Source: ltsp Version: 5.18.04-2 Severity: normal User: debian-...@lists.debian.org Usertags: debian-edu
Hi, while testing Debian Edu buster offline installation, I noticed that repositories of type file:/// are no longer trusted. Instead of an entry like 'deb file:///*' now 'deb [trusted=yes] file:///*' needs to be used. Please check. Wolfgang
From 82c0bc3703e4d67da4d4951cce61b316ccf8be80 Mon Sep 17 00:00:00 2001
From: Wolfgang Schweer <wschw...@arcor.de>
Date: Tue, 24 Jul 2018 18:17:02 +0200
Subject: [PATCH 1/2] Add option '--default-nfs' to ltsp-build-client.
If called with this param, LTSP-NFS is used as default (instead of LTSP-NBD).
Also, setting DEFAULT_NFS to 'True' in custom scripts will do the same.
---
.../ltsp-build-client/Debian/095-squashfs-image | 16 +++++++++++++---
1 file changed, 13 insertions(+), 3 deletions(-)
diff --git a/server/share/ltsp/plugins/ltsp-build-client/Debian/095-squashfs-image b/server/share/ltsp/plugins/ltsp-build-client/Debian/095-squashfs-image
index 7c5223c9..4448b1c0 100644
--- a/server/share/ltsp/plugins/ltsp-build-client/Debian/095-squashfs-image
+++ b/server/share/ltsp/plugins/ltsp-build-client/Debian/095-squashfs-image
@@ -1,7 +1,8 @@
case "$MODE" in
commandline)
add_option "squashfs-image" "`eval_gettext "create squashfs image for use with NBD"`" "advanced" "false"
- add_option "no-squashfs-image" "`eval_gettext "skip squashfs image creation"`" "advanced" "false"
+ add_option "no-squashfs-image" "`eval_gettext "skip squashfs image creation"`" "advanced" "false"
+ add_option "default-nfs" "`eval_gettext "use NFS instead of NBD as default"`" "advanced" "false"
;;
configure)
if [ -n "$option_squashfs_image_value" ]; then
@@ -12,9 +13,18 @@ case "$MODE" in
# set an environment variable we can pick up later
SQUASHFS_IMAGE="False"
fi
+ if [ -n "$option_default_nfs_value" ]; then
+ # set an environment variable we can pick up later
+ DEFAULT_NFS="True"
+ fi
if [ -z "$SQUASHFS_IMAGE" ]; then
- SQUASHFS_IMAGE="True"
- fi
+ SQUASHFS_IMAGE="True"
+ fi
+ ;;
+ after-install)
+ if [ "True" = "$DEFAULT_NFS" ]; then
+ sed -i 's#NBD AOE NFS#NFS NBD AOE#' $ROOT/etc/ltsp/update-kernels.conf
+ fi
;;
finalization)
if [ "True" = "$SQUASHFS_IMAGE" ]; then
--
2.19.1
From 9cff4059a1aca3c3fde78d911655481441e80ab7 Mon Sep 17 00:00:00 2001
From: Wolfgang Schweer <wschw...@arcor.de>
Date: Fri, 19 Oct 2018 11:44:29 +0200
Subject: [PATCH 2/2] Adjust
server/Debian/share/ltsp/ltsp-build-client-functions to be apt compliant.
Due to security concerns, file:/// repositories are no longer considered to be
trusted by default. If a complete ISO image is used to install LTSP in offline
mode, such a repository is actually present. Adding [trusted=yes] enables it.
---
server/Debian/share/ltsp/ltsp-build-client-functions | 4 +++-
1 file changed, 3 insertions(+), 1 deletion(-)
diff --git a/server/Debian/share/ltsp/ltsp-build-client-functions b/server/Debian/share/ltsp/ltsp-build-client-functions
index b338847c..28421b82 100644
--- a/server/Debian/share/ltsp/ltsp-build-client-functions
+++ b/server/Debian/share/ltsp/ltsp-build-client-functions
@@ -18,7 +18,9 @@ add_mirrors() {
echo "deb $mirror $dist $components" >> $ROOT/etc/apt/sources.list
case $mirror in
- file:///*) dir=$(echo "$mirror" | sed -e 's,^file://,,g')
+ file:///*)
+ sed -i 's/deb/deb [trusted=yes]/' $ROOT/etc/apt/sources.list
+ dir=$(echo "$mirror" | sed -e 's,^file://,,g')
mkdir -p $ROOT/$dir
chroot_mount $dir $dir --bind
;;
--
2.19.1
signature.asc
Description: PGP signature
