FAI config: well-tested Debian Edu 10 minimal + MATE workstation installation

11 files changed, 147 insertions, 117 deletions

diff --git a/fai/config/scripts/DEBIAN/10-rootpw b/fai/config/scripts/DEBIAN/10-rootpw
index 8fdf4c8..2e96bd1 100755
--- a/fai/config/scripts/DEBIAN/10-rootpw
+++ b/fai/config/scripts/DEBIAN/10-rootpw
@@ -4,12 +4,11 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 
 # set root password
 if [ -n "$ROOTPW" ]; then
-    $ROOTCMD usermod -p "$ROOTPW" root
+	$ROOTCMD usermod -p "$ROOTPW" root
 else
-    $ROOTCMD usermod -L root
-    # enable sudo for user
-    ainsl /etc/sudoers "$username   ALL = ALL"
+	$ROOTCMD usermod -L root
+	# enable sudo for user
+	ainsl /etc/sudoers "$username   ALL = ALL"
 fi
 
 exit $error
-
diff --git a/fai/config/scripts/DEBIAN/20-capabilities b/fai/config/scripts/DEBIAN/20-capabilities
index ea650fa..a53ad22 100755
--- a/fai/config/scripts/DEBIAN/20-capabilities
+++ b/fai/config/scripts/DEBIAN/20-capabilities
@@ -7,16 +7,17 @@
 set -e
 
 if [ ! -x $target/sbin/setcap ] ; then
-    exit 0
+	exit 0
 fi
 
 for FILE in /bin/ping /bin/ping6 /usr/bin/fping /usr/bin/fping6; do
-    if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then
-        if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then
-            echo "Setcap worked! $FILE is not suid!"
-        fi
-    fi
+	if [ -x $target/$FILE -a ! -h $target/$FILE ] ; then
+		if $ROOTCMD /sbin/setcap cap_net_raw+ep $FILE; then
+			echo "Setcap worked! $FILE is not suid!"
+		fi
+	fi
 done
+
 if [ -x $target/usr/bin/systemd-detect-virt ] ; then
-    $ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt
+	$ROOTCMD /sbin/setcap cap_dac_override,cap_sys_ptrace+ep /usr/bin/systemd-detect-virt
 fi
diff --git a/fai/config/scripts/DEBIAN/30-interface b/fai/config/scripts/DEBIAN/30-interface
index 34c98e8..2cbb186 100755
--- a/fai/config/scripts/DEBIAN/30-interface
+++ b/fai/config/scripts/DEBIAN/30-interface
@@ -1,113 +1,114 @@
 #! /bin/bash
 
 netplan_yaml() {
-    # network configuration using ubuntu's netplan.io
-    local IFNAME="$1"
-    local METHOD="$2"
-    echo     "Generating netplan configuration for $IFNAME ($METHOD)" >&2
-    echo     "# generated by FAI"
-    echo     "network:"
-    echo     "  version: 2"
-    echo     "  renderer: $RENDERER"
-    case "$RENDERER" in
-      networkd)
-        echo     "  ethernets:"
-        echo     "    $IFNAME:"
-        case "$METHOD" in
-          dhcp)
-            echo "      dhcp4: true"
-            ;;
-          static)
-            echo "      addresses: [$CIDR]"
-            echo "      gateway4: $GATEWAYS_1"
-            echo "      nameservers:"
-            echo "        search: [$DOMAIN]"
-            echo "        addresses: [${DNSSRVS// /, }]"
-            ;;
-        esac
-    esac
+	# network configuration using ubuntu's netplan.io
+	local IFNAME="$1"
+	local METHOD="$2"
+	echo     "Generating netplan configuration for $IFNAME ($METHOD)" >&2
+	echo     "# generated by FAI"
+	echo     "network:"
+	echo     "  version: 2"
+	echo     "  renderer: $RENDERER"
+	case "$RENDERER" in
+		networkd)
+			echo     "  ethernets:"
+			echo     "    $IFNAME:"
+			case "$METHOD" in
+				dhcp)
+					echo "      dhcp4: true"
+				;;
+				static)
+					echo "      addresses: [$CIDR]"
+					echo "      gateway4: $GATEWAYS_1"
+					echo "      nameservers:"
+					echo "        search: [$DOMAIN]"
+					echo "        addresses: [${DNSSRVS// /, }]"
+				;;
+			esac
+		;;
+	esac
 }
 
 iface_stanza() {
-    # classic network configuration using /etc/network/interfaces
-    local IFNAME="$1"
-    local METHOD="$2"
-    echo "Generating interface configuration for $IFNAME ($METHOD)" >&2
-    echo "# generated by FAI"
-    echo "auto $IFNAME"
-    echo "iface $IFNAME inet $METHOD"
-    case "$METHOD" in
-      static)
-        echo "    address $IPADDR"
-        echo "    netmask $NETMASK"
-        echo "    broadcast $BROADCAST"
-        echo "    gateway $GATEWAYS"
-        ;;
-    esac
+	# classic network configuration using /etc/network/interfaces
+	local IFNAME="$1"
+	local METHOD="$2"
+	echo "Generating interface configuration for $IFNAME ($METHOD)" >&2
+	echo "# generated by FAI"
+	echo "auto $IFNAME"
+	echo "iface $IFNAME inet $METHOD"
+	case "$METHOD" in
+		static)
+			echo "    address $IPADDR"
+			echo "    netmask $NETMASK"
+			echo "    broadcast $BROADCAST"
+			echo "    gateway $GATEWAYS"
+		;;
+	esac
 }
 
 newnicnames() {
 
-    # determine predictable network names only for stretch and above
+	# determine predictable network names only for stretch and above
 
-    [ $do_init_tasks -eq 0 ] && return
-    [ -z "$NIC1" ] && return
-    ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev)
-    if dpkg --compare-versions $ver lt 220-7; then
-	return
-    fi
+	[ $do_init_tasks -eq 0 ] && return
+	[ -z "$NIC1" ] && return
+	ver=$($ROOTCMD dpkg-query --showformat='${Version}' --show udev)
+	if dpkg --compare-versions $ver lt 220-7; then
+		return
+	fi
 
 
-    fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
-    for field in $fields; do
-	name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
-	if [[ $name ]]; then
-	    NIC1=$name
-	    break
+	fields="ID_NET_NAME_FROM_DATABASE ID_NET_NAME_ONBOARD ID_NET_NAME_SLOT ID_NET_NAME_PATH"
+	for field in $fields; do
+		name=$(udevadm info /sys/class/net/$NIC1 | sed -rn "s/^E: $field=(.+)/\1/p")
+		if [[ $name ]]; then
+			NIC1=$name
+			break
+		fi
+	done
+	if [[ ! $name ]]; then
+		echo "$0: error: could not find systemd predictable network name. Using $NIC1."
 	fi
-    done
-    if [[ ! $name ]]; then
-	echo "$0: error: could not find systemd predictable network name. Using $NIC1."
-    fi
 }
 
 if [ -z "$NIC1" ]; then
-    echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces."
+	echo "WARNING: \$NIC1 is not defined. Cannot add ethernet to /etc/network/interfaces."
 fi
 CIDR=$(ip -o -f inet addr show $NIC1 | awk '{print $4}')
 newnicnames
 
 case "$FAI_ACTION" in
-  install|dirinstall)
-    ifclass DHCPC && METHOD=dhcp || METHOD=static
-    ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd
+	install|dirinstall)
+		ifclass DHCPC && METHOD=dhcp || METHOD=static
+		ifclass XORG && RENDERER=NetworkManager || RENDERER=networkd
 
-    if [ -d $target/etc/netplan ]; then
-        # Ubuntu >= 17.10 with netplan.io
-        if [ -n "$NIC1" ]; then
-            netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml
-        fi
-    elif [ -d $target/etc/network/interfaces.d ]; then
-        # ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04)
-        iface_stanza lo loopback > $target/etc/network/interfaces.d/lo
+		if [ -d $target/etc/netplan ]; then
+			# Ubuntu >= 17.10 with netplan.io
+			if [ -n "$NIC1" ]; then
+				netplan_yaml $NIC1 $METHOD > $target/etc/netplan/01-${NIC1}.yaml
+			fi
+		elif [ -d $target/etc/network/interfaces.d ]; then
+			# ifupdown >= 0.7.41 (Debian >= 8, Ubuntu >= 14.04)
+			iface_stanza lo loopback > $target/etc/network/interfaces.d/lo
 
-        if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then
-            iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1
-        fi
-    else
-        (
-            iface_stanza lo loopback
-            iface_stanza $NIC1 $METHOD
-        ) > $target/etc/network/interfaces
-    fi
+			if [ -n "$NIC1" -a ! -f $target/etc/NetworkManager/NetworkManager.conf ]; then
+				iface_stanza $NIC1 $METHOD > $target/etc/network/interfaces.d/$NIC1
+			fi
+		else
+			(
+				iface_stanza lo loopback
+				iface_stanza $NIC1 $METHOD
+			) > $target/etc/network/interfaces
+		fi
 
-    if ! ifclass DHCPC ; then
-        [ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks
-        if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then
-            cp -p /etc/resolv.conf $target/etc
-        fi
-    fi
-    ;;
+		if ! ifclass DHCPC ; then
+			[ -n "$NETWORK" ] && echo "localnet $NETWORK" > $target/etc/networks
+			if [ ! -L $target/etc/resolv.conf -a -e /etc/resolv.conf ]; then
+				cp -p /etc/resolv.conf $target/etc
+			fi
+		fi
+	;;
 esac
 
 # here fcopy is mostly used, when installing a client for running in a
diff --git a/fai/config/scripts/DEBIAN/40-misc b/fai/config/scripts/DEBIAN/40-misc
index 4376ab4..ea68373 100755
--- a/fai/config/scripts/DEBIAN/40-misc
+++ b/fai/config/scripts/DEBIAN/40-misc
@@ -7,34 +7,34 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 
 # a list of modules which are loaded at boot time
 for module in $MODULESLIST; do
-    ainsl -a /etc/modules "^$module$"
+	ainsl -a /etc/modules "^$module$"
 done
 
 fcopy -Mv /etc/hostname || echo $HOSTNAME > $target/etc/hostname
 ainsl -a /etc/mailname ${HOSTNAME}
 if [ ! -e $target/etc/adjtime ]; then
-    printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
+	printf "0.0 0 0.0\n0\nUTC\n" > $target/etc/adjtime
 fi
 if [ "$UTC" = "yes" ]; then
-    sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
+	sed -i -e 's:^LOCAL$:UTC:' $target/etc/adjtime
 else
-    sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
+	sed -i -e 's:^UTC$:LOCAL:' $target/etc/adjtime
 fi
 
 # enable linuxlogo
 if [ -f $target/etc/inittab ]; then
-    sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
+	sed -i -e 's#/sbin/getty 38400#/sbin/getty -f /etc/issue.linuxlogo 38400#' ${target}/etc/inittab
 elif [ -f $target/lib/systemd/system/getty@.service ]; then
-    sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
+	sed -i -e 's#sbin/agetty --noclear#sbin/agetty -f /etc/issue.linuxlogo --noclear#' $target/lib/systemd/system/getty@.service
 fi
 
 # make sure a machine-id exists
 if [ ! -f $target/etc/machine-id ]; then
-    > $target/etc/machine-id
+	> $target/etc/machine-id
 fi
 # recreate machine-id if the file is empty
 if [ X"$(stat -c '%s' $target/etc/machine-id 2>/dev/null)"  = X0 -a -f /bin/systemd-machine-id-setup ]; then
-    $ROOTCMD systemd-machine-id-setup
+	$ROOTCMD systemd-machine-id-setup
 fi
 
 ln -fs /proc/mounts $target/etc/mtab
@@ -42,8 +42,8 @@ ln -fs /proc/mounts $target/etc/mtab
 rm -f $target/etc/dpkg/dpkg.cfg.d/fai $target/etc/dpkg/dpkg.cfg.d/unsafe-io
 
 if [ -d /etc/fai ]; then
-    ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC"
-    fcopy -Miv /etc/fai/fai.conf
+	ainsl -a /etc/fai/fai.conf "FAI_CONFIG_SRC=$FAI_CONFIG_SRC"
+	fcopy -Miv /etc/fai/fai.conf
 fi
 fcopy -iv /etc/rc.local
 
diff --git a/fai/config/scripts/EDU/10-update-debian-edu-config b/fai/config/scripts/EDU/10-update-debian-edu-config
index 4cf18d7..ce05a89 100755
--- a/fai/config/scripts/EDU/10-update-debian-edu-config
+++ b/fai/config/scripts/EDU/10-update-debian-edu-config
@@ -1,6 +1,5 @@
 #!/bin/bash
 
-if [ -f /etc/debian-edu/config ] && [ -x /usr/share/doc/debian-edu-install ]; then
-	sed -i /etc/debian-edu/config -e "s/^VERSION=.*$/VERSION=\"$(/usr/lib/debian-edu-install/version)\"/"
+if [ -f $target/etc/debian-edu/config ] && [ -x $target/usr/share/doc/debian-edu-install ]; then
+	sed -i $target/etc/debian-edu/config -e "s/^VERSION=.*$/VERSION=\"$(head -n1 $target/usr/lib/debian-edu-install/version)\"/"
 fi
-
diff --git a/fai/config/scripts/EDU/40-cfengine-install-workstation b/fai/config/scripts/EDU/40-cfengine-debian-edu-postinstall
index 9a1ff13..90ae237 100755
--- a/fai/config/scripts/EDU/40-cfengine-install-workstation
+++ b/fai/config/scripts/EDU/40-cfengine-debian-edu-postinstall
@@ -1,7 +1,5 @@
 #! /bin/bash
 
-set -x
-
 # Let's make sure that we have correct http proxy settings.
 if [ -x $target/usr/share/debian-edu-config/tools/update-proxy-from-wpad ]; then 
 	chroot $target /usr/share/debian-edu-config/tools/update-proxy-from-wpad
@@ -21,7 +19,21 @@ echo http_proxy=$http_proxy
 echo https_proxy=$https_proxy
 echo ftp_proxy=$ftp_proxy
 
+# d-e-c/cf.finalize expects this directory to exist for prep'ing desktop-profiles
+# (FIXME: file d-e-c-bug)
+mkdir -p $target/etc/xdg/menus
+
+# d-e-c/cf.workarounds expects /etc/xdg/xfce4/panel/ to exist (FIXME: file d-e-c bug)
+mkdir -p $target/etc/xdg/xfce4/panel/
+
 # Do the conversion of the vanilla Debian system to a Debian Edu system
-chroot $target strace -f /usr/sbin/cf-agent -I -D installation
+chroot $target /usr/sbin/cf-agent -I -D installation
+
+# fetch LDAP certs
+chroot $target /etc/init.d/fetch-ldap-cert start
 
-set +x
+sed -i $target/etc/wgetrc \
+    -e "s@^http_proxy\s*=.*@http_proxy = $http_proxy@" \
+    -e "s@^https_proxy\s*=.*@https_proxy = $https_proxy@" \
+    -e "s@^ftp_proxy\s*=.*@ftp_proxy = $ftp_proxy@" \
+    ${NULL}
diff --git a/fai/config/scripts/EDU/98-drop-fai-aptproxy b/fai/config/scripts/EDU/98-drop-fai-aptproxy
new file mode 100755
index 0000000..b7b5c77
--- /dev/null
+++ b/fai/config/scripts/EDU/98-drop-fai-aptproxy
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# drop the APT http proxy configuration put
+# here by FAI. We will use Debian Edu APT
+# http proxy configuration...
+rm $target/etc/apt/apt.conf.d/02proxy
diff --git a/fai/config/scripts/EDU/99-proxy-from-wpad b/fai/config/scripts/EDU/99-proxy-from-wpad
new file mode 100755
index 0000000..258ca2b
--- /dev/null
+++ b/fai/config/scripts/EDU/99-proxy-from-wpad
@@ -0,0 +1,6 @@
+#!/bin/bash
+
+# Let's make really sure that we have correct http proxy settings.
+if [ -x $target/usr/share/debian-edu-config/tools/update-proxy-from-wpad ]; then
+	chroot $target /usr/share/debian-edu-config/tools/update-proxy-from-wpad
+fi
diff --git a/fai/config/scripts/GERMAN/10-update-debian-edu-config b/fai/config/scripts/GERMAN/10-update-debian-edu-config
index d896799..eb70497 100755
--- a/fai/config/scripts/GERMAN/10-update-debian-edu-config
+++ b/fai/config/scripts/GERMAN/10-update-debian-edu-config
@@ -4,4 +4,3 @@ if [ -f $target/etc/debian-edu/config ]; then
 	sed -i $target/etc/debian-edu/config -e "s/^LANGCODE=.*$/LANGCODE=\"de\"/"
 	sed -i $target/etc/debian-edu/config -e "s/^LOCALE=.*$/LOCALE=\"de_DE.UTF-8\"/"
 fi
-
diff --git a/fai/config/scripts/GRUB_PC/10-setup b/fai/config/scripts/GRUB_PC/10-setup
index 5563275..34876f3 100755
--- a/fai/config/scripts/GRUB_PC/10-setup
+++ b/fai/config/scripts/GRUB_PC/10-setup
@@ -3,6 +3,7 @@
 
 error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code
 
+set -x
 set -a
 
 # do not set up grub during dirinstall
@@ -49,4 +50,5 @@ else
 fi
 $ROOTCMD update-grub
 
+set +x
 exit $error
diff --git a/fai/config/scripts/WORKSTATION/10-update-debian-edu-config b/fai/config/scripts/WORKSTATION/10-update-debian-edu-config
index 45062b9..341c343 100755
--- a/fai/config/scripts/WORKSTATION/10-update-debian-edu-config
+++ b/fai/config/scripts/WORKSTATION/10-update-debian-edu-config
@@ -1,6 +1,11 @@
 #!/bin/bash
 
 # tag Debian Edu machine as a workstation
-if [ -f /etc/debian-edu/config ]; then
-	sed -i /etc/debian-edu/config -e "s/^PROFILE=.*$/PROFILE=\"Workstation\"/"
+if [ -f $target/etc/debian-edu/config ]; then
+	sed -i $target/etc/debian-edu/config -e "s/^PROFILE=.*$/PROFILE=\"Workstation\"/"
+
+	# reconfigure debian-edu-install to get desktop profiles right
+	export DEBIAN_FRONTEND=noninteractive
+	chroot $target dpkg-reconfigure debian-edu-install
+	unset DEBIAN_FRONTEND
 fi