. I normally boot in single user, unmount /skole/jener/home0 and run lvresize -r -L-10g /dev/vg_system/home or similar. -- Happy hacking Petter Reinholdtsen
Bug#1029557: debian-edu-config: Session exits on first login on roaming-workstation fails
[Nico Winkelsträter] > When a user tries to log in at a romaing workstation for the very first time > the login prompt disappears, stays on the empty default-background for a few > seconds and the returns to lightdm with a brief black-screen. > > On the second try everything works as expected. This is by design. There was (and probably still is) no way to change $HOME from the PAM subsystem when the login already was in progress. To work around this limitiation the user is logged logged out on the first try, after the home directory is created and /etc/passwd is updated with the new home location, to ensure the new home directory is used during future logins. The home directory is changed from /skole/tjener/home0/testes/ to /home/testes/ in your case. -- Happy hacking Petter Reinholdtsen
Re: 15.3. Use a dedicated storage server
[Dashamir Hoxha] > If we ever make any other hacking sessions again, then I would like to try: > - Replacing NFS by SSHFS > - Replacing NFS by Coda File System > - How to use Veyon and AlekSIS For this you might find http://people.skolelinux.org/pere/blog/Testing_if_a_file_system_can_be_used_for_home_directories___.html > useful. -- Happy hacking Petter Reinholdtsen
Re: debian-edu-ltsp-install problem
[Dashamir Hoxha] > Besides, from my experience, when I report a problem and the > developers ask me to file a bug report, it usually means that they > don't want to fix it, otherwise they could have just fixed it or > created a bug report themselves. In my experience, when developers ask for a bug to be filed, it is because they are currently busy with something else and want to ensure the issue is not forgotten. -- Happy hacking Petter Reinholdtsen
Re: Online training about DebianEdu
[Dashamir Hoxha] > Maybe I did not explain myself properly, but I was hoping for some > collaboration. I mean, someone that is familiar with the development of > DebianEdu explains it, demonstrates anything (if possible), answers any > questions, etc. I wouldn't be able to do it properly, because I am not > involved in development. I am really not involved in development any more, so it is a task better suited for someone else. -- Happy hacking Petter Reinholdtsen
Re: Online training about DebianEdu
[Dashamir Hoxha] > There is a button at the end "LOG IN AS A GUEST", which allows to read > the content. Standard Moodle feature. Aha. I expected to be able to read stuff available to everyone without pressing an extra button. > 4. Forth meeting > >- Some topics related to the development of DebianEdu. > - Perhaps cover where to track known bugs, how to reach the developers, how to report bugs, where to find the source, and how to ask good questions? -- Happy hacking Petter Reinholdtsen
Re: Online training about DebianEdu
[Dashamir Hoxha] > Hi, > > I am going to start soon an online training about DebianEdu, most probably > on Oct 15: > - Course description: https://ocw.fs.al/mod/page/view.php?id=1198 > - Course outline: https://ocw.fs.al/mod/page/view.php?id=1199 The pages seem to require registration or login to get access, and thus unreadable for those that do not want to submit personal information to the site. It might make the reader count smaller than you want it to be. Perhaps better to post the content in an email here? -- Happy hacking Petter Reinholdtsen
Re: Home directory of roaming workstations
[Dashamir Hoxha] > Is it supposed to work like this? Yes. It ensure a home directory always is available, even if the machine is offline. -- Happy hacking Petter Reinholdtsen
Re: Starting a diskless workstation on the main LAN
[Dashamir Hoxha] > Am I missing something? Or there is something wrong. Did you add the workstation to the netgroup with access to mounting home directories? It might happen automaticaly over night based on sitesummary collected information, I am not sure how that currently work. -- Happy hacking Petter Reinholdtsen
Bug#1018146: correct multiarch for blends stuff?
[Helmut Grohne] > Thanks for the explanation. It seems that presently, all tasks built > from blends are identical. Could it be that this is no longer relevant > given that debian-edu has essentially moved all its dependencies to > Recommends? I do not know, as I have not looked into this in years, but I doubt it. The dependency three across all architectures are just too complex for me to believe it. -- Happy hacking Petter Reinholdtsen
Bug#1018146: correct multiarch for blends stuff?
[Helmut Grohne] > debian-edu builds a pile of task packages. I am wondering, why are these > task architecture-dependent? If they were Architecture: all, they would > be irrelevant to cross building and this whole bug would become moot. So > this is a relevant question. I have no answer. The task pacakges started out as arch: all, but as the set of packages available are not identical across all architectures in Debian, this proved not to work well and made it imposible to keep the task packages in testing. -- Happy hacking Petter Reinholdtsen
Re: google chromebooks and debian-edu
[Paolo Dongilli] > is also the use of Google Chrome generally banned regardless of the OS > used? It seem likely, as Google Chrome is spyware that calls home. It is because of this Debian provides the chromium package where at least part of the spyware features are disabled. -- Happy hacking Petter Reinholdtsn
Re: changing netmask of debianedu network
[Frank Weißer] > What is the proposed way for debian edu to do this? Earlier, it was enough to use the tools/subnet-change script from the debian-edu-config package on the main server to change the main network settings. Perhaps it still work? -- Happy hacking Petter Reinholdtsen
Re: Squid not listening on IPv6 fe80:: link-local address
[Mike Gabriel] > nope, link-local IPv6 addresses are always related to a specific > interface. This is btw. not at all Linux related, IMHO. (Or is it?) Well, kind of. On FreeBSD, ifconfig show the interface address with the percent appendage, making it a lot easier to test if the address work, as one can just cut-n-paste the address directly to ping. Also, FreeBSD ping handle both IPv4 and IPv6, so no need to remember to use ping6 for IPv6 addresses. > The challenge is that fe80:: is always the link-local prefix, for all > link-local networks/interfaces on the same host. So, sending packets > to a link-local address always requires the outgoing network interface > to be specified with the packet send request. Yeah. > root@tjener:~# nmap -6 -p 3128 fe80::5054:ff:fef3:c9f%eth0 > Starting Nmap 7.80 ( https://nmap.org ) at 2022-04-05 11:34 CEST > Nmap scan report for fe80::5054:ff:fef3:c9f > Host is up (0.00012s latency). > > PORT STATE SERVICE > 3128/tcp open squid-http > > Nmap done: 1 IP address (1 host up) scanned in 0.10 seconds Good. :) -- Happy hacking Petter Reinholdtsen
Re: Squid not listening on IPv6 fe80:: link-local address
[Marco Gabriel] > I couldn't find any hints that squid never binds to fe80:: addresses, so > I'm a bit stuck and don't know if this may be a bug or works as > designed. My guess is that you need to specify the network interface using the % notation, something like this: ping6 fe80:::::%eth0 Or did Linux fix the addressing of link local addresses to no longer need the interface included in the address? -- Happy hacking Petter Reinholdtsen
Bug#1008597: debian-edu-install: Ask for hostname during standalone installation
[Mike Gabriel] > While testing 11u3 ISO images, I noticed that a standalone Debian Edu > installation does not ask for a hostname. It tries to find a hostname > via DNS/DHCP and falls back to am-. Will it accept the hostname on the boot prompt as hostname=some.domain.name? -- Happy hacking Petter Reinholdtsen
Re: Installing a DebianEdu server on Debian
[Dashamir Hoxha] > I would also like to test a DebianEdu server, but I cannot find any docs on > how to install it starting from a standard debian system. Is it possible to > install it like this, or using an iso is the only way possible? I suspect you can adjust the recipe available from https://wiki.debian.org/DebianEdu/HowTo/RaspberryPiWorkstation > to get it working, assuming the partitioning is good. -- Happy hacking Petter Reinholdtsen
Bug#1006604: debian-edu-config: Debian Edu clients without GOsa system entry loose IP address after 30min
[Holger Levsen] > I wonder if this is a bug in Debian Edu at all: don't we require hosts to be > added to GOsa in the first place? Well, it is a bug in Debian Edu that the problem is obscure and hard to debug. I guess the issue should be detected and reported in the face of the person trying to set up a new machine, instead of the machine silently failing to keep its IP address Traditionally it was required to register clients in GOsa to ensure home directories could be mounted, not for it to get an IP address. -- Happy hacking Petter Reinholdtsen
Bug#1005813: debian-edu-config: apparmor blocks cups-browsed.conf from being read
[Wolfgang Schweer] > As the symlink seems to be the problem, another solution would be to > let cfengine copy the file instead: Sure. The reason a symlink was used was to ensure upgrades would take effect. Perhaps dpkg-divert can be used? I have vague memories of divert on conffiles being a bad idea, but do not know why any more. -- Happy hacking Petter Reinholdtsen
Re: WhosWho: a free software to create whos's who / yearbook / facebook in PDF format (again)
[Yvan Masson]
> Finally, I suppose it is better to handle all the `msgfmt` commands in
> the `setup.py` script I use to produce the .whl file, but I don't know
> if there is a standard way to do so.
I did a search in the Debian archive for a python package with
translations using gettext, to see how setup.py handle it there, and
came across the command-not-found package, whos setup.py look like this:
#!/usr/bin/python3
from distutils.core import setup
from DistUtilsExtra.command import (build_extra, build_i18n)
import glob
setup(
name='command-not-found',
version='0.3',
packages=['CommandNotFound', 'CommandNotFound.db'],
scripts=['command-not-found', 'cnf-update-db'],
cmdclass={"build": build_extra.build_extra,
"build_i18n": build_i18n.build_i18n,
},
data_files=[
('share/command-not-found/', glob.glob("data/*.db")),
('../etc', ['bash_command_not_found', 'zsh_command_not_found']),
('../etc/apt/apt.conf.d', ['data/50command-not-found']),
])
Perhaps your program can use the build_i18n rules too?
--
Happy hacking
Petter Reinholdtsen
Re: WhosWho: a free software to create whos's who / yearbook / facebook in PDF format (again)
[Yvan Masson] > As I believe WhosWho can be of interest for Debian Edu users, I am > asking for help: I am currently stuck at building the software with > translations done on Weblate (particularly to generate .desktop file and > Appstream metainfo file) and more generally to provide a proper build > system. I suppose this should be done by improving setup.py, but could > not find how. Note that I am not a programmer, so my skills in this > domain are really basic. I started by completing the Bokmål translation on https://hosted.weblate.org/projects/whoswho/#components > and hope others will complete the translation into their languages. Happy to help, but I do not really understand the problem. Can you explain what you want to do, what you are doing, and list the output you get when you do it? Feel free to ping me on IRC (#debian-edu?) if you want to do this interactively. -- Happy hacking Petter Reinholdtsen
Bug#1003727: debian-edu-config: exim4 on TJENER does not accept system mails from Debian Edu clients
[Mike Gabriel] > @Petter: btw, do you have an idea, why things fail on a Debian Edu > bullseye TJENER? My exim4 competence is zero. Postfix would be easy. > Some help is much appreciated. No idea, too long since I looked at SMTP stuff. :) -- Happy hacking Petter Reinholdtsen
Bug#1003727: debian-edu-config: exim4 on TJENER does not accept system mails from Debian Edu clients
[Mike Gabriel] > When a client on the Debian Edu network (.intern, 10.0.0.0/8) tries to send > system mails to postoffice.intern aka TJENER, then exim4 on TJENER won't > accept these SMTP connects without proper authentication: [Holger Levsen] > and how is this a serious bug in debian-edu-config? Because it fill up /var/, breaking the system completely for everyone? -- Vennlig hilsen Petter Reinholdtsen
Re: [Reopen][Solved] Re: Post installation network problem
[Frank Weißer] > root@tjener:~# host vg.no 8.8.8.8 > Using domain server: > Name: 8.8.8.8 > Address: 8.8.8.8#53 [...] OK, so there is nothing blocking external DNS lookups. Then I would guess the bind service is not working. No idea why, but do 'host localhost localhost' work, ie can the local DNS server look up 'localhost'? > Shure, I even rebootet tjener to be save Good. > So I have no further idea, except the Try 'ps -ef|grep bind' to see if the service is running, and 'service bind status' to see if the service reported something. Check /var/log/syslog for any errors. No idea what is going on myself, I must admit. :) -- Happy hacking Petter Reinholdtsen
Re: [Reopen][Solved] Re: Post installation network problem
[Frank Weißer] > I tried that with 10.0.0.1, 185.150.99.255 and, to go safe, 8.8.8.8 > No effect. My ISP (ewetel) doesn't tell anything about DNS's. How did you test this? Did you remember to reload bind after each change? Is for example 'host vg.no 8.8.8.8' working on the main server? > So my approach would be to get the named three DNS's in > /etc/resolv.conf, but I have no idea where to force that. This approach would not work, as the requried DNS entries provied by the main server would not be resolvable on the external DNS servers. -- Happy hacking Petter Reinholdtsen
Re: [Reopen][Solved] Re: Post installation network problem
[Frank Weißer] > the dhcp server on gateway (FRITZ!Box 7490) was definitely stopped > before installation and stayed so. I installed from the netinstall image > by entering network configuration manually when the automatic > configuration failed due to missing dhcp server. That's the problem; why > are urls resolved during installation but not after it? Perhaps your ISP block direct DNS lookups, so you need to tell the main server DNS to forward its lookups via your ISPs server, ref If generic DNS traffic is blocked out of your network and you need to use some specific DNS server to look up internet hosts, you need to tell the DNS server to use this server as its "forwarder". Update /etc/bind/named.conf.options and specify the IP address of the DNS server to use. in https://wiki.debian.org/DebianEdu/Documentation/Buster/GettingStarted >. Perhaps you can extend the text to make it easier to discover for the next reader? -- Happy hacking Petter Reinholdtsen
Re: [Reopen][Solved] Re: Post installation network problem
[Frank Weißer] > What's going wrong? Did you read the installation instructions in the manual on how to set up the gateway? It sound a bit like you have two competing DHCP servers, and neither is giving you the setup you want. -- Happy hacking Petter Reinholdtsen
Re: debian-edu-doc for buster, bullseye and bookworm
[Frans Spiesschaert] > Agreed. > I would like to also raise one other point: > Over the bullseye release cycle, master and weblate have each built their > own git histories. Now that we're starting a new release cycle, I would > like to realign weblate's history with master's history (If I'm correct, > the following commands would do the trick: git checkout weblate ; git reset > --hard weblate master ; git push -f). Does anyone have an objection? In the Debian Handbook project, we do it the other way, merge and rebase weblate/master on top of master, and then reset the weblate repository back to master. This way no-one with a clone of the current master have to do anything to clean up the mess caused by resetting master. It is based on the fact that very few are cloning weblate/master. -- Happy hacking Petter Reinholdtsen
Re: Upgrade to Debian Edu 11 – DHCP, iPXE, LDAP issue
[Wolfgang Schweer] > Using a file, say ipxe.ldif, containing: > > dn: cn=dhcp,cn=tjener,ou=servers,ou=systems,dc=skole,dc=skolelinux,dc=no > changetype: modify > add: dhcpOption > dhcpOption: space ipxe > dhcpOption: ipxe-encap-opts code 175 = encapsulate ipxe > dhcpOption: ipxe.menu code 39 = unsigned integer 8 > dhcpOption: ipxe.no-pxedhcp code 176 = unsigned integer 8 > dhcpOption: arch code 93 = unsigned integer 16 Is it possible to place them all in one long line, with a separator, to fix their ordering? Perhaps semicolor or something can be used to split the options? I suspect it need code changes in dhcpd. :( -- Happy hacking Petter Reinholdtsen
Re: Remote desktop client for Ubuntu
[Roman Meier] > Some of our teachers prefer to use Windows on their laptops. They use > a "remote desktop connection" to use Debian Edu and it works nicely > for them. > > We do have teachers using Linux aswell, e.g. Ubuntu. What is the > preferred tool to use Debian Edu for them? Perhaps KRDC can suit their needs? It contain a RDP client allowing the same access as 'remote desktop connection' on Windows. They can also use ssh -X to log into the machines for terminal access with X forwarding. It is my preferred way, but might not be quite what they are looking for. -- Happy hacking Petter Reinholdtsen
Re: http://www.skolelinux.no/slschools/schools.php decommissioned, too
[Mike Gabriel] > While looking at m.skolelinux.org, I also now decommissioned > >http://www.skolelinux.no/slschools/schools.php > > The PHP application caused various SPAM mails in the past in my INBOX > and also published these SPAM mails on a public website (providing > remedy-for-the-middle-aged men adverts and such). > > So, also time to say goodbye to that one. It seemd in production according to https://wiki.debian.org/DebianEdu/ReferenceSchools >, which made me ask about its status on IRC, without any replies so far. I guess the wiki page need an update too. -- Happy hacking Petter Reinholdtsen
Re: Goodbye Skolelinux Bugzilla
[Mike Gabriel] > Hi Petter, et al, > > I have just decomissioned bugs.skolelinux.org (Web URL / VHost and the > CRON job) on m.skolelinux.org. Thank you. :) -- Happy hacking Petter Reinholdtsen
Re: Time to shut down the @skolelinux.org mailing lists?
[Holger Levsen] > On Mon, May 10, 2021 at 06:12:21PM +0200, Petter Reinholdtsen wrote: >> For the record, I just noticed lists.skolelinux.org no longer resolves >> in DNS, and suspect all @skolelinux.org addresses no longer work. > > who's running DNS for .skolelinux.org these days? Still Redpill-Linpro. I now believe they did what was hinted of last year, and shut down the old machine, see earlier emails in this thread. Dropping all @skolelinux.org and @skolelinux.no addresses, which are now bouncing. dr...@nuug.no, which ran the spam filter in front of @skolelinux.org/no (portal.nuug.no) is now wondering what to do. CC to that group. -- Happy hacking Petter Reinholdtsen
Re: Time to shut down the @skolelinux.org mailing lists?
For the record, I just noticed lists.skolelinux.org no longer resolves in DNS, and suspect all @skolelinux.org addresses no longer work. -- Vennlig hilsen Petter Reinholdtsen
Re: pam-python: Python2 removal in sid/bullseye
[Dominik George] > @Mike, @Petter: Did you realise that pam-python is AGPL? According to https://bugs.debian.org/578650 > it was Eclipse Public License v1.0 when it was initially registered. I was not aware of any relicencing, but see the d/copyright file now say AGPL. No idea when the change happened. I am not aware that AGPL have such effect on desktop systems either, but that is unrelated to your question. > If the latter fails, we should either rewrite such a module under a > less restrictie licence, or rewrite libpam-mklocaluser in C or Rust, > or get rid of the need for libpam-mklocaluser (probably by using > sssd). I believe there is also a small pam module in debian-edu-config to ask people to change passwords using the web interface. -- Happy hacking Petter Reinholdtsen
Re: Removal of mirror
[Carsten Otto] > we've been running rsync via cron (with ftpsync) and didn't know about > the option to receive pushes. Our mirror supports pushes, but it seems > the skolelinux team never thought about offering this to us. Maybe > another thing you might want to change for future mirrors... Ah, good. I was not aware of any push mechanism being implemented on ftp.skolelinux, but just wanted to be sure. I do know the Debian mirros can use a push mechanism. -- Happy hacking Petter Reinholdtsen
Re: Removal of mirror
[Carsten Otto] > I just removed Skolelinux from our mirror ftp.halifax.rwth-aachen.de. > Please update your websites/scripts accordingly. Based on our > statistics, Skolelinux receives more updates (via rsync) than the amount > of data it sents out to users. As such, I don't see the need for us to > mirror the data. Furthermore, there is quite a lot of very old data > which doesn't seem to be necessary (raw video footage from 12+ years > ago?!). You might want to remove those to attract other mirrors. OK. For the record, how was your rsync initiated? I fail to find any jobs on ftp.skolelinux.no to push changes, and thus wonder if you ran rsync locally to pull changes. Wanted to remove any pointers or traces of the old mirror, but do not know where to look. I suspect the media files could have a better life on archive.org, if someone feel inclined to do such upload. :) -- Happy hacking Petter Reinholdtsen
Re: Running Kiwix-Server on Debian Edu
[Roman Meier] > How can I fix this? I suspect it might work better if you use the hostname instead of the IP address of the kiwix server. Did you try this? -- Happy hacking Petter Reinholdtsen
Re: Bug#986984: unblock: debian-edu-doc/2.11.22
[Holger Levsen] > I'll guess I'll invent something myself then... What about looking for selected keywords like 'Debian Edu', 'Skolelinux, "$(lsb_release -c -s)" or similar by grepping the documentation files, to ensure the content is somewhat relevant? And perhaps linting the HTML (weblint-perl?) and epub (epubcheck?) files to verify the format is correct? -- Happy hacking Petter Reinholdtsen
Re: Client time/date synchronisation
[Roman Meier] > Is there another way to synchronize the time e.g. with the server > instead of the internet? In earlier times, all clients had their /etc/ntp.conf file set up to synchronise their clocks with the server, for just this kind of scenario. Is this no longer the case? Look for the 'server' lines on the client and server. -- Happy hacking Petter Reinholdtsen
Re: [debian-edu-commits] [Git][debian-edu/debian-edu-config][master] Adjust sbin/debian-edu-pxeinstall
[Wolfgang Schweer] > Commits: > 4f57a203 by Wolfgang Schweer at 2021-02-10T23:09:23+01:00 > Adjust sbin/debian-edu-pxeinstall > > Copy the debian-installer directories (belonging to d-i-n-i packages) instead > of symlinking them. This allows tftpd-hpa to access them. How will this affect upgrades? When will the copied content be updated? Symlinks were used to get access to upgraded d-i-n-i. -- Happy hacking Petter Reinholdtsen
Re: Changing password from outside
[Dominik George] > However, in order to better integrate AlekSIS, it would be desirable > to be able to change passwords from outside Debian Edu / GOsa. One > obvious way would be to SSH into Debian Edu and jsut do what GOsa > would do, but that's a somewhat nasty hack. [...] > Maybe someone here has any idea on how this could be done, without > falling back to writing expect scripts that call cli utilities? What about using pam-python to write a PAM module for changing passwords, that update everything GOsa would do. This way a simple 'passwd' command would work, any program using PAM would work and the need to block the normal password change process to point people to GOsa would go away. Not quite sure what you mean by 'outside', so it might not be a good option. -- Happy hacking Petter Reinholdtsen
Bug#968268: debian-edu-config: wakeupclients script fail because SiteSummary.pm is missing
Package: debian-edu-config Version: 2.10.65+deb10u6 Severity: normal There is an issue with how three Debian Edu packages interact. It involves debian-edu-config, sitesummary and shutdown-at-night. After setting up outgoing emails on my laptop, where debian-edu-config and shutdown-at-night, but not sitesummary, is installed, I started getting cron emails like this: Subject: Cron test -x /usr/lib/shutdown-at-night/wakeupclients && /usr/lib/shutdown-at-night/wakeupclients Can't locate SiteSummary.pm in @INC (you may need to install the SiteSummary module) (@INC contains: /etc/perl /usr/local/lib/x86_64-linux-gnu/perl/5.28.1 /usr/local/share/perl/5.28.1 /usr/lib/x86_64-linux-gnu/perl5/5.28 /usr/share/perl5 /usr/lib/x86_64-linux-gnu/perl/5.28 /usr/share/perl/5.28 /usr/local/lib/site_perl /usr/lib/x86_64-linux-gnu/perl-base) at /etc/shutdown-at-night/clients-generator line 7. BEGIN failed--compilation aborted at /etc/shutdown-at-night/clients-generator line 7. The cause seem to be that the cron job from shutdown-at-night (/etc/cron.d/shutdown-at-night) calls the /etc/shutdown-at-night/clients-generator script from debian-edu-config, which fail to work when SiteSummary.pm from the sitesummary package is not available. I suspect some dependencies need to be adjusted to ensure the perl module is available when needed, or the script need to cope with the missing module in a better way. -- System Information: Debian Release: 10.5 APT prefers stable-updates APT policy: (500, 'stable-updates'), (500, 'stable-debug'), (500, 'stable') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-9-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US:en (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled Versions of packages debian-edu-config depends on: ii bind9-host 1:9.11.5.P4+dfsg-5.1+deb10u1 ii cfengine33.12.1-2 ii debconf [debconf-2.0]1.5.71 ii debconf-utils1.5.71 ii debian-edu-artwork 2.10.5-1 ii desktop-profiles 1.4.30 ii e2fsprogs1.44.5-1+deb10u3 ii education-tasks 2.10.47 ii fping4.2-1 ii gnutls-bin 3.6.7-4+deb10u5 ii isenkram-cli 0.41 ii ldap-utils 2.4.47+dfsg-3+deb10u2 ii ldapscripts 2.0.8-1 ii libconfig-inifiles-perl 3.01-1 ii libfilesys-df-perl 0.92-6+b4 ii libhtml-fromtext-perl2.07-1 ii libio-socket-ssl-perl2.060-3 ii libnet-ldap-perl 1:0.6500+dfsg-1 ii libnet-netmask-perl 1.9104-1 ii libnss3-tools2:3.42.1-1+deb10u3 ii libpacparser11.3.6-1.1+b4 ii libpam-python1.0.6-1.1+deb10u1 ii libproxy1-plugin-kconfig 0.4.15-5 ii libproxy1-plugin-networkmanager 0.4.15-5 ii libproxy1-plugin-webkit 0.4.15-5 ii libterm-readkey-perl 2.38-1 ii libtext-unaccent-perl1.08-1.3+b3 ii lockfile-progs 0.1.18 ii lsb-base 10.2019051400 ii lsb-release 10.2019051400 ii mime-support 3.62 ii net-tools1.60+git20180626.aebd88e-1 ii netcat-openbsd [netcat] 1.195-2 ii netcat-traditional [netcat] 1.10-41.1 ii ng-utils 1.0-1+b1 ii openssl 1.1.1d-0+deb10u3 ii patch2.7.6-3+deb10u1 ii python 2.7.16-1 ii python-notify0.1.1-4 ii ssl-cert 1.0.39 ii swaks20181104.0-2 ii tftp 0.17-22 ii uuid 1.6.2-1.5+b7 Versions of packages debian-edu-config recommends: ii binutils 2.31.1-16 ii libnotify-bin 0.7.7-4 ii lsof 4.91+dfsg-1 ii memtest86+ 5.01-3 ii resolvconf 1.79 ii syslinux 3:6.04~git20190206.bf6db5b4+dfsg1-1 debian-edu-config suggests no packages. -- Configuration Files: /etc/network/if-up.d/hostname [Errno 2] No such file or directory: '/etc/network/if-up.d/hostname' /etc/network/if-up.d/wpad-proxy-update [Errno 2] No such file or directory: '/etc/network/if-up.d/wpad-proxy-update' -- debconf information excluded -- Happy hacking Petter Reinholdtsen
Re: Filtering out some untranslatable strings
[Frans Spiesschaert] > It only removes the image name part, not the alt name part for the image. > > Example: > > This is an image paragraph in debian-edu-bullseye-manual.xml: > fileref='./images/i.png'/>Debian Edu > Installer Logo I got the impression that the English images would be named i.png, while for example the German edition would use i-de.png or something like that. At least I believe that is the reason these image path strings are passed on to the translators. -- Happy hacking Petter Reinholdtsen
Re: Filtering out some untranslatable strings
[Frans Spiesschaert] > I prepared a code snippet that is able to remove some untranslatable > strings from the manuals. Is this affecting the ability to provide translated figures/images? -- Happy hacking Petter Reinholdtsen
Time to shut down the @skolelinux.org mailing lists?
Hi. The system administrator of the lists.skolelinux.org mailman setup and server approached me today and asked if it is time to shut down these mailing lists. The machine running the server is on a old virtualization system, so either the system is shut down or they have to spend hours migrating the system, and thus wonder if it is worth the effort. I talk about the mailing lists shown on https://lists.skolelinux.org/listinfo >: * admin-discuss General Discussion and Assistance for Debian-edu/Skolelinux Administrators * Bruker Forum for brukerne av Skolelinux * linuxiskolen Diskusjonsliste for Skolelinux (tidligere Linuxiskolen (LiS)) * Mailman * [ingen beskrivelse tilgjengelig] * omc [ingen beskrivelse tilgjengelig] * Release-team Discussion list for the release team * Www-de [ingen beskrivelse tilgjengelig] * Www-fr [ingen beskrivelse tilgjengelig] * www-int Discussions regarding the international Skolelinux website * www-no Discussions regarding the Norwegian Skolelinux website In addition there is sty...@skolelinux.no, which I believe is a hidden list on the server. CC to all these lists. Are there any objections to shutting down these mailing lists? They rarely see any use, and is flodded by spam that is removed by the moderators who spend time on filtering it away. If you believe one specific list should live, please reply before 2020-07-15 _to that list_, with CC to me and debian-...@lists.nuug.no, explaining why. The web archives will be lost when the system is shut down. Anyone got a good idea how to archive the mailing lists in a good way for future reference? -- Happy hacking Petter Reinholdtsen
Re: Bug#890517: killer's CRON logs out users once per hour
Control: forwarded -1 https://bugs.x2go.org/cgi-bin/bugreport.cgi?bug=1171 [Wolfgang Schweer] > Any news on this one? Debian Edu Bullseye intends to use x2goserver on > LTSP servers for Thin Client support... The upstream issue is still open, at least. (Just a quick reply to set the forwared url. :) -- Happy hacking Petter Reinholdtsen
Bug#961729: education-networked-common: Please remove Recommends: haveged
[Wolfgang Schweer] > 5.6.0-2-amd64 #1 SMP Debian 5.6.14-1 (2020-05-23) GNU/Linux (unstable): > enabled as a module (jitterentropy_rng). > > Unchanged at least since Buster (4.19.x). Right. The module do not seem to do a great job in Buster, at least. I tried with and without haveged active, and with and without the jitterentropy_rng kernel module, running while time dd bs=1 count=32 if=/dev/random of=/dev/null 2>/dev/null ; do cat /proc/sys/kernel/random/entropy_avail sleep 1 done This pull out 32 bytes of random bits every second while reporting how long it took to get the bytes. With haveged active, the entropy_avail count never go below 1000, without it, entropy quickly drains out. With the jitterentropy_rng kernel module, entropy still drain out. This was without typing on the keyboard and not moving the mouse. Note, my laptop have decided to load the tpm module on its own, which might affect the result. Not quite sure what it does, but it depend on rng_core which make me suspect it can be a randomness source. -- Vennlig hilsen Petter Reinholdtsen
Bug#961729: education-networked-common: Please remove Recommends: haveged
[Wolfgang Schweer] > Maybe this one:: > https://github.com/torvalds/linux/blob/master/crypto/jitterentropy.c Perhaps. I notice it has been around since 2015, and was updated in 2019 with adjusted algoritms. Is it enabled and activated in the kernel by default recently? Note, the test done by the d-i developers indicated that d-i still need haveged. -- Happy hacking Petter Reinholdtsen
Bug#961729: education-networked-common: Please remove Recommends: haveged
[Chris Hofstaedtler] > your package currently Recommends: haveged. On modern kernels, so > whatever will ship in bulleye, the kernel will provide enough entropy, > so there should be no need for haveged, except in exceptional > situations. This sound very good indeed. Where can I read more about the entropy sources enabled in the Linux kernel by default for the bullseye kernel? Earlier we ran into problems with low entropy on LTSP machine (aka machines with no disk), where there is no disk IO and very few interrupts. Very glad to hear that these kind of machines will no longer run short on entropy. :) I tried searching the web for information about the added entropy sources in the kernel, but came up short, unless the idea is that the kernel will use hardware entropy sources like the TPU. I hope these drivers also work on older hardware. -- Happy hacking Petter Reinholdtsen
Bug#961254: libpam-mklocaluser: stop enforcing logout on initial login
[Mike Gabriel] > Attached is a patch that drops the enforcement of the re-login and > manipulates the HOME env var after the local POSIX user account has been > fully prepared by libpam-mklocaluser. Nice. Not quite sure why I originally concluded that something was caching the home directory path, nor what was caching it, so be careful. The patch could use a comment explaining the background and constraints. I do not see anything wrong with the patch, and assuming it has been tested, feel free to upload it when it suits you. :) -- Happy hacking Petter Reinholdtsen
Re: Is Debian mirror on ftp.skolelinux.org still used?
[Petter Reinholdtsen] > I take it from your answer that the mirror is unused and can be > removed. :) I finally found time to look at this, and have removed the mirror and disabled the ftpsync cron jobs from the builder user. I also removed most of the stuff in /skolelinux/administrator/debmirror/builder_temp_dir/, but not sure if the rest can be removed without negative effects, so I left the remaining 3.6 GiB behind. -- Happy hacking Petter Reinholdtsen
Bug#952665: debian-edu-config: Don't do unnecessary wget to the internet
[Mike Gabriel] > The dc=skole object in LDAP can reference a Firefox/Chromium default > homepage in its labeledURI field. If this URI points to some school > homepage on the internet, we observe bad system logon performance in > computer labs. If you place (
Re: Debian Edu and Raspberry Pi
[Roman Meier] > How good or bad are experiences with Debian Edu running on Raspberry Pis? > Is this a viable option? I know the RPi 1 was a little short on memory, it could run as a thin client and a fairly limited desktop. 512 MiB of RAM is not a lot these days. I would imagine the RPi 3 would work just fine. I do not believe anyone tested this the last few years, but the recipe you found should get you started at least. Perhaps the recipe still work? It try to replicate the installation procedure run from the normal installer, so it just might. :) -- Happy hacking Petter Reinholdtsen
Re: Is Debian mirror on ftp.skolelinux.org still used?
[Holger Levsen] > why not retire it? Because it is the NFS exported home directory to several other machines, which will have to be retired first. It also contain several files that should be saved away for long term storage before it is retured. > the building is disabled since years. Very good. I take it from your answer that the mirror is unused and can be removed. :) -- Happy hacking Petter Reinholdtsen
Is Debian mirror on ftp.skolelinux.org still used?
Hi. I would like to virtualize the currently phyical machine administrator.skolelinux.no, behind ftp.skolelinux.org. This process would be a lot easier if the storage requirements were smaller. Because of this, I wonder if the Debian mirror behind ftp.skolelinux.org is still used. Is the ISO building using the mirror and running on the machine still relevant? If it is not relevant, can someone make sure the building is disabled? -- Happy hacking Petter Reinholdtsen
Re: remove desktop-profiles?
[Holger Levsen] >> Is it now possible to use XDG to redirect esound audio on LTSP clients? >> Just curious, as it was one of the important usecases for >> desktop-profiles. > > esound doesnt seem to be part of buster (and newer) anymore. Note, I am mostly curious about the features of XDG, not really esound. If I recall correctly, desktop-profiles took desktop setup desicions based on environment variables set during login. I guess it can also be done using a Xsession.d script, if XDG do not have that feature. -- Happy hacking Petter Reinholdtsen
re: remove desktop-profiles?
[Holger Levsen] > doing so now. I've seen the higher popcon value too, and wondered why, > but still, I don't see any usecase left for desktop-profiles which > cannot be done better with XDG. Is it now possible to use XDG to redirect esound audio on LTSP clients? Just curious, as it was one of the important usecases for desktop-profiles. -- Happy hacking Petter REinholdtsen
Re: upgrade via reinstall
[Simon Oosthoek] > I'm planning to upgrade our debian-edu 8.11 install to the latest > version soon. However I think it will come down to a re-install from > scratch, but I'd like to keep the information we put in Gosa about > devices (printers) and such. Is an export and import possible between > these versions, or do I need to do something special? If I am not mistaken, all the information put into GOsa is stored in LDAP, where you can get access to it / export it in LDIF format using ldapsearch (via the network) and slapcat (locally on the main server). The latter will give you direct access to the LDAP database content. The parts you want to import can then be imported using slapadd or for example ldapvi. The only parts I believe will not migrate like this is the Kerberos password parts, which are encrypted using a installation specific key. For those, you will need to use more tools and procedures. -- Happy hacking Petter Reinholdtsen
Re: Login from Workstation not possible anymore
[Frank Weißer] > Any hints are appreciated Try running debian-edu-test-install as root and see if it detect any problems. -- Happy hacking Petter Reinholdtsen
Bug#942202: sitesummary-client: sitesummary-upload missing https support
Package: sitesummary-client Version: 0.1.43 Severity: important The sitesummary-upload tool to submitt reports to the Sitesummary collector, do not handle https URLs. It should be rewritten or replaced with a tool that support uploading using https. I discovered this when changing my web server to use certbot and redirect all http requests to https. -- Happy hacking Petter Reinholdtsen
Re: Is there any program to design a schedule of lessons?
[Andreas Tille] > Hi, > > just a quick question: Is there any free program to craft > a schedule of lessons in a school? Not quite sure what you mean, but could 'fet' be in the class of program you are looking for? It take information about events, resources and participants, and try to generate a schedule that fit everyone. In other word, generate the time table. -- Happy hacking Petter Reinholdtsen
Bug#940698: [SPAM] Bug#940698: [debian-edu-config] Add wget as a dependency
[Mike Gabriel] > And then the cf-agent call fails. We might have to consider adding > wget to Depends: of d-e-c. Is perhaps 'curl' installed by default? What about rewriting the cfengine rules to us curl instead? -- Happy hacking Petter Reinholdtsen
Bug#935080: slapcat used in gosa hook script gosa-modify-host
[Mike Gabriel] > The slapcat tool is an offline administration tool for LDAP and should > not be used for day-to-day online tasks. Care to explain this argument a bit more? I fail to see why slapcat should have a different status from any other tools available, for use in day-to-day tasks as the developer see fit. Is there some other reason not to use slapcat, in addition to it 'should not be used for day-to-day online tasks'? Note, I have no idea why slapcat is used in the script to locate hosts: # cleanup from leftover host principals and keytab file: for i in $(basename -a /etc/debian-edu/host-keytabs/* | sed 's#.intern.keytab##') ; do if slapcat | grep $i | grep -q dhcp ; then : else kadmin.local delprinc host/$i.intern@INTERN kadmin.local delprinc nfs/$i.intern@INTERN rm /etc/debian-edu/host-keytabs/$i.intern.keytab fi done I have no idea why Wolfgang decided to use slapcat instead of ldapsearch here. Perhaps to make sure he is operating on the local LDAP database, or because he did not have the LDAP connection details available in the script? -- Vennlig hilsen Petter Reinholdtsen
Re: login with user created during installation
[Omar Lazzari] > right! but the reason was another add_principal: Password may not > match principal name while creating "admindebianedu@INTERN" it was a > installation-test so i used username as password. it's forbidden Aha. Did not know that. :) The fact that the user-setup in the installer accept passwords that are rejected later when setting up Kerberos is a usability nightmare, causing users to give up. Is there anyone working on improving the situation? As far as I can tell from https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=364526 >, request a change in user-setup for modules to check the password has been unsolved for 13 years. Time to fix it? -- Happy hacking Petter Reinholdtsen
Re: Bug#931413: [debian-edu-commits] [Git][debian-edu/debian-edu-config][master] debian/debian-edu-config.fetch-ldap-cert: Retrieve TJENER's PKI server...
[Mike Gabriel] > Another error in reasoning... A diskless machine doesn't probably have > any values/assets to protect, so why deploy the LDAP server cert at > all to the diskless chroot? It is sufficient (and fully works) to > retrieve the LDAP cert during the diskless machine's boot process. The LDAP server cert is placed inside diskless chroots to protect the users (for example their passwords) from man-in-the-middle attacks on the LDAP directory. The point is not to keep the read only files safe, but the users logging into them. -- Happy hacking Petter Reinholdtsen
Bug#929964: debian-edu-config: sudo fails on LTSP clients
[Wolfgang Schweer] > During a recent test I noticed that sudo is unusable on LTSP clients. > The LDAP server connection can't be established. > > While the related configuration (/etc/sudo-ldap.conf) is ok on the > server, the LDAP URI needs to be set explicitly for clients. Why do the LTSP clients need this, if the non-LTSP clients do not? Perhaps it is time to switch all clients to sssd? -- Vennlig hilsen Petter Reinholdtsen
Bug#924451: sitesummary-client: Causes daily email from cron on machine with HW RAID
Package: sitesummary-client
Version: 0.1.28
Severity: important
Tags: patch
One of my machines send out a cron email every night with this message:
/etc/cron.daily/sitesummary-client:
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
The source is in hdparm when collect.d/system is asking every hard drive
for information, and the HW RAID drives refuse to give out any
information. This is what it look like for one of the disks:
# hdparm -I /dev/sdm
/dev/sdm:
SG_IO: bad/missing sense data, sb[]: 70 00 05 00 00 00 00 0b 00 00 00 00 20 00
00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
ATA device, with non-removable media
Standards:
Likely used: 1
Configuration:
Logical max current
cylinders 0 0
heads 0 0
sectors/track 0 0
--
Logical/Physical Sector size: 512 bytes
device size with M = 1024*1024: 0 MBytes
device size with M = 1000*1000: 0 MBytes
cache/buffer size = unknown
Capabilities:
IORDY not likely
Cannot perform double-word IO
R/W multiple sector transfer: not supported
DMA: not supported
PIO: pio0
#
The following change solve the issue, by throwing away any errors from
hdparm:
diff --git a/collect.d/system b/collect.d/system
index c70447d..b36000a 100644
--- a/collect.d/system
+++ b/collect.d/system
@@ -44,7 +44,7 @@ fi
# Collect hard disk information
for diskdev in $(grep 'sd.$' /proc/partitions|awk '{print $4}'|sort); do
-hdparm -I /dev/$diskdev || true
+hdparm -I /dev/$diskdev 2>/dev/null || true
done > hdparm-I
# Collect zfs hard disk information too
I set severity to important for now, but it could be argued that this is
release critical, as it can fill up /var/ and cause a system error if
no-one is checking the emails regularly.
--
Happy hacking
Petter Reinholdtsen
Re: Time to intensify Weblate usage
[Mike Gabriel] > I will only add those languages that are not actively maintained by > the Debian l10n sub-teams. Note, there is a regex blacklist in place to keep some languages out of the weblate interface. New languages outside this blacklist are added when new translators start working on them. You can change this to block new translators from starting on a new language using a gui setting, I believe. It is a bad idea as it will scare potential contributors away. -- Happy hacking Petter Reinholdtsen
Re: popcon.debian.org instead of popcon.skolelinux.org (Re: [debian-edu-commits] Cron nice make -s -C $HOME/src/debian-edu/src/build/CD-administrator get_popcon > /dev/null
[Holger Levsen] > Then since 2006 (git commit 3fd56e546) > d-e-install.git/preseed-values/defaults.common has/had configuration > configuration to submit to both popcon.s.o and popcon.d.o, so all > existing systems have been submitting to the Debian popcon server > since 13 years. You phrase it as if you expected something else? popcon.s.o was to allow us to count Debian Edu installations and know what kind of packages were mostly used by "our" users, not to keep data from popcon.d.o. The Debian Edu installations was always set up to submit both places. But it look like we lost the ability to track our users a long time ago, sadly. > So I removed all references of popcon.s.o from d-e-install.git and > d-e-config.git. Very good. Less services to maintain on maintainer.s.n is a good thing. -- Happy hacking Petter Reinholdtsen
Re: Time to drop Weblate (Was: The Norwegian Bokmål translation team move from Transifex to Weblate)
[Frans Spiesschaert] > If no one else steps in, I am willing to try and take over the Weblate > part, although this means that in the beginning I will be in need of > some guidance, because I have no previous experience with > administering a Weblate project. I only have a Weblate user account in > order to be able to update the Dutch translation for the po4a package. Mike Gabriel stepped up on IRC earlier today, and I've added him as a weblate project admin. I leave it to him to add you as well, if you two agree it is a good idea. :) -- Happy hacking Petter Reinholdtsen
Re: Time to drop Weblate (Was: The Norwegian Bokmål translation team move from Transifex to Weblate)
[Wolfgang Schweer] > Please keep weblate translations going on. > I'll take over the wiki edit part (copyright). I would be happy to teach anyone, including you, how to sync between weblate and salsa (which mostly involve 'git pull weblate master && git push' with a few clicks on the Weblate admin page to reduce the chance of any git conflict in between). I just concluded that the joy/frustration threshold had been passed today on this task and will try to spend time on something with higher joy/frustration value instead. -- Happy hacking Petter Reinholdtsen
Re: Time to drop Weblate (Was: The Norwegian Bokmål translation team move from Transifex to Weblate)
[Holger Levsen] > I object to this summary. I'm very glad about the ongoing translations > coming in via the weblate project! Fair enough. I refer to the fact that there were protests against using both Transifex and Weblate since before the Weblate project was updated and up to this day, and the fact that you repeatedly have asked for procedures that are not going to work with Weblate and made it clear that you would rather not have translations from Weblate than have them provided in the way Weblate is implemented. Several translators made it clear that they did not want to use Weblate for their languages, and these languages were hidden from Weblate to avoid any conflict. Anyway, it is all water under the brigde, so there is no point for me to convince anyone about what has been. > Without entries in debian/copyright we *cannot* distribute these > translations. Given section 6 in https://weblate.org/en/terms/ >, I doubt this to be true. -- Happy hacking Petter Reinholdtsen
Time to drop Weblate (Was: The Norwegian Bokmål translation team move from Transifex to Weblate)
[Petter Reinholdtsen 2016-10-14] > Weblate uses git internally, and I hope to be able to use git merge to > update the translations. This is yet untested for this repo, so we > will see how it goes. :) Now we know how it went. There has been steady oppisition to using the web based translation editor since before the weblate project was created, and I fail to see the upside for my part to being included in that conflict. Luckily the Norwegian translation is almost 100%, so the starting point for the future is good. Anyway, some background for the change, from IRC today: pere: please get the zh_Hant translators to add themselves to $wiki/CopyRight h01ger: how did you think that should happen? I have no contact with them besides the emails on the list. no idea then no other idea then use the list without a copyright notice, we cannot distribute their work. the way to get d-e-doc's d/copyright updated, is via adding it to $wiki/CopyRight you want me to send an email to a translator and tell him you asked me to get him to update the wiki? pere: you can also update those wiki pages you lost me here. why do you involve me, instead of talking directly to the translator? pere: you seem to think adding translations via weblate comes with no costs (=no additional work). this is not true. please take some responsibility for the work caused by that work right. I'll shut down the weblate project, then. I do not want to take the role of coordinating translators. * h01ger sighs maybe you can find somebody else to do it instead? maybe. I have no interest in fighting over the issue, I barely have time to run 'git pull' once in a while. but I am not going to spend time on it, it is quicker to just conclude that the opposition is present and I do not want to spend more time on it. I've locked down the weblate project now (ie no-one will be able to add or update translations there any more) to make sure no more sync-ing between the git repos are needed, and unless someone show up to take over the responsibility of synchronizing between weblate and salsa before Friday 2019-02-15, I'll ask the Weblate admin to remove/drop the debian-edu-documentation project from Weblate. Heaps of other stuff to translate there, so we will not become idle. :) https://hosted.weblate.org/projects/ > got the complete list, if you are curious. -- Happy hacking Petter Reinholdtsen
killer vs. Xreset.d
Hi, The discussion in https://bugs.debian.org/890517 > reminded me of why we introduced the killer package in Debian Edu. The problem was that some user programs refused to die when the user logged out, and instead went cracy when $DISPLAY no longer worked. If I remember correctly, it was typically libreoffice or firefox, and these left behind processes would soon consume a lot of (or all) CPU and memory on the machine, making the machine unusable for the next user. We came up with the approach to add a background process to check regulary for left behind processes (aka user processes for no longer logged in users), and kill them to get rid of the problem. It would ignore niced processes, in the believe that left behind niced processes were left intentionally behind and should be allowed to run. A better approach would be to run a script when the user logged out, and kill any stray processes at that point instead. Unfortunately there were no hooks available to do this. Now, there is a hook to do so, in /etc/X11/Xreset.d/. Perhaps it is time to add a script in there and retire the killer package? Note, this is not to be taken as an argument to not fix x2go, which really need to register its sessions in utmp/wtmp. -- Happy hacking Petter Reinholdtsen
Bug#920861: Use same $HOSTNAME for hosts on LAN and WiFi
[Mike Gabriel] > Is this something, we can provide via Debian Edu directly? Our > alternative here is to override update-hostname-from-ip with > dpkg-divert here locally, which I would like to avoid. What about simply mirror the MAC address from the ethernet interface to the wifi interface? This way the same IP address and DNS name will be assigned to the host, no matter which interface is used. It could be solved using a simple script during boot and the macchanger program. -- Happy hacking Petter Reinholdtsen
Re: [SPAM] Ad-Hock Computer Lab
Hi, [Dashamir Hoxha] > This article looks from a different perspective at how the students and > teachers need to use the computers: Thank you. Do you believe such scenario is useful to build into Debian Edu? Are you aware of the Teckids, https://www.teckids.org/en/ >? Their setup with web based login to a Linux machine might be an interesting alternative for this use case. https://www.nuug.no/aktiviteter/20170808-teckids/ > present their ideas and setup. -- Happy hacking Petter Reinholdtsen
Re: [Git][debian-edu/debian-edu-config][master] 032-edu-pkgs: merge those ten apt-get purge calls into one.
[Holger Levsen] > that's why it ends with || true now. Using '|| true' is not fixing the installation. Some packages will be missing on some profiles, and this will stop any purging from happen. Just try 'apt purge bash fdsfsa' yourself and notice how bash is not purged. The effect that the purging will not happen at all for some or all profiles. > (I also thought about whether thats a good idea but concluded yes. > quoting myself from irc: apt purge $pkg takes 14secs on my computer, > mostly because of those triggers. so i assume 13b6dab might have > reduced installation time by a minute :) You might as well remove the purge completely. It will save some more time, and make it obvious that no package is purged. Unfortunately some of the packages purged must be purged for the LTSP client to work well. > we can and will notice failures to purge in the logfiles during > development, and then we can also address those. Trying to purge non-installed packages is not a bug in the ISO, it is a feature, to ensure some packages are removed no matter which profile is selected. -- Happy hacking Petter Reinholdtsen
Re: [Git][debian-edu/debian-edu-config][master] 032-edu-pkgs: merge those ten apt-get purge calls into one.
[Holger Levsen] > 13b6dab8 by Holger Levsen at 2019-01-27T16:57:58Z > 032-edu-pkgs: merge those ten apt-get purge calls into one. This is a very bad idea. The calls was written like that to "fail" individually, in case some packages were missing in the chroot. By joining them together, any missing package will stop the entire purging from happening. -- Happy hacking Petter Reinholdtsen
Re: Why two chinese translations of debian edu documentation?
[Holger Levsen] > then it should use some other git repo. This is another way to say we should not use Weblate and avoid any contributors from Weblate. Is this your wish? We can shut down the Weblate translation of Debian Edu, of course. I believe it is doing ourself a disservice, as we have gained more new translators from Weblate the last few years, than those who show up to update git directly. > which work? The work resulting in 3,9% of the entire set of documentation files translated to Chinese (Traditional) so far as can be seen on https://hosted.weblate.org/projects/debian-edu-documentation/#languages >. The web site further show 26.7% translated of the audacity manual, 10.9% of the Rosegarden manual, 4.5% of the ITIL manual, 0.5% of the Buster manual and 0.4% of the Stretch manual. I have no idea if you find this work valuable, just wanted to make sure we talk about the same thing. -- Happy hacking Petter Reinholdtsen
Re: Why two chinese translations of debian edu documentation?
[Holger Levsen] > A translation in such a state should not be added to git (but instead be > further developed in weblate). This is not technically possible. The storage area for Weblate is the git repository. > I'll now drop those files from git. This will also drop the files from Weblate, and is the same as throwing away the translation work done so far. > (I'd also recommend to start with translating the Buster manual, not > Stretch. And: work on one manual at a time, not 5.) You misunderstand how Weblate work. When translating a string in Weblate which is present in several files, all the files with this string is updated. Even those focusing on the Buster manual will update translations for Stretch. -- Happy hacking Petter Reinholdtsen
Re: Why two chinese translations of debian edu documentation?
[Holger Levsen] > given the lack of replies I'll remove zh_Hant soon. I got a reply directly to me, where he explained the languages are very different. I suggested he send the reply to the list too. -- Happy hacking Petter Reinholdtsen
Re: [SPAM] netboot.tar.gz for DebianEdu/Skolelinux?
Hi, [Frank Weißer] > For Debian there is something like >> http://ftp.de.debian.org/debian/dists/stretch/main/installer-amd64/current/images/netboot/netboot.tar.gz > > available. > > Is there something similar for DebianEdu/Skolelinux? I believe you should be able to use the Debian images, just provide slightly different boot arguments / preseeding to get the Debian Edu installation going. The key part is the anna/choose_modules preseeding, which loads the debian-edu-install-udeb package into the installer. I recommend you have a look at /usr/sbin/debian-edu-pxeinstall to see how PXE installation is set up on a Debian Edu server. Can you tell us some more on how you use Debian Edu? -- Happy hacking Petter Reinholdtsen
Why two chinese translations of debian edu documentation?
Hi Louies, I noticed you created a new set of translation files on Weblate, with the language code 'zh_Hant'. There is already translation files with the language code 'zh'. Why do we need another set? Are these translations different enough to duplicate the work? Cc to the Debian Edu list and the most active translator for 'zh'. -- Happy hacking Petter Reinholdtsen
Bug#916204: Improve /etc/lsb-release (or drop it)
[Mike Gabriel] > we inventory Debian Edu hardware specifics of our customers with the > tool OCS Inventory. Other than hardware inventorying, the tool also > looks at /etc/lsb-release and shows the value of the > DISTRIB_DESCRIPTION field in host lists. If /etc/lsb-release is > missing, the file /etc/os-release is used. I would recommend to use the output from "lsb_release -a" instead of failing to replicate the logic used by lsb_release to figure out the current status. On a Debian Edu machine it returns this: No LSB modules are available. Distributor ID: Debian Description:DebianEdu/Skolelinux Release:9.6 Codename: stretch -- Happy hacking Petter Reinholdtsen
Re: Debian Edu maintainer address
[Javier Serrano Polo] > How do Debian Edu developers communicate? Mostly using debian-edu@lists.debian.org > I see that veyon carries debian-edu-pkg-t...@lists.alioth.debian.org. > Should the maintainer be debian-edu-pkg-t...@alioth-lists.debian.net? Perhaps. If so, I suspect it is best to address it with a report on bugs.debian.org, to ensure the active maintainer can track the issue there? -- Happy hacking Petter Reinholdtsen
Re: cool new UML-Diagram drawing tool: crystal_facet_uml
[Andreas Warnke] > Hello Petter, > > Thank you for asking! > Maybe you would expect something like XMI: > https://en.wikipedia.org/wiki/XML_Metadata_Interchange Perhaps. We need some platform independent storage format, because a Linux only solution is not going to work in this project. We have not landed how to handle the UML drawings yet, but a Linux only solution would be dead on arrival. CC to the dia maintainer instead of pkg-dia-t...@lists.alioth.debian.org, as the latter is no working email address. -- Happy hacking Petter Reinholdtsen
