[debian-edu-commits] debian-edu/ 01/01: Reorganize Firefox and Thunderbird configuration.

Wed Jan 24 17:42:31 UTC 2018

This is an automated email from the git hooks/post-receive script.

schweer-guest pushed a commit to branch master
in repository debian-edu-config.

commit 10072ef553357b0837a15971034b60c5a35c3568
Author: Wolfgang Schweer <wschweer at arcor.de>
Date:   Wed Jan 24 18:40:01 2018 +0100

    Reorganize Firefox and Thunderbird configuration.
    
      Instead of shipping the related directories in /etc/skel, create these
      at the time a user account is created (for both first and regular user).
       + Ship the previously generated 'profiles.ini' file as
         share/debian-edu-config/profiles.ini and copy it on account creation.
       + Adjust cf3/cf.firefox-esr and remove the now unneeded config file
         cf3/cf.thunderbird.
       + Adjust ldap-tools/ldap-debian-edu-install as well as
         share/debian-edu-config/tools/gosa-create.
    
    Avoid shipping /etc/skel/.pki/nssdb, needed for Chromium, Konqueror et al.
    
      Move creation and permission adjustment for ~.pki/nssdb to the respective
      user account generation scripts.
      Remove the now unneeded config file cf3/cf.pki.
    
    Adjust various files to reflect the changes.
    
      debian/dirs, cf3/promises.cf, debian/debian-edu-config.maintscript,
      debian/debian-edu-config.lintian-overrides and Makefile.
    
    Makefile: Fix man page installation related typo that caused a bogus file
    to be shipped in addition since a long time.
---
 Makefile                                   |  5 +--
 cf3/cf.firefox-esr                         | 15 --------
 cf3/cf.pki                                 | 16 --------
 cf3/cf.thunderbird                         | 23 ------------
 cf3/promises.cf                            |  4 --
 debian/changelog                           | 23 ++++++++++++
 debian/debian-edu-config.lintian-overrides | 11 +-----
 debian/debian-edu-config.maintscript       |  2 +
 debian/dirs                                |  4 --
 ldap-tools/ldap-debian-edu-install         |  8 ++++
 share/debian-edu-config/profiles.ini       |  7 ++++
 share/debian-edu-config/tools/gosa-create  | 60 +++++++++++++++++-------------
 12 files changed, 77 insertions(+), 101 deletions(-)

diff --git a/Makefile b/Makefile
index 2ddd02e..c2936a5 100644
--- a/Makefile
+++ b/Makefile
@@ -54,11 +54,9 @@ CF3FILES = \
 	cf.bind \
 	cf.pxeinstall \
 	cf.ntp \
-	cf.pki \
 	cf.samba \
 	cf.squid \
 	cf.syslog \
-	cf.thunderbird \
 	cf.xrdp \
 	edu.cf \
 	promises.cf
@@ -289,7 +287,7 @@ install: install-testsuite
 		$(INSTALL) bin/$$prog $(DESTDIR)$(bindir) ; \
 		if [ -e "share/man/man1/$$prog.1" ]; \
 		then \
-		$(INSTALL_DATA) "share/man/man1/$$prog.1" $(DESTDIR)$(mandir)/man1/$$sprog.1 ; \
+		$(INSTALL_DATA) "share/man/man1/$$prog.1" $(DESTDIR)$(mandir)/man1/$$prog.1 ; \
 		fi \
 	done
 # Using manpages autodetection : 
@@ -442,6 +440,7 @@ install: install-testsuite
 		share/debian-edu-config/sslCA.cnf \
 		share/debian-edu-config/v3.cnf \
 		share/debian-edu-config/v3CA.cnf \
+		share/debian-edu-config/profiles.ini \
 		share/pam-configs/edu-group \
 		share/pam-configs/edu-umask \
 		share/perl5/Debian/Edu.pm \
diff --git a/cf3/cf.firefox-esr b/cf3/cf.firefox-esr
index 565b7cc..880281e 100644
--- a/cf3/cf.firefox-esr
+++ b/cf3/cf.firefox-esr
@@ -1,23 +1,8 @@
 bundle agent firefox
 {
-# Set up firefox to accept the default ssl certificate created through
-#  cf.apache2.
-# On the main server use /etc/skel/ to create a default profile for new
-# users in case they start firefox for the first time.
 
 commands:
 
-  debian.server.installation::
-
-    "/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini General StartWithLastProfile 1"
-      contain => in_shell;
-    "/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini Profile0 Name default"
-      contain => in_shell;
-    "/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini Profile0 IsRelative 1"
-      contain => in_shell;
-    "/usr/bin/update-ini-file /etc/skel/.mozilla/firefox/profiles.ini Profile0 Path debian-edu.default"
-      contain => in_shell;
-
   # Change default start page. Standalone machines get our project page,
   # while school machines get the school start page from LDAP.
   # The clients using LDAP also update the pages at boot.
diff --git a/cf3/cf.pki b/cf3/cf.pki
deleted file mode 100644
index 92d9fea..0000000
--- a/cf3/cf.pki
+++ /dev/null
@@ -1,16 +0,0 @@
-bundle agent pki
-{
-# Make sure the pki store directory has proper rights.
-
-vars:
-
-  "pki_file" string => "/etc/skel/.pki/.";
-
-files:
-
-  debian.server.installation::
-
-    "$(pki_file)"
-      perms  => mog("700","root","root");
-}
-
diff --git a/cf3/cf.thunderbird b/cf3/cf.thunderbird
deleted file mode 100644
index eba8da1..0000000
--- a/cf3/cf.thunderbird
+++ /dev/null
@@ -1,23 +0,0 @@
-bundle agent thunderbird
-{
-# Allow to create / update certificate and key dbs for Thunderbird.
-#
-# On the main server use /etc/skel/ to create a default profile for new
-# users in case they start Thunderbird for the first time.
-
-commands:
-
-  # Enable the default profile.
-
-  debian.server.installation::
-
-    "/usr/bin/update-ini-file /etc/skel/.thunderbird/profiles.ini General StartWithLastProfile 1"
-      contain => in_shell;
-    "/usr/bin/update-ini-file /etc/skel/.thunderbird/profiles.ini Profile0 Name default"
-      contain => in_shell;
-    "/usr/bin/update-ini-file /etc/skel/.thunderbird/profiles.ini Profile0 IsRelative 1"
-      contain => in_shell;
-    "/usr/bin/update-ini-file /etc/skel/.thunderbird/profiles.ini Profile0 Path debian-edu.default"
-      contain => in_shell;
-}
-
diff --git a/cf3/promises.cf b/cf3/promises.cf
index 56367bb..b9c3772 100644
--- a/cf3/promises.cf
+++ b/cf3/promises.cf
@@ -41,7 +41,6 @@ body common control
                           bind,
                           homes,
                           firefox,
-                          thunderbird,
                           chromium,
                           samba,
                           cups,
@@ -52,7 +51,6 @@ body common control
                           inetd,
                           krb5client,
                           ldapserver,
-                          pki,
                           ldapclient,
                           ldapserver,
                           ntp,
@@ -88,11 +86,9 @@ body common control
                   "debian-edu/cf.ldapserver",
                   "debian-edu/cf.ldapclient",
                   "debian-edu/cf.ntp",
-                  "debian-edu/cf.pki",
                   "debian-edu/cf.pxeinstall",
                   "debian-edu/cf.squid",
                   "debian-edu/cf.syslog",
-                  "debian-edu/cf.thunderbird",
                   "debian-edu/cf.xrdp",
       };
 
diff --git a/debian/changelog b/debian/changelog
index e9de0ac..d92ce35 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,26 @@
+debian-edu-config (2.10.20) UNRELEASED; urgency=medium
+
+  * Reorganize Firefox and Thunderbird configuration:
+    - Instead of shipping the related directories in /etc/skel, create these
+      at the time a user account is created (for both first and regular user).
+      + Ship the previously generated 'profiles.ini' file as
+        share/debian-edu-config/profiles.ini and copy it on account creation.
+      + Adjust cf3/cf.firefox-esr and remove the now unneeded config file
+        cf3/cf.thunderbird.
+      + Adjust ldap-tools/ldap-debian-edu-install as well as
+        share/debian-edu-config/tools/gosa-create.
+  * Avoid shipping /etc/skel/.pki/nssdb, needed for Chromium, Konqueror et al.
+    - Move creation and permission adjustment for ~.pki/nssdb to the respective
+       user account generation scripts.
+    - Remove the now unneeded config file cf3/cf.pki.
+  * Adjust various files to reflect the changes.
+    - debian/dirs, cf3/promises.cf, debian/debian-edu-config.maintscript,
+      debian/debian-edu-config.lintian-overrides and Makefile.
+  * Makefile: Fix man page installation related typo that caused a bogus file
+    to be shipped in addition since a long time.
+
+ -- Wolfgang Schweer <wschweer at arcor.de>  Tue, 23 Jan 2018 15:00:57 +0100
+
 debian-edu-config (2.10.19) unstable; urgency=medium
 
   [ Holger Levsen ]
diff --git a/debian/debian-edu-config.lintian-overrides b/debian/debian-edu-config.lintian-overrides
index de01e2d..cbce340 100644
--- a/debian/debian-edu-config.lintian-overrides
+++ b/debian/debian-edu-config.lintian-overrides
@@ -3,19 +3,10 @@ debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/f
 debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/hostname
 debian-edu-config binary: script-not-executable etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
 debian-edu-config binary: command-with-path-in-maintainer-script postinst:51 /usr/bin/etckeeper
-debian-edu-config binary: command-with-path-in-maintainer-script postinst:289 /usr/bin/etckeeper
+debian-edu-config binary: command-with-path-in-maintainer-script postinst:291 /usr/bin/etckeeper
 debian-edu-config binary: non-standard-apache2-configuration-name debian-edu-config-doc.conf != debian-edu-config.conf
 debian-edu-config binary: debconf-is-not-a-registry usr/bin/ldap-debian-edu-install
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/d-i/finish-install
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/d-i/pre-pkgsel
 debian-edu-config binary: debconf-is-not-a-registry usr/share/debian-edu-config/tools/kerberos-kdc-init
 debian-edu-config binary: remove-of-unknown-diversion usr/bin/gtick postrm:18
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.local/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.local/share/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.mozilla/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.mozilla/firefox/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.mozilla/firefox/debian-edu.default/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.pki/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.pki/nssdb/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.thunderbird/
-debian-edu-config binary: package-contains-file-in-etc-skel etc/skel/.thunderbird/debian-edu.default/
diff --git a/debian/debian-edu-config.maintscript b/debian/debian-edu-config.maintscript
index 76e4753..83706ff 100644
--- a/debian/debian-edu-config.maintscript
+++ b/debian/debian-edu-config.maintscript
@@ -8,6 +8,8 @@ rm_conffile /etc/cfengine/debian-edu/cf.kdm 1.906
 rm_conffile /etc/insserv/overrides/kdm 1.906
 rm_conffile /etc/ldap/slapd-debian-edu.conf 1.911
 rm_conffile /etc/ldap/slapd-lenny_debian-edu.conf 1.911
+rm_conffile /etc/cfengine3/debian-edu/cf.pki 2.10.19
+rm_conffile /etc/cfengine3/debian-edu/cf.thunderbird 2.10.19
 rm_conffile /etc/X11/Xsession.d/06debian-edu-iceweasel-ltsp 1.818+deb8u1
 rm_conffile /etc/apt/apt.conf.d/99-edu-prefer-iceweasel 1.818+deb8u1
 rm_conffile /etc/init.d/iceweasel-ldapconf 1.818+deb8u1
diff --git a/debian/dirs b/debian/dirs
index 0d26e1e..35f6cff 100644
--- a/debian/dirs
+++ b/debian/dirs
@@ -17,10 +17,6 @@ etc/samba
 etc/samba/netlogon
 etc/slbackup/pre.d
 etc/slbackup-php
-etc/skel/.local/share
-etc/skel/.pki/nssdb
-etc/skel/.thunderbird/debian-edu.default
-etc/skel/.mozilla/firefox/debian-edu.default
 etc/X11/Xsession.d
 usr/bin
 usr/share/debian-edu-config/tools
diff --git a/ldap-tools/ldap-debian-edu-install b/ldap-tools/ldap-debian-edu-install
index 28cff75..ffb340d 100755
--- a/ldap-tools/ldap-debian-edu-install
+++ b/ldap-tools/ldap-debian-edu-install
@@ -599,6 +599,14 @@ fi
 
 # Create both dbm and sql nssdb files for first user.
 if [ -x /usr/bin/certutil ] ; then
+  mkdir -p /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox/debian-edu.default
+  chmod -R 700 /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox/debian-edu.default
+  cp /usr/share/debian-edu-config/profiles.ini /skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox
+  mkdir -p /skole/tjener/home0/"$FIRSTUSERNAME"/.thunderbird/debian-edu.default
+  chmod -R 700 /skole/tjener/home0/"$FIRSTUSERNAME"/.thunderbird/debian-edu.default
+  cp /usr/share/debian-edu-config/profiles.ini /skole/tjener/home0/"$FIRSTUSERNAME"/.thunderbird
+  mkdir -p /skole/tjener/home0/"$FIRSTUSERNAME"/.pki/nssdb
+  chmod -R 700 /skole/tjener/home0/"$FIRSTUSERNAME"/.pki/nssdb
   certutil  -A -d dbm:/skole/tjener/home0/"$FIRSTUSERNAME"/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
   certutil  -A -d dbm:/skole/tjener/home0/"$FIRSTUSERNAME"/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
   certutil  -A -d sql:/skole/tjener/home0/"$FIRSTUSERNAME"/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
diff --git a/share/debian-edu-config/profiles.ini b/share/debian-edu-config/profiles.ini
new file mode 100644
index 0000000..9dc703b
--- /dev/null
+++ b/share/debian-edu-config/profiles.ini
@@ -0,0 +1,7 @@
+[General]
+StartWithLastProfile=1
+
+[Profile0]
+Name=default
+IsRelative=1
+Path=debian-edu.default
diff --git a/share/debian-edu-config/tools/gosa-create b/share/debian-edu-config/tools/gosa-create
index 96a119b..2448d66 100755
--- a/share/debian-edu-config/tools/gosa-create
+++ b/share/debian-edu-config/tools/gosa-create
@@ -22,31 +22,39 @@ USERID=$1
 ldapsearch -xLLL "(&(uid=$USERID)(objectClass=posixAccount)(!(objectClass=gosaUserTemplate)))" \
     cn homeDirectory gidNumber 2>/dev/null | perl -p0e 's/\n //g' | \
 while read KEY VALUE ; do
-	case "$KEY" in
-		dn:) USERNAME= ; HOMEDIR= ; GROUPID= ; USERDN="dn=$VALUE" ;;
-		cn:) USERNAME="$VALUE" ;;
-		homeDirectory:) HOMEDIR="$VALUE" ;;
-		gidNumber:) GROUPID="$VALUE"  ;;
-		"")
-			test "$HOMEDIR" || continue
-			echo "$HOMEDIR" | grep -q "^$PREFIX/$HOSTNAME" || continue
-			test -e "$HOMEDIR" && continue
-			cp -r /etc/skel $HOMEDIR
-			if type nscd > /dev/null 2>&1 ; then
-				# These calls fail when nscd isn't running.  And then we do
-				# not care about the result, as there is no cache to invalidate.
-				nscd -i passwd || true
-				nscd -i group || true
-			fi
-			certutil  -A -d dbm:$HOMEDIR/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
-			certutil  -A -d dbm:$HOMEDIR/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
-			certutil  -A -d sql:$HOMEDIR/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
-			logger -t gosa-create -p notice Both dbm and sql nssdb files created in \'$HOMEDIR\'.
-			chown -R $USERID:$GROUPID $HOMEDIR
-			kadmin.local -q "add_principal -policy users -randkey -x \"$USERDN\" $USERID"
-			logger -t gosa-create -p notice Home directory \'$HOMEDIR\' and principal \'$USERID\' created.
+    case "$KEY" in
+        dn:) USERNAME= ; HOMEDIR= ; GROUPID= ; USERDN="dn=$VALUE" ;;
+        cn:) USERNAME="$VALUE" ;;
+        homeDirectory:) HOMEDIR="$VALUE" ;;
+        gidNumber:) GROUPID="$VALUE"  ;;
+        "")
+            test "$HOMEDIR" || continue
+            echo "$HOMEDIR" | grep -q "^$PREFIX/$HOSTNAME" || continue
+            test -e "$HOMEDIR" && continue
+            cp -r /etc/skel $HOMEDIR
+            if type nscd > /dev/null 2>&1 ; then
+                # These calls fail when nscd isn't running.  And then we do
+                # not care about the result, as there is no cache to invalidate.
+                nscd -i passwd || true
+                nscd -i group || true
+            fi
+            mkdir -p $HOMEDIR/.mozilla/firefox/debian-edu.default
+            chmod -R 700 $HOMEDIR/.mozilla/firefox/debian-edu.default
+            mkdir -p $HOMEDIR/.thunderbird/debian-edu.default
+            chmod -R 700 $HOMEDIR/.thunderbird/debian-edu.default
+            mkdir -p $HOMEDIR/.pki/nssdb
+            chmod -R 700 $HOMEDIR/.pki/nssdb
+            cp /usr/share/debian-edu-config/profiles.ini $HOMEDIR/.mozilla/firefox
+            cp /usr/share/debian-edu-config/profiles.ini $HOMEDIR/.thunderbird
+            certutil  -A -d dbm:$HOMEDIR/.mozilla/firefox/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
+            certutil  -A -d dbm:$HOMEDIR/.thunderbird/debian-edu.default/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
+            certutil  -A -d sql:$HOMEDIR/.pki/nssdb/ -t "CT,CT," -n "DebianEdu" -i /etc/ssl/certs/Debian-Edu_rootCA.crt
+            logger -t gosa-create -p notice Both dbm and sql nssdb files created in \'$HOMEDIR\'.
+            chown -R $USERID:$GROUPID $HOMEDIR
+            kadmin.local -q "add_principal -policy users -randkey -x \"$USERDN\" $USERID"
+            logger -t gosa-create -p notice Home directory \'$HOMEDIR\' and principal \'$USERID\' created.
 ## send a welcome-email:
-			cat << EOF | /usr/lib/sendmail $USERID
+            cat << EOF | /usr/lib/sendmail $USERID
 Subject: Welcome to the mail-system
 
 Hello $USERNAME,
@@ -62,8 +70,8 @@ Regards,
     Debian-Edu SysAdmin
 
 EOF
-			;;
-		esac
+        ;;
+    esac
 done
 
 exit 0

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/debian-edu/debian-edu-config.git

