release 2023.09.07.12023.09.07.1

3 files changed, 148 insertions, 1 deletions

diff --git a/AUTHORS b/AUTHORS
index 0025768..e6f93d2 100644
--- a/AUTHORS
+++ b/AUTHORS
@@ -1 +1,2 @@
+Guido Berhoerster <guido+freiesoftware@berhoerster.name>
 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
diff --git a/ChangeLog b/ChangeLog
index 3a2381a..941f93c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,78 @@
+2023-09-07 Mike Gabriel
+
+        * release 2023.09.07.1 (HEAD -> master, tag: 2023.09.07.1)
+        * lintian: Override uses-dpkg-database-directly and
+          openpgp-file-has-implementation-specific-extension for
+          given reasons. (253caaf)
+        * debian/copyright: Update copyright attributions. (2104386)
+        * debian/control: Bump Standards-Version: to 4.6.2. No changes
+          needed. (7ecf9f0)
+        * chmod a+x bin/debian-edu-fai_updateconfigspace (7ab10aa)
+        * {README.md,conf/debian-edu/debian-edu-fai.conf}: Adjust files to
+          renaming of debian-edu-fai_install script (only in docs or
+          comments). (8d4d831)
+        * README.md: Typo fix. (c659279)
+
+2023-09-05 Guido Berhoerster
+
+        * Replace fetch-ldap-cert script usage with fetch-rootca-cert
+          (4938961)
+        * Rename bin/debian-edu-faiinstall to bin/debian-edu-fai_install for
+          consistency (094a2f0)
+
+2023-09-05 Mike Gabriel
+
+        * bin/debian-edu-faiinstall: Mount /proc and /sys in nfsroot
+          (f1ae3f8)
+        * bin/debian-edu-router-faiinstall: Drop support for Debian versions
+          older than bullseye (6b2eb0b)
+
+2023-09-04 Mike Gabriel
+
+        * bin/debian-edu-faiinstall: Echo headlines to show where we are in
+          the script (889a6ce)
+        * bin/debian-edu-faiinstall: Manage config space with ucf (c1f2924)
+
+2023-09-04 Guido Berhoerster
+
+        * Ensure debian-edu-fai.conf is not world-readable (0b635dd)
+
+2023-08-31 Guido Berhoerster
+
+        * Change instructions to emphasize the need for first time
+          configuration (bcc1419)
+
+2023-08-25 Guido Berhoerster
+
+        * Update motd for bookworm (ae53ac0)
+        * Add note about syntax to configuration (39eaabb)
+
+2023-08-24 Guido Berhoerster
+
+        * Recommend the use of yescrypt password hashes (30c32ed)
+        * Add primary group for the fai user (e70b9d9)
+        * Fix instructions in README.md and
+          /etc/debian-edu/debian-edu-fai.conf (701d379)
+        * Disable apt proxy by default (0fc425f)
+        * Ensure parent of target directory exists before copying FAI config
+          space (d075d69)
+        * Switch to installing bookworm (80deeb5)
+
+2023-08-23 Guido Berhoerster
+
+        * Add some documentation about NFS exports to README.md (7b19c84)
+        * Unset TMPDIR when invoking fai-make-nfsroot (417b723)
+        * Add explicit dependency on memtest86+ (eb0fb9f)
+        * Add support for memtest86+ 6 (9d09117)
+        * Use non-free-firmware component on bookworm and later (9f8a332)
+
+2023-09-06 Guido Berhoerster
+
+        * Actually install /etc/security/group.conf on bullseye (c9af1e8)
+
 2023-05-16 Mike Gabriel
 
-        * release 2023.05.16.1 (HEAD -> master, tag: 2023.05.16.1)
+        * release 2023.05.16.1 (7b3f31c) (tag: 2023.05.16.1)
         * debian/postrm: Ignore failures during execution of
           deluser/delgroup: (Closes: #1035292). (bee8be2)
 
diff --git a/debian/changelog b/debian/changelog
index 539f023..dfea9dc 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,77 @@
+debian-edu-fai (2023.09.07.1) unstable; urgency=medium
+
+  * Debian Edu FAI for Debian bookworm.
+
+  [ Guido Berhoerster ]
+  * Rename bin/debian-edu-faiinstall to bin/debian-edu-fai_install for
+    consistency with debian-edu-router.
+  * Actually install /etc/security/group.conf on bullseye. From bookworm on this
+    is handled via cfengine.
+  * Use non-free-firmware component on bookworm and later.
+    This is required for installing the firmware packages.
+  * Add support for memtest86+ x64.
+  * debian/control: Add explicit dependency on memtest86+.
+  * Unset TMPDIR when invoking fai-make-nfsroot.
+    On a DebianEdu installation pam_tmpdir is installed which sets TMPDIR to
+    /tmp/user/<uid>.  This is then propagated from fai-make-nfsroot to
+    debootstrap which causes maintainer scripts making use of TMPDIR (e.g. by
+    calling mktemp) to fail because the directory does not exist inside the
+    chroot.
+  * Add some documentation about NFS exports to README.md
+  * Switch to installing bookworm.
+  * Ensure parent of target directory exists before copying FAI config space
+    debian-edu-faiinstall does not check whether the parent of the target
+    directory /srv/fai/config existed before invoking cp -a on the config space.
+    Thus, if /srv/fai does no exist cp will copy /usr/share/debian-edu-fai/fai
+    /config to /srv/fai instead of /srv/fai/config which is not detected until
+    booting a client via PXE.  Fix this by ensuring the parent directory of
+    $FAI_CONFIGDIR_REAL exists.
+    Additionally do not hardcode /srv/fai which ignores that FAI_CONFIGDIR is
+    configurable.
+  * Disable apt proxy by default. Do not assume faiserver.intern exists. The
+    proxy can be set via /etc/debian-edu/debian-edu-fai.conf.
+  * Fix instructions in README.md and /etc/debian-edu/debian-edu-fai.conf
+    The configuration file name is /etc/debian-edu/debian-edu-fai.conf not
+    /etc/debian-edu/faiinstall.conf.
+    Improve and shorten the instructions to set up SSH access for the fai user.
+  * Add primary group fai for the fai user (instead of primary group
+    nobody).
+  * Recommend the use of yescrypt password hashes.
+    This follows the default since Debian bullseye.
+  * Add note about syntax to configuration.
+  * Update motd for bookworm.
+  * README.md: Change instructions to emphasize the need for first time
+    configuration. Users should not be enticed to blindly run
+    debian-edu-fai_install before actually configuring the server.
+  * Ensure debian-edu-fai.conf is not world-readable
+    It contains password hashes for the root account of installed clients so
+    like /etc/shadow it should not be world readable.
+  * Replace fetch-ldap-cert script usage with fetch-rootca-cert
+    The fetch-ldap-cert init script has been obsolete and was removed
+    (see #971780).
+
+  [ Mike Gabriel ]
+  * bin/debian-edu-fai_install (port over from debian-edu-router's FAI
+    installation script):
+    + Manage config space with ucf.
+    + Echo headlines to show where we are in the script.
+    + Drop support for Debian versions older than bullseye
+    + Mount /proc and /sys in nfsroot
+  * README.md: Typo fix.
+  * {README.md,conf/debian-edu/debian-edu-fai.conf}: Adjust files to renaming
+    of debian-edu-fai_install script (only in docs or comments).
+  * bin/debian-edu-fai_install: Mount /proc and /sys in nfsroot
+    Mount prior to creating/updating it. Those mountpoints are needed by
+    dracut's  45url-libs module.
+  * debian/control:
+    + Bump Standards-Version: to 4.6.2. No changes needed.
+  * debian/copyright:
+    + Update copyright attributions.
+  * lintian: Override uses-dpkg-database-directly and openpgp-file-has-
+    implementation-specific-extension for given reasons.
+
+ -- Mike Gabriel <sunweaver@debian.org>  Thu, 07 Sep 2023 21:16:37 +0200
+
 debian-edu-fai (2023.05.16.1) unstable; urgency=medium
 
   * bin/debian-edu-faiinstall: Make sure FAI_CONFIGDIR_REAL is set before it