File: changelog

package info (click to toggle)
debian-edu-config 2.11.56%2Bdeb11u4
links: PTS, VCS
area: main
in suites: bullseye
size: 2,956 kB
sloc: sh: 7,176; perl: 1,786; makefile: 426; python: 49; javascript: 39; php: 2
file content (10147 lines) | stat: -rw-r--r-- 478,404 bytes
debian-edu-config (2.11.56+deb11u4) bullseye; urgency=medium

  [ Wolfgang Schweer ]
  * etc/exim4/exim-ldap-server-v4.conf: Accept incoming mail from internal
    network sent to root@<mynetwork-names>. (Closes: #1003727).
  * Use mktemp instead of deprecated tempfile, adjust:
    - etc/X11/Xsession-debian-edu
    - sbin/debian-edu-update-netblock
    - share/debian-edu-config/tools/gosa-sync
    - testsuite/postoffice
    (Closes: #1005352).

  [ Mike Gabriel ]
  * share/d-e-c/tools/gosa-modify-host: Only create Kerberos host and service
    principals if they don't yet exist. (Closes: #1002014).
  * share/d-e-c/tools/gosa-create-host: Fix copy+paste flaw in comment.
  * share/debian-edu-config/tools/setup-freeradius-server: Fix integer
    comparison in run-by-root check. Script was not executable fully (not even
    as root).
  * debian/debian-edu-config.fetch-ldap-cert: Drop retrieval of
    Debian-Edu_rootCA from this script. This now is the task of the
    fetch-rootca-cert script. (Closes: #971780).
  * debian/debian-edu-config.fetch-rootca-cert: Ensure proper symlinking of
    Debian-Edu_rootCA.crt in /usr/local/share/ca-certificates/ to
    Debian-Edu_rootCA.crt in /etc/ssl/ca-certificates. Forced symlinking is
    required, because earlier versions of the fetch-ldap-cert init script put
    Debian-Edu_rootCA.crt into /etc/ssl/ca-certificates/ as a file. Forced
    symlinking replaces files by the wanted symlink. The -n option (no-
    dereference) is required to make sure we don't follow any already existing
    symlink. (This relates to #971780).
  * share/debian-edu-config/tools/update-proxy-from-wpad:
    - Fix typo (wrong protocol) in APT proxy config creation.
    - Create a Debian Edu specific proxy configuration in /etc/apt/apt.conf.d/
      named 03debian-edu-config rather than meddling with /etc/apt/apt.conf
      directly. Clean up any earlier meddling from apt.conf, as well. (Closes:
      #1003560).
  * share/debian-edu-config/tools/{update-proxy-from-wpad,wpad-extra}:
    - Don't fail if proxy update is not possible, only send warnings to stderr
      and syslog. Don't source wpad-extra script, execute it instead and capture
      stdout. (Closes: #1008067).
  * sbin/update-hostname-from-ip:
    - Simply if-then-else-clauses, reduce number of exit calls, don't exit with
      non-zero exitcode. Improve syslog messages if things fail. (Closes:
      #1006604).
  * share/debian-edu-config/tools/setup-roaming: Assure libsss-sudo is installed
    on Roaming Workstation. (Closes: #1004605).
  * share/debian-edu-config/tools/gosa-remove: Capture removals of GOsa² user
    templates and ignore them. (Closes: #815042).
  * ldap-schemas/: Update schema files from Debian's latest GOsa² list of
    schemas.
  * share/debian-edu-config/tools/clean-up-host-keytabs: Don't fail
    on Kerberos principal removal.
  * etc/cups/cups-browsed-debian-edu.conf:
    - Let TJENER's print queues appear on Debian Edu clients, use same
      print queue names on clients as on TJENER. (Closes: #1005841).
  * sbin/debian-edu-pxeinstall:
    - Don't append 'ipappend 2' to the kernel boot cmdline anymore as it
      confuses systemd when booting into the installed system. This resolves
      the graphical.target not coming up on Debian Edu workstations that got
      installed via the PXE/network based Debian Installer method. (Closes:
      #1006362).
    - Silence stderr output if the artwork theme lacks a plymouth subfolder.
      This can be silently ignored and should not trouble Debian Edu admins.
  * Support krb5i on Diskless Workstations (aka LTSP FAT Clients):
    - ldap-bootstrap/netgroup.ldif: Add diskless-workstation-hosts NIS netgroup
      during LDAP bootstrap.
    - debian/debian-edu-config.{postinst,postrm}: Create non-privileged
      debian-edu system user account on Debian Edu mainserver (for distribution
      of host keytabs to diskless workstations aka LTSP fat clients).
    - share/debian-edu-config/tools/: Add update-dlw-krb5-keytabs script and
      call it (with delay) from gosa-modify-host hook script. (Closes: #613167,
      #1002018).
  * Move /etc/debian-edu/host-keytabs/* to /var/lib/debian-edu/host-keytabs/
    and replace directory /etc/debian-edu/host-keytabs by a symlink. (Closes:
    #1002019).
  * share/debian-edu-config/squid.conf:
    - Prefer DNSv4 lookups over DNSv6. Debian Edu does not yet fully support
      IPv6 and many schools still use IPv4 primarily. This gives a great
      performance boost to squid installations if IPv6 internet is not fully
      available for whatever reason. (Closes: #1006375).
  * share/debian-edu-config/tools/list-gosa-systems:
    - Drop immature list-gosa-systems script again that got sneaked in via
      upload of 2.11.56+deb11u3. We apologize for the noise.

 -- Mike Gabriel <sunweaver@debian.org>  Wed, 23 Mar 2022 12:28:00 +0100

debian-edu-config (2.11.56+deb11u3) bullseye-security; urgency=medium

  * etc/apache2/mods-available/debian-edu-userdir.conf:
    - White-space cleanup (tabs and spaces mixed).
    - CVE-2021-20001: Disable built-in PHP engine.
    - Add warning to not re-enable PHP interpretation in user dirs (with
      reference to our README).
  * README.public_html_with_PHP-CGI+suExec.md:
    - Provide documentation on how to enable suExec support in Apache2 user
      directories (i.e. ~/public_html).
  * debian/NEWS:
    + Add file, inform about PHP being disabled in Apache2 user directories.

 -- Mike Gabriel <sunweaver@debian.org>  Fri, 04 Feb 2022 13:19:51 +0100

debian-edu-config (2.11.56+deb11u2) bullseye; urgency=medium

  [ Mike Gabriel ]
  * share/debian-edu-config/tools/pxe-addfirmware: Fix TFTP server path
    (/var/lib/tftpboot-> /srv/tftp). (Closes: #995610).

  [ Wolfgang Schweer ]
  * Add real support for LTSP chroot setup and maintenance. (Closes: #996103).
    - Adjust existing scripts and manual page for improved LTSP chroot setup:
      + sbin/debian-edu-ltsp-install: Add LTSP diskless client chroot creation,
        use uniform locations for X2Go thin clients and diskless workstations,
        ensure sitesummary-client setup and configuration inside chroots, care
        for proper mount and umount operation, add xrdp-sesman to the list of
        masked services for LTSP clients, make sure all kernels are updated,
        adjust the ltsp.conf file content to match the changes, replace last
        edit date with version number, adjust usage information accordingly.
      + share/debian-edu-config/tools/run-at-firstboot: Care for the changed
        'debian-edu-ltsp-install' default options to make sure combined server
        installations have a generated SquashFS image file just like before.
      + share/man/man8/debian-edu-ltsp-install.8: Update to reflect the changes.
    - Provide maintenance related scripts and manual pages:
      + sbin/debian-edu-ltsp-chroot: Tool to make LTSP chroot maintenance easy.
      + sbin/debian-edu-ltsp-initrd: Wrapper script for 'ltsp initrd' command.
        It makes sure that a use case specific initrd (/srv/tftp/ltsp/ltsp.img)
        is generated and moved to the right location.
      + sbin/debian-edu-ltsp-ipxe: Wrapper script for 'ltsp ipxe' command. It
        cares for a Debian Edu specific /srv/tftp/ltsp/ltsp.ipxe content.
      + share/debian-edu-config/tools/ltsp-addfirmware: Install firmware in LTSP
        chroots in case clients won't work otherwise. (Adjusted tool from Buster
        re-added to the binary package.)
      + share/man/man8/debian-edu-ltsp-chroot.8
      + share/man/man8/debian-edu-ltsp-initrd.8
      + share/man/man8/debian-edu-ltsp-ipxe.8
  * Adjust Makefile to reflect the changes.

 -- Holger Levsen <holger@debian.org>  Sun, 28 Nov 2021 16:10:50 +0100

debian-edu-config (2.11.56+deb11u1) bullseye; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust sbin/debian-edu-ltsp-install. (Closes: #993935)
    Thanks to Dominik George for spotting and reporting the issue.
    - Extend main server related exclude list.
    - Add slapd and xrdp-sesman to the list of masked services.
    - Ensure home directory access after above changes.

 -- Holger Levsen <holger@debian.org>  Tue, 28 Sep 2021 16:32:20 +0200

debian-edu-config (2.11.56) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust workaround for isc-dhcp-server-ldap bug #971275. (Closes: #989340)
    - share/debian-edu-config/isc-dhcp-server.{service,service.eth1_only}:
      Use ExecStartPre command inspired by the isc-dhcp-server init script
      instead of a sleep command.
  * Adjust Exim configuration on client systems. (Closes: #989338)
    - cf3/cf.exim:
      Use exim-ldap-client-v4.conf file as exim4.conf on client machines instead
      of preseeded configuration. This way sending system emails to the main
      server is working again after the exim4 4.94 changes.
  * Adjust sbin/debian-edu-ltsp-install. (Closes: #989342)
    - Drop line containing the cp command (/var/cache/apt doesn't contain .bin
      files in all use cases and the benefit is minimal if they exist; also, the
      pkgcache.bin and srcpkgcache.bin files might contain outdated data).
    - Use the BD ISO image to setup X2Go thin client support only if the script
      is run inside the Debian Installer environment. There are too many ways
      to install a combined server (with or without Internet connection, with
      or without adjusting the sources list, with or without running apt update)
      to cover all these cases.

 -- Holger Levsen <holger@debian.org>  Sat, 05 Jun 2021 00:06:13 +0200

debian-edu-config (2.11.55) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Create first user's Samba account at first boot of a main server when all
    required information is available via LDAP and debconf.  Closes: #987632.
    - Adjust share/debian-edu-config/tools/kerberos-kdc-init to don't clear the
      required password from debconf and let tools/run-at-firstboot create the
      Samba account.
  * Adjust sbin/debian-edu-ltsp-install: Closes: #987633, #987634.
    - Fix LTSP Initrd specific path component construction in case a 32-bit
      combined server is installed.
    - Provide a full name for diskless workstation to show up in the iPXE menu.
    - Use BD ISO image as mirror to enable complete offline installations of a
      combined server.

 -- Holger Levsen <holger@debian.org>  Thu, 29 Apr 2021 15:27:17 +0200

debian-edu-config (2.11.54) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/glib-2.0/schemas/31_debian-edu+mate.gschema.override: Set existing
    mate-panel layout file for the panel to show up. Closes: #986448.

 -- Holger Levsen <holger@debian.org>  Wed, 07 Apr 2021 01:03:15 +0200

debian-edu-config (2.11.53) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve GOsa² hooks: explicitly create Samba account using gosa-create
    (before changing the password via gosa-sync). Closes: #986122.
    - tools/gosa-create: Add code to create the user's Samba account.
    - tools/gosa-sync: Adjust log message accordingly.

 -- Holger Levsen <holger@debian.org>  Wed, 31 Mar 2021 10:44:04 +0200

debian-edu-config (2.11.52) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust internal web page related files. (Closes: #985902)
    - www/index.html.en: Use pt-pt for European Portuguese, adjust PO files,
      generate language specific index files.
    - www/{es-es,nb-no,pt-br}.po: Fix blends page link and related translation.

 -- Holger Levsen <holger@debian.org>  Sun, 28 Mar 2021 11:04:27 +0200

debian-edu-config (2.11.51) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * cf3/cf.dhcpserver: Make sure the dhcpd.leases file exists. Closes: #984596.
    (Without a leases file, isc-dhcp-server remains in starting stage forever.)

 -- Holger Levsen <holger@debian.org>  Fri, 05 Mar 2021 19:58:03 +0100

debian-edu-config (2.11.50) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.postinst: Adjust to really fix bug ##982448.

 -- Holger Levsen <holger@debian.org>  Tue, 16 Feb 2021 15:39:04 +0100

debian-edu-config (2.11.49) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.postinst: Adjust condition. Closes: #982448.
    - Avoid upgrade failure in case /etc/debian-edu/config happens to be empty.
  * sbin/debian-edu-pxeinstall: Copy the debian-installer directories (d-i-n-i
    packages) instead of symlinking them. This allows tftpd-hpa to access them.

 -- Holger Levsen <holger@debian.org>  Tue, 16 Feb 2021 11:00:13 +0100

debian-edu-config (2.11.48) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.postinst: Care for a proper /etc/network/interfaces
    file in case of a plain main server.
  * share/debian-edu-config/tools/configure-edu-gateway: Adjust execution
    condition to reflect recent changes, improve feedback for users.
  * sbin/debian-edu-ltsp-install: Make it easier to configure the iPXE menu and
    to describe the needed steps in the manual.
    - Improve /etc/ltsp/ltsp.conf content (here document).
    - Rework Debian Edu specifíc iPXE menu setup.
  * Workaround X2Go bug #890517 to prevent killer from kicking out users:
    - Add share/debian-edu-config/killer.cron file. The modified cron job will
      only run if no X2Go user is logged in on the related LTSP-Server.
    - Add code to cf3/cf.workarounds to replace the existing killer cron job
      on systems with LTSP-Server profile.

 -- Holger Levsen <holger@debian.org>  Sun, 07 Feb 2021 11:45:44 +0100

debian-edu-config (2.11.47) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Cope with issues found during recent installations.
    - share/debian-edu-config/tools/gosa-sync: Add TERM=linux. Without this
      explicit setting a password can't be set or modified any longer.
    - share/debian-edu-config/d-i/finish-install: Make script more robust to
      avoid a totally broken installation in case modprobe fails inside target.
    - cf3/cf.dhcpserver: Correct class statement for several profile cases.
    - share/debian-edu-config/isc-dhcp-server.service and
      share/debian-edu-config/isc-dhcp-server.service.eth1: Make sure the
      slapd.service is available before the DHCP server tries to fetch the
      configuration from LDAP.

 -- Holger Levsen <holger@debian.org>  Sun, 31 Jan 2021 18:39:57 +0100

debian-edu-config (2.11.46) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Rework DHCP setup. Editing /etc/default/isc-dhcp-server can be dropped this
    way and the pitfall due to bug #971275 is also avoided:
    - Add share/debian-edu-config/isc-dhcp-server.service and
      share/debian-edu-config/isc-dhcp-server.service.eth1_only. These files
      are used for conditional configuration addressing three cases: plain main
      server, combined (main and LTSP) server, and separate LTSP server.
    - Adjust cf3/cf.dhcpserver accordingly.

 -- Holger Levsen <holger@debian.org>  Mon, 25 Jan 2021 17:47:02 +0100

debian-edu-config (2.11.45) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Cope with issues found during a Buster main server upgrade.
    - cf3/cf.squid: Copy additional configuration file instead of symlinking it.
    - postinst: Add code to remove symlinks that point to already removed files
      (previously used for workarounds).

  [ Holger Levsen ]
  * postinst: use 'rm -f' instead 'rm -rf' where appropriate.

 -- Holger Levsen <holger@debian.org>  Tue, 19 Jan 2021 16:25:46 +0100

debian-edu-config (2.11.44) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve freeRADIUS server setup:
    - etc/samba/smb-debian-edu.conf: Use TJENER instead of SKOLELINUX as
      workgroup name to match the Samba server 'standalone' role; this way
      TJENER will be used as domain name for freeRADIUS automatically. As an
      additional benefit the wbinfo command is working to check users.
    - Move the 'ntlm auth' entry from share/debian-edu-config/smb.conf.edu-site
      to etc/samba/smb-debian-edu.conf (and enable it) to avoid a possible
      pitfall in case manual adjustment is forgotten.
    - share/debian-edu-config/tools/setup-freeradius-server:
      + Configure EAP-TTLS/PAP authentication (via Kerberos) in addition to
        PEAP-MSCHAPV2 to provide EAP methods for various end user devices.
      + Keep all configuration adjustments inside the tool itself so that it can
        be used standalone.
      + Add/improve inline documentation.
    - Drop no longer needed files (share/debian-edu-config/freeradius-*), adjust
      Makefile and debian/debian-edu-config.postinst accordingly.

 -- Holger Levsen <holger@debian.org>  Tue, 12 Jan 2021 12:35:54 +0100

debian-edu-config (2.11.43) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/tools/kerberos-kdc-init:
    - Delay clearing the debconf database from passwords until the first user's
      Samba account has been created.
  * share/debian-edu-config/tools/edu-icinga-setup:
    - Cope with recent mariadb-server package changes. Some leftover occurencies
      of 'mysql' have been replaced with 'mariadb'.
  * sbin/debian-edu-pxeinstall:
    - Determine the Debian Edu artwork theme via the desktop-base active theme
      alternative instead of hardcoding it.

 -- Holger Levsen <holger@debian.org>  Thu, 07 Jan 2021 12:42:49 +0100

debian-edu-config (2.11.42) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * sbin/debian-edu-pxeinstall: Use the Homeworld theme also for syslinux.
  * Drop CUPS related workaround now that bug #977198 has been fixed:
    - Remove share/debian-edu-config/cups.service.
    - Adjust Makefile and cf3/cf.workarounds.
    - Add code to debian/debian-edu-config.postinst to remove systemd override
      directory and file. Thanks to Petter Reinholdtsen for the hint.
  * Adjust testsuite/{cups,dnsd,ldap-client,ntp,samba} to reflect recent changes
    to related services.

 -- Holger Levsen <holger@debian.org>  Fri, 01 Jan 2021 13:59:08 +0100

debian-edu-config (2.11.41) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add script share/debian-edu-config/tools/setup-freeradius-server. This tool
    allows one to setup freeRADIUS with a basic configuration suited for the
    Debian Edu network after installing required packages (winbind, freeradius).
    (Still needs to be documented in the manual).
  * Add example configuration files used by the 'setup-freeradius-server' tool:
    - share/debian-edu-config/freeradius-authorize (user related configuration).
    - share/debian-edu-config/freeradius-clients.conf (AP configuration).
    - share/debian-edu-config/freeradius-eap.conf (TLS configuration).
    - share/debian-edu-config/freeradius-mschap.conf (ntlm_auth configuration).
  * cf3/cf.{grub,pxeinstall}: Only run commands inside Debian Installer to avoid
    superfluous execution if cf-agent is called manually.

 -- Holger Levsen <holger@debian.org>  Sun, 27 Dec 2020 14:43:52 +0100

debian-edu-config (2.11.40) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Rework sssd configuration, thanks to Mike Gabriel. (Closes: #977462)
    - share/debian-edu-config/tools/sssd-generate-config:
      Cleanup the included HERE documents (configuration snippets) from entries
      that are either default ones (like excluding the root user), obsolete, no
      longer in use or non-existent; also correct the wrong AD related one.
      As systemd is used, sssd services are now activated via sockets. The
      'service' configuration stanza needs to be empty to avoid starting
      permanently running processes. this also aviods spamming syslog with error
      messages.
    - Adjust the static etc/sssd/sssd-debian-edu.conf file accordingly.
  * Adjust sbin/debian-edu-ltsp-install:
    - Improve IP address determination for the dedicated LTSP network.
    - Add nameserver stanza to /etc/network/interfaces.
  * share/debian-edu-config/d-i/finish-install: Only run debian-edu-ltsp-install
    in case of a combined server. Leave it up to the local admin what type of
    LTSP clients should be supported. (Still needs to be documented.)
  * share/debian-edu-config/cups.service: Cleanup from superfluous entries,
    thanks to Didier 'OdyX' Raboud.
  * cf3/cf.workarounds: Create missing GOsa² related directory to avoid
    confusion in case an admin is setting up a system of type printer.

 -- Holger Levsen <holger@debian.org>  Sun, 20 Dec 2020 09:47:45 +0100

debian-edu-config (2.11.39) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add bin/debian-edu-copy-pki targeting roaming workstations (Closes: #951071)
    The issues mentionend in the bug report are now cared for via policy files
    for Firefox ESR, Thunderbird and Chromium.
    The self signed Debian Edu server certificate has been the only problem left
    for roaming workstations (in case a program uses the PKI infrastructure).
  * Add man page share/man/man1/debian-edu-copy-pki.1.
  * Improve sbin/debian-edu-ltsp-install:
    - Add one more explanation to the script header, thanks Holger.
    - Replace condition for NFS export configuration in case of a combined
      server. This will fix the setup if the script is executed inside the
      Debian Installer.
  * share/man/man8/debian-edu-ltsp-install: Correct image type description.
  * sbin/debian-edu-pxeinstall: use the now available homeworld theme.
  * Workaround CUPS bug (#977198, cups service fails randomly after reboot):
    - Add override file share/debian-edu-config/cups.service.
    - Adjust cf3/cf.workarounds to activate the override file.
    This makes sure the cups service starts after the nslcd one (needed because
    the Debian Edu cups-files.conf refers to an LDAP group).

 -- Holger Levsen <holger@debian.org>  Sun, 13 Dec 2020 10:56:48 +0100

debian-edu-config (2.11.38) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve LTSP related setup and management framework. (Closes: #969935).
    - Remove LTSP5 related tool sbin/debian-edu-ltsp.
    - Move share/debian-edu-config/tools/edu-ltsp-install to
      sbin/debian-edu-ltsp-install as tool for the re-written LTSP and improve
      it further:
      + Add example how to support 32-bit thin client.
      + Extend Firefox ESR configuration for the thin client 'desktop' variant.
      + Care for iPXE menu completion after adding additional chroots.
    - Add man page share/man/man8/debian-edu-ltsp-install.8.
    - Adjust share/debian-edu-config/d-i/finish-install, Makefile,
      share/debian-edu-config/tools/run-at-firstboot and
      debian/debian-edu-config.lintian-overrides to reflect the changes.
  * Adjust etc/dovecot/local.conf to match a recent Dovecot change. Now the IMAP
    server name needs to be set (instead of the hostname of the system the
    service is running on) for the Kerberos ticket to be accepted.
  * Add various man pages:
    - share/man/man8/debian-edu-fsautoresize.8
    - share/man/man1/debian-edu-ldapserver.1
    - share/man/man8/debian-edu-pxeinstall.8
    - share/man/man8/debian-edu-update-netblock.8
    - share/man/man1/ldap-debian-edu-install.1
    - share/man/man1/ldap2netgroup.1
    - share/man/man1/sitesummary2ldapdhcp.1
    - share/man/man8/update-hostname-from-ip.8
  * Makefile: Fix typo from years ago to get LDAP related man pages installed.

 -- Holger Levsen <holger@debian.org>  Sat, 05 Dec 2020 01:31:54 +0100

debian-edu-config (2.11.37) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Rework CUPS configuration, thanks to Mike Gabriel. (Closes: #944347).
    Base Debian Edu specific configuration on recent CUPS configuration files:
    - etc/cups/cupsd-debian-edu.conf: Use ipp.intern as central print server,
      restrict access to preconfigured internal networks.
    - etc/cups/cups-files-debian-edu.conf: Add LDAP group 'printer-admins' as
      additional CUPS @SYSTEM group.
    - etc/cups/cups-browsed-debian-edu.conf: New file. Configure all other
      machines on the internal networks as clients using driverless printing.
    - cf3/cf.cups: Adjust to conditionally activate CUPS configuration.
    - www/*: Use FQDN for the print server, adjust PO and index files.
  * Move over configuration (i.e. non-artwork) related files from d-e-artwork
    for the sake of consistency. (Use different filenames to avoid conflicts.)
    - share/glib-2.0/schemas/21_debian-edu+gdm.gschema.override
    - share/glib-2.0/schemas/31_debian-edu+mate.gschema.override
    - share/glib-2.0/schemas/32-debian-edu.arctica-greeter.gschema.override
    - share/mate-panel/layouts/debian-edu-mate.layout
  * Adjust Makefile and debian/control to reflect the changes.

 -- Holger Levsen <holger@debian.org>  Mon, 23 Nov 2020 22:31:27 +0100

debian-edu-config (2.11.36) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Set DuckDuckGo as default search provider for both Firefox-ESR and Chromium.
    This setting isn't forced, users are allowed to change it, compare #955707:
    - Adjust share/firefox-esr/distribution/policies.json,
    - Add etc/chromium/policies/recommended/search_provider.json.
  * Improve homepage and startup page setup and newtab content for both
    Firefox-ESR and Chromium:
    - Adjust etc/firefox-esr/debian-edu.js,
    - Adjust share/debian-edu-config/tools/update-chromium-homepage.

  [ Holger Levsen ]
  * Update standards version to 4.5.1, no changes needed.

 -- Holger Levsen <holger@debian.org>  Wed, 18 Nov 2020 12:10:46 +0100

debian-edu-config (2.11.35) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/tools/edu-ltsp-install:
    - Use http instead of https (debootstrap) to avoid a possible pitfall if a
      proxy isn't configured to use https.
    - Fix typo to avoid breaking home directory mounting (combined server).
  * share/debian-edu-config/tools/improve-desktop-l10n:
    - Also care for debian-edu-doc legacy packages.
  * Rework internal network time synchronization. This avoids to edit the ntp
    conffile on clients:
    - Add share/debian-edu-config/debian-edu-timesyncd.conf as override file for
      networked clients (with the exception of roaming workstations).
    - Adjust Makefile, cf3/cf.ntp and cf3/edu.cf accordingly.
  * debian/control: Move libpam-python back from Suggests to Recommends now
    that the package is available in testing again. (Not yet ported to Python3,
    but the Python2 related dependency chain doesn't fail any longer).

 -- Holger Levsen <holger@debian.org>  Mon, 09 Nov 2020 09:49:21 +0100

debian-edu-config (2.11.34) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve Samba configuration to support using PEAP-MSCHAPv2 with FreeRADIUS:
    - Add 'netbios name = tjener' in etc/samba/smb-debian-edu.conf (the value
      will be used as domain name).
    - Add ntlm auth stanza to share/debian-edu-config/smb.conf.edu-site (case
      restricted setting 'ntlm auth = mschapv2-and-ntlmv2-only').
  * share/debian-edu-config/tools/gosa-sync: Adjust Samba account related code
    introduced in d-e-c 2.11.33.

 -- Holger Levsen <holger@debian.org>  Thu, 29 Oct 2020 17:41:06 +0100

debian-edu-config (2.11.33) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Don't mix LDAP and system groups to enable Samba usershares, use the already
    existing LDAP group 'students'. Thanks to Mike Gabriel for the hint.
    Adjust related files and configuration:
    - ldap-bootstrap/gosa.ldif: Add the first user to the 'students' group. This
      way all users belonging to the 'teachers' group will also be 'students'.
    - cf3/cf.samba: Use 'students' instead of 'sambashare' for the group
      ownership of the /var/lib/samba/usershares/ directory.
      (Running 'chown root:teachers /var/lib/samba/usershares' would disable
      usershares for 'students'; this needs to be documented in the manual.)
    - Drop code used to add sambashare group membership from:
      + share/debian-edu-config/tools/kerberos-kdc-init,
      + share/debian-edu-config/tools/edu-ldap-from-scratch,
      + share/debian-edu-config/tools/gosa-create and
      + share/debian-edu-config/tools/gosa-sync.
  * Remove Samba account along with POSIX account removal:
    - Adjust share/debian-edu-config/tools/gosa-remove.
  * Improve order of entries and comments in Samba related files:
    - Adjust etc/samba/smb-debian-edu.conf and
      share/debian-edu-config/smb.conf.edu-site.
  * Cleanup files from no longer needed Samba related entries:
    - ldap-bootstrap/netgroup.ldif,
    - ldap-bootstrap/root.ldif,
    - ldap-bootstrap/gosa.ldif and
    - share/debian-edu-config/gosa.conf.template
  * debian/control: Move libpam-python from Recommends to Suggests (until the
    package has been ported to Python3) to fix the src:debian-edu autopkgtest.
    See bug #967194 for details.

 -- Holger Levsen <holger@debian.org>  Sun, 25 Oct 2020 15:17:06 +0100

debian-edu-config (2.11.32) unstable; urgency=medium

  [ Mike Gabriel ]
  * debian/fetch-rootca-cert: Re-try rootCA retrieval if previous
    retrievals ended up with an empty Debian-Edu_rootCA.crt file in
    /usr/local/share/ca-certificates/. (Closes: #971775).

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.fetch-rootca-cert:
    - Avoid execution on the main server where things are already in place.
    - Adjust code to let the Debian-Edu_rootCA.crt file show up in the
      /etc/ssl/certs/ directory more reliably. (Closes: #971767).
    - Fix logging messages.
  * debian/control:
    - Lower Depends on libpam-python to Recommends. This way the src:debian-edu
      autopkgtest might succeed (until libpam-python3 becomes available).
    - Adjust Description field.
    - Use https://blends.debian.org/edu as homepage.
  * Move from deprecated, unusable Samba NT4-style PDC role to standalone server
    one to be compatible with OpenLDAP, MIT Kerberos and GOsa²:
    - Drop all domain related files.
    - Add code to debian/debian-edu-config.postinst to get those files removed.
    - Adjust etc/samba/smb-debian-edu.conf accordingly (also with support for
      non-root user usershares and override file included).
    - Add share/debian-edu-config/smb.conf.edu-site as override template file.
  * Re-work LDAP bootstrap and configuration file.
    - Move entries from ldap-bootstrap/samba.ldif to ldap-bootstrap/gosa.ldif
      and ldap-bootstrap/root.ldif respectively, now that Samba isn't contained
      in LDAP anymore.
    - etc/ldap/slapd-debian-edu.conf: Cleanup from Samba related entries.
  * share/debian-edu-config/gosa.conf.template:
    - Remove Samba related tab to prevent it from showing up in the GUI.
    - Add sambaHashHook="" to prevent Samba password hashes showing up in LDAP
      for security reasons.
  * Manage Samba accounts and sambashare group membership using GOsa² hooks.
    - share/debian-edu-config/tools/gosa-create: Add user to sambashare group.
    - share/debian-edu-config/tools/gosa-sync:
      Create a user Samba account and keep Samba and POSIX passwords in sync.
    - share/debian-edu-config/tools/gosa-lock-user: Also disable Samba account.
    - share/debian-edu-config/tools/gosa-unlock-user: Also enable Samba account.
    - share/debian-edu-config/tools/kerberos-kdc-init: Add samba account and
    - sambashare group membership for the special case 'first user'.
  * Use Avahi to publish Samba shares in the local network. This will also
    improve support for macOS using systems:
    - Add share/debian-edu-config/avahi.smb.service configuration file.
    - cf3/cf.samba: Conditionally copy the service file to the right place.
      (Also create the Samba usershares directory with proper rights.)
  * share/debian-edu-config/tools/edu-ldap-from-scratch:
    - Adjust to reflect the Samba related changes.
  * share/debian-edu-config/passwords_stub.dat:
    - Drop obsolete entries now that icinga2-classicui is gone.

 -- Holger Levsen <holger@debian.org>  Mon, 19 Oct 2020 14:14:47 +0200

debian-edu-config (2.11.31) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * www/index.html.en:
    - Stop linking to http://www.linuxiskolen.no/slxdebianlabs/donations.html;
      the foundation has been shut down and the leftover money given to Debian.
  * www: update files after running 'make all'.
  * ldap-tools/ldap-debian-edu-install:
    - Drop Samba related code (deprecated NT4-style domain) to fix LDAP setup.
  * debian/NEWS: Drop file to avoid confusing users while upgrading from Buster;
    the related information has already been shown via security update d-e-c
    2.10.65+deb10u3 (or point release 10.3 at the latest).

 -- Holger Levsen <holger@debian.org>  Sat, 03 Oct 2020 10:26:49 +0200

debian-edu-config (2.11.30) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Remove NBD tools and related configuration file:
    The re-written LTSP doesn't use nbdswapd, so drop now obsolete files
    share/debian-edu-config/tools/nbdquery,
    share/debian-edu-config/tools/nbdswap and
    etc/nbd-server/conf.d/debian-edu.conf. Adjust Makefile.
  * d/control: Drop Depends on netcat. (Closes: #969239)
    The last tool using 'nc' has now been removed. Thanks to Chris Hofstaedtler.
  * Cleanup debian/debian-edu-config.lintian-overrides from unused entries,
    thanks Lintian.

 -- Holger Levsen <holger@debian.org>  Mon, 31 Aug 2020 10:43:55 +0200

debian-edu-config (2.11.29) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix loss of dynamically allocated v4 IP address. (Closes: #966129)
    - Drop etc/network/if-up.d/wpad-proxy-update. This script fails to work due
      to changed behaviour of the ifupdown/dhclient/systemd combination and now
      also causes the loss of a dynamically allocated ipv4 IP address about 30
      minutes after booting.
    - Add code to d/debian-edu-config.postinstall to implement the intended
      proxy setting update after a WPAD change just after rebooting the system.
      (It would otherwise happen at first DHCP lease renewal ~15 minutes later.)
    - Adjust Makefile and debian/dirs.

 -- Holger Levsen <holger@debian.org>  Thu, 23 Jul 2020 15:30:33 +0200

debian-edu-config (2.11.28) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * etc/exim4/exim-ldap-server-v4.conf:
    - Fix after Exim 4.94 security improvements. Don't use tainted data from
      sender information for delivery path construction, gather data from the
      'check_local_user' directive (routers section) instead and use
      $local_part_data (tranports section) to construct the path.
  * testsuite/doc: Grab suite value for both testing and stable release cases.

 -- Holger Levsen <holger@debian.org>  Sat, 27 Jun 2020 12:20:06 +0200

debian-edu-config (2.11.27) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Modify LTSP setup related configuration to support both separate and
    additional LTSP servers.
    - ldap-bootstrap/gosa-server.ldif: Adjust LTSP related DHCP options and
      statements for both subnet00 and subnet01 to be compliant with iPXE.
    - cf3/cf.dhcpserver: link dhcpd.conf to the Debian Edu specific one.
    - debian/debian-edu-config.enable-nat: use /srv/ltsp as new LTSP base dir.
    - share/debian-edu-config/tools/edu-ltsp-install:
      + Configure local excludes and services to be masked.
      + Use static entry for the primary network interface and configure it.
      + Configure NFS exports conditionally.
      + Also set NAT for clients behind eth1 via LTSP.
    - share/debian-edu-config/tools/run-at-firstboot: Exclude separate LTSP
      servers from SquashFS image generation; the host specific krb5.keytab file
      needs to be included in the image but isn't yet available.

 -- Holger Levsen <holger@debian.org>  Wed, 17 Jun 2020 17:39:49 +0200

debian-edu-config (2.11.26) unstable; urgency=medium

  [ Wolfgang Schweer ].
  * Improve LTSP client setup, provide a full iPXE menu for both the backbone
    and the dedicated LTSP network, use ISC DHCP server instead of dnsmasq.
    - ldap-bootstrap/gosa-server.ldif: Adjust LTSP related DHCP options and
      statements (root-path, filename).
    - ldap-bootstrap/autofs.ldif: Drop deprecated NFS4 mount option 'intr'.
    - share/debian-edu-config/tools/edu-ltsp-install:
      + Improve inline documentation.
      + Drop dnsmasq package installation and setup.
      + Adjust interfaces configuration to match the use of ISC DHCP server.
      + Use FQDN for the main server to enable LTSP diskless client use on the
        backbone network.

 -- Holger Levsen <holger@debian.org>  Tue, 26 May 2020 10:22:19 +0200

debian-edu-config (2.11.25) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/tools/run-at-firstboot: Make script more robust
    (just in case the LTSP SquashFS image for diskless workstations has already
    been created, but xdebian-edu-firstrun failed due to some other reason).

  [ Holger Levsen ]
  * Bump debhelper-compat to 13.

 -- Holger Levsen <holger@debian.org>  Wed, 13 May 2020 15:10:01 +0200

debian-edu-config (2.11.24) unstable; urgency=medium

  [ Mike Gabriel ]
  * share/debian-edu-config/tools/clean-up-host-keytabs: Add script.
    Move host keytabs cleanup code out of gosa-modify-host into a standalone
    script, but still call it from there (for now). Major script improvement:
    Reduce LDAP calls to a single ldapsearch query which greatly improves the
    execution speed of the code. (Closes: #935080).

 -- Holger Levsen <holger@debian.org>  Sat, 02 May 2020 13:38:52 +0200

debian-edu-config (2.11.23) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Cope with recent bind9 package changes (bind9 -> named at various places) to
    fix initial LDAP setup during installation and other broken configuration
    scripts and files.
    - ldap-tools/ldap-debian-edu-install
    - cf3/cf.bind
    - etc/resolvconf/update.d/bind-debian-edu
    - share/debian-edu-config/tools/edu-ltsp-install
  * Adjust testsuite components to reflect LTSP, Icinga2 and PXE installation
    related changes:
    - testsuite/{icinga,ldap-client,pxeinstall}
  * Adjust testsuite/samba to check if Samba is fully functional.
  * Adjust share/debian-edu-config/tools/install-task-pkgs now that the Cinnamon
    desktop environment is also supported.

 -- Holger Levsen <holger@debian.org>  Mon, 27 Apr 2020 07:18:20 +0200

debian-edu-config (2.11.21) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add share/debian-edu-config/tools/configure-edu-gateway.
    This script allows one to configure a system with two network interfaces and
    profile 'Minimal' as a gateway and optionally as a firewall (shorewall).
  * LTSP changes related issues:
    - cf3/cf.grub: Re-add accidently removed grub-update command execution.
    - cf3/edu.cf: Cleanup from LTSP5 related entry.
  * Adjust Makefile.

 -- Holger Levsen <holger@debian.org>  Sun, 19 Apr 2020 09:47:59 +0200

debian-edu-config (2.11.20) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve Icinga 2, LTSP and iPXE installation and setup.
   - share/debian-edu-config/tools/edu-icinga-setup:
     + Adjust for execution within the Debian Installer environment.
   - share/debian-edu-config/tools/edu-ltsp-install:
     + Determine dist and arch values from the server system instead of using
       fixed ones.
     + Make resolv.conf generation inside the SquashFS image more robust.
     + Also mask the cfengine3 servive.
     + Adjust for execution within the Debian Installer environment.
     + Improve inline documentation.
   - share/debian-edu-config/d-i/finish-install:
     + Don't generate the diskless workstation SquashFS image within the Debian
       Installer environment, it doesn't work. Let the xdebian-edu-firstboot
       init script (shipped with the debian-edu-install package) do this job
       instead (via running tools/run-at-firstboot). All re-configuration
       needing daemons are running then and all needed information is available.
   - share/debian-edu-config/tools/run-at-firstboot:
     + Generate the diskless workstation SquashFS image conditionally.
     + Cleanup from outdated, LTSP5 related code.
     + Whitespace fixes.
   - sbin/debian-edu-pxeinstall:
     + Determine dist value for both testing and stable release cases from
       different, release specific sources.

 -- Holger Levsen <holger@debian.org>  Mon, 13 Apr 2020 13:08:30 +0200

debian-edu-config (2.11.19) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix Thunderbird TLS/SSL setup: (Closes: #955978).
    - Add lib/thunderbird/distribution/policies.json to make sure that the
      Debian-Edu_rootCA.crt file gets installed as trusted certificate.
    - Cleanup and adjust Makefile accordingly.

 -- Holger Levsen <holger@debian.org>  Sun, 05 Apr 2020 20:12:31 +0200

debian-edu-config (2.11.18) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Setup and configure the Icinga 2 monitoring system now that the
    icinga2-classicui package has been dropped. The setup follows a more complex
    approach involving databases and authentication against LDAP. The first user
    is enabled to log into the web interface as Icinga Administrator.
    (Closes: #793677).
    - Add new script share/debian-edu-config/tools/edu-icinga-setup.
    - Add cf3/cf.icinga file for setting up Icinga via cfengine.
    - Rework all files in the www/ directory to reflect the changes.
    - Adjust Makefile and cf3/promises.cf accordingly.
    - Add a related line to debian/debian-edu-config.lintian-overrides because
      the new tool uses debconf to fetch the first user uid value.
  * share/debian-edu-config/tools/edu-ltsp-install:
    - Also mask the mariadb service now that Icinga is using it.
    - Drop no longer needed workaround for the tftpd-hpa package.
    - Add workaround for resolv.conf if the tool is run on a combined server.

 -- Holger Levsen <holger@debian.org>  Thu, 26 Mar 2020 00:28:17 +0100

debian-edu-config (2.11.17) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Rework PXE installation setup to be compliant with re-written LTSP. These
    changes have the additional benefit to provide network booting for both
    BIOS and UEFI based systems due to the change to iPXE.
    - ldap-bootstrap/gosa-server.ldif:
      + Add DHCP options to provide an iPXE related config space.
      + Add system architecture related DHCP option.
      + Add DHCP statement to be able to conditionally hand out the correct boot
        file. This also makes sure that both PXE and iPXE capable systems are
        supported via chainloading iPXE.
    - sbin/debian-edu-pxeinstall:
      + Switch to iPXE to provide the installation menu.
      + Modify the existing iPXE menu in case of a combined server, i.e. main
        server and LTSP server.
      + Generate an iPXE menue in case of a plain main server.
      + Cleanup from outdated and obsolete comments and code.
      + Whitespace fixes.
    - etc/debian-edu/pxeinstall.conf:
      + Use the graphical installer by default.
      + Adjust entries and comments to reflect the changes.

 -- Holger Levsen <holger@debian.org>  Mon, 16 Mar 2020 14:22:30 +0100

debian-edu-config (2.11.16) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Rework welcome page and localization:
    - ldap-bootstrap/root.ldif:
      + Use https://www/ instead of http://www/.
      + Cleanup file from 10 year old commented entries, also adjust outdated
        comment concerning the gosa ldap admin.
    - tools/show-welcome-webpage:
      + Only query the internal webserver for localized files and store the base
        URL instead of the whole welcome URL. (Closes: #952665)
      + Use the localized blends web page for the 'Standalone' profile.
      + Whitespace fixes.
    - www/:
      + Set correct language identifier in localized files (es-es,pt-br,zh-tw).
      + Rename existing localization variants {es-es,nb-no,pt-br,zh-tw} to give
        the web server's Multiviews feature a better chance to choose
        the right file when the web browser is asking for content negotiation.
      + Link index.html.nb-no to index.html.no to let the correct page be found
        just in case [no] is added as favourite language to a web browser.
      + Use the localized blends web page.
      + Remove link to no longer existing linuxsignpost.org website.
      + Adjust related Makefile.
      + Trivial unfuzzy for all PO files.
      + Updated after running 'make' in the www directory.
   * Rework LTSP setup to cope with re-written ltsp changes. These are
     requirements for easier working on LTSP integration:
     - Add new tool share/debian-edu-config/tools/edu-ltsp-install to be able to
       provide LTSP diskless workstation and thin client support. The tool
       contains basic usage instructions, more needs to go into the manual once
       everything has been integrated and is actually working like expected.
     - Use kerberized NFS for mounting home directories:
       + Replace sec=sys with sec=krb5i in ldap-bootstrap/autofs.ldif file.
       + Use dedicated edu.exports file shipped in the etc/exports.d/ directory,
         avoiding to modify the /etc/exports file as a benefit.
     - Drop now obsolete LTSP5 related files:
       + etc/ltsp/ltsp-build-client.conf
       + etc/ltspfs/mounter.d/edu-notify
       + share/debian-edu-config/ltspfs-mounter-kde
       + share/debian-edu-config/udisks2.patch
       + share/initramfs-tools/scripts/nfs-bottom/before-ltsp
       + share/ltsp/get-ldap-ltsp-config
       + share/ltsp/init-ltsp.d/08-edu-hostname
       + share/ltsp/init-ltsp.d/09-edu-ldap-config
       + share/ltsp/init-ltsp.d/60-edu-client
       + share/ltsp/plugins/ltsp-build-client/Debian-custom/001-ltsp-settings
       + share/ltsp/plugins/ltsp-build-client/Debian-custom/020-rootpath
       + share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs
       + share/ltsp/plugins/ltsp-build-client/Debian-custom/098-etckeeper
       + testsuite/ltsp
     - share/debian-edu-config/d-i/finish-install:
       + Add code to set up LTSP client support during installation of systems
         with profile 'LTSP-Server'.
       + Whitespace fixes.
   * Drop no longer needed cf3/cf.tftpd file.
   * Adjust cfengine related files:
     - cf3/cf.{chromium,firefox-esr} (http -> https related)
     - cf3/cf.homes (Kerberized NFS related)
     - cf3/cf.{finalize,ntp,pxeinstall,squid] and cf3/edu.cf (LTSP related)
     - cf3/cf.workarounds (no workarounds needed atm)
   * ldap-bootstrap/{gosa,samba}.ldif: Drop generation of outdated LanManager
      password and cleanup the files from 10 year old commented entries.
   * Drop outdated (and obsolete) lib/mime/packages/debian-edu-mailcap file.
   * Adjust debian/{dirs,debian-edu-config.links,debian-edu-config.postinst},
     cf3/promises.cf and Makefile to reflect the changes.
   * debian/debian-edu-config.preinst:
     - Drop Stretch related conditional removal, add LTSP related new one.
   * Adjust debian/debian-edu-config.lintian-overrides. Thanks lintian.

 -- Holger Levsen <holger@debian.org>  Sat, 07 Mar 2020 09:50:16 +0100

debian-edu-config (2.11.15) unstable; urgency=medium

  [ Mike Gabriel ]
  * share/d-e-c/tools/create-server-cert: Add script. This script is
    useful for creating server certificates for additional servers
    (other than the mainserver) and having these certificates signed
    against Debian-Edu_rootCA.{crt,key}.

  [ Wolfgang Schweer ]
  * Adjust ldap-tools/ldap-debian-edu-install to fix the recently broken LDAP
    setup. (The sample DB_CONFIG file has moved from /usr/share/slapd/ to the
    new location /usr/share/doc/slapd/examples/.)

  [ Holger Levsen ]
  * Wrap long lines in changelog entries: 1.450, 1.443, 1.424,
    1.416+svn39828, 0.411. Thanks lintian-brush.

 -- Holger Levsen <holger@debian.org>  Wed, 26 Feb 2020 18:38:22 +0100

debian-edu-config (2.11.14) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Make Debian-Edu_rootCA available on client systems via the system-wide
    CA bundle in /etc/ssl/certs/ca-certificates.crt:
    - Add debian/debian-edu-config.fetch-rootca-cert (Closes: #951070)
  * Adjust debian/rules to reflect the change.

 -- Holger Levsen <holger@debian.org>  Thu, 20 Feb 2020 15:50:52 +0100

debian-edu-config (2.11.13) unstable; urgency=medium

  [ Mike Gabriel ]
  * etc/mklocaluser.d/20-debian-edu-config:
    - Additionally create GTK-3-stylem 'places' bookmarks. (Closes: #951069).
    - Detect user's SMB domain correctly and add that to SMBPATH.
    - Indentation clean-up.

 -- Holger Levsen <holger@debian.org>  Fri, 14 Feb 2020 12:49:32 +0100

debian-edu-config (2.11.12) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix LDAP setup, broken as of autofs-ldap version 5.1.6:
    - Add ldap/schema/autofs-debian-edu.schema
    - Adjust etc/ldap/slapd-debian-edu.conf and Makefile.
    As the schema file shipped with autofs-ldap is no longer compatible with
    ldap-bootstrap/autofs.ldif, the Buster version (5.1.2) schema file is used.
    The schema file has been changed upstream in v. 5.1.3 with this comment:
    "The schema was corrected somewhere along the line but the autofs
    distribution copy was never updated. The schema has now been
    updated but it is not recommended for use as the schema for autofs
    map information."

  [ Holger Levsen ]
  * Bump standards version to 4.5.0, no changes needed.

 -- Holger Levsen <holger@debian.org>  Wed, 29 Jan 2020 13:10:48 +0100

debian-edu-config (2.11.11) unstable; urgency=medium

  [ Dominik George ]
  * Amend last changelog entry with CVE.
  * debian/control: Reference Debian Edu in binary package description
  * Follow-up for CVE-2019-3467:
    - Add NEWS to warn administrators with possible local changes.
  * Keep proxy settings on client if wpad is unreachable (Closes: #941001)
    - Remove use of eval `...` while at it to minimise security risks

  [ Holger Levsen ]
  * Close #936375 in 2.11.7 changelog entry.

 -- Holger Levsen <holger@debian.org>  Tue, 14 Jan 2020 15:06:22 +0100

debian-edu-config (2.11.10) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/tools/kerberos-kdc-init:
    - Set proper rights for users in kadm5.acl file. (Closes: #946797)
    - Security fix for CVE-2019-3467
  * Adjust debian/debian-edu-config.postinst to fix kadm5.acl upon upgrades.
  * Use secure URI in Homepage field.
  * Use canonical URL in Vcs-Git.

  [ Holger Levsen ]
  * Improve debian/debian-edu-config.postinst fix to only run once on
    upgrades.

 -- Holger Levsen <holger@debian.org>  Mon, 16 Dec 2019 16:56:24 +0100

debian-edu-config (2.11.9) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/tools/kerberos-kdc-init:
    - Update kdc.conf content from template shipped with the krb5-kdc package.
      This fixes the recently broken Kerberos setup.
  * Replace workaround for rootCA certificate integration (both firefox-esr and
    thunderbird 68.2.x) with a nowadays recommended setup: (Closes: #944450)
    - Add policy file share/firefox-esr/distribution/policies.json.
      This makes sure that the Debian-Edu_rootCA.crt file gets installed as
      trusted certificate for firefox-esr and thunderbird.
      The policy also forces the Debian Edu startpage to be shown (instead of
      the Firefox one) at first launch; the Firefox privacy page is available
      via a second tab.
    - Drop share/debian-edu-config/{installs.ini,profiles.ini,profiles.ini.ff}.
      These files are no longer required.
    - Adjust related tools:
      + share/debian-edu-config/tools/gosa-create
      + share/debian-edu-config/tools/create-user-nssdb
      + share/debian-edu-config/tools/update-cert-dbs
      + ldap-tools/ldap-debian-edu-install
    - Adjust Makefile.
  * Drop workaround now that Squid bug #911325 has been fixed:
    - Remove share/debian-edu-config/squid.resolvconf
    - Adjust Makefile and cf3/cf.workarounds.

 -- Holger Levsen <holger@debian.org>  Wed, 13 Nov 2019 10:07:29 +0100

debian-edu-config (2.11.8) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Drop workaround for NFS related bug #930125 (fixed in firefox-esr 68.2.x):
    - Remove share/debian-edu-config/edu-firefox-nfs.
    - Adjust cf3/cf.workarounds and Makefile.
  * Adjustments for changed education menu re-structuring:
    - cf3/edu.cf: Re-define class 'Workstation' condition.
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs and
      debian/debian-edu-config.postinst: Drop desktop-profiles related code.
    - cf3/cf.finalize: Remove desktop-profiles related editing.
    - d/control: Drop Depends on desktop-profiles.
  * Cope with Firefox-ESR ini files that need to be different (as of version
    68.2.0esr) to further allow centralized configuration: (Closes: #944013)
    - Add share/debian-edu-config/profiles.ini.ff (Firefox-ESR profiles.ini).
    - Add share/debian-edu-config/installs.ini (now needed in addition for users
      that don't have a Firefox-ESR profile, i.e. new users).
    - Adjust share/debian-edu-config/tools/gosa-create which is used to copy
      the related Firefox-ESR ini files.
    - Ajust Makefile.
    - Adjust ldap-tools/ldap-debian-edu-install (fix for the first user).

 -- Holger Levsen <holger@debian.org>  Mon, 04 Nov 2019 18:22:46 +0800

debian-edu-config (2.11.7) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * etc/ltspfs/mounter.d/edu-notify:
    Adjust for using notify2 instead of pynotify.
  * debian/control: Replace python-notify with python3-notify2. Closes: #943573
    Thanks to Jeremy Bicha.
  * debian/control: Add Depends on python3, thanks Lintian. Closes: #936375

  [ Holger Levsen ]
  * share/debian-edu-config/pam-nopwdchange.py: converted to python3 with
    python-modernize.
  * debian/control: Drop Depends on python.

 -- Holger Levsen <holger@debian.org>  Mon, 28 Oct 2019 13:10:12 +0100

debian-edu-config (2.11.6) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * cf3/cf.workarounds: Fix syntax.
  * testsuite/icinga: Adjust for moving from icinga to icinga2 and
    icinga2-classicui.
  * testsuite/ltsp: Adjust for reworked LDAP certificate setup.
  * testsuite/cups: Adjust for central ipp server.

 -- Holger Levsen <holger@debian.org>  Wed, 23 Oct 2019 13:26:45 +0200

debian-edu-config (2.11.5) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/passwords_stub.dat:
    - adjust after replacing icinga with icinga2 and icinga2-classicui.
  * Improve usage information and comments:
    - ldap-tools/debian-edu-ldap-install
    - share/debian-edu-config/tools/edu-ldap-from-scratch

 -- Holger Levsen <holger@debian.org>  Sun, 13 Oct 2019 13:06:16 +0200

debian-edu-config (2.11.4) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * www/index* and www/*.po:
    - Adjust files after replacing icinga with icinga2 and icinga2-classicui.

  [ Holger Levsen ]
  * etc/ltsp/ltsp-build-client.conf: target bullseye, not buster.
  * share/debian-edu-config/tools/debian-edu-bless: remove remaining
    references to EDUSUITE which were forgotten in a code cleanup in
    commit c6ef9d69 in 2016.
  * README: update reference to point to bullseye, not buster.
  * cf.workarounds: drop workaround for #922718 as the fixed xfce4-session
    package has made it into bullseye.
  * cf3/cf.squid: drop workaround for stretch -> buster upgrades as skipping a
    release when upgrading is not supported.
  * Drop share/debian-edu-config/tools/password-fix-squeeze-r0 for the same
    reason.
  * Drop stuff commented out in 2012 in ldap-bootstrap/root.ldif.
  * Drop (some) code for upgrades from before buster in
    debian/debian-edu-config.postinst and
    debian/debian-edu-config.maintscript.

 -- Holger Levsen <holger@debian.org>  Tue, 08 Oct 2019 14:47:06 +0200

debian-edu-config (2.11.3) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust share/debian-edu-config/d-i/finish-install: (Closes: #941574)
    - Use 'dpkg-reconfigure -u --no-reload debian-edu-config' to add post-up
      stanza to /etc/network/interfaces eth0 entry conditionally.

  [ Holger Levsen ]
  * Bump standards version to 4.4.1, no changes needed.

 -- Holger Levsen <holger@debian.org>  Thu, 03 Oct 2019 08:15:19 +0100

debian-edu-config (2.11.2) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Drop workaround scripts for bugs that got fixed in xfce4 4.14.0:
    - share/debian-edu-config/edu-xfce4-panel.xml
    - share/debian-edu-config/55xfce4-session-debian-edu
  * Adjust cf3/cf.workarounds and Makefile.

 -- Holger Levsen <holger@debian.org>  Sat, 28 Sep 2019 13:04:00 +0100

debian-edu-config (2.11.1) unstable; urgency=medium

  * d/control:
    - depend on wget. Closes: #940698.
    - make dependency on lsb-base unversioned.
    - bump dependency on debhelper-compat=12.
  * Drop etc/NetworkManager/dispatcher.d/02debian-edu-config. Closes: #872154.
  * Drop share/debian-edu-config/tools/jrpasswd to fix #936375 eventually.
    We have GOsa² now, while this script was never documented, comes from
    Sarge times and uses python2.

 -- Holger Levsen <holger@debian.org>  Thu, 19 Sep 2019 15:30:11 +0200

debian-edu-config (2.10.67) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust debian/debian-edu-config.fetch-ldap-cert. (Closes: #934380)
    - Use independent conditions to make sure that the LDAP server certificate
      is only downloaded once for both host and LTSP chroot.
    - Add code to validate the LDAP server certificate in case the Debian Edu
      RootCA certificate is available for download.

  [ Mike Gabriel ]
  * Code review debian-edu-config.fetch-ldap-cert:
    - White-space-only change: Fix broken and inconsistent indentations.
    - Fully inline-document fetch-ldap-cert script.
    - Add "-f" option to all curl calls that don't have it set so far.
      This assures that curl bails out with a non-zero exit code, if anything
      goes wrong while retrieving certificate files.
    - Also report a successful certificate verification if we verified the
      LDAP server certificate using the Debian Edu RootCA.
    - Really check that the LDAP server uses a certificate issued by the
      "Debian Edu RootCA", not just by (some) "RootCA".
    - Add 2x FIXME about BUNDLECRT file removal from host and from LTSP chroots.
    - LTSP chroot certificate copying: only log those actions, if they are
      actually about to happen..
    - Silence curl stderr and gnutls-cli stdout+stderr.
    - Certificate retrieval: Fix upgrade path for RootCA deployment. Re-run
      CERTFILE (and ROOTCACRT retrieval) until we have both on the client.
      This will lead to repetitive downloads of the CERTFILE on system boot.
      To get rid of this, people must upgrade their TJENERs from Debian Edu
      10.0 to 10.1. Then it will stop. This hack is necessary to assure
      distribution of the RootCA to all clients that don't have it, yet.
    - Detach dependency of ROOTCACRT chroot copying and BUNDLECRT chroot
      copying from chroot copying of the CERTFILE. The chroot may have the
      CERTFILE, but not the ROOTCACRT, yet. This assures a smooth upgrade
      path from Debian Edu 10.0 to Debian Edu 10.1.
    - Do a simple validity check if a directory under /opt/ltsp really is
      a chroot (and e.g. not the SquashFS images' directory).

 -- Holger Levsen <holger@debian.org>  Thu, 15 Aug 2019 16:20:50 +0200

debian-edu-config (2.10.66) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust ltsp-build-client/Debian-custom/001-ltsp-setting. (Closes: #928756)
    - Use PXE option 'ipappend 2' for LTSP client boot. This option makes sure
      that all DHCP server information is getting through to LTSP clients.
      (LTSP used this option before, but switched to 'ipappend 3' during the
      Buster development cycle to ease setups with ProxyDHCP.)
  * Adjust share/debian-edu-config/sudo-ldap.conf. (Closes: #929964)
    - Fix sudo-ldap configuration. (The LDAP URI is needed on LDAP clients.)
  * Set environment variable to deal with Firefox profile. (Closes: #930122)
    This is a workaround for bug #930125, preventing firefox-esr startup issues
    if the mozilla profile is on an NFS share).
    - Ship share/debian-edu-config/edu-firefox-nfs with NSS_SDB_USE_CACHE="yes"
      as content. Thanks to Mike Gabriel for spotting the issue and providing
      this information.
    - Add instructions to cf3/cf.workarounds to link the 'edu-firefox-nfs' file
      to appropriate files below '/etc/X11/Xsession.d' and '/etc/profile.d'.
  * Adjust cf3/cf.homes: Set correct LTSP chroot path. (Closes: #931680)
    - While the reported arch is i686, LTSP uses i386. Set arch accordingly.
  * Adjust share/debian-edu-config/tools/kerberos-kdc-init. (Closes: #931366)
    - Remove outdated (and now wrong) logging section.
  * Add LDAP server certificate to the initial LTSP NBD image. (Closes: #932828)
    - etc/ltsp/ltsp-build-client.conf: Don't create the image by default.
    - cf3/edu.cf: Define new class 'ltspimages'.
    - cf3/cf.finalize: Add code to include the LDAP server certificate for all
      possible use cases, to generate the image and to adjust various rights.
  * Provide Debian Edu RootCA certificate for download. (Closes: #933183)
    - Adjust share/debian-edu-config/tools/create-debian-edu-certs to copy the
      rootCA file to the web server directory at certificate generation time.
    - Adjust cf3/cf.finalize to care for the rootCA file as well.
    - Adjust cf3/cf.workarounds to copy the rootCA file to the web server
      directory upon main server upgrade.
  * Fix loss of dynamically allocated v4 IP address. (Closes: #933580)
    - Drop etc/network/if-up.d/hostname. This script doesn't work anymore due
      to changed behaviour of the ifupdown/dhclient/systemd combination and now
      also causes the loss of a dynamically allocated ipv4 IP address after 20
      to 30 minutes after booting.
    - Add code to d/debian-edu-config.postinstall to implement the intended
      hostname update just after rebooting the system after a change.
    - Adjust Makefile.

  [ Mike Gabriel ]
  * debian/debian-edu-config.fetch-ldap-cert: Make the script (and with it
    Debian Edu buster workstations) work in a Debian Edu environment where
    the main server (TJENER) is still on Debian Edu 8 or 9. (Closes: #926933)
  * debian/debian-edu-config.fetch-ldap-cert: Retrieve TJENER's PKI server
    certificate only once per host to improve security. This re-introduces
    the behaviour of fetch-ldap-cert in stretch and earlier. (Closes: #931413).

  [ Holger Levsen ]
  * Drop obsolete code in d-i/finish-install now that d-i uses haveged (via a
    newly introduced udeb) or a hardware RNG. (See #923675).
  * Bump standards version to 4.4.0, no changes needed.

 -- Holger Levsen <holger@debian.org>  Sat, 10 Aug 2019 11:41:47 +0200

debian-edu-config (2.10.65) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Depend on gnutls-bin. (Closes: #926949)

 -- Holger Levsen <holger@debian.org>  Fri, 12 Apr 2019 22:13:55 +0200

debian-edu-config (2.10.64) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * etc/ltsp/ltsp-build-client.conf: Add DIST="buster". (Closes: #926183)
    - Make sure the LTSP chroot installation works for all possible scenarios.
  * cf3/cf.finalize: Use XDG instead of desktop-profiles. (Closes: #926184)
    - Make sure desktop-profiles are disabled and use XDG as a more general
      approach. This is needed for LXQt to work without user interaction.
  * tools/gosa-sync-dns-nfs: Make tool more robust. (Closes: #926186)
    - Invalidate the nscd netgroup cache to make NFS homedir mount more robust.

 -- Holger Levsen <holger@debian.org>  Tue, 02 Apr 2019 10:54:26 +0200

debian-edu-config (2.10.63) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust sbin/debian-edu-pxeinstall. (Closes: #924927)
    - Set d-i version to 10, now that debian-installer-10-netboot is in Buster.

 -- Holger Levsen <holger@debian.org>  Thu, 21 Mar 2019 11:57:41 +0000

debian-edu-config (2.10.62) unstable; urgency=medium

  * get-ldap-ltsp-config: Fix detection of MAC address.
  * get-ldap-ltsp-config: Fix extraction of ltspConfig from LDAP.
  * update-hostname-from-ip: Always print hostname if -n is used.
  * Add myself as Uploader.

 -- Dominik George <natureshadow@debian.org>  Fri, 01 Mar 2019 12:50:01 +0100

debian-edu-config (2.10.61) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * cf3/cf.workarounds:
    - Provide Xfce screensaver for LTSP clients (workaround for bug #922718,
      fixed in experimental but unlikely to be fixed in Buster).
  * Improve LDAP server certificate check:
    - tools/create-debian-edu-certs:
      Make /etc/debian-edu/www/debian-edu-bundle.{crt,pem} downloadable.
    - debian-edu-config.fetch-ldap-cert:
      Verify the LDAP server cert using the downloaded Debian-Edu_rootCa one.
  * testsuite/{ldap-client,ldap-server,sudo,webcache,webserver}:
    - Fix scripts to match the recent configuration changes.

  [ Holger Levsen ]
  * www/index* and www/*.po: replace http://popcon.skolelinux.org with
    https://popcon.debian.org as the former is unmaintained.

 -- Holger Levsen <holger@debian.org>  Sun, 24 Feb 2019 18:28:43 +0100

debian-edu-config (2.10.60) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian-edu-config.chromium-ldapconf: Remove slapd start requirement.

 -- Holger Levsen <holger@debian.org>  Tue, 12 Feb 2019 15:00:57 +0100

debian-edu-config (2.10.59) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.fetch-ldap-cert:
    - Adjust condition now that ldap.conf isn't modified any longer.
  * etc/debian-edu/pxeinstall.conf and etc/debian-edu/pxeinstall.conf:
    - Adjust PXE installation settings; prefer amd64 i386 order over i386 amd64
      for the PXE menu, use nbd0 instead of nfs as LTSP root device value.
  * etc/ltsp/ltsp-build-client.conf:
    - Add commented option for the sources.list file.
  * cf3/cf.workarounds:
    - Remove LXQt related workaround now that bug #914345 has been fixed.

 -- Holger Levsen <holger@debian.org>  Tue, 05 Feb 2019 01:18:59 +0100

debian-edu-config (2.10.58) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve share/ltsp/plugin/ltsp-build-client/Debian-custom/032-edu-pkgs:
    - Generate list of actually installed packages intended to be purged.
    - Purge selected packages to make LTSP clients work.

  [ Holger Levsen ]
  * 032-edu-pkgs: minor refactoring.

 -- Holger Levsen <holger@debian.org>  Tue, 29 Jan 2019 15:02:50 +0100

debian-edu-config (2.10.57) unstable; urgency=medium

  * 032-edu-pkgs: fix typo.

 -- Holger Levsen <holger@debian.org>  Mon, 28 Jan 2019 02:23:45 +0100

debian-edu-config (2.10.56) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs:
    - Don't let apt-get fail in case a package isn't installed.
  * Improve share/debian-edu-config/tools/update-cert-dbs:
    - Extend the script's scope; there might be more home dirs than just home0.
    - Let the script provide more useful logging information.

  [ Holger Levsen ]
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs:
    - Merge those ten apt-get purge calls into one.

 -- Holger Levsen <holger@debian.org>  Sun, 27 Jan 2019 18:02:03 +0100

debian-edu-config (2.10.55) unstable; urgency=medium

  [ Dominik George ]
  * update-cert-dbs: Check user existence.

 -- Holger Levsen <holger@debian.org>  Tue, 15 Jan 2019 15:54:12 +0100

debian-edu-config (2.10.54) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix NTP setup for profile 'Standalone'.
    - cf3/cf.ntp: Don't disable timesyncd on standalone systems.
  * Improve the script used by the src:debian-edu autopkg test.
    - share/debian-edu-config/tools/debian-edu-bless:
      Add the '-I' parameter to let cf-agent output more information.
      Prevent the script from exiting if the last etckeeper call should fail.
      Thanks to Holger Levsen for the hint.
  * Improve menu reorder setup.
    - Move code for the Standalone profile from cf3/cf.homes to cf3/cf.finalize
      as a better place.
    - Make sure the menus are reordered in each installation scenario case.
    - Adjust cf3/promises.cf to reflect the change.
  * Rework LDAP client configuration now that nslcd preseeding is working.
    - Add share/debian-edu-config/sudo-ldap.conf file to provide the last bit
      of information for clients (besides those contained in nslcd.conf).
    - Adjust cf3/cf.ldapclient accordingly.
    - Adjust Makefile.

 -- Holger Levsen <holger@debian.org>  Wed, 09 Jan 2019 15:43:59 +0100

debian-edu-config (2.10.53) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Some amendments.
    - debian/debian-edu-config.postinst: Don't run the cert tool inside d-i; the
      installation will break because requisites are not yet ready.
    - share/debian-edu-config/tools/install-task-pkgs: Drop superfluous last
      apt call; the task-desktop package gets already installed before.
    - share/debian-edu-config/tools/improve-desktop-l10n: Fix special case en;
      thunderbird-l10n-en-gb exists, but thunderbird-l10n-en doesn't.

 -- Holger Levsen <holger@debian.org>  Mon, 31 Dec 2018 12:33:26 +0100

debian-edu-config (2.10.52) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Final step for the improved desktop localization.
    - Add share/debian-edu-config/tools/install-task-pkgs. The tool makes sure
      that a localized Debian Edu desktop based upon a vanilla Debian one is
      available. The improved localization will allow to remove all lang-*
      packages from src:debian-edu and to cleanup the desktop-* packages.
    - Adjust cfengine setup (cf3/cf.finalize): call the install-task-pkgs tool.
  * Rework LTSP client setup configuration now that official Debian ISO images
     are available and bugs have been fixed (mostly thanks to ltsp 5.18.12-1).
    - Drop no longer needed plugins (workarounds):
      + share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection
      + share/ltsp/plugins/ltsp-build-client/Debian-custom/011-http-nopipeline
      + share/ltsp/plugins/ltsp-build-client/Debian-custom/015-edu-apt-source
      + share/ltsp/plugins/ltsp-build-client/Debian-custom/095-squashfs-image
    - Adjust etc/ltsp/ltsp-build-client.conf to match ltsp 5.18.12-1 settings.
  * Adjust Makefile to reflect the changes.

  [ Holger Levsen ]
  * Bump standards version to 4.3.0, no changes needed.

 -- Holger Levsen <holger@debian.org>  Wed, 26 Dec 2018 14:18:53 +0100

debian-edu-config (2.10.51) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add components for a more flexible and improved desktop localization.
    - share/debian-edu-config/lightdm-gtk-greeter.conf:
      + Enable language chooser in the lightdm panel.
    - etc/X11/Xsession.d/55lightdm_gtk-greeter-rc:
      + Create environment variables, needed to let the chosen language take
        effect everywhere.
    - share/debian-edu-config/tools/improve-desktop-l10n:
      + Evaluate configured locales and install related localization packages.
  * Add class definition to cf3/edu.cf to be able to conditionally configure
    the lightdm-gtk-greeter.
  * Adjust Makefile and cf3/finalize to reflect the changes.

 -- Holger Levsen <holger@debian.org>  Thu, 20 Dec 2018 10:19:28 +0100

debian-edu-config (2.10.50) unstable; urgency=medium

  [ Mike Gabriel ]
  * etc/shutdown-at-night/clients-generator: Support recent output
    of ifconfig (where the MAC address comes in the second row of
    one's interface output and is prefixed by "^ether ...".

  [ Wolfgang Schweer ]
  * Generate slapd certificate the same way as all other server certificates.
    - Extend server certificate configuration to include ldap as well.
    - Drop now obsolete slapd-cert.cnf configuration file.
    - Drop tool mkslapdcert now that all server certificates are generated
      in one place.
    - Rename ldap/slapd-squeeze_debian-edu.conf -> ldap/slapd-debian-edu.conf
    - Adjust related files and tools:
      + init script debian/debian-edu-config.fetch-ldap-cert
      + cfengine configuration files cf3/cf.{ldapserver,ldapclient}
      + share/debian-edu-config/tools/{create-debian-edu-certs,update-cert-dbs}
      + debian/debian-edu-config.postinst
      + Makefile
  * cf3/edu.cf: Don't fail in case squid failed to initialize within d-i;
    update related comment.
  * Use FQDN (www.intern) as server name in Apache configuration files.
  * Remove start related parts from init scripts configuration as these are no
    longer supported (actually: since quite some time).

 -- Holger Levsen <holger@debian.org>  Thu, 13 Dec 2018 14:09:15 +0100

debian-edu-config (2.10.49) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add share/debian-edu-config/tools/copy-host-keytab:
    - Kerberos host key management made easy.
  * Add share/debian-edu-config/tools/create-user-nssdb:
    - User account certificate management upon upgrade from Stretch.
  * Add share/debian-edu-config/55xfce4-session-debian-edu:
    - This file has previously been shipped by the 'debian-edu-artwork' package.
      Moved to d-e-c because it's configuration, not artwork related.
  * Adjust cf3/cf.workarounds and Makefile to reflect the changes.
  * d/debian-edu-config.lintian-overrides:
    - Add 'uses-dpkg-database-directly' entry for etc/cron.d/debian-edu-config.
  * Fix spelling error in previous changelog entry (XFCE -> Xfce).

 -- Holger Levsen <holger@debian.org>  Thu, 29 Nov 2018 15:51:26 +0100

debian-edu-config (2.10.48) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Work around some bugs (squid, Xfce, LXQt):
    - Add cf3/cf.workarounds.
    - Add related variable definitions to cf3/edu.cf to be able to conditionally
      apply the workarounds.
    - Adjust cf3/promises.cf to reflect the changes.
    - Add share/debian-edu-config/{squid.resolvconf,edu-xfce4-panel.xml}.
    - Adjust Makefile.
  * Adjust cf3/cf.grub to show the proper plymouth theme.

 -- Holger Levsen <holger@debian.org>  Fri, 23 Nov 2018 16:03:10 +0100

debian-edu-config (2.10.47) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix debian/debian-edu-config.postinst to avoid failing upon upgrades:
    - Make wpad-proxy-update related code conditional.
    - Don't complain about non-existing wpad-proxy-update file.

 -- Holger Levsen <holger@debian.org>  Sun, 18 Nov 2018 12:48:05 +0100

debian-edu-config (2.10.46) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Workaround for mounting removable media on diskless workstations, see LDM
    bug #913774. Due to missing session registering with wtemp and utemp, media
    mounting gets denied.
    - Add share/debian-edu-config/udisks2.patch.
    - Use code in share/ltsp/init-ltsp.d/60-edu-client to apply the patch (this
      happens only on-the-fly for each session in the overlay filesystem).
  * Adjust Makefile.
  * Install task 'standard' (system utilities) inside the LTSP chroot. It should
    ensure the installation is put on top of a stock Debian system with nothing
    missing.
  * Switch back to NDB as default for the LTSP root filesystem as the
    performance in real world deployments seems to be better.
    Using NFS can be configured in /etc/ltsp/ltsp-build-client.conf; this might
    come in handy during development and testing.
  * Improve handling of Debian packages. (Closes: #913886).
    - share/debian-edu-config/squid.conf: Add settings proposed by Mike Gabriel.

 -- Holger Levsen <holger@debian.org>  Sun, 18 Nov 2018 11:45:23 +0100

debian-edu-config (2.10.45) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * sbin/debian-edu-pxeinstall:
    - Add code to enable the replacement of the stock Debian Installer logo with
      the Debian Edu one in case the graphical installer has been chosen.
    - Drop test builds related leftover cruft.
  * share/debian-edu-config/tools/debian-edu-bless:
    - Switch TESTINSTALL variable setting as test distributions are gone since
      years, but a status report might still be useful; reword related comment.
  * testsuite/doc:
    - Use secure URL for wiki.debian.org.
    - Adjust the FIXME: count code to report a proper number.
  * debian/debian-edu-config.postinst
    - Drop wpad-proxy-update (via ifup) for the main server.

 -- Holger Levsen <holger@debian.org>  Tue, 13 Nov 2018 14:26:04 +0100

debian-edu-config (2.10.44) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Rework squid configuration now that custom configuration files can be put
    into the /etc/squid/conf.d/ directory.
    - share/debian-edu-config/squid.conf:
      + Ship only Debian Edu specific options.
    - cf3/cf.squid:
      + Link the Debian Edu specific squid.conf file as additional
        configuration /etc/squid/conf.d/debian-edu.conf.
    - share/debian-edu-config/tools/squid-update-cachedir:
      + Use Debian Edu specific add-on configuration file.
      + Add additional logging statement.
    - share/debian-edu-config/tools/run-at-firstboot:
      + Adjust to use the new file location.
  *  d/debian-edu-config.lintian-overrides:
     - Add script-not-executable entries for etc/network/if-up.d/hostname and
       etc/network/if-up.d/wpad-proxy-update

 -- Holger Levsen <holger@debian.org>  Tue, 06 Nov 2018 14:43:30 +0100

debian-edu-config (2.10.43) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add etc/network/if-up.d/{hostname,wpad-proxy-update}. (Closes: #780461)
    These scripts make sure that hostname and wpad.dat changes take effect
    immediately after reboot. The existing dhclient-exit hook scripts are only
    executed in the case of DHCP lease renewals which happen in intervals of
    random length (between 600 and 900 seconds).
  * Adjust Makefile and debian/dirs to reflect the changes.
  * Adjust share/ltsp/init-ltsp.d/60-edu-client:
    - Ensure /etc/environment is set correctly on diskless workstations.
  * debian/debian-edu-config.enable-nat:
    - Adjust path to iptables binary (/sbin -> /usr/sbin). While Buster still
      ships symlinks, those are planned to be removed in Bullseye.
  * Fix incomplete sentence in previous changelog entry.

 -- Holger Levsen <holger@debian.org>  Thu, 01 Nov 2018 12:26:21 +0100

debian-edu-config (2.10.42) unstable; urgency=medium

  [ Mike Gabriel ]
  * update-chromium-homepage:
    - Don't complain about non-existing config file when attempting its removal.
    - Don't statically set http://www as homepage, use detected homepage
      instead. (Closes: #911790)
  * update-firefox-homepage:
    - Don't complain about non-existing config file when attempting its
      removal.

  [ Wolfgang Schweer ]
  * Improve cfengine configuration file management during upgrades:
    - Adjust debian/debian-edu-config.postinst to copy related files.
    - Add cf-agent related entries to debian/cron.d, but leave them commented.
  * Use NFS again (instead of NBD) to mount the LTSP client root filesystem:
    - Add share/ltsp/plugins/ltsp-build-client/Debian-custom/095-squashfs-image
      to enable setting it; see #904427 (LTSP) why this is needed.
    - Add etc/ltsp/ltsp-build-client.conf with settings for NFS.
    - Adjust sbin/debian-edu-pxeinstall and etc/debian-edu/pxeinstall.conf
      accordingly to be able to use NFS on the main network as well.
    - Rework cf3/cf.homes:
      + Write /etc/export file with profile and architecture dependent values.
      + Drop no longer needed nfs-{common,kernel-server} configuration edits.
  * Improve PXE installation setup:
    - Rework sbin/debian-edu-pxeinstall (make modular installation desktop,
      d-i download URL and installer type configurable).
    - Adjust etc/debian-edu/pxeinstall.conf accordingly.
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection:
    - Use /etc/debian_version to determine the DIST value; this is needed as a
      workaround for #911382 (LTSP).
    - Drop no longer needed code (related to mirror and proxy setup).
  * share/debian-edu-config/tools/edu-ldap-from-scratch:
    - Don't fail in case host keytab files are missing.
  * Adjust Makefile and debian/dirs to reflect the changes.

  [ Holger Levsen ]
  * update-chromium-homepage: Drop mkdir for target dir of $etcfile as its
    created via debian/dirs.
  * update-firefox-homepage: Drop mkdir for target dir of $etcfile as its
    created via debian/dirs.
  * debian/dirs: Add /etc/chromium/policies/managed.

 -- Holger Levsen <holger@debian.org>  Fri, 26 Oct 2018 17:15:13 +0200

debian-edu-config (2.10.41) unstable; urgency=medium

  [ Mike Gabriel ]
  * etc/apache2/mods-available/debian-edu-userdir.conf: Make config
    snippet more generic, let it work on all hosts on the Debian Edu
    network by default.

  [ Holger Levsen ]
  * Use the new debhelper-compat(=11) notation and drop d/compat.

 -- Holger Levsen <holger@debian.org>  Wed, 24 Oct 2018 15:50:15 +0200

debian-edu-config (2.10.40) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * ldap-tools/sitesummary2ldapdhcp: Use 'workstations' as default system type.
    Change the default type from 'netdevices' to 'workstations' to avoid a
    possible pitfall. (For hosts of type 'netdevices' Krb5 principals and a
    related keytabfile can't be created due to missing attributes.)
    Also, 'workstations' is supposed to be the wanted type in most cases.
  * share/debian-edu-config/tools/gosa-modify-host: Improve logging text.
  * share/debian-edu-config/tools/gosa-remove-host: Add logging statement.

 -- Holger Levsen <holger@debian.org>  Wed, 10 Oct 2018 18:06:10 +0100

debian-edu-config (2.10.39) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * ldap-tools/mkslapdcert: Remove obsolete (random-seed related) workaround.
  * cf3/edu.cf: Add class definition for profile 'Minimal'.
  * cf3/cf.grub: Adjust configuration for systems with profile 'Minimal'. Keep
    legacy interface names to ensure easier configuration as a gateway; don't
    run 'plymouth-set-default-theme', plymouth isn't used on a minimal system.
  * Improve scripts needed for kerberized NFS. (Closes: #649854, #649856).
    - share/debian-edu-config/tools/gosa-remove-host:
      + Make host principals and keytab file removal conditional; this is needed
        in case a system accidentally added via sitesummary2ldapdhcp is removed
        without any modification applied.
    - share/debian-edu-config/tools/gosa-modify-host:
      + Also create nfs principal for the modified host.
      + Remove leftover principals and keytab file belonging to modified host.
      + Add logging statement.

 -- Holger Levsen <holger@debian.org>  Thu, 04 Oct 2018 10:51:01 +0100

debian-edu-config (2.10.38) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/tools/run-at-firstboot:
    - Remove obsolete LTSP related workaround.
    - Drop no longer needed Squid setup related fix.
    - Replace nagios3 with icinga.
  * sbin/debian-edu-ltsp:
    - Remove obsolete workaround.
    - Adjust code now that the LTSP chroot arch matches the server arch.

 -- Holger Levsen <holger@debian.org>  Fri, 28 Sep 2018 23:37:21 +0200

debian-edu-config (2.10.37) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix squid configuration now that systemd support has been added to squid
    and /etc/default/squid isn't used anymore:
    - cf3/cf.squid: Link our configuration as /etc/squid/squid.conf, adjust
      the squid-update-cachedir call.
    - share/debian-edu-config/tools/squid-update-cachedir: Stop sourcing
      /etc/default/squid, adjust the code to be systemd compliant.
  * www/index.html.*: Use relative links whenever possible. (Closes: #906467).
  * cf3/cf.desktop-networked: Replace 'apt' with 'apt-get' in shell command.
  * Drop etc/apt/apt.conf.d/90squid:
    - The workaround is obsolete, the related bug has been fixed in 2015.
    - Adjust d/debian-edu-config.maintscript and Makefile.

 -- Holger Levsen <holger@debian.org>  Sun, 23 Sep 2018 10:41:09 +0200

debian-edu-config (2.10.36) unstable; urgency=medium

  [ Mike Gabriel ]
  * debian/{rules,gconf-defaults}: stop using dh_gconf. Simply remove gconf
    stuff entirely. (Closes: #908880).

 -- Holger Levsen <holger@debian.org>  Mon, 17 Sep 2018 16:38:46 +0200

debian-edu-config (2.10.35) unstable; urgency=medium

  [ Frans Spiesschaert ]
  * share/debian-edu-config/firefox-networked-prefs.js: adjust deprecated
    lockPref entry. lockPref will no longer be supported after version 67.

  [ Holger Levsen ]
  * Bump standards version to 4.2.1, no changes needed.
  * Remove empty line at the end of d/rules, thanks lintian.

 -- Holger Levsen <holger@debian.org>  Mon, 10 Sep 2018 12:53:55 +0200

debian-edu-config (2.10.34) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add new cfengine file cf3/cf.tftpd; the '--secure' option (tftpd-hpa) needs
     to be disabled to provide both PXE menu and LTSP. (tftpd-hpa is now used
     instead of atftpd to match the ltsp-server package recommends).
  * Adjust cf3/promises.cf to enable the tftpd configuration file.
  * Adjust Makefile to reflect cfengine changes.
  * testsuite/network: fix log message (nmap path).
  * testsuite/webserver: Drop etc/skel test; the test is obsolete, now that the
    firefox ini file is no longer generated.

  [ Holger Levsen ]
  * Bump standards version to 4.2.0, no changes needed.

 -- Holger Levsen <holger@debian.org>  Sun, 12 Aug 2018 14:57:04 +0200

debian-edu-config (2.10.33) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.postrm:
    - Fix cfengine3 related cleanup code (remove and purge cases).

 -- Holger Levsen <holger@debian.org>  Fri, 27 Jul 2018 10:57:35 +0800

debian-edu-config (2.10.32) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.postrm:
    - Move cfengine3 related cleanup code from remove to purge case.
      Thanks to Andreas Beckmann. (Closes: #904516).

 -- Holger Levsen <holger@debian.org>  Wed, 25 Jul 2018 10:01:51 +0000

debian-edu-config (2.10.31) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/control: Remove unneeded Suggests: atftpd | tftpd-hpa.
  * ltsp/init-ltsp.d/60-edu-client: Disable desktop-autoloader for thin clients.
    The desktop-autoloader needs site specific configuration (and activation);
    this code makes sure to only run it on diskless workstations.
    (Closes: #895020).

 -- Holger Levsen <holger@debian.org>  Wed, 18 Jul 2018 18:42:47 +0000

debian-edu-config (2.10.30) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Drop unused etc/samba/smb-debian-edu-client.conf file; content is wrong
    anyway. Also, tools/setup-ad-client generates a proper smb.conf on the fly.
  * d/control: Use dependency order tftp-hpa | tftp to avoid possible conflicts.

  [ Holger Levsen ]
  * Bump standards version to 4.1.5, no changes needed.

 -- Holger Levsen <holger@debian.org>  Wed, 11 Jul 2018 16:38:57 +0000

debian-edu-config (2.10.29) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Generate NetBIOS compliant hostname; this allows one to keep the hostname
    in case the MATE desktop is configured to use file sharing via Samba.
    Same applies if a roaming workstation is configured to connect to an
    active directory DC (via tools/setup-ad-client).
    Instead of e.g. 'auto-mac-11-22-33-44-55-66', now 'am-112233445566' is
    generated. (Closes: #900629).

 -- Holger Levsen <holger@debian.org>  Fri, 06 Jul 2018 12:40:08 +0000

debian-edu-config (2.10.28) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve kerberized NFS:
    - Adjust share/debian-edu-config/tools/gosa-create-host:
       + Fix code to also generate Kerberos Principals for systems of type
         netdevices.
       + Use /etc/debian-edu/host-keytabs/ as $fqdn.keytab file location.
    - Add new script share/debian-edu-config/tools/gosa-remove-host:
       + Remove principals and host keytab.
    - Add new script share/debian-edu-config/tools/gosa-modify-host:
       + This is needed to generate principals and host keytab also for hosts
         added via sitesummary2ldapdhcp.
    - ldap-bootstrap/sudo.ldif:
       + Add 'gosa-remove-host' command.
       + Add 'gosa-modify-host' command.
    - share/debian-edu-config/gosa.conf.template: Adjust postremove and
      postmodify hooks.
  * Adjust share/debian-edu-config/tools/edu-ldap-from-scratch:
     - Remove host keytab files, too.
  * Add new Cfengine configuration file cf3/cf.sshd:
     - Adjust /etc/ssh/sshd_config to allow kerberized ssh. (The ssh client
       config allows this by default.)
  * cf3/cf.finalize: Fix typo.
  * Adjust Makefile and cf3/promises.cf file.

  [ Holger Levsen ]
  * d/control: Update Vcs: headers to point to salsa.debian.org.

 -- Holger Levsen <holger@debian.org>  Wed, 30 May 2018 12:26:44 +0000

debian-edu-config (2.10.27) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/d-i/pre-pkgsel:
     - Leave network configuration to NetworkManager also on workstations.
       This should ensure that NetworkManager.wait-online.service works like
       expected. Thanks to Mike Gabriel. (Closes: #887861)
  * cf3/cf.finalize: Move shell command for networked desktops into own file
    cf3/cf.desktop-networked.
  * cf3/promises.cf: Include cf.desktop-networked at an early execution stage.
  * Prepare kerberized NFS for systems of type servers, workstations, terminals:
    - Adjust share/debian-edu-config/tools/gosa-create-host
      + Add code to generate host/$fqdn and nfs/$fqdn Kerberos Principals.
      + Add code to generate /etc/$fqdn.keytab file.
    - ldap-bootstrap/sudo.ldif: Add 'gosa-create-host' command.
    - share/debian-edu-config/gosa.conf.template: Adjust postcreate hooks.

  [ Mike Gabriel ]
  * ldap-schemas/kerberos.schema: Update from krb5-kdc-ldap 1.16-1.

 -- Holger Levsen <holger@debian.org>  Fri, 25 May 2018 17:25:18 +0000

debian-edu-config (2.10.26) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Prepare for a modular installation scenario (updated d-e-task files from
    src:debian-edu 2.10.23 needed).
    - cf3/edu.cf: Add class desktopintern.
      This class matches a stationary workstation with the meta-package
      education-desktop-other installed.
    - cf3/cf.finalize: Add shell command for class desktopintern.
      This allows one to install some packages suited only for networked
      machines in addition to those installed via the education-desktop-other
      meta-package for all workstations.
    With these changes it would be possible to uncouple services infrastructure
    setup (including LTSP) and desktop setup by removing the 'desktop=xxxx'
    kernel parameter at installation time. It would make site specific setups
    easier and would have the benefit to speed up basic test installations.

  [ Holger Levsen ]
  * Bump standards version to 4.1.4, no changes needed.

 -- Holger Levsen <holger@debian.org>  Wed, 09 May 2018 12:37:13 +0000

debian-edu-config (2.10.25) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/debian-edu-config/tools/debian-edu-bless: Use cfengine3 tool.
    Replace no longer available tool cfengine-debian-edu (cfengine2) with
    cf-agent. Thanks to debci debian-edu autopkgtest log.
  * debian/cron.d: Drop cfengine2 related (already commented) entry.
  * README: Reflect cfengine2 -> cfengine3 and KDE kiosk related changes.

  [ Holger Levsen ]
  * Depend on libproxy1-plugin-webkit instead of libproxy1-plugin-mozjs.
    Closes: #894087.

 -- Holger Levsen <holger@debian.org>  Wed, 28 Mar 2018 16:13:38 +0000

debian-edu-config (2.10.24) unstable; urgency=medium

  [ Holger Levsen ]
  * postinst: instead of testing with [ -x /usr/bin/etckeeper ] use
    "which etckeeper" and drop lintian.overrides for
    command-with-path-in-maintainer-script. Thanks lintian.

  [ Wolfgang Schweer ]
  * Cleanup share/debian-edu-config/gosa.conf.template:
    - Remove opsi and fai items; the related packages gosa-plugin-opsi and
      gosa-plugin-fai are no longer available.
  * Remove oudated doc/examples/smb-roaming-profiles-(de|en|nb|nl).conf files.
    Last release these were useful: Lenny.
  * Remove outdated winbind related configuration files and tools.
     - etc/samba/smb-winbind-debian-edu.conf
     - doc/debian-edu-winbind
     - share/debian-edu-config/tools/debian-edu-winbind
     tools/setup-ad-clients is available since a long time to replace it.
  * Remove outdated pam_mount related files, unused since ages.
     - etc/security/pam_mount-stateless-debian-edu.conf
     - etc/security/pam_mount-winbind-debian-edu.conf
  * Remove etc/samba/smbaddclient.pl from git.
    (Unused and not shipped since ages).
  * Adjust Makefile to reflect the cleanup changes.

 -- Holger Levsen <holger@debian.org>  Thu, 22 Mar 2018 16:37:28 +0000

debian-edu-config (2.10.23) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Drop non-functional KDE configuration framework. (Closes: #777039).
    - Remove etc/desktop-profiles/debian-edu-config.listing
      and share/debian-edu/*.
    - Adjust various files to reflect the KDE framework related changes.
      + Makefile
      + debian/debian-edu-config.lintian-overrides
      + debian/debian-edu-config.maintscript
      + debian/debian-edu-config.postinst
      + debian/debian-edu-config.postrm
      + debian/dirs
  * sbin/debian-edu-fsautoresizetab:
    - Raise value for the /usr partition.
    - Add entries for /opt and /var/log partitions.
  * debian/po/pl.po:
    - Fix PO file, thanks i18n.d.o; the translation appears to have been done
      using an outdated POT file (see commit ab6322ed).
  * share/ltsp/init-ltsp.d/60-edu-client: Fix typo.

 -- Holger Levsen <holger@debian.org>  Thu, 15 Feb 2018 17:11:13 +0000

debian-edu-config (2.10.22) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Replace smbldap-tools fork with customized ldapscripts. (Closes: #718865).
    - Drop etc/samba/smbldap-machineadd-gosa (very old smbldap-tools fork).
    - Replace depends on smbldap-tools with one on ldapscripts.
    - Add share/debian-edu-config/debian-edu.addmachine.template and
      share/debian-edu-config/debian-edu.ldapscripts.passwd; the last one is
      modified and both are copied to /etc/ldapscripts at LDAP setup time.
    - Add cf3/cf.ldapscripts to customize ldapaddmachine.
    - Adjust cf3/promises.cf to include cf.ldapscripts.
  * Use share/debian-edu-config/gosa.conf.template (Closes: #848347).
    - Ship the gosa.conf template explicitly as such and copy the modified file
      at LDAP setup time to /etc/gosa to don't confuse users upon upgrades.
  * Avoid to show users non-functional GOsa² action buttons.
    - gosa.conf.template: Set enableSnapshots="false" and copyPaste="false".
  * Adjust ldap-tools/ldap-debian-edu-install.
    - Add code to set generated password for gosa.conf.template and ldapscripts.
    - Update comments; cleanup whitespace.
  * Add tool to set up LDAP from scratch (useful for tests and upgrades).
    - Add share/debian-edu-config/tools/edu-ldap-from-scratch
    - Add share/debian-edu-config/passwords_stub.dat
  * Adjust d/debian-edu-config.(postinst|postrm|lintian-overrides) and Makefile.

 -- Holger Levsen <holger@debian.org>  Sat, 10 Feb 2018 10:36:23 +0000

debian-edu-config (2.10.21) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Use LTSP server architecture for LTSP chroot by default (no amd64 specials).
    - Don't hardcode 'i386' in DHCPD configuration (filename, rootpath).
      + Replace i386 with $LTSPARCH in ldap-bootstrap/gosa-server.ldif.
    - Replace $LTSPARCH with actual arch during LDAP setup.
      + Adjust ldap-tools/ldap-debian-edu-install. (Closes: #888626).
    - Adjust various related files to use the new LTSP chroot default:
      + sbin/debian-edu-pxeinstall and etc/debian-edu/pxeinstall.conf
      + share/debian-edu-config/tools/ltsp-addfirmware
      + share/debian-edu-config/tools/subnet-change
      + share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection
      + testsuite/ldap-client
  * Cleanup no longer needed code and files from LTSP client build environment.
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/015-edu-apt-source:
      + Don't use /var/lib/apt/lists/ internals. (Closes: #874770).
        LTSP doesn't use COPY_SOURCES_LIST by default anymore (for more details
        see #874775); also, the dropped code was needed in case of 'amd64/i386'.
      + Drop obsolete 'local' component in sources.list.
      + Drop gpg verification workaround.
      + Don't append sources.list from server to avoid duplicate entries.
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/
      + Remove 010-set-resolver, 025-bootprompt-opts, 045-remove-udev-net-rules,
        050-nbdquery and 095-umount-error.
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs:
      + Remove runlevel related code. (Closes: #872151).
    - share/ltsp/init-ltsp.d/60-edu-client:
      + Adjust to cope with services previously managed using 032-edu-pkgs.
  * testsuite/:
    - Drop unused (and nowadays useless) keyboard-console script.
    - Adjust cups, webcache and webserver scripts to be compliant with HTTPS.

  [ Holger Levsen ]
  * Bump to debhelper compat level 11.

 -- Holger Levsen <holger@debian.org>  Mon, 05 Feb 2018 12:03:56 +0000

debian-edu-config (2.10.20) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Reorganize Firefox and Thunderbird configuration:
    - Instead of shipping the related directories in /etc/skel, create these
      at the time a user account is created (for both first and regular user).
      + Ship the previously generated 'profiles.ini' file as
        share/debian-edu-config/profiles.ini and copy it on account creation.
      + Adjust cf3/cf.firefox-esr and remove the now unneeded config file
        cf3/cf.thunderbird.
      + Adjust ldap-tools/ldap-debian-edu-install as well as
        share/debian-edu-config/tools/gosa-create.
  * Avoid shipping /etc/skel/.pki/nssdb, needed for Chromium, Konqueror et al.
    - Move creation and permission adjustment for ~.pki/nssdb to the respective
       user account generation scripts.
    - Remove the now unneeded config file cf3/cf.pki.
  * Stop shipping etc/skel/.local/share/
    - This seems to be unneeded since almost 5 years; see closed bug #655243.
  * Adjust various files to reflect the changes.
    - debian/dirs, cf3/promises.cf, debian/debian-edu-config.maintscript,
      debian/debian-edu-config.lintian-overrides and Makefile.
  * Makefile: Fix man page installation related typo that caused a bogus file
    to be shipped in addition since a long time. (Closes: #887990)
  * Add removal code for the bogus file to debian/debian-edu-config.postinst
    and adjust debian/debian-edu-config.lintian-overrides.
  * Avoid to use the ltsp-arch-debian-edu binary.
    - cf3/edu.cf: Drop unused variable 'ltsp_arch'.
    - testsuite/ltsp: Extend LTSP chroot installation check to work with both
      amd64 and i386 archs.
  * Drop editing nonexistent file '/etc/default/grub' for class 'ltspclient'.

  [ Holger Levsen ]
  * Build manpage for debian-edu-fsautoautorresize, ldap-createuser-krb5,
    ldap-add-user-to-group and ldap-add-host-to-netgroup using help2man.
  * Add help2man and libfilesys-df-perl to build-depends-indep.
  * ldap-tools/ldap-add-host-to-netgroup and ./ldap-add-user-to-group: modify
    help output to match help2man's expectations.
  * debian/changelog: fix trailing whitespaces.
  * debian/control, thanks lintian:
    - remove duplicate depends on lsb-base.
    - Vcs-Git: use more secure URL.
  * Drop bin/ltsp-arch-debian-edu and replace its last usage
    debian-edu-config.postinst with $(dpkg --print-architecture).

 -- Holger Levsen <holger@debian.org>  Mon, 29 Jan 2018 00:58:12 +0100

debian-edu-config (2.10.19) unstable; urgency=medium

  [ Holger Levsen ]
  * Bump package version to 2.10.19, to mark this as the 19th upload of
    src:debian-edu-config in the Debian 10 (Buster) development cycle.

  [ Wolfgang Schweer ]
  * Adjust cfengine3 related code in debian/debian-edu-config.postrm:
    - Add additional condition for the generated file.
    - Move code block from purge) to remove) to avoid a purge order related
      conflict. (Closes: #887726)
  * Avoid to show error messages on LTSP client boot.
    - share/ltsp/init-ltsp.d/60-edu-client: Fix condition to work in all cases.
  * Adjust PXE menu generation to handle also the case for 64-Bit-PC.
    - Replace hardcoded i386 arch with 'ltsparch' variable with i386 default.
    - Add code to discover a diskless workstation LTSP chroot installation.
    - Add configuration file /etc/debian-edu/pxeinstall.conf with examples.

 -- Holger Levsen <holger@debian.org>  Tue, 23 Jan 2018 13:46:38 +0000

debian-edu-config (1.947) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.postrm: Also remove a generated cfengine3 config
    file. Thanks to Holger Levsen. (Closes: #887726).
  * Amend wording in two previous changelog entries.
  * Fix typo debian-debian-edu-config.postinst (cfengine log file removal).

  [ Mike Gabriel ]
  * debian-edu-config/tools/gosa-*: White-space cleanups.

  [ Holger Levsen ]
  * Add lintian overrides for package-contains-file-in-etc-skel as we do this
    since more than a decade.

 -- Holger Levsen <holger@debian.org>  Sun, 21 Jan 2018 17:29:19 +0000

debian-edu-config (1.946) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add Depends on e2fsprogs. Thanks to Helmut Grohne. (Closes: #887195).
  * Improve Cfengine3 behaviour in case of upgrades:
    - cf3/edu.cf:
      Add classes 'di' and 'squidcache'.
    - cf3/cf.ldapserver:
      Use class 'di' to avoid running LDAP setup upon upgrades.
    - cf3/cf.squid:
      Use class 'squidcache' to run 'dpkg-reconfigure' only if needed.
    - Add cfengine3 setup code to debian-edu-config.postinst.
  * Adjust debian/debian-edu-config.lintian-overrides.

  [ Holger Levsen ]
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: don't try
    to remove consolekit and openvpn as they aren't installed anymore.
    (Closes: #872152)

 -- Holger Levsen <holger@debian.org>  Thu, 18 Jan 2018 10:49:39 +0000

debian-edu-config (1.945) unstable; urgency=medium

  [ Mike Gabriel ]
  * etc/gosa/gosa.conf: Properly single-quote '%dn' in password hook scripts.
    This fixes failing password syncs / locks / unlocks if user DNs have
    blanks in the DN string. (Closes: #886749).
  * etc/gosa/gosa.conf: Support pwreset plugin and schoolmanager plugin by
    default.

  [ Wolfgang Schweer ]
  * Properly remove cfengine2 related files upon upgrades.
    - Drop conffile remove statements from debian/debian-edu-config.maintscript
      (wildcards don't make sense).
    - Add removal code to debian/debian-edu-config.postinst.
  * Use apache2-maintscript-helper for apache2 mod debian-edu-userdir in
    debian/debian-edu-config.postinst, avoiding two lintian warnings.
  * Adjust debian/debian-edu-config.lintian-overrides.

 -- Holger Levsen <holger@debian.org>  Sat, 13 Jan 2018 02:36:47 +0100

debian-edu-config (1.944) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Move from Cfengine2 to Cfengine3. (Closes: #883468).
    - Rewrite configuration files for the Cfengine3 setup. While at it: drop
      no longer needed modifications and configuration files.
    - Add a tool to setup Cfengine3; this is called when the Debian Installer
      runs (and also when an LTSP chroot is set up).
    - Drop Cfengine2 related configuration files and tools.
  * Adjust TLS related configuration issues found during testing.
    - Exclude *.dat files from http -> https rewriting.
    - Add wpad and wpad.intern as valid names for the server certificate.
    - Remove share/man/man8/snakeoil-on-ice.8 manpage.
  * Rewrite/adjust several scripts to work after the TLS/Cfengine changes.
    - Rewrite wpad extract tool to be independent from KDE related files.
      Now 'pactester' (package libpacparser1) is used instead of 'proxy'.
    - Adjust various testsuite scripts.
  * Depends: Replace cfengine2 with cfengine3 and libproxy-tools with
    libpacparser1.
  * Adjust d/debian-edu-config.(maintscript|manpages|postrm|lintian-overrides)
    and Makefile to reflect the changes.

  [ Holger Levsen ]
  * Bump standards version to 4.1.3, no changes needed.
  * Stop recommending ddccontrol as it's not used by testsuite/hardware since
    1.927 released in May last year.

 -- Holger Levsen <holger@debian.org>  Sun, 07 Jan 2018 16:59:59 +0000

debian-edu-config (1.943) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust LTSP related configuration and scripts to work with ltsp 5.5.10:
    - Replace /var/cache/ltsp with /run/ltsp in share/ltsp/get-ldap-ltsp-config
      because lts.conf is now generated in /run/ltsp.
    - Calling 'hostname -f' in share/ltsp/get-ldap-ltsp-config doesn't work at
      the time the script runs; use 'update-hostname-from-ip' instead to
      generate the hostname.
    - Add new lts.conf variable TIMESERVER to ldap-bootstrap/ltsp.ldif; using
      TIMESERVER=ntp will allow one to drop ntp.conf modification for class
      'ltspclient' during installation. Drop 'NBD_SWAP=Y' because LTSP cares
      for it already depending on the client's amount of RAM.
    - Replace ugly workaround 'share/ltsp/init-ltsp.d/70-edu-client-core' with
      'share/ltsp/init-ltsp.d/09-edu-ldap-config' to fetch configuration stored
      in LDAP.
  * share/ltsp/init-ltsp.d:
    - Drop superfluous shebang lines from all code snippets and ship them as
      data files.
  * ldap-tools/ldap-debian-edu-install:
    - Make sure smbd service isn't running before the initial setup is done;
      otherwise 'ldap admin dn' is missing and Samba fails to work.
  * Adjust Makefile and debian/debian-edu-config.postinst to reflect the
    changes.
  * lintian-overrides:
    - Correct linenumber for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper in postinst.

 -- Holger Levsen <holger@debian.org>  Mon, 01 Jan 2018 16:19:17 +0000

debian-edu-config (1.942) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Avoid possible mime type error for the internal Spanish web page.
    - Move www/index.html.es -> www/index.html.es_ES, adjust content.
    - Adjust all other related files in the www directory.
    - Drop now obsoleted workarounds from the Apache configuration files
      etc/apache2/sites-available/debian-edu-default.conf and
      etc/apache2/sites-available/debian-edu-ssl-default.conf.
    - Adjust Makefile.
    - Add conditional remove statements to d/debian-edu-config.postinst.
  * Re-enable sitesummary uploads via HTTP-POST.
    - etc/apache2/sites-available/debian-edu-default.conf:
      Move http -> https rewrite directives; now these are restricted
      to the web pages directory (and this way excluding the cgi one).
  * lintian-overrides:
    - Correct linenumber for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper in postinst.
  * etc/apache2/sites-available/debian-edu-ssl-default.conf:
    - Fix munin alias directory.

  [ Holger Levsen ]
  * Drop dbus-1/system.d/hal-debian-edu.conf, as Wheezy was the last Debian
    version including hal, so since Jessie this file was without any effect.
    (See #839124 for more information.)
  * debian/control:
    - Add "Rules-Requires-Root: no" to support building as non-root.
      (I've also confirmed that the build output is bit by bit identical with
      and without this.)

 -- Holger Levsen <holger@debian.org>  Tue, 19 Dec 2017 14:20:18 +0000

debian-edu-config (1.941) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Improve TLS related scripts; configure mail also for the first user:
    - share/debian-edu-config/tools/create-debian-edu-certs:
      + On a plain main server xrdp isn't installed by default, so
        only add xrdp conditionally to the 'ssl-cert' group.
    - share/debian-edu-config/tools/update-cert-dbs:
      + Drop output to standard out, add home directory location to logging
        information.
    - share/debian-edu-config/tools/run-at-firstboot:
      + Send an email to the first user to avoid a Dovecot pitfall. Unlike
        other users, this account is set up at installation time when Exim
        isn't yet able to look up user information in LDAP.
  * Close some bugs (which were really closed in 1.940), now that TLS is
    working like expected:
    - CUPS IPP URL (Closes: #655282).
    - Users' public HTML pages (Closes: #725844).
    - Homepage URL (Closes: #845306, #845307).

 -- Holger Levsen <holger@debian.org>  Thu, 14 Dec 2017 11:38:49 +0000

debian-edu-config (1.940) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Use trusted SSL/TLS secured connections in the internal network. Create a
    Debian Edu rootCA certificate and a signed certificate that can be used for
    Apache, Cups, Exim, Dovecot and Xrdp. Firefox ESR, Chromium, Konqueror and
    Thunderbird will be configured accordingly so that users will no longer be
    bothered with certificate issues.
    - Add 'share/debian-edu-config/tools/create-debian-edu-certs'
      along with the configuration files for the rootCA certificate:
      + share/debian-edu-config/sslCA.cnf
      + share/debian-edu-config/v3CA.cnf
      and the server certificate:
      + share/debian-edu-config/ssl.cnf
      +	share/debian-edu-config/v3.cnf
    - Add 'share/debian-edu-config/tools/update-cert-dbs', a tool allowing
      to create/update nssdb files in the users' home directories (old style
      dbm ones for Firefox/Thunderbird and newer sql ones for Chromium,
      Konqueror and maybe other applications).
    - Add empty directories to /etc/skel as required places for the nssdb
      files in the users' home directories (via debian/dirs):
      + etc/skel/.pki/nssdb
      + etc/skel/.thunderbird/debian-edu.default
    - Add cfengine configuration files to configure the skeleton directories:
      + cf/cf.pki
      + cf/cf.thunderbird
    - Add cfengine configuration file to set xrdp certificate links:
      + cf/cf.xrdp
    - Adjust related cfengine configuration files:
      + cf/cf.apache2
      + cf/cf.chromium
      + cf/cf.cups
      + cf/cf.exim
      + cf/cf.firefox-esr
      + cf/cf.imap
      + cf/cf.ldapserver
      + cf/cfengine.conf
    - Adjust related configuration files resp. tools:
      + etc/apache2/sites-available/debian-edu-ssl-default.conf
      + etc/exim4/exim-ldap-server-v4.conf
      + share/debian-edu-config/tools/update-firefox-homepage
      + share/debian-edu-config/tools/update-chromium-homepage
    - Remove no longer needed tools:
      + share/debian-edu-config/tools/exim4-create-cert
      + sbin/snakeoil-on-ice (now that cert_override.txt is obsolete)
    - Remove /etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt
      upon upgrades.
    - Make sure user accounts created using GOsa² get the nssdb files:
      + Adjust the 'share/debian-edu-config/tools/gosa-create' tool.
    - Make sure the special first user account is generated with trusted
      certificates configured:
      + Adjust the 'ldap-tools/ldap-debian-edu-install' script.
    - Adjust debian/debian-edu-config.postinst and Makefile.
  * Use https for all internal web resources and links to wiki.debian.org.
    - etc/apache2/sites-available/debian-edu-default.conf:
      + Add http -> https rewrite directives.
    - www:
      + Replace http with https (index.html.* files).
      + Run 'make all' to generate index.pot and *.po files.
      + Apply trivial unfuzzy to *.po files.
      + Rename nb.po -> no_NB.po and index.html.nb -> index.html.no_NB as
        the .nb extension now seems to be the mime type for Mathematica
        Notebook files and as such the file is downloaded (Firefox, Chromium)
        or shown as plain text (Konqueror).
      + Replace pt_BR with pt-BR in pt_BR.po (html language name tag).
      + Adjust Makefile accordingly.
      + Run 'make all' again to generate index files.
    - Adjust Makefile to reflect the changes.
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs:
    - Don't disable /etc/cron.d/debian-edu-config as this breaks the
      execution of 'debian-edu-update-netblock' on diskless workstations.
      Thanks to Mike Gabriel for spotting the bug.

  [ Holger Levsen ]
  * Bump standards version to 4.1.2, no changes needed.
  * lintian-overrides:
    - Correct linenumber for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper in postinst.

 -- Holger Levsen <holger@debian.org>  Sun, 03 Dec 2017 00:07:45 +0000

debian-edu-config (1.939) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * debian/debian-edu-config.postinst: Fix typo causing a syntax error.

  [ Holger Levsen ]
  * debian/debian-edu-config.postinst: Fix typo causing a logic error.
  * lintian-overrides:
    - Correct linenumber for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper in postinst.

 -- Holger Levsen <holger@debian.org>  Mon, 27 Nov 2017 11:51:54 +0000

debian-edu-config (1.938) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust IMAP SSL/TLS configuration now that dovecot uses snakeoil certs.
    Keeping the existing setup breaks default openssl-snakeoil certs, so
    - remove share/debian-edu-config/tools/debian-edu-dovecot-create-cert,
    - remove script call from cf/cf.imap,
    - reflect changes in Makefile and d/debian-edu-config.postinst.
  * Improve ldap server SSL/TLS connection security.
    - etc/ldap/ssl/slapd-cert.cnf: generate 2048 instead of 1024 bit key.
    - ldap-tools/mkslapdcert: use sha256 instead of sha1 algorithm.
  * d/control: depend on libnss3-tools.

 -- Holger Levsen <holger@debian.org>  Sat, 25 Nov 2017 13:27:52 +0000

debian-edu-config (1.937) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Enable Chromium homepage setting at installation time and via LDAP.
    - Add cf/cf.chromium (cfengine).
    - Add debian/debian-edu-config.chromium-ldapconf (init script).
    - Add share/debian-edu-config/tools/update-chromium-homepage (used by
      both cfengine and the init script).
    - Adjust Makefile and debian/rules.

  [ Holger Levsen ]
  * lintian-overrides:
    - Correct linenumber for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper in postinst.

 -- Holger Levsen <holger@debian.org>  Fri, 27 Oct 2017 12:09:21 +0200

debian-edu-config (1.936) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Re-enable partial offline installation (combi server, LTSP chroot for
    only thin clients via kernel param 'edu-skip-ltsp-make-client'):
    - 015-edu-apt-source: fix apt-get options to be able to use a repo of
      type 'file://'. As 'media/cdrom/' in the LTSP chroot is treated as
      such a repo, add 'acquire::check-valid-until=0' to APT_GET_OPTS;
      otherwise installation fails because the Release file is expired.
  * Re-enable offline installation of a combi server including diskless
    workstation support:
    - 032-edu-pkgs: Move all diskless workstation installation parts to
      the finalization stage of LTSP chroot installation.

  [ Holger Levsen ]
  * lintian-overrides:
    - Correct linenumber for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper in postinst.
  * Replace dependency on (removed transitional package) host with one on
    bind9-host.
  * Make dependencies on education-tasks and smbldap-tools unversioned, as the
    required versions were already part of oldstable (e-t) and oldoldstable.
  * Drop Breaks: and Replaces: on ldap2zone (<< 0.2-8~) and sitesummary
    (<< 0.1.26) as those are pre-stable versions and we don't support upgrades
    skipping a release.

 -- Holger Levsen <holger@debian.org>  Fri, 20 Oct 2017 13:23:07 +0200

debian-edu-config (1.935) unstable; urgency=medium

  * postinst:
    - Only try to remove asound.conf if it exists.
    - Drop code needed for upgrades from oldoldstable to oldstable, as we
      don't support skipping an upgrade, we can drop this legacy code now.

 -- Holger Levsen <holger@debian.org>  Sat, 07 Oct 2017 17:18:22 +0200

debian-edu-config (1.934) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Drop /etc/asound.conf as Pulseaudio cares for ALSA at least since Jessie.

 -- Holger Levsen <holger@debian.org>  Thu, 05 Oct 2017 22:41:16 +0200

debian-edu-config (1.933) unstable; urgency=medium

  * Bump Standards-Version to 4.1.1, no changes needed.
  * lintian-overrides:
    - Correct linenumber for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper in postinst.

 -- Holger Levsen <holger@debian.org>  Sun, 01 Oct 2017 17:36:44 +0200

debian-edu-config (1.932) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * cf/cf.homes: Set 755 permissions for /skole. This is needed if
    manual partitioning of type 'atomic' is used. (Closes: #742100)

  [ Holger Levsen ]
  * lintian-overrides:
    - Add "remove-of-unknown-diversion usr/bin/gtick" as we did introduce this
      diversion.
    - Correct linenumbers for "command-with-path-in-maintainer-script" for
      /usr/bin/etckeeper.
  * Bump Standards-Version to 4.1.0, no changes needed.
  * Bump debian/compat to 10 and build-depend on debhelper >= 10.2.5~.
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: Don't try
    to remove xfs which was last present in Wheezy. (See #872152)

 -- Holger Levsen <holger@debian.org>  Fri, 15 Sep 2017 16:08:11 +0200

debian-edu-config (1.931) unstable; urgency=medium

  [ Mike Gabriel ]
  * Chromium: Pre-configure Chromium Webbrowser system-wide
    to auto-detect the http proxy settings via WPAD (plus
    locking the proxy settings dialog for users). (Closes: #858338).

  [ Holger Levsen ]
  * Drop pre-depends on initscript and use /bin/hostname in
    share/debian-edu-config/d-i/pre-pkgsel instead. Thanks to Michael Biebl
    for the bug report and patch! (Closes: #866587)
  * Bump Standards-Version to 4.0.1, change priority from extra to optional.
  * Drop /usr/share/debian-edu-config/tools/debian-edu-ltsp-audiodivert
    because gtick (metronome) was the only program that still needed it due
    to the OSS use; now oss-compat takes care of this. Also remove the line
    containing ESPEAKER in /etc/desktop-profiles/debian-edu-config.listing.
    (Closes: #870874)
  * Drop share/debian-edu/thin-client/share/config/kcmartsrc as it's only use
    was configuration for esound.
  * debian-edu-config/tools/debian-edu-bless: fetch packages from Buster
    instead of Stretch.
  * Drop share/ltsp/plugins/ltsp-build-client/Debian-custom/080-eatmydata as
    it is obsolete since LTSP version 5.5.4-1 and should have been removed for
    Stretch already.
  * cf/cf.apt: replace all occurrances of stretch with buster.
  * Drop share/debian-edu-config/tools/migrate-squid-to-squid3 and drop
   (commented out) reference in cf/cf.squid as squid is back since Stretch.
  * testsuite/cups: drop now useless reference to Jessie in comment.
  * Drop share/debian-edu-config/tools/ldap-migrate-squeeze-wheezy.
  * Drop sbin/debian-edu-nscd-netgroup-cache as it's obsolete since Stretch. See
    #791562.

 -- Mike Gabriel <sunweaver@debian.org>  Mon, 21 Aug 2017 14:29:58 -0400

debian-edu-config (1.930) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust Samba configuration. (Closes: #864663).
    - Add 'server max protocol = NT1' to be able to join recent clients.
  * Fix configuration of personal web pages. (Closes: #866228).
    - Set right order of linking in cf/cf.apache2.
    - Add conditional code to d/d-e-c.postinst to fix the wrong configuration
      generated via the cfengine run during main server installation
      (introduced in version 1.926).

 -- Holger Levsen <holger@debian.org>  Sun, 23 Jul 2017 17:04:34 +0200

debian-edu-config (1.929) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix exim4 environment configuration. (Closes: #863657).
    - The cfengine exim4-create-environment shellscript is executed too
      early, the Kerberos SMTP keytab isn't yet available. Use the fifth
      pass of the cfengine run to be on the safe side.

 -- Holger Levsen <holger@debian.org>  Wed, 31 May 2017 21:21:14 +0200

debian-edu-config (1.928) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix Makefile, include exim4 tools. (Closes: #863176).
    - Add share/debian-edu-config/tools/exim4-create-cert.
    - Add share/debian-edu-config/tools/exim4-create-environment.

 -- Holger Levsen <holger@debian.org>  Wed, 24 May 2017 15:04:36 +0200

debian-edu-config (1.927) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix broken exim4 configuration, enable security. (Closes: #862652).
    - Add usr/share/debian-edu-config/tools/exim4-create-cert.
    - Add usr/share/debian-edu-config/tools/exim4-create-environment.
    - Adjust cf/cf.exim to use both scripts.
    - Adjust etc/exim4/exim-ldap-server-v4.conf.
      + Make it work after the exim4 security fix for CVE-2016-1531.
      + Improve security: create certificate to enable TLS, re-enable
        identity check via Kerberos; now only system mail to postmaster
        is enabled unconditionally; see #794602.
  * Fix typo in testsuite/network to use the correct LTSP-Server profile name.
  * Drop ddcprobe and ddccontrol related code from testsuite/hardware.
    - ddcprobe is part of the package xresprobe, not available in stretch.
    - ddccontrol belongs to package ddccontrol (monitor database unmaintained
      since > 10 years) which isn't installed by default.

 -- Holger Levsen <holger@debian.org>  Mon, 15 May 2017 18:15:45 +0200

debian-edu-config (1.926) unstable; urgency=medium

  [ Holger Levsen ]
  * etc/firefox-esr/debian-edu.js: set mailto handler to thunderbird instead
    of icedove.

  [ Wolfgang Schweer ]
  * Remove userdir.load symlink from d/debian-edu-config.links, use cf/cf.apache
    to provide it. Thanks to Andreas Beckmann. (Closes: #859809)
  * Fix typo in testsuite/taskpkgs to use the correct profile name.

 -- Holger Levsen <holger@debian.org>  Thu, 27 Apr 2017 19:23:11 +0200

debian-edu-config (1.925) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust sbin/update-hostname-from-ip to work with changed ifconfig output.
    (Closes: #859405)

 -- Holger Levsen <holger@debian.org>  Mon, 03 Apr 2017 20:01:19 +0200

debian-edu-config (1.924) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Use debian-edu-config.maintscript to remove obsolete conffiles.
  * debian/debian-edu-config.postinst: Remove unneeded code.
    Thanks to Andreas Beckmann for the hints. (Closes: #856682)

 -- Holger Levsen <holger@debian.org>  Sun, 05 Mar 2017 17:30:00 +0100

debian-edu-config (1.923) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust Debian-custom/001-ltsp-settings to enable LTSP installation
    in case the usbstick ISO image is used. (Closes: #854203).

  [ Holger Levsen ]
  * Switch to native source format 3.0, to easily avoid including .git into
    the source package.

 -- Holger Levsen <holger@debian.org>  Fri, 17 Feb 2017 17:37:41 +0100

debian-edu-config (1.922) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust web pages to match the Icinga2 -> Icinga change.

  [ Holger Levsen ]
  * Adjust testsuite to match the Icinga2 -> Icinga change.

 -- Holger Levsen <holger@debian.org>  Tue, 17 Jan 2017 21:49:18 +0100

debian-edu-config (1.921) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Fix apache userdir configuration:
    - cf/apache2.cf: replace userdir with debian-edu-userdir.
    - Adjust debian-edu-userdir.conf to work with apache 2.4.

 -- Holger Levsen <holger@debian.org>  Fri, 13 Jan 2017 13:27:47 +0100

debian-edu-config (1.920) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * sbin/update-hostname-from-ip: Adjust to fit new output of ifconfig.
  * cf/cf.homes: Adjust akonadi configuration file location. Thanks Petter.
  * Remove workarounds from Debian-custom/001-ltsp-settings as #839154 and
    #840667 have been fixed in ltsp-server 5.5.9-1.
  * ldap-tools/sitesummary2ldapdhcp: Apply patch from Petter Reinholdtsen
    to make the script work with old and new output of ifconfig.
    (Closes: #846847).
  * Add breaks to sitesummary (<< 0.1.26), thanks Petter.
  * sbin/debian-edu-pxeinstall: Use new location for the link to the PXE
    background image, adjust vertical position of menu entries.

 -- Holger Levsen <holger@debian.org>  Sun, 18 Dec 2016 00:09:13 +0100

debian-edu-config (1.919) unstable; urgency=medium

  * Make changes needed for renaming the thin-client-server profile to
    ltsp-server-profile (see #588510).
    Some occurrences of Thin-Client-Server are still left in the code to
    support upgrades of systems installed before Stretch.

 -- Holger Levsen <holger@debian.org>  Sat, 03 Dec 2016 16:05:19 +0100

debian-edu-config (1.918) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Use deb.debian.org instead of httpredir.debian.org as mirror redirector,
    now that deb.debian.org is the default for debootstrap; adjusted files:
    - cf/cf.apt
    - sbin/debian-edu-ltsp
    - sbin/debian-edu-pxeinstall

 -- Holger Levsen <holger@debian.org>  Mon, 14 Nov 2016 12:10:39 +0100

debian-edu-config (1.917) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Rename testsuite/xfree86 -> testsuite/xorg and adjust code to match Xorg.
  * Add squid fix to share/debian-edu-config/tools/run-at-firstboot.
  * sbin/debian-edu-pxeinstall: Adjust path / filename for PXE background image.
  * Remove trailing dots for subnet(00|01).intern zone setup and files.
    - Adjust ldap-bootstrap/gosa-server.ldif
    - Rename etc/bind/db.subnet00.intern. -> etc/bind/db.subnet00.intern
    - Rename etc/bind/db.subnet01.intern. -> etc/bind/db.subnet01.intern
    - Adjust etc/bind/named.conf.ldap2zone
    These changes will allow consistent innetgr() usage also in subnets.

 -- Holger Levsen <holger@debian.org>  Thu, 03 Nov 2016 13:29:23 +0100

debian-edu-config (1.916) unstable; urgency=medium

  [ Holger Levsen ]
  * cf.grub: configure plymouth on all installations except servers and LTSP
    clients to show a nice bootsplash. (Closes: #582571)

  [ Wolfgang Schweer ]
  * Fix cf/cf.grub:
    - Use two editfiles sections to avoid syntax error.
    - Replace non existent group 'ltsp-client' with 'ltspclient'.
    - Adjust kernel command line settings to match groups correctly.
    - Use absolute path name for plymouth command as this is required.

  [ Holger Levsen ]
  * cf/cf.grub: use three editfiles sections to make sure roaming and
    standalone get plymouth splash but no legacy device names. Thanks to
    Wolfgang for yet another patch!

 -- Holger Levsen <holger@debian.org>  Sat, 22 Oct 2016 10:32:12 +0200

debian-edu-config (1.915) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * sbin/debian-edu-pxeinstall: Add instructions how to fetch daily d-i
    netboot images to ease testing during development.
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/001-ltsp-settings:
    Add workarounds for LTSP bugs #839154 and #840667 so that the chroot
    installation can succeed.

 -- Holger Levsen <holger@debian.org>  Mon, 17 Oct 2016 14:34:12 +0200

debian-edu-config (1.914) unstable; urgency=medium

  * Add depends to lsb-base (>= 3.0-6), thanks lintian.

 -- Holger Levsen <holger@debian.org>  Mon, 10 Oct 2016 21:09:30 +0200

debian-edu-config (1.913) unstable; urgency=medium

  [ Holger Levsen ]
  * Drop debian-edu-hwsetup, we are going to use isenkram-cli instead.
    (See #839724)
  * Add .gitignore file to be able to ignore .nobackup.

  [ Wolfgang Schweer ]
  * Fix some tools now that debian-edu-current-codename has been dropped.
    Replace 'debian-edu-current-codename' with 'lsb_release -sc'in:
    - sbin/debian-edu-ltsp
    - sbin/debian-edu-pxeinstall
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection
    - testsuite/doc
    Drop share/ltsp/plugins/ltsp-build-client/Debian-custom/000-default-dist
    as it would be redundant after the same replacement.
  * share/ltsp/plugins/ltsp-build-client/Debian-custom/002-default-apt-keyring
    isn't compatible with the latest LTSP release and isn't needed any more,
    now that the debian-edu-archive-keyring package is gone; so it can be
    dropped.
  * Adjust Makefile.
  * Set d-i version to 9 in sbin/debian-edu-pxeinstall so that the daily d-i
    images are fetched.

 -- Holger Levsen <holger@debian.org>  Tue, 04 Oct 2016 16:21:38 +0200

debian-edu-config (1.912) unstable; urgency=medium

  * Translation updates:
    - Catalan, thanks to René Mérou.
  * Move ldap-tools/ldappasswd2 to share/debian-edu-config/tools/ so it ends
    up in /usr/share/debian-edu-config/tools/ and not in /usr/bin/.

 -- Holger Levsen <holger@debian.org>  Mon, 19 Sep 2016 02:00:28 +0200

debian-edu-config (1.911) unstable; urgency=medium

  * Update line number in debian/debian-edu-config.lintian-overrides.
  * Remove unused (and outdated) files etc/ldap/slapd-debian-edu.conf
    and etc/ldap/slapd-lenny_debian-edu.conf and add code in postinst
    to remove the now obsolete conffiles. (Thanks to Wolfgang Schweer.)
  * Drop bin/debian-edu-current-codename workaround which was only used by
    auto-addfirmware which was replaced by isenkram-autoinstall-firmware in
    debian-edu-config 1.810.

 -- Holger Levsen <holger@debian.org>  Sun, 11 Sep 2016 15:02:07 +0200

debian-edu-config (1.910) unstable; urgency=medium

  * Stop using our own apt archive on ftp.skolelinux.org, see #836375:
    - sbin/debian-edu-pxeinstall: remove workaround for Wheezy and stop
      configuring our old archive for PXE installs.
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/000-arch-detection:
      don't configure our old repo.
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs: don't
      install the old keyring package.
    - share/debian-edu-config/tools/debian-edu-bless: stop using the old
      repo.
    - cf/cfengine.conf: test whether internet is reachable using
      ftp.debian.org.

 -- Holger Levsen <holger@debian.org>  Sat, 03 Sep 2016 16:24:51 +0200

debian-edu-config (1.909) unstable; urgency=medium

  [ Frans Spiesschaert ]
  * Fix some typos in smb-roaming-profiles-en.conf.
  * Add new file doc/examples/smb-roaming-profiles-nl.conf.

  [ Holger Levsen ]
  * Makefile: include doc/examples/smb-roaming-profiles-nl.conf.

  [ Wolfgang Schweer ]
  * Replace 'systemctl' with 'service' in ldap-tools/ldap-debian-edu-install.
    At least for some daemons (like slapd and bind9) the start/stop calls
    using systemctl don't work any longer inside the Debian-Installer target.
  * ldap-bootstrap/sudo.ldif: Replace tjener with tjener.intern cause sudoHost
    now needs the FQDN as value for sudo-ldap to work.
  * Fix testsuite/samba to actually report success if 'net time' is working.
  * Adjust testsuite/pxeinstall now that atftpd isn't available and tftpd-hpa
    is used.
  * cf/cf.ltsp: Move tftpd related code to debian.server|ltspserver just in
    case a pure main server is used for installations via PXE.
  * cf/cf.squid: Reconfigure squid. This is needed if squid has already been
    started using the default configuration; a cache dir isn't used in this
    case, storage uses memory. The reconfiguration initializes the cache_dir.
  * Adjust cf/cf.apache2: Restarting apache2 is needed after enabling cgi.
  * Adjust www/index.html.en to reflect the replacement of nagios3 with
    icinga2-classicui.
  * Update files below /www after running 'make'.
  * testsuite: Drop nagios test, add one for icinga2.

  [ Translation updates for index.html ]
  * German (and all other languages) by Wolfgang Schweer.

 -- Holger Levsen <holger@debian.org>  Sat, 27 Aug 2016 12:30:53 +0200

debian-edu-config (1.908) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust share/config/kickoffrc to match the changed locations and / or
    names of KDE desktop files (systemsettings and Dolphin).
  * etc/samba/smb-debian-edu.conf: fix typo, thanks to Victory.
  * debian/debian-edu-config.postinst:
    - Add condition for removal of /etc/insserv/overrides/kdm.

 -- Holger Levsen <holger@debian.org>  Thu, 18 Aug 2016 13:02:16 +0200

debian-edu-config (1.907) unstable; urgency=medium

  [ Holger Levsen ]
  * testsuite/hardware and debian/control: remove code depending on removed
    xresprobe package.
  * Move debian-edu-ltsp-audiodivert, which is only used by our maintainer
    scripts, from /usr/bin to /usr/share/debian-edu-config/tools/.
  * Remove Andreas B. Mundt from uploaders - thanks for all your work, Andi!
  * Remove Alexander Alemayhu from uploaders - thank you too, Alexander!

  [ Wolfgang Schweer ]
  * Adjust ldap-tools/ldap-debian-edu-install now that /var/lib/maildirs
    has been removed from the binary package.
  * Add package initscripts to Pre-Depends, as share/d-e-c/d-i/pre-pkgsel
    relies on /etc/init.d/hostname.sh.
  * kdm isn't available anymore; remove or adjust related files.
    Removed files:
    - cf/cf.kdm, etc/insserv/overrides/kdm, testsuite/kdm.
    Adjusted files:
    - cf/cfengine.conf,
    - debian/debian-edu-config.postinst,
    - sbin/debian-edu-restart-services,
    - share/ltsp/init-ltsp.d/60-edu-client,
    - share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs,
    - README,
    - Makefile.

  [ Translation updates ]
  * Czech by Miroslav Kure. (Closes: #833597)
  * Italian by Claudio Carboncini.

 -- Holger Levsen <holger@debian.org>  Mon, 15 Aug 2016 15:26:34 +0200

debian-edu-config (1.906) unstable; urgency=medium

  [ Mike Gabriel ]
  * Iceweasel -> Firefox transition: system-wide, non-configurable browser
    defaults now go into /usr/share/firefox-esr/browser/defaults/, not
    /usr/share/firefox/defaults/.
  * Rename cf.firefox to cf.firefox-esr and make sure it operated on
   /etc/firefox-esr.
  * firefox-networked-prefs.js: Fix configuration folder in comment.
  * sbin/snake-on-ice: Rename /etc/firefox to /etc/firefox-esr. Only
    declare OVERRIDE_FILE once and then use it accordingly (instead
    of hard-coding /etc/firefox(-esr) several times. Use more quotes.
  * debian/dirs: We ship /etc/firefox-esr, not /etc/firefox.
  * kickoffrc: Use firefox-esr.desktop, rather than firefox.desktop.
  * testsuite/ltsp and testsuite/webserver: Check presence of
    cert_override.txt in /etc/firefox-esr/, rather than /etc/firefox/.

  [ Wolfgang Schweer ]
  * Adopt Makefile for firefox-esr.
  * Add code to cleanup iceweasel and firefox-esr related conffiles in
    postinst and preinst scripts.
  * Adjust testsuite/ltsp and testsuite/webserver as
    /etc/firefox-esr/cert_override.txt is no longer useful.
  * Adjust sbin/snakeoil-on-ice as only the /etc/skel location on the main
    server seems to be useful for the certificate override file.
  * Move debian-edu.js -> etc/firefox-esr/debian-edu.js as this is the
    location for syspref now.

  [ Holger Levsen ]
  * Cleanup postinst, preinst and prerm scripts which pre-jessie code.
  * Remove /var/lib/maildirs from binary package and code related to it.
    (Closes: #801776)
  * Drop undocumented script debian-edu-hd-warn which is much better replaced
    with munin or other monitoring. The script was also not run from cron.
  * Move ldap-server-getcert, which is only used by one of our scripts, from
    /usr/bin to /usr/share/debian-edu-config/tools/.
  * lintian-overwrites:
    - overwrite warning about non-standard apache2 configuration name, as we
      maintain those configurations here for several Debian Edu packages.
    - overwrite warnings that debconf is not a registry as we have chosen
      those questions with care and really need them.
  * Add manpage for /usr/bin/update-ini-file.

 -- Holger Levsen <holger@debian.org>  Thu, 21 Jul 2016 10:38:55 +0200

debian-edu-config (1.905) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Replace firefox with firefox-esr to set the default browser via
    update-alternatives.
  * Make sure ethX style network interface names are used on networked
    systems upon upgrade from Jessie:
    - add cf/cf.grub.
    - adjust cf/cfengine.conf to use cf.grub.
    - adjust Makefile.

  [ Holger Levsen ]
  * Add manpage for snakeoil-on-ice.

 -- Holger Levsen <holger@debian.org>  Wed, 06 Jul 2016 13:16:50 +0200

debian-edu-config (1.904) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * cf/cf.ldapclient: don't purge libnss-mdns cause now cups needs mdns
    for automatic printer detection. (Closes: #825919)
  * dhclient-exit-hooks.d/hostname: adjust for the case of a dedicated
    LTSP server. (Closes: #783087).
  * Adjust ldap-tools/ldap-debian-edu-install to be compliant with systemd
    now that unit samba.service is masked (see #769714). (Closes: #826201).

  [ Holger Levsen ]
  * cf/cf.ldapclient:
    - remove workaround for #706434 (purging winbind) which is fixed since
      Jessie.
    - remove workaround (which was commented out and not used even in Jessie)
      modifying /etc/nslcd.conf.
  * Cleanup debian/changelog which in 1.903 was accidentally polluted by
    cherry-picking without resolving all conflicts.
  * Add debian/debian-edu-config.lintian-overrides for ignoring harmless
    warnings about files in etc/dhcp/dhclient-exit-hooks.d/ not being
    executable.
  * Override four command-with-path-in-maintainer-script warnings as the path
    is only used to test the existence of the tools and the suggested
    workaround in
    https://www.debian.org/doc/manuals/developers-reference/ \
    ch06.en.html#bpp-debian-maint-scripts is 12 times as big.
  * Drop unused files skolelinux-test-install.8 and
    skolelinux-restart-services.8 from git.
  * Mark internal templates in debian-edu-config.templates as such, thanks
    lintian.

 -- Holger Levsen <holger@debian.org>  Sat, 04 Jun 2016 01:11:32 +0200

debian-edu-config (1.903) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Add script sbin/debian-edu-nscd-netgroup-cache (workaround for #791562).
  * Remove no longer provided file cf/cf.ldap2zone from cf/cfengine.conf.

 -- Holger Levsen <holger@debian.org>  Sat, 28 May 2016 21:15:11 +0200

debian-edu-config (1.902) unstable; urgency=medium

  * debian/control:
    - add Breaks and Replaces: ldap2zone (<< 0.2-8~), thanks to
      Andreas Beckmann! (Closes: #824802)
    - remove Breaks on packages versions older than Jessie and on non-existant
      packages.
  * Drop bin/debconf-set-selections-edu workaround and use debconf's
    debconf-set-selections as both #636219 and #711693 are fixed since Jessie.
  * Drop share/debian-edu-config/tools/workaround-udev-bug-765577 as this has
    been fixed in udev in Jessie.

 -- Holger Levsen <holger@debian.org>  Fri, 20 May 2016 01:12:26 +0200

debian-edu-config (1.901) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust cf/cf.krb5client to avoid overwriting /etc/krb5.conf on the
    main server during upgrades. This way cfengine should be idempotent
    in its operation as it is expected to be. (Closes: #779642).
  * Adjust cf.squid (squid3 has been renamed to squid).
  * Adjust cf.homes to make sure that autofs doesn't run on the main server.
  * Adjust cf.dhcpserver (configuration has been split into ipv4 and ipv6).
  * cups-files-debian-edu.conf: The replacement (d-e-c 1.818) of 'lpadmin'
    with 'printer-admins' breaks cups-daemon on profile 'standalone'. It
    will break cups-daemon on upgraded networked systems as well if the new
    LDAP entry for printer-admins isn't added manually. So go back to the
    default and leave the decision about the SystemGroup to the local admin.
  * cf.ltsp:
    - Adjust setting for isc-dhcp-server.
    - Make tftpd-hpa work with multiple subdirs in tftp root dir.
  * Adjust apt-get autoremoval operation. Don't act globally to avoid
    possible loss of configuration data, use it only package related:
    - remove 'apt-get autoremove -y' from cf/cf.apt.
    - add param '--auto-remove' to all apt-get purge commands
      in cf/cf.ldapclient (Closes: #779646).
  * Fix /var/lib/dovecot removal code in postrm purge. (Closes: #820075).
  * squid3 to squid renaming:
    - replace share-/d-e-c/squid3.conf with share-/d-e-c/squid.conf.
    - adjust share-/d-e-c/tools/webcache/squid-update-cachedir.
    - adjust Makefile.
  * Move from Iceweasel to Firefox ESR:
    - rename several files containing iceweasel and also the directory
      share/iceweasel.
    - replace iceweasel with firefox in various files.
    - use '/etc/firefox-esr' as place for firefox preference files.
    - update Makefile.
  * Adjust sbin/debian-edu-pxeinstall to use NBD for LTSP clients; this
    is now the LTSP default, usage of NFS is broken atm (see #786925).
  * Add file Debian-custom/001-ltsp-settings. This fixes LTSP chroot
    installation in case that ltsp-client-builder doesn't look up another
    mirror if cdrom is still mounted.
  * Fix ldap2zone configuration, now that upstream changed the defaults and
    dropped the file /etc/default/ldap2zone; adjust Makefile.
  * PHP 7.0 transition:
    - Move php-debian-edu.ini from etc/php5/ to etc/php/.
    - Adjust cf/cf.apache2.
    - Adjust Makefile.
  * Use httpredir.debian.org instead of http.debian.net as mirror redirector.

  [ Holger Levsen ]
  * debian/control:
    - bump standards version to 3.9.8.
    - Vcs-Browser: use /git/ URL instead of /cgit/.

 -- Holger Levsen <holger@debian.org>  Thu, 19 May 2016 01:01:09 +0200

debian-edu-config (1.900) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Start on 1.900 as Debian 9 is targeted.
  * Fix XML syntax error in gosa.conf. (Closes: #820551).
  * Remove non existent packages readahead and readahead-fedora from
    apt purge list to not break LTSP chroot installation.
  * cf.squid: Remove squid-to-squid3 shell command, obsolete in stretch.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 11 Apr 2016 12:18:51 +0200

debian-edu-config (1.819) unstable; urgency=medium

  [ Petter Reinholdtsen ]
  * Translation updates:
    - Updated Brazilian Portuguese translation for debconf questions
      (Closes: #785467).  Translated by Adriano Rafael Gomes.
  * Remove workaround for bug #585966 in init.d/fetch-ldap-cert, now
    that we no longer use pdns.
  * Replace 'jessie' with 'stretch' everywhere to prepare for the
    next release.
  * Split the setup of the diskless workstation envionment in LTSP
    into three parts to get some more progress bar movement during
    installation.

  [ Mike Gabriel ]
  * Add quotes around DNs when evoking kadmin.local in gosa-create and
    gosa-create-host. (Closes: #792042).
  * WoL for Debian Edu clients: Make shutdown and wake-up procedure of
    Debian Edu clients configurable separately. (Closes: #801741).
    We now have four NIS netgroups available that allow configuration
    of wake-up and shutdown behaviour:
    - shutdown-at-night-hosts: hosts to wake-up and shutdown.
    - no-shutdown-at-night-hosts: blacklist of hosts not to wake-up nor
      to shutdown.
    - wakeup-in-the-morning-hosts: hosts to wake-up in the morning, overrides
      hostlist given via shutdown-at-night-hosts NIS netgroup, this also expects
      host blacklisting to be handled via the below NIS netgroup.
    - no-wakeup-in-the-morning-hosts: blacklist of hosts that are not
      to be woken up in the morning.
   * shutdown-at-night/client-generator: Use same NIS netgroup "namespace"
    for all shutdown-at-night NIS netgroups:
    - shutdown-at-night-hosts (unchanged)
    - shutdown-at-night-hosts-blacklist (renamed)
    - shutdown-at-night-wakeup-hosts (renamed)
    - shutdown-at-night-wakeup-hosts-blacklist (renamed)
  * Chmod a+x on all scripts in share/debian-edu-config/tools/.
  * debian-edu-fsautoresize: Always use mapper names instead of kernel names
    when detecting supported mount points. (Closes: #800651). Thanks
    to Wolfgang Schweer and Giorgio Pioda.
  * gosa-sync: Test if a given user account actually is a Kerberos account. If
    not, don't try to set the Kerberos password for this account. (Closes:
    #798435).
  * gosa-sync: Fix escaping double quotes and semicolons. (Closes: #794000).
  * Drop deprecated README.ldap file. (Closes: #621787).
  * exim4 mainserver configuration: Allow Debian Edu clients on the default
    Debian Edu network to directly send mails to the main server (by white-
    listing the 10./8 network). This fixes console mailing and system mails
    on Debian Edu clients (Closes: #794602).
  * Following Holger Levsen's suggestion about dropping
    share/debian-edu-config/tools/qemu-test-network. (Closes: #766192).
  * Remove qemu-test-network from Makefile. Fix FTBFS of d-e-c.
  * debian/debian-edu-config.postrm:
    + Remove directory /var/lib/dovecot (which we create in d-e-c.postinst),
      if empty (Closes: #722937).
  * Set configVersion="Managed-by-Debian-Edu" in gosa.conf. (Closes: #794189).
    This requires gosa (>= 2.7.4+reloaded2-1+deb8u2~) to be installed on the
    main server.
  * Add LDAP posixGroup "printer-admins" to LDAP bootstrap and make this
    group the system group in CUPS. (Closes: #793678).
  * Apache2+LDAP: Add /etc/apache2/include/debian-edu-ldapauth.inc containing
    a working include block that eases setting up LDAP authentication
    in Apache2.
  * Create shutdown-at-night-wakeup-hosts-blacklist NIS netgroup during LDAP
    bootstrap.
  * etc/gosa/gosa.conf: Typo fix in comment.
  * LDAP bootstrap: Create generic host (CNAME record for tjener) ipp.intern.
  * wpad.dat: Use DIRECT connects for URL hosts being in network 127./8 and
    for hosts being in the .local domain. (Closes: #803911).
  * GOsa: Add POSTLOCK and POSTUNLOCK hooks for GOsa password locking. These
    hook scripts (gosa-lock-user, gosa-unlock-user) take care of locking/
    unlocking the Kerberos part of user accounts. (Closes: #804207).
  * Adapt to a code injection prevention fix in GOsa (starting with Debian
    package gosa 2.7.4+reloaded2-1+deb8u2): Don't mention the sambaHashHook
    parameter in gosa.conf anymore (as hashed passwords now have to be base64
    encoded). Already existing gosa.conf files on deployed servers should drop
    the sambaHashHook from the gosa.conf file, as well, once gosa is updated to
    the above referenced GOsa version.
  * CUPS: Do hostname lookups, so https redirects are done to the FQDN of the
    CUPS server instead of to its IP address. (Closes: #805402).
  * Improve gosa-lock-user, gosa-unlock-user: When logging success/failure,
    differentiate between non-existent and non-kerberized accounts.
  * Don't create home dir and Kerberos principal for GOsa user template
    account. (Closes: #815040).
  * shutdown-at-night/clients-generator: Empty NIS netgroups for
    s-a-n-wakeup-hosts and s-a-n-wakeup-hosts-blacklists are now recognized
    as empty lists. Thus, all systems can be blocked from waking-up by placing
    an empty NIS netgroup s-a-n-wakeup-hosts into LDAP.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 28 Mar 2016 18:26:23 +0000

debian-edu-config (1.818) unstable; urgency=high

  [ Holger Levsen ]
  * testsuite/taskpkgs, kdm and network: drop tests for the Sugar profile as
    Sugar has been removed from Jessie, see #782504.

  [ Wolfgang Schweer ]
  * Remove Debian-custom/099-mount-cdrom cause this script might
    possibly conflict with ltsp-client-builder.udeb postinst.
    (Closes: #780740).
  * Add Debian-custom/080-eatmydata to enable the usage of eatmydata
    as default for all possible LTSP installation methods. Partially
    addresses #781515.
  * Add support for squid to squid3 migration:
    - Add share/debian-edu-config/tools/migrate-squid-to-squid3.
    - Adjust cf/cf.squid to run this script. (Closes: #779649).

 -- Holger Levsen <holger@debian.org>  Tue, 14 Apr 2015 19:49:34 +0200

debian-edu-config (1.817) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust sbin/debian-edu-pxeinstall to work with debian-installer-8:
    - replace 8.0 with 8 as di version number.
    - replace '--' with '---' as param delimiter. (Closes: #776763).

 -- Holger Levsen <holger@debian.org>  Tue, 03 Feb 2015 12:57:38 +0100

debian-edu-config (1.816) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * Adjust etc/X11/Xsession.d/09debian-edu-missing-home to make the
    script work with kdm now setting $HOME=/ if the user's home
    directory isn't available at login time (and before the script is
    executed). (Closes: #774392).
  * etc/ldap/slapd-squeeze_debian-edu.conf: unset 'dbnosync' to avoid
    possible data loss. (Closes: #774610).

 -- Holger Levsen <holger@debian.org>  Tue, 06 Jan 2015 00:36:14 +0100

debian-edu-config (1.815) unstable; urgency=medium

  [ Debconf translation updates ]
  * Spanish by Manuel "Venturi" Porras Peralta (Closes: #772143)

  [ Wolfgang Schweer ]
  * Configure dovecot-core SSL support:
    - cf/imap: Add shellcommand to create dovecot SSL certificate.
    - share/debian-edu-config/tools:  Add a script named
      debian-edu-dovecot-create-cert which does what the name tells
      and configures SSL support. The script is based upon code from
      debian-lan-config, thanks to Andreas B. Mundt.
      The package dovecot-core used to setup SSL support but dropped
      it recently (Closes: #772163, #772162).

 -- Holger Levsen <holger@debian.org>  Fri, 26 Dec 2014 18:41:44 +0100

debian-edu-config (1.814) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Extend grub workaround to automatically handle /dev/vd*, /dev/hd*
    and /dev/xvd* in addition to /dev/sd*, allowing virtual machines
    using virtio, Xen and the old device names to install
    automatically too (Closes: #769559).
  * Add new dhclient hook to work around bug #710490 where a race in
    autofs make it fail with slow DHCP servers (Closes: #769561).
  * In LTSP setup, allow the purging of openvpn to fail (which happen if
    it is unknown to apt), to get LTSP installation working using the
    usbstick ISO (Closes: #770312).

  [ Wolfgang Schweer ]
  * testsuite/network: cover case that udev persistent network card rules
    file isn't written at all.
  * Provide slbackup-php configuration file etc/slbackup-php/config.php.
    Without a proper configuration the backupserver default 'localhost'
    leads to errors if 'https://backup/slbackup-php' isn't called on the
    backupserver. (Previously the default was 'backup'; it was changed to
    'localhost' some time ago to make the package useable on vanilla
    Debian systems, but a config file for Debian Edu wasn't provided.)
    (Closes: #769806).
  * sbin/debian-edu-pxeinstall: add 'mirror/http/mirror' (select entry)
    from the installed system to the preseed file to avoid manual
    selection during PXE installations. (Closes: #770302).

  [ Petter Reinholdtsen ]
  * Also set mirror/http/mirror when installing from DVD/USB stick.

 -- Holger Levsen <holger@debian.org>  Tue, 02 Dec 2014 12:53:53 +0100

debian-edu-config (1.813) unstable; urgency=medium

  * Make LTSP mirror editing more robust.  Do not add corrupt APT source
    when no dist value is set and only add our local mirror if it exist.
  * Add 30 second timeout and the number of tries to 3 in debian-edu-
    bless and ltsp script 000-arch-detection, to make sure blocked
    networks do not cause the installation to hang forever.
  * Reduce the versioned dependency on education-tasks from (>= 1.808)
    to (>= 1.806), avoiding a LTSP installation problem when installing
    i386 packages with our test repository.
  * Adjust 000-arch-detection LTSP script to set http_proxy from the APT
    setup before calling wget, in case the proxy is needed to reach the
    Internet.
  * Correct check for bug #765577 (duplicate udev rules for network
    card) to also work when more than one network card is present in the
    machine.
  * Implement script to remove duplicate udev network rules, to work
    around bug #765577.  This avoid complete network failure on
    machines affected by this bug.
  * Remove unused variable RUNXSERVER from the pre-pkgsel script.
  * Tell grub in our pre-pkgsel script to use the disk device used by
    /boot, to work around bug #712907.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 24 Oct 2014 15:06:02 +0200

debian-edu-config (1.812) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Try to detect if bug #765577 cause network interfaces to get the
    wrong name in the network testsuite check.
  * Raise dependency on education-tasks to (>= 1.808), to ensure we get
    the Jessie tasks.
  * Use isenkram instead of discover to report packages to install for
    the current hardware in the hardware check in the test suite.
    Drop discover from dependencies.

  [ Holger Levsen ]
  * Drop debian-edu-config-gosa-netgroups binary package as our fork is now
    obsolete as the gosa-plugin-netgroups source package provides it.
    gosa-plugin-netgroups is depended upon in the relevant task in the
    debian-edu package.
  * Drop debian/TODO.Squeeze, the content was obsolete anyway.
  * Drop cf/cf.pdns, we switched backed to bind9. Cleanup the installed file
    in postinst too.
  * Drop classes lenny and pdns in cf/cfengine.conf and lenny in cf/cf.kdm.
  * Drop kde3 handling in cf/cf.kdm.
  * Drop code from debian-edu-config.(preinst|postinst) handling upgrades
    from lenny area packages and earlier. Kept the squeeze stuff for people
    skipping a release. (Which is still unsupported but we can still be
    helpful.)
  * Drop share/debian-edu-config/default-ltsp-client-setup which only
    consisted of a comment saying "Settings moved to
    /usr/share/ltsp/ltsp_config.d/. The content was removed for Squeeze
    on 2010-08-18, and the file should be dropped for squeeze+1."
  * Drop dependency on base-files, which is of Priority: required.
  * Drop (/etc/)insserv.conf.d/debian-edu-config which only modified pdns
    init and (/etc/)powerdns/pdns.d/pdns-debian-edu.conf. Add cleanup code in
    postinst for upgrades from previous versions.
  * Remove kde3 handling code from
    share/ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkgs.
  * Drop the following files from ldap-bootstrap: dhcp.ldif, dhcp_hosts.ldif,
    dns_arpa.ldif, dns_ranges.ldif and dns_skole.ldif. As described in
    ldap-bootstrap/README.unused-ldifs (also removed from SCM now) they have
    been unused since January 2012. (Closes: #766200)

  [ Wolfgang Schweer ]
  * sbin/debian-edu-ltsp: add '--eatmydata' to ltsp-client-builder options.

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 22 Oct 2014 22:50:57 +0200

debian-edu-config (1.811) unstable; urgency=high

  [ Wolfgang Schweer ]
  * ltsp-build-client/Debian-custom/032-edu-pkgs:
    - Purge package cups cause the package isn't needed for printing on
      thin clients and diskless workstations.
    - Purge all packages with status 'rc' by adding '--purge' to
      apt-get -y autoremove'.

  [ Petter Reinholdtsen ]
  * Adjust LTSP check in testsuite, to mount using hostname and not IP,
    now that libnss-myhostname is installed on the machines.  This fixes
    the check result on machines not yet added to DNS.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 20 Oct 2014 13:18:35 +0200

debian-edu-config (1.810) unstable; urgency=high

  [ Wolfgang Schweer ]
  * Fix LDAP dataloss if the system is powered down or rebooted by
    unsetting 'dbnosync' in slapd-debian-edu.conf.
  * share/ltsp/init-ltsp.d/60-edu-diskless-ws:
    - Use systemd tool to disable ltsp client services.
    - Disable useless cups browse service on thin clients.
    - Disable other dm services if ldm is used.
  * Rename 60-edu-diskless-ws to 60-edu-client to better match the
    script's purpose.
  * share/ltsp/init-ltsp.d/60-edu-client:
    Add more services (autofs, inetd, rpcbind, ntp, nfs-common, nscd,
    nclcd) to the remove list for thin clients.
  * ltsp-build-client/Debian-custom/032-edu-pkgs:
    - Purge package modemmanager after checking that this has no side
      effects.
    - Purge package samba to get rid of it completely (already rc).
    - Purge package consolekit as systemd-logind does the job.
  * etc/apache2/*: Adjust conf files to use new directives.

  [ Petter Reinholdtsen ]
  * Enable the auto flag in the PXE installation, to allow more settings
    to be fetched from the preseed file.
  * Add new tool package-disk-usage to list how much disk space the
    installed packages uses.
  * Adjust PXE installation arguments to put all d-i arguments before
    the -- on the kernel argument line.
  * Add partial fix for incorrect Nagios configuration, calling
    dpkg-reconfigure sitesummary after nagios3 is guaranteed to be
    installed.
  * Make sure to restart nagios during first boot after the new config
    is generated on the main server.
  * Add more logging in first boot script to know what is going on.
  * Change wpad-extract to use IP when testing, instead of
    www.debian.org which require access to the global DNS system.
  * Move our squid3.conf to the correct Makefile block to avoid
    installing it with the execute bit.  Thank you, lintian!
  * Add new web page translations (da, id, pt_BR) to the binary package.
  * Add PAM module to reject Kerberos password changes and point users
    to the Gosa web page instead to try to keep the password databases
    in sync (Closes: 704461).  Depend on libpam-python for this.
  * Correct filesystem testsuite check to warn if less then 20% is free
    on the file systems and only check the /skole/tjener/home0 and
    /skole/backup file system on the main server profile.
  * Fix typo in the nfs-server testsuite check, reporting error on all
    non-server installations.
  * Adjust exim config on the main server to be closer to the default in
    Debian, and explain why the kerberos id is checked when using SMTP.
  * Improve messages from dnsd testsuite check, making it more obvious
    that the DNS server name is hardcoded.
  * Adjust cf.squid, make sure to run squid-update-cachedir on the
    squid3 config file.
  * Drop our redundant auto-addfirmware script and use the equivalent
    isenkram-autoinstall-firmware from the isenkram-cli package instead.
  * Drop exim4 config on client machines.  The default in Debian work
    fine with the preseeding we do in debian-edu-install version 1.811.
    Break on versions before 1.811.

  [ Holger Levsen ]
  * debian/rules: Convert to dh9 style rules.
  * debian/control: use https for Alioth cgit URL.

  [ Debconf translation updates ]
  * Dutch by Frans Spiesschaert (Closes: #763639)

  [ Petter Reinholdtsen ]
  * Rewrite init-ltsp.d/60-edu-client to disable all services the same
    way, reduce duplicate code and work with sysv-rc based systems too.
  * share/ltsp/init-ltsp.d/60-edu-client:
    Add more services (anacron, avahi-daemon, bluetooth, lirc, minidlna
    and timidity) to the remove list for thin clients.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 16 Oct 2014 13:52:46 +0200

debian-edu-config (1.809) unstable; urgency=high

  * Make sure to install our default squid3 configuration for cfengine
    to find it (Closes: #763839).
  * Log an error if cfengine return failure, to make it easier to
    discover if it ever happen.
  * Adjust debian-edu-bless to only enable our local mirror if it exist,
    to fix broken debian-edu test.

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 07 Oct 2014 11:51:38 +0200

debian-edu-config (1.808) unstable; urgency=high

  * Fix typo in cf.apt breaking the installation.

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 07 Oct 2014 07:59:27 +0200

debian-edu-config (1.807) unstable; urgency=high

  [ Wolfgang Schweer ]
  * Fix domain-name settings for subnet00.intern and subnet01.intern.
    The invalid names caused ltsp clients to get a wrong /etc/resolv.conf
    generated by the ltsp init script ('search bad').
  * Adjust testsuite/timezone to accept Europe/Berlin as timezone for
    Germany.

  [ Petter Reinholdtsen ]
  * Rewrite squid configuration handling to work with squid3.
    Use our own /etc/squid3/squid-debian-edu.conf (copied from
    /usr/share/ on demand) instead of rewriting the file included in
    the squid package, to make upgrades easier and avoid a conffile
    question if the defaults change.
  * Adjust squid-update-cachedir to work with squid3.
  * Drop ftp source from our cfengine rules to update apt sources.list.
    It is more robust to only use http.
  * Run apt-get autoremove at the end of the installation to get rid of
    no longer needed dependencies.
  * Add new SMTP test to check that the SMTP server is accepting email.
    Depend on swaks to get a tool to do this.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 03 Oct 2014 16:41:43 +0200

debian-edu-config (1.806) unstable; urgency=high

  [ Wolfgang Schweer ]
  * sbin/debian-edu-pxeinstall: replace d-i version 7.0 with 8.0 to fix
    pxe installations.
  * Fix configuration file location in cfengine rule for squid; now
    located in /etc/squid3/.

  [ Petter Reinholdtsen ]
  * Extend testsuite/taskpkgs to also check that the correct desktop
    task was activated.
  * Correct cfengine rule for apache, disable default site using new
    name 000-default.conf, instead of old and now obsolete name default.
  * Move code updating resolv.conf in the LTSP chroots from the
    resolvconf update.d fragment to our tools directory, and call it on
    first boot too, to get a working resolv.conf in the LTSP chroots
    also on the combined server.
  * Add code in run-at-firstboot to commit /etc/ changes in LTSP chroots
    using etckeeper.
  * Rewrite LTSP test to use nc instead of telnet.  Telnet is not
    installed by default any more.  Depend on netcat to get a nc
    implementation.
  * Extend LTSP test to report error if no LTSP NFS mount point exist.
  * Add new test testsuite/nfs-server checking if the NFS subsystem is
    working.
  * Adjust dnsd testsuite check to not print an error if
    /var/mail/root do not yet exist.
  * Refactor ldap-client testsuite check to return an error code for
    every error, not just most of them.
  * Add Wolfgang Schweer as uploader.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 28 Sep 2014 08:25:32 +0200

debian-edu-config (1.805) unstable; urgency=high

  * Remove redundant code to divert the tasksel tests and use a common
    implementation in /usr/lib/education-tasks/edu-tasksel-setup from
    the education-tasks package instead.
  * Fix bug in debian-edu-bless failing to clean up the tasksel test
    diverts if the installation succeeds.
  * Use debian-edu-current-codename instead of lsb_release -cs in auto-
    addfirmware and testsuite/doc too.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 25 Sep 2014 23:35:31 +0200

debian-edu-config (1.804) unstable; urgency=high

  * Fix typo in d-i/finish-install, replace non-existing error function
    with the log function.
  * Change default suite for debian-edu-bless from wheezy-test to
    jessie.
  * Update standards-version from 3.9.5 to 3.9.6.  No changes needed.
  * Remove obsolete code in postrm removing the /usr/share/pam-
    configs/krb5 divert.  It is now removed in the postinst during
    upgrades instead.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 22 Sep 2014 22:34:06 +0200

debian-edu-config (1.803) unstable; urgency=high

  [ Wolfgang Schweer ]
  * share/ltsp/init-ltsp.d/60-edu-diskless-ws:
    Stop using update-rc.d to disable the automounter if the homedir is
    mounted via sshfs as this isn't stable. Do it the way ltsp does.

  [ Petter Reinholdtsen ]
  * Adjust debian-edu-pxeinstall to sort the preseeding values, to get
    predictable ordering and avoid bogus changes reported by etckeeper.
  * Add dependency on libproxy1-plugin-networkmanager,
    libproxy1-plugin-mozjs and libproxy1-plugin-kconfig to improve how
    libproxy behaves.  Restructure dependency list to make future
    changes easier to spot in the diff.
  * Add hack to wpad-extract using KDE kioslaverc settings as global settings
    to be able to extract proxy setup from http://wpad/wpad.dat.
  * Add debian-edu-bless script to binary package, now that it is
    working well.
  * Ease debugging by showing the tasksel selected tasks in debian-edu-
    bless.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 22 Sep 2014 06:50:47 +0200

debian-edu-config (1.802) unstable; urgency=medium

  [ Wolfgang Schweer ]
  * share/ltsp/plugins/ltsp-build-client/Debian-custom:
    Remove 010-mount-sys. This is now done by ltsp Debian/010-mount-sys.
  * sbin/debian-edu-ltsp:
    Drop setting the local repo in extramirror cause it doesn't exist.
  * Fix typo in debian-edu-pxeinstall to reenable menu.

  [ Petter Reinholdtsen ]
  * Call 'apt-get autoremove -y' at the end of setup-roaming, to remove
    the packages we no longer need.
  * Fix fatal typo in setup-roaming trying to chown the wrong file.
  * Extend testsuite/pxeinstall to also look for syslinux/ldlinux.c32 on
    the tftp server, to verify that the syslinux modules are available
    via tftp.

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 17 Sep 2014 07:57:55 +0200

debian-edu-config (1.801) unstable; urgency=high

  [ Wolfgang Schweer ]
  * Drop local repo entry for jessie in cf/cf.apt.

  [ Jürgen Leibner ]
  * Add check if the filesystems on the mountpoints support acls in the
    testsuite filesystem.

  [ Petter Reinholdtsen ]
  * Change from aptitude to apt-get in setup-roaming, to make sure we
    only depend on one such tool.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 14 Sep 2014 23:50:12 +0200

debian-edu-config (1.800) unstable; urgency=high

  [ Petter Reinholdtsen ]
  * Start on 1.800 as we are targeting Debian 8.
  * Improve log messages from run-at-firstboot, to make it clearer what
    is going on.
  * Add signal trapping in run-at-firstboot script to log an error:
    string if it terminates unexpectedly.
  * Fix a few typos in comments in
    ltsp-build-client/Debian-custom/032-edu-pkgs.
  * Fix typo in debian-edu-ltsp script, breaking when --arch is used.
  * Add new testsuite check to check if /skole/tjener/home0
    /skole/backup file systems have the acl and user_xattr options
    enabled, to see if bug #638822 is present or not.

  [ Wolfgang Schweer ]
  * Replace wheezy with jessie in cf/cf.apt.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 14 Sep 2014 16:53:38 +0200

debian-edu-config (1.727) unstable; urgency=high

  * Remove apt-get-update-files-download script from source package.
    Its purpose is better handled by unattended-upgrades, and it is not
    included in the binary package.
  * Add cfengine rule to enable apache module cgi and configuration
    sitesummary.conf on the server.  Workaround for bug #760084.
  * Improve the text of the email sent by the test suite.
  * Update setup-roaming, adjust nsswitch.conf file generated to be
    closer to the one installed by Debian by default.  Use compat
    instead of files for passwd, group and shadow, add gshadow and
    switch sssd for the sudoers database.  Drop unused
    append_if_missing() function.
  * Made setup-roaming a bit more robust and the comments more clear.
  * Add autofs to set of handled sssd services in generated
    configuration.
  * Correct service name for squid in squid-update-cachedir, now called
    squid3.
  * Reinsert diverted /usr/share/pam-configs/krb5 and drop our override
    file now that bug #656309 is fixed.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 11 Sep 2014 20:30:31 +0200

debian-edu-config (1.726) unstable; urgency=high

  * Correct PXE setup generated by debian-edu-pxeinstall, symlink from
    /var/lib/tftpdir/syslinux/ to /usr/lib/syslinux/modules/bios/ to
    find required pxelinux modules.
  * Extend testsuite/pxeinstall to test TFTP download of pxelinux.0 to
    check if the server is working and the required file is available.
  * Add _pgpkey-http and _pgpkey-https SRV records to allow GnuPG users to
    find keyservers automatically.  Point them to pool.sks-keyservers.net.

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 09 Sep 2014 23:52:23 +0200

debian-edu-config (1.725) unstable; urgency=high

  [ Petter Reinholdtsen ]
  * Extend testsuite/ldap-client to check if the local users are present
    in LDAP.
  * Make testsuite/timezone more predictable by sorting list of possible
    time zones.
  * Adjust testsuite/timezone to accept Europe/Oslo and Arctic/Longyearbyen
    as timezones in Norway, to match values used in Wheezy and Jessie.
  * Update new message in testsuite/nagios to include script name.

  [ Mike Gabriel ]
  * Fix wrong parameter name (loglevel -> log level) in the main server's
    Samba configuration file.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 06 Sep 2014 21:22:45 +0200

debian-edu-config (1.724) unstable; urgency=high

  * Change cups test to only expect port 631 listening on localhost.
  * Correct Roaming Workstation setup, call uuid in chroot, as it is
    missing in d-i.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 01 Sep 2014 08:56:25 +0200

debian-edu-config (1.723) unstable; urgency=high

  * Fix typo in shell test in sssd-generate-config.
  * Update auto-addfirmware from changes done in isenkram, fix bug
    #729438 also found in isenkram.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 30 Aug 2014 09:01:06 +0200

debian-edu-config (1.722) unstable; urgency=high

  [ Wolfgang Schweer ]
  * Adjust testsuite/backup to reflect the changed cron location.
  * Samba: go back to wheezy behaviour (NT4-style PDC) as opposed to
    the jessie default (AD DC) just for testing:
    - adjust /etc/samba/smb.conf.
    - adjust /usr/bin/ldap-debian-edu-install.
  * Adjust configuration files to make apache2 work.
    - /etc/apache2/sites-available/debian-edu-default.conf:
      + add 'Require all granted' to allow access to /etc/debian-edu/www/.
      + treat all options the same way (leading +/-).
    - /etc/apache2/sites-available/debian-edu-ssl-default.conf:
      + remove deprecated 'NameVirtualHost' statement.
      + treat all options the same way (leading +/-).
  * /usr/bin/ldap-debian-edu-install:
    - Use temporary smb.conf file to get SAMBASID value and make
      Samba/LDAP/Kerberos bootstrap complete.
    - Remove setting bogus sid.
    - Make failed fetching of SAMBASID fatal again.
    - Adjust error message if bootstrapping fails.
  * Fix cups issue (not listening on www:631) by adding this listen statement
    to /etc/cups/cupsd-debian-edu.conf.

  [ Petter Reinholdtsen ]
  * Mention possible cause of the failing webcache test in the error
    line.
  * Move uuid to depends from recommends where it was placed by
    mistake.

  [ Mike Gabriel ]
  * Enforce sec=sys option on NFSv4 autofs mounts from the Skolelinux client
    machines.

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 27 Aug 2014 14:30:47 +0200

debian-edu-config (1.721) unstable; urgency=high

  [ Petter Reinholdtsen ]
  * Update Standards-Version from 3.9.4 to 3.9.5.  No changes needed.
  * Updated web page translations:
    - Rename Brasilian Portuguese file from pt.po to pt_BR.po and adjust
      all translations to refer to the new name.
    - Add new Portuguese translation done by Américo Monteiro (Closes: 757532).
  * Drop unused python-support build dependency.  Depend directly on
    python instead for /etc/ltspfs/mounter.d/edu-notify.
  * Change default network configuration for Roaming Workstation to tell
    network manager to activate eth0 by default.  This is needed to get
    LDAP and Kerberos access when registering the initial user.  Depend
    on uuid to be able to generate an UUID for the eth0 configuration
    for network manager.
  * Switch Vcs-Browser URL to the cgit interface.

  [ Wolfgang Schweer ]
  * Adjust testsuite/webcache cause squid3 replaces squid.
  * Extend testsuite/samba:
    - report if 'net time' segfaults.
    - test if 'net maxrids' reports the highest RID.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 24 Aug 2014 16:35:34 +0200

debian-edu-config (1.720) unstable; urgency=high

  * Upload with urgency high to fix hanging Main Server installation.

  [ Petter Reinholdtsen ]
  * Updated Norwegian Bokmål debconf translation.  Translated by Petter
    Reinholdtsen.
  * Add Alexander Alemayhu as uploader.
  * Adjust the ldap-debian-edu-install script to stop named also when
    failing to get a Samba SID.  This avoid hanging the installer when
    unable to set up LDAP and Kerberos for the the Main Server.
  * Migrate setup to Apache 2.4 (Closes: #669762).  Rename conffiles
    /etc/apache2/conf.d/debian-edu-config-doc,
    /etc/apache2/sites-available/debian-edu-default and
    /etc/apache2/sites-available/debian-edu-ssl-default to
    /etc/apache2/conf-available/debian-edu-config-doc.conf,
    /etc/apache2/sites-available/debian-edu-default.conf and
    /etc/apache2/sites-available/debian-edu-ssl-default.conf.  Update
    Apache 2 cfengine rules to enable configuration on fresh installs.
  * Update from debhelper version 7 to 9 to get the support needed for
    the Apache 2.4 migration.
  * Extend nagios test to detect if nagsio3 is completely missing.
  * Adjust ldap-debian-edu-install to log the error when failing to get
    the samba sid.

  [ Alexander Alemayhu ]
  * debian/control:
    - Update the Vcs-* fields for the git migration.

  [ Wolfgang Schweer ]
  * Update setup instructions in ldap-debian-edu-install to enable password
    storage in secrets.tdb (new location: /var/lib/samba/private/).
  * Fix path to secrets.tdb in ldap-debian-edu-install.
  * Make failing SAMBASID fetch non-fatal in ldap-debian-edu-install.
  * Adjust testsuite/cups; the daemon is now called cups-browsed.

  [ Petter Reinholdtsen ]
  * Set samba sid to 'bogus-sid' when continuing the ldap-debian-edu-install
    script.
  * Extend testsuite/webcache to detect if the squid binary is missing.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 22 Aug 2014 18:34:53 +0200

debian-edu-config (1.719) unstable; urgency=high

  * Upload with urgency high to get rid of boot hang in testing.

  * Adjust network testsuite check to use new path to rpcinfo (Closes:
    #758190).
  * Change dhcp exit hook fetch-ldap-cert to not try to call
    init.d/fetch-ldap-cert start before the network is up during boot,
    to avoid dependency loop when using systemd (Closes: #757767).
  * Update debian-edu-fsautoresize to handle ext4 the same way it
    handle ext3, thus supporting the current file system (Closes: 742131).
  * Adjust debian-edu-pxeinstall to use new pxelinux/syslinux-common
    package structure (Closes: #758568).
  * Introduce new program debian-edu-current-codename used everywhere to
    get the current Debian codename, to avoid hardcoding the fallback
    codename in several scripts.  Update all scripts with hardcoded
    codenames to use debian-edu-current-codename.

  * Translation updates:
    - Updated German translation for debconf questions (Closes: #737297).
      Translated by Chris Leick.

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 19 Aug 2014 13:22:15 +0200

debian-edu-config (1.718) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Drop Vagrant Cascadian as uploader, on his request.
  * Add Indonesian web page translation from Kurniawan Haikal.

  [ Wolfgang Schweer ]
  * Fix sssd-create-config to write a working Kerberos config file during
    installation w/o network connection (Closes: #743383).

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 24 Apr 2014 13:53:21 +0200

debian-edu-config (1.717) unstable; urgency=low

  * Improve error message from sitesummary2ldapdhcp when serveral host
    LDAP objects have the same MAC address, to make the problem easier
    to debug.
  * Adjust sitesummary2ldapdhcp to trim trailing newline from DNS
    names generated by update-hostname-from-ip.
  * Make debian-edu-bless more robust on flaky networks, by trying
    several times to download packages while installing.
  * Document in debian-edu-bless that xfce is a desktop option.
  * Make debian-edu-bless abort if the current locale is not working,
    instead of asking ldap and autofs to use a bogus LDAP server.
  * Set SUDO_FORCE_REMOVE=yes in debian-edu-bless to allow it to
    automatically replace sudo with sudo-ldap on Raspbian and others
    like it.
  * Fix typo in ldap-migrate-squeeze-wheezy and improve error reporting.
    Add more details on migration of kerberos passwords.  Avoid trying to
    migrate OpenLDAP internal attributes that are impossible to set.
  * Drop Patrick Winnertz as uploader.  Thank you for your good work!

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 02 Mar 2014 19:23:22 +0100

debian-edu-config (1.716) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Only set owner for /var/opt/ltsp/swapfiles to the nbd user if the
    user exist.  Fixes installation problem.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 13 Sep 2013 09:25:56 +0200

debian-edu-config (1.716~svn82345) unstable; urgency=low

  [ Wolfgang Schweer ]
  * Fix nbd server setup:
    - cf/cf.ltsp: Adjust swapfile directory ownership to user and group
      nbd.
    - Add configuration snippet debian-edu.conf to nbd-server/conf.d:
      setting default swap file size 64MB, allow all clients to connect
      by omitting value for 'authfile' as wildcards like 10.0.0.0/8 don't
      seem to be allowed in such a file.
  * Remove filesize statement from nbd-server/conf.d/debian-edu.conf,
    cause the default LTSP swap file size (512MB) should be kept.

  [ Petter Reinholdtsen ]
  * Make sure to fix permission of /var/opt/ltsp/swapfiles on upgrades
    too.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 13 Sep 2013 08:05:35 +0200

debian-edu-config (1.715) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust auto-addfirmware to make the apt source file readable for
    everyone.  Nothing secret there, and apt refuse to run for
    non-root users if some source lists are unreadable.
  * Start on migration system from Squeeze to Wheezy.  New
    tool ldap-migrate-squeeze-wheezy added to source.  When it
    is more robust it should be part of the binary package.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 02 Sep 2013 18:24:58 +0200

debian-edu-config (1.714) unstable; urgency=low

  * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82279:

  [ Petter Reinholdtsen ]
  * Adjust LTSP build to mount /sys in LTSP chroot during built, to
    fix problem with oss-compat installation on some machine, where
    modprobe snd-seq calls itself recursively.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82272:

  [ Petter Reinholdtsen ]
  * Fix typo in show-welcome-webpage, and quiet down script.

  [ Holger Levsen ]
  * debian-edu-config.postrm: rm -f /etc/default/enable-nat, /etc/kderc,
    /etc/kde-user-profile and /var/lib/dovecot/auth_success.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82256:

  [ Wolfgang Schweer ]
  * Fix cf/cf.ntp to make line matching work.
  * Remove cf/cf.lwat, cause lwat is no longer installed.
  * Remove cf.lwat from Makefile and cf/cfengine.conf.
  * Update postinst to reflect the change.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82243:

  [ Wolfgang Schweer ]
  * init-ltsp.d/08-edu-hostname: fix typos.
  * init-ltsp.d/60-edu-diskless-ws:
     - set proxies by calling 'update-proxy-from-wpad' directly instead
       of using dhclient.
     - remove all internet connectivity needing ntp servers from
       /etc/ntp.conf to avoid useless lookups.

  [ Petter Reinholdtsen ]
  * Rewrite code finding the localized welcome page to handle the fact
    that $LANGCODE can contain multiple values separated by colon.
  * Rewrite code to show welcome page to show
    http://www.skolelinux.org/ if no URL is found in LDAP.
  * Move code to remove unwanted NTP servers from the NTP setup on
    LTSP clients from init-ltsp.d/60-edu-diskless-ws to cf/cf.ntp, to
    make sure it is only done once during installation and not every
    time a client boot.
  * Move code to update proxy settings in the LTSP chroot from
    init-ltsp.d/60-edu-diskless-ws to
    resolvconf/update.d/ltsp-chroots, to do it when DNS settings
    change instead of every client boot.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82232:

  [ Petter Reinholdtsen ]
  * Fix typos blocking the init-ltsp.d/08-edu-hostname from working.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82224:

  [ Petter Reinholdtsen ]
  * Make sure LTSP host name setting work properly by calling
    ltsp-init-ltsp.d/10-resolv-conf before 08-edu-hostname, thus
    allowing DNS lookups to determine host name and shave 10 seconds
    from the boot time.  Thanks to Wolfgang Schweer for discovering
    the problem.
  * Add code in postrm to remove the files /etc/default/enable-nat,
    /var/lib/dovecot/auth_success, /etc/kde-user-profile and
    /etc/kderc during purge, to remove all traces of our package.
    Thank you piuparts for discovering the issue.
  * Stop using absolute path to update-alternatives in
    /etc/apt/apt.conf.d/99-edu-prefer-iceweasel (Closes: #720575).
    Thanks to Sharon Kimble for noticing and Guillem Jover for finding
    the cause.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.714~svn82213:

  [ Wolfgang Schweer ]
  * Fix KDE proxy settings by changing ioslaverc to use
    http://wpad/wpad.dat for proxy settings (ProxyType=2) instead of
    depending on KDE to find the proxy on its own (ProxyType=3).
  * Show localized welcomepage for supported languages by checking
    www/index.html.$LANGCODE in share/tools/show-welcome-page.

  [ Petter Reinholdtsen ]
  * Make sure gosa-create ignore errors from nscd, as the calls will
    fail if nscd isn't running, and in that case we do not need to
    invalidate the caches (Closes: #720396).

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 31 Aug 2013 13:15:53 +0200

debian-edu-config (1.713) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Rewrite ldap-debian-edu-install to use 'net getdomainsid' instead of
    'net getlocalsid' to get the domain SID, based on feedback from Mike
    Gabriel.  It should give separate SIDs for tjener and the domain.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.713~svn82149:

  [ Petter Reinholdtsen ]
  * Wrap long comment lines in ldap-debian-edu-install.
  * Get samba working again by changing ldap-debian-edu-install to
    make sure the SID stored in LDAP is the SID generated by samba
    when samba is first set up with the temporary configuration.

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 20 Aug 2013 18:36:19 +0200

debian-edu-config (1.712) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Purge pam-configs settings in prerm using one call to pam-auth-
    update, as two calls ignore the first and onlyi the second call take
    effect (Closes: #678931).

  * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82071:

  [ Petter Reinholdtsen ]
  * Make debian-edu-ldapserver more robust, and make sure it fall back
    to looking in /etc/resolv.conf if dnsdomainname do not return a
    sensible value.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82056:

  [ Mike Gabriel ]
  * Fix Samba LDAP bootstrap during main-server installation. The Samba2LDAP
    connection now uses ldapi:/// during bootstrap. As a result the
    sambaDomainName=SKOLELINUX object will now be created during bootstrap
    rather than during first boot. The recently introduced
    samba-domain-policy.ldif will be kept for reference and possible later
    customizations (by site admins).

  [ Petter Reinholdtsen ]
  * Add dhclient-exit-hooks.d script fetch-ldap-cert to fetch the LDAP
    server certificate when the network is up, in case it is down on
    first boot.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82049:

  [ Wolfgang Schweer ]
  * Remove option 'only user' from etc/samba/smb-debian-edu.conf, which is
    only useful with 'security = shared'. (Setting this will prevent a user
    to connect even to his own home share using smbclient.)

  * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn82034:

  [ Petter Reinholdtsen ]
  * Disable the automatic proxy configuration on LTSP boot, as the
    default setup is already correct and not calling wpad-proxy-update
    shave 3 seconds from the boot.

  [ Mike Gabriel ]
  * Remove obsolete options from the main-server's smb(-debian-edu).conf
    file.
  * Disable the cross-home-dir access for users in Samba. (So now we
    deny that User A can access home of user B if not restricted by file
    permissions).
  * Adapt sambaHashHook in /etc/gosa/gosa.conf in a way so that it works
    for GOsa² 2.7.x. Fixes failures when trying to set the password through
    GOsa²'s change-password-dialog.
  * Set a default domain policy on LDAP bootstrap during main-server
    installation. Fixes erroneous Samba log messages that complain about
    failures in incrementing users' bad password counters.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn81960:

  [ Petter Reinholdtsen ]
  * Change smbldap-machineadd-gosa to call user_next_uid() instead of
    get_next_id(), to work with the version of smbldap-tools in
    Wheezy.  Not sure when get_next_id() disappeared, but it is
    missing in version 0.9.7-1 and was present in version 0.9.5.
    Depend on smbldap-tools (>= 0.9.7-1) to document the updated
    requirement.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.712~svn81948:

  [ Mike Gabriel ]
  * Explicitly set LDAP server hostname in D-E's
    smbldap-tools/smbldap.conf to make sure the SSL certificate
    used matches the server name of the connection.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 17 Aug 2013 17:39:55 +0200

debian-edu-config (1.711) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Remove SystemGroup block from cupsd-debian-edu.conf, as this
    option now is in cups-files.conf and modifying it in our
    cupsd.conf file have no effect (Closes: #718484).  Thanks to Mike
    Gabriel for discovering this.  Also remove all the other options
    now moved to cups-files.conf (AccessLog, DataDir, DocumentRoot,
    ErrorLog, FontPath, PageLog, Printcap, PrintcapFormat,
    RequestRoot, RemoteRoot, ServerBin, ServerRoot, ServerCertificate,
    ServerKey, User, Group and TempDir).

 -- Holger Levsen <holger@debian.org>  Tue, 06 Aug 2013 00:49:32 +0200

debian-edu-config (1.710) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Update comment in update-iceweasel-homepage to reflect the new
    realities.
  * Fix typo in sitesummary2ldapdhcp, add missing $ in front of
    variable making it impossible to run the script.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.710~svn81733:

  [ Petter Reinholdtsen ]
  * Fix typo in postinst causing installation failure.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.710~svn81731:

  [ Petter Reinholdtsen ]
  * Add new script init-ltsp.d/08-edu-hostname to adjust LTSP boot to
    set hostname based on reverse DNS or MAC address like we do for
    the other machines.
  * Fix argument parsing in get-default-homepage.
  * Rewrite update-iceweasel-homepage to work with Iceweasel in
    Wheezy, and add code in the postinst to remove the now obsolete
    divert of /usr/share/iceweasel/browserconfig.properties.
    (Closes: #717263)

  * Uploaded to the Debian Edu archive as debian-edu-config 1.710~svn81721:

  [ Petter Reinholdtsen ]
  * Rewrite /etc/shutdown-at-night/clients-generator to list hostname
    and MAC address the way wakeupclients now expect it (Closes:
    #662868).
  * Fix code avoiding several nbdswap-cleanup processes to run at
    once, making sure the script to not consider itself as a
    conflicting cleanup process (Closes: #662843).
  * Remove code in
    /etc/NetworkManager/dispatcher.d/02debian-edu-config to update
    hostname from DHCP, as it is redundant thanks to the code in
    /etc/dhcp/dhclient-exit-hooks.d/hostname called by the
    dispatcher.d script, and it was activated on roaming workstations
    where it should not update the hostname.
  * Adjust our system for setting default hostname to set a unique
    generated hostname during installation, fetched either from
    reverse DNS lookups or using the MAC address of the interface used
    by the default route.  Adjust all code setting the hostname to use
    the update-hostname-from-ip script for generating the name.

  [ Holger Levsen ]
  * debian/rules: stop calling (obsolete) dh_pysupport, we don't have any
    python modules anyway.
  * debian-edu-config.postrm+prerm: call debian-edu-ltsp-audiodivert without
    path, it's located in /usr/sbin.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 20 Jul 2013 21:20:00 +0200

debian-edu-config (1.709) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust timesone test suite check to report the locale used when
    detecting the incorrect time zone, to make it easier to
    understand its reasoning.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81506:

  [ Petter Reinholdtsen ]
  * Adjust auto-addfirmware and debian-edu-hwsetup to cope with the
    fact that apt-cache do not return an error code if a package is
    missing but listed as a virtual package.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81487:

  [ Petter Reinholdtsen ]
  * Adjust locale check in test suite to the fact that locale is no
    longer set in /etc/environment.
  * Adjust update-proxy-from-wpad to not set proxy in /etc/environment
    on Standalone and Roaming Workstation installations, as the value
    inherited to user processes from this file will get quickly out of
    date as the machine move from network to network.  Only APT setup
    will be updated on these machines when connecting to a new
    network.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81467:

  [ Petter Reinholdtsen ]
  * Add workaround to make sure machines using Network Manager also call
    the dhclient hooks, to get the correct proxy and hostname set during
    boot, as well as the clock synced using NTP when connecting to a
    network.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81459:

  [ Petter Reinholdtsen ]
  * Correct webserver test suite, only check file permissions of
    profiles.ini on the Main Server where it exist.
  * Adjust setup-ad-client and locate-syslog-collector to handle dns
    domain localdomain as no domain the same way sssd-generate-config
    do.
  * Change code to set hostname on Workstation, Thin-Client-Server and
    Minimal installations, to fall back to unique name generated from
    the MAC address, to make it possible to uniquely identify machines
    using the login screen after installation/boot.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81436:

  [ Petter Reinholdtsen ]
  * In sssd-generate-config, tread dns domain localdomain as no domain
    to look in resolv.conf for the domain to use instead.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.709~svn81434:

  [ Petter Reinholdtsen ]
  * Extend setup-roaming to also generate krb5.conf dynamically, to
    make sure kerberos work properly independent of where the client
    is located and what it is named.
  * Switch kerberos setup (/etc/krb5.conf) to be generated during
    installation using the SRV and TXT entries in DNS, to get
    krb5-auth-dialog working on diskless workstations.

 -- Holger Levsen <holger@debian.org>  Sun, 14 Jul 2013 17:07:02 +0200

debian-edu-config (1.708) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust comments in generated /etc/network/interfaces file to look
    more like the one created by d-i in Wheezy.

  [ Holger Levsen ]
  * Bump standards version to 3.9.4.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81397:

  [ Petter Reinholdtsen ]
  * Adjust network setup for Standalone and Roaming-Workstation to
    work with Network Manager in Wheezy, which ignore all interfaces
    listed in /etc/network/interfaces.
  * Reintroduce /usr/sbin/update-hostname-from-ip which was dropped in
    r73306 and r73313, to make sure machines get their hostname set
    from DNS during installation.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81383:

  [ Holger Levsen ]
  * Translation updates:
    - Swedish, thanks to Martin Bagge. (Closes: #714645)

  [ Petter Reinholdtsen ]
  * Add test suite test to detect if
    /etc/skel/.mozilla/firefox/profiles.ini have the wrong file
    permissions (600 instead of 644).
  * Correct cfengine rules creating
    /etc/skel/.mozilla/firefox/profiles.ini to make sure the file is
    given mode 644.
  * Remove cfengine code to purge network-manager on roaming
    workstations, as we now use it.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81319:

  [ Petter Reinholdtsen ]
  * Disable debug code in auto-addfirmware.
  * Adjusted auto-addfirmware to only add contrib and non-free APT
    sources if it can't find the package it want to install.
  * Fix typo in sitesummary2ldapdhcp, making it fail unless -t
    was specified.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81308:

  [ Wolfgang Schweer ]
  * ldap-tools/sitesummary2ldapdhcp:
    - Fix configuration for 'netdevices'.
    - Modify help message to fit the code after last cleanup.

  [ Petter Reinholdtsen ]
  * Remove cfengine rule to modify the mplayer.conf file, as we now
    use mplayer2 where this file no longer is included and the BTS
    report #491403 do not seem relevant for us any more.  This get rid
    of the mplayer test suite failure for some desktop types, as the
    test is no longer relevant.
  * Fix typo in cf.syslog.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81297:

  [ Petter Reinholdtsen ]
  * Update debian-edu-pxeinstall to use the new keymap boot option to
    set the default keymap.  This changed between Squeeze and Wheezy.
  * Make debian-edu-pxeinstall more robust, make sure it find the
    desktop preseeding also when doing PXE installations of the main
    server.
  * Teach debian-edu-pxeinstall to use short forms locale and keymap
    as boot parameters to make the parameter list shorter.
  * Correct cfengine setup to set files.secondpass on the second files
    pass.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81287:

  [ Wolfgang Schweer ]
  * ldap-bootstrap/root.ldif: Add entries for systems of type
    workstation, terminal and printer as these should be setup already
    during installation of the main server.
  * Try to enhance ldap-tools/sitesummary2ldapdhcp, now that more types
    for systems are available in LDAP/GOsa²:
    - Add option -t TYPE, where TYPE could be servers, workstations,
      terminals, printers. If this option is omitted, systems are added
      as netdevices by default.
    - Add code for these options to write the appropriate LDAP entries,
      set time server to tjener and activate the system if needed.

  [ Petter Reinholdtsen ]
  * Adjust cfengine setup to do a 'files' pass at the end too, to make
    sure file permissions are correct when cfengine exits.  This
    fixes the file permissions of /etc/rsyslog.d/debian-edu-client.conf.
  * Clean up ldap-tools/sitesummary2ldapdhcp a bit, avoid some code
    duplication and make sure 'ntp' is used as the DNS name for the
    local NTP server.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81240:

  [ Petter Reinholdtsen ]
  * Quiet down run-at-firstboot, avoid lots of messages from munin
    automatic configuration failures.
  * Correct rsyslog test suite check to no look for the client
    configuration on the Main Server.
  * Correct path to d-i PXE boot images used by our PXE setup when
    using the debian-installer-7.0-netboot-i386 and
    debian-installer-7.0-netboot-amd64 packages.
  * Adjust auto-addfirmware and make sure to add contrib and non-free
    when trying to install the firmware-b43-installer package on
    machines needing it.  Also make sure it check the Contents files
    for contrib and non-free looking for firmware.
  * Move code in 032-edu-pkgs removing the force-unsafe-io dpkg flag
    to after the workstation is configured, to ensure it have effect for
    most of the LTSP installation period.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81225:

  [ Wolfgang Schweer ]
  * ltsp/init-ltsp.d/60-edu-diskless-ws: Disable autofs to reenable
    login on diskless workstations when ldm is used. Drop code to fix
    nsswitch.conf, as this is already done otherwise.

  [ Petter Reinholdtsen ]
  * Make sure the setup-ad-client script is included in the package.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81203:

  [ Petter Reinholdtsen ]
  * Add d-i preseeding for netcfg/dhcp_ntp_servers in PXE setup, as
    d-i/netcfg/clock-setup do not seem to notice the ntp-server DHCP
    option passed to clients (BTS #714288), to make sure clients have
    correct clock during installation even when installing behind a
    blocking firewall.

  [ Wolfgang Schweer ]
  * Add entry to ltspConfig in LDAP to whitelist lightdm, just in case
    someone will use it with diskless workstations.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81197:

  [ Petter Reinholdtsen ]
  * Move kernel option set by debian-edu-hwsetup from /etc/grub.d/ to
    /etc/default/grub, where it actually have effect.
  * Add Xsession.d script to warn about missing home directory and
    suggest that this might be fixed by adding the host to the
    workstation-hosts NIS netgroup using GOsa².
  * Purge the plasma-widget-networkmanagement package on stationary
    clients, as the users there can't change the network setup anyway
    and all the package do is show a red warning icon on the desktop.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81185:

  [ Petter Reinholdtsen ]
  * Add i915.invert_brightness=1 hardware quirk for Acer Aspire
    V3-771G model VA70, to avoid the black screen of death.
  * Drop NFS package size settings (rsize/wsize=32768) from NFSv4
    automount rules, as the default kernel setting is ok.
  * Rewrite debian-edu-hwsetup quirk for Packard Bell EasyNote LV to
    use acpi_backlight=vendor instad of i915.invert_brightness=1, as
    this stop KDE from turning off the screen during login.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81184:

  [ Petter Reinholdtsen ]
  * Adjusted DHCP hook to set hostname, to make sure it set FQDN and
    not the short name, to make sure Kerberos know which domain to use
    to find the realm and the Kerberos server.
  * Made DHCP hook to set hostname more robust.
  * Update munin-node.conf file to the version used in Wheezy, and add
    our allow line to grant access to the main server.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81168:

  [ Petter Reinholdtsen ]
  * Remove code from debian-edu-hwsetup to install firmware packages,
    as this is also done better in auto-addfirmware.
  * Add testsuite code to report an error if
    /etc/rsyslog.d/debian-edu-client.conf only is readable by root.
  * Add cfengine rule to set file mode 644 on the rsyslog.d file.
  * Adjust DHCP hook used to set hostname based on reverse DNS lookup,
    to only set hostname if there is a name in DNS.  This avoid
    setting the hostname to '3(NXDOMAIN)'.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81154:

  [ Petter Reinholdtsen ]
  * Add dependency on lsb-release to make sure the lsb_release program
    is available when scripts try to figure out the release code name.
  * Updated debian-edu-hwsetup, rewrote PCI device detection system to
    use modalias and added quirk for Packard Bell EasyNote LV to avoid
    black screen after boot.
  * Updated auto-addfirmware to fetch from http.debian.net.
  * Call auto-addfirmware at the end of debian-edu-hwsetup, to get all
    required firmware installed during installation.
  * Rewrite auto-addfirmware to look up all firmware used by all
    loaded kernel modules instead of looking at the dmesg content, to
    make it more robust.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.708~svn81140:

  [ Petter Reinholdtsen ]
  * Make locate-syslog-collector more robust when finding DNS domain, to
    increase the chance of correct syslog setup on clients.
  * Recommend binutils for ar(1) needed by the pxe-addfirmware script.
    (Closes: #684861)
  * Update debian-edu-hwsetup, remove obsolete entries and update the
    entry for iwlwifi network cards to install firmware-iwlwifi during
    installation.
  * Add debian-edu-hwsetup workaround for b43 wifi cards, installing
    the firmware-b43-installer package.

 -- Holger Levsen <holger@debian.org>  Sat, 06 Jul 2013 18:22:38 +0200

debian-edu-config (1.707) unstable; urgency=low

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn81085:

  [ Petter Reinholdtsen ]
   * Adjust debian-edu-pxeinstall paths to be compatible with
     debian-installer-7.0-netboot-i386 and
     debian-installer-7.0-netboot-amd64.

   * Debconf translation updates:
     - add Polish, thanks to Michał Kułach. (Closes: #712723)

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80889:

  [ Petter Reinholdtsen ]
  * Teach sssd-generate-config and setup-ad-client to ignore the output
    from 'hostname -d' when it is '(null)'.  This make the scripts more
    robust.
  * Correct timezone testsuite check to look for new timezone name for
    the *_ES locale.  Need updates for the other locales too.
  * Make sure we include the new index.html.ro file in the binary
    package.

  [ Holger Levsen ]
  * Update timezone testsuite checks for all other languages based on
    /usr/share/zoneinfo on my wheezy system.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80617:

  [ Petter Reinholdtsen ]
  * Avoid hardcoded path in setup-roaming, to make it easier to move
    the scripts around.  Made setup-roaming more robust and capable of
    running outside the Debian Edu environment.
  * Made sssd-generate-config more robust, able to handle DNS lookups
    which fall back to TCP.
  * Made setup-ad-client more self contained, robust and get it
    working out of the box in an Active Directory environment, also on
    non Debian Edu machines.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80573:

  [ Holger Levsen ]
  * debian/control, Vcs* headers: Replace svn.debian.org with
    anonscm.debian.org.

  [ Petter Reinholdtsen ]
  * Move code in sssd-generate-config to detect DNS domain name into
    its own function, to make it easier to share that code with
    setup-ad-client.
  * Make setup-ad-client more automatic, flexible and robust.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80562:

  * Switch default APT source, fallback LTSP mirror and fallback PXE
    mirror from ftp.skolelinux.org, ftp.debian.org and cdn.debian.net
    to http.debian.net, to pick a nearby mirror in the most efficient
    way available today.
  * Update sssd-generate-config with the change done to sssd.conf in
    version 1.704~svn79934, and generate sssd.conf with checking og
    the TLS certificate, now that it is working as it should.
  * Make sssd-generate-config more robust, to not fail when hostname
    do not understand the -d argument.
  * New script setup-ad-client to set up a roaming workstation as a
    Active Directory client and adjust sssd-generate-config to allow
    this to work.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80551:

  * Adjust webcache testsuite check, and remove now obsolete argument
    sendt to wpad-extract.
  * Add libwebkitgtk-1.0-0 as a dependency of debian-edu-config next
    to libproxy-tools, as the webkit shared library is needed for
    libproxy to handle WPAD files.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80547:

  [ Petter Reinholdtsen ]
  * Replicate how d-i is operating, and add code in LTSP setup script
    032-edu-pkgs to run dpkg with the force-unsafe-io flag when creating
    the LTSP chroot, to try to speed up the process.
  * Adjust run-at-first-boot to call update-proxy-from-wpad on the
    Main Server, to try to get the proxy setup working.  The automatic
    proxy setup only run from dhcp, which the Main Server do not use.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.707~svn80497:

  [ Petter Reinholdtsen ]
  * Add postinst code to purge the leftover passwords from the debconf
    database when debian-edu-config is upgraded from a vulnerable
    version (Closes: #711251).

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 23 Jun 2013 23:31:16 +0200

debian-edu-config (1.706) unstable; urgency=low

  * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80452:

  [ Petter Reinholdtsen ]
  * Change our edu-krb5 pam-configs setup to not provide PAM
    support for changing the password, to ensure password
    changes need to change using Gosa (Partly fixes #704461).

  * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80414:

  [ Petter Reinholdtsen ]
  * Activate new web page translation for Romanian added by Victor
    Nițu in version 1.705.
  * Correct a few inaccurate paths in the web page translations in
    da.po, ja.po and pt.po.

  * Debconf translation updates:
   - Swedish, thanks to Anders Jonsson. (Closes: #711688)

  * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80395:

  [ Petter Reinholdtsen ]
  * Add new test case to detect and report passwords lingering in the
    debconf database (bug #711251).

  * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80374:

  [ Petter Reinholdtsen ]
  * Made sure subnet-change warn those trying to switch to one of the
    problematic subnets, while allowing them to continue by adding
    option -f.
  * Changing debconf-set-selections-edu to not set the debconf
    template default value for passwords, to avoid storing the root
    and first user passwords in templates.dat (Closes: #711251).
  * Make internal password type debconf templates translatable again,
    as making the non-translatable did not affect bug #711251.

  * Uploaded to the Debian Edu archive as debian-edu-config 1.706~svn80357:

  * Translation updates:
   - Indonesian, thanks to T. Surya Fajri. (Closes: #710293)
   - Russian, thanks to Yuri Kozlov. (Closes: #710300)
   - Japanese, thanks to <victory.deb@gmail.com>.
   - Portuguese, thanks to Américo Monteiro. (Closes: #711106)
   - Danish, thanks to Joe Dalton. (Closes: #711185)
   - French, thanks to Guilhelm Panaget.

  [ Petter Reinholdtsen ]
  * Made subnet-change complete, teach it how to update
    /etc/munin/debian-edu-munin-node.conf and /etc/hosts.allow.
  * Report the files that need a manual update at the end of the
    subnet-change script run, to make the text easier to see.
  * Make internal password type debconf templates non-translatable
    to try to work around bug #711251.

 -- Holger Levsen <holger@debian.org>  Sun, 09 Jun 2013 18:14:02 +0200

debian-edu-config (1.705) unstable; urgency=low

  [ Holger Levsen ]
  * Add #!/bin/sh headers to share/ltsp/init-ltsp.d/*.
  * Add #!/bin/sh header to etc/dhcp/dhclient-exit-hooks.d/wpad-proxy-update
    and make the scripts in that directory executable.
  * debian/debian-edu-config.templates: Make questions about KDC and LDAP
    passwords translatable.

  [ Victor Nițu ]
  * Add initial Romanian translation.

  * uploaded to the Debian Edu archive as debian-edu-config 1.705~svn80173

  [ Holger Levsen ]
  * debian/rules: add build-arch and build-indep targets.

  [ Petter Reinholdtsen ]
  * Make sssd-generate-config more robust, by looking for DNS domain in
    resolv.conf if hostname is not FQDN.
  * Rewrite ping/ping6 testsuite check to only try ping6 if IPv6
    address is available for the local hostname.

  * uploaded to the Debian Edu archive as debian-edu-config 1.705~svn80138

  [ Petter Reinholdtsen ]
  * Make debian-edu-bless more robust and make it possible to adjust
    parameters using environment variables.  Document in a comment at
    the top how to do this.
  * Adjust Iceweasel setup in debian-edu.js based on
    <URL: http://bootpolish.net/home_ltsp_ltspiceweaselhacks >:
    - Disable location-bar suggestion feature that is sludgy on
      thin-clients.
    - Tell Iceweasel to not look for upgrades.
    - Allow it to look for new extentions.
    - Use LANG environment variable to choose locale.
    - Disable default browser checking.
  * Make locate-syslog-collector and ltsp-arch-debian-edu more robust
    by always running them in the C locale.

 -- Holger Levsen <holger@debian.org>  Tue, 28 May 2013 18:47:40 +0200

debian-edu-config (1.704) unstable; urgency=low

  [ Wolfgang Schweer ]
  * Remove /etc/gosa/desktoprc, as the package gosa-desktop is now
    configured using debconf preseeding.

  [ Holger Levsen ]
  * debian/control: remove obsolete XS-DM-Upload-Allowed: field.

  [ Petter Reinholdtsen ]
  * Make debian-edu-bless more robust by trying twice to download
    packages before installing them, in case the network is flaky.
    Change its default locale from nb_NO.UTF-8 to en_US.UTF-8.
  * Adjust Iceweasel setup in debian-edu.js to also disable the
    offline disk cache, and enable memory cache with size adjusted
    according to the available memory on the machine.
  * Adjust Iceweasel setup to save X memory by setting
    MOZ_DISABLE_IMAGE_OPTIMIZE=1 for thin clients in
    /etc/Xsession.d/06debian-edu-iceweasel-ltsp during login.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn80050

  [ Petter Reinholdtsen ]
  * Adjust ldap-client testsuite check to accept the new roaming
    workstation configuration.
  * Fix typo in error reporting in the taskpkgs testsuite check, and
    add support for checking the Minimal profile there.
  * Add new tool/example bless-debian, demonstrating how to transform
    a Debian machine into a Debian Edu machine.
  * etc/sssd/sssd-debian-edu.conf: Replace krb5_kdcip with krb5_server
    based on change done to sssd-generate-config by Wolfgang Schweer.

  [ Wolfgang Schweer ]
  * Add /etc/gosa/desktoprc, needed to configure gosa-desktop with
    the right URL.

  [ Holger Levsen ]
  * Rename tools/bless-debian to debian-edu-bless.

  [ Wolfgang Schweer ]
  * Remove file pwdchange.desktop, cause there seems to be no
    simple way to integrate it into the LXDE menu -- besides
    possible problems, that might occur, if someone installs several
    desktop environments. The package gosa-desktop now provides the
    same menu entry for KDE, GNOME and LXDE.
  * Add script /etc/dhcp/dhclient-exit-hooks.d/hostname, which will
    set the client's hostname.

  [ Petter Reinholdtsen ]
  * Rewrite dhclient-exit-hooks.d/hostname to only trigger on profiles
    Workstation, Thin-Client-Server and Minimal, and to only print
    messages and syslog when the host name is changed.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn80012

  [ Petter Reinholdtsen ]
  * Add new filesystem testsuite check to report too full file
    systems, meaning file systems with less than 10% left.
  * Disable automounting on roaming workstation, that was enabled by
    mistake, as it confuses libpam-mklocaluser.  Change cfengine rule
    to not configure autofs, and change test suite to not check autofs
    on this profile.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn80003

  [ Petter Reinholdtsen ]
  * Updates for roaming workstation:
    - Fix typo in tools/setup-roaming causing nsswitch.conf update to
      fail.  Make the generated nsswitch.conf closer to the one
      generated automatically by debian packages, to make it easier to
      see which lines we have to change to get profile working.
    - Add missing automount line to nsswitch.conf to get automounting
      working.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79994

  [ Wolfgang Schweer ]
  * tools/sssd-generate-config: According to man 5 sssd-krb5, the
    option 'krb5_kdcip' is still valid, but deprecated and should
    be replaced with 'krb5_server'.  (After this change related log
    file entries would no longer be added.)

  [ Petter Reinholdtsen ]
  * Rewrite LTSP testsuite check again, this time to force IPv4 as
    IPv6 NFS mount hang at least when using localhost as the server
    name.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79965

  [ Petter Reinholdtsen ]
  * Ask apt-xapian-index to reconfigure at first boot to avoid having to
    wait a week before golearn start working.
  * Rewrite LTSP testsuite check to use 'getent hosts' instead of 'host'
    to look up the local hostname, and adjust the code to handle the
    IPv6 localhost address returned by default.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79964

  [ Petter Reinholdtsen ]
  * Improve roaming workstation setup and adjust for newer sssd.  Use
    libnss-sss for netgroup lookup and make sure libnss-myhostname is
    enabled.

  [ Wolfgang Schweer ]
  * ltsp/plugins/ltsp-build-client/Debian-custom/032-edu-pkg:
    Don't call update-locale-config in the LTSP chroot, which is no
    longer available. It belongs to the package localization-config,
    which is no longer of any use  and not installed in the chroot.
    (The LTSP chroot installation is supposed to fail, if
    update-locale-config is still called.)

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79934

  [ Petter Reinholdtsen ]
  * Switch sssd.conf to check the TLS certificate, now that it is
    working as it should.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79894

  [ Petter Reinholdtsen ]
  * Fix automount check, make sure it is skipped for Main-Server and
    Standalone profiles.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79878

  [ Petter Reinholdtsen ]
  * Make sure to call pam-auth-update before db_stop in postinst to
    avoid hanging during installation.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79873

  [ Petter Reinholdtsen ]
  * Make d-i hook to increase entropy when running low more robust
    and get it to log any error messages to syslog.  Also make sure
    it check the entropy level more often.
  * Add new testsuite test automount, to make it easier to debug
    autofs problems on clients.
  * Call pam-auth-update during installation and removal, to make
    sure PAM setup is properly handlet (Closes: #678931).

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79859

  [ Petter Reinholdtsen ]
  * Extend ldap-client testsuite check to detect if winbind or
    libpam-winbind is active.  We do not want nor need them.

  [ Wolfgang Schweer ]
  * cf/cf.ldapclient: Get rid of packages winbind, libpam-winbind, and
    libnss-winbind for all profiles (cifs-utils is kept installed).

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79805

  [ Petter Reinholdtsen ]
  * Adjust wpad-extract to only accept http and https URLs from the
    proxy tool, to avoid direct:// style URLs that are useless as values
    of http_proxy and ftp_proxy.
  * Extend the filesystems test suite check to accept ext4 as well as
    ext3 file system type.

  [ Wolfgang Schweer ]
  * ltsp/init-ltsp.d/60-edu-diskless-ws: Add 'dhclient -nw' to fix the
    proxy setting in /etc/environment, cause the proxy setting hook
    scripts expect dhclient to run.
  * sbin/debian-edu-pxeinstall: Set distribution string to wheezy to let
    pxe installations take the right udebs while doing test-installs.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79804

  [ Wolfgang Schweer ]
  * ldap-tools/ldap-debian-edu-install: update the instructions for
    bootstrapping LDAP manually.

  [ Petter Reinholdtsen ]
  * Extend network testsuite to detect if BTS report #705900 is
    present.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79734

  * Correct rdp-server testsuite check to only run on Thin Client
    Servers, not Main Servers.  I used the wrong condition originally.
  * Change finish-install for d-i to not try to submit to sitesummary
    when installing a Main-Server.  It will become its own collector
    after installation.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79733

  [ Wolfgang Schweer ]
  * gosa.conf: Change structure of content to comply with the bootstrap
    scripts. Replace erroneously contained password hashes with GOSAPWD.
    Logging into gosa should now be possible again.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79660

  * Fix RDP testsuite check to look for the correct TCP ports (3389
    and 3350), instead of some random PIDs I inserted by mistake in
    the first draft.
  * Rewrite CUPS testsuite check to use wget --no-check-certificate
    instead of HEAD, to be able to check that the HTTP server is
    working while ignoring that the SSL certificate name do not match
    the URL we use to check it.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79650

  * New testsuite test to verify that the RDP server is running
    and accepting TCP connections.
  * Correct timezone testsuite check to look for new timezone name for
    the *_BE, *_DE, *_DK and *_NO locales.  Need updates for the other
    locales too.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79644

  * Make sure LTSP change to 032-edu-pkgs regarding runlevel changes
    comment out the entire lines, not just part of the lines to
    disable.  Fixes change done by Wolfgang Schweer in version
    1.704~svn79603 and Holger Levsen in version 1.704~svn79638.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79638

  [ Wolfgang Schweer ]
  * Configure the GOsa gui stripped down to those menu items, tabs, and
    options, that seem to be useful and usable. (Closes: #655274).
    - Clean up gosa.conf for the sake of clarity. (A full version can
      be found in /usr/share/doc/gosa.)
    - Add ldif and csv import tabs to <ldiftab> in gosa.conf, as this will
      show 'temporary disabled' in GOsa² as long as the add-on isn't
      available -- and will be needed if it is.
    - Change GOsa admin acl in ldap-bootstrap/root.ldif to disable
      unusable options in Posix and Samba accounts.
    - Add sambaAccount restrictions to jradmin-role acl in
      ldap-bootstrap/gosa.ldif.
    - Change description of admin-role to document restrictions.
  * Set debug level back to '0' in gosa.conf.
  * Make diskless workstations comply with ltsp 5.4.2-6:
    - Remove 60-edu-nsswitch.conf
    - Add 60-edu-diskless-ws, to change /etc/nsswitch and enable services
      (autofs, nfs-common, nscd, nslcd) disabled by LTSP.
  * Edit Makefile to reflect the changes.

  [ Holger Levsen ]
  * ltsp-build-client/Debian-custom/032-edu-pkgs: Replace portmap with
    rpcbind.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79603

  [ Mike Gabriel ]
  * Use my @debian.org mail address in Uploaders: field.
  * Fix passwd sync in Samba. (Closes: #656296).
  * The change-over to using an aufs overlay on diskless
    workstations fixes observed failures of the udisks daemon.
    (Closes: #629054, #629055).

  [ Wolfgang Schweer ]
  * Some more steps to get both thin and fat LTSP client setup working:
    - Correct type error in debian-edu-pxe-install.
    - Remove duplicate code from 60-edu-nsswitch.
    - Comment out most lines concerning runlevels in 32-edu-pkgs, cause
      there's no need to change the runlevel defaults anymore.
      Now the default runlevel for both client types is 2, the
      init-ltsp process will start processes depending from the client
      type chosen.  (Client type: LTSP_FATCLIENT=True is set by
      default, for thin clients this has to be set to 'False' via
      kernel command line, lts.conf or LDAP entry.)
  * Changelog: Remove useless whitespace.
  * Don't edit lts.conf provided by package ltsp-server, cause now
    required changes can be set on-the-fly:
    - Remove lts.conf.dist.
    - Remove 35-default-lts-conf.
    - Edit Makefile to reflect the above changes.
    - Remove line SCREEN_07=ldm from ltsp.ldif, cause this is now done
      during the init-ltsp process.
  * 70-edu-client-core: Edit ltsp-client-core without using line dependency.
  * Enable more types to choose from when adding systems:
    - Remove restriction from acl in root.ldif to provide non locked system
      type 'server'.
    - Add GOsa object classes goNtpServer and goLdapServer for tjener entry
      in gosa-server.ldif, required if adding systems of type workstation.
    - Add description for tjener in gosa-server.ldif including a warning.
      (Though the object tjener is still locked by default, it could be set
      to 'active' and then be modified.) (Closes: #629367).
  * debian-edu-restart-services: Replace portmap with rpcbind.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79534

  [ Wolfgang Schweer ]
  * testsuite/ltsp: Replace /etc/ltsp_chroot with /etc/lts.conf to
    test if the ltsp chroot exists, as ltsp_chroot seems to have
    been dropped.
  * debian-edu-pxeinstall:
    - Change kernel command lines to reflect new ltsp init process.
    - Append ipappend 2 (syslinux) to define network boot interface.
    - Change target distribution from squeeze to wheezy.
    - Testing for diskless ws support now requires arch dependent path
      to security so files.
  * etckeeper is now located in /usr/bin instead of /usr/sbin:
    - Correct path in tools/run-at-firstboot.
    - Correct path in debian-edu-config.postinstall.
  * LTSP now uses an aufs overlay filesystem (whole rootfs), so things
    have changed considerably as it is possible to change almost all
    configuration on-the-fly:
    - Add share/ltsp/get-ldap-ltsp-config.
    - Add share/ltsp/init-ltsp.d/70-edu-client-core.  This snippet
      modifies /etc/init.d/ltsp-client-core to get config stored in
      LDAP for Debian Edu ltsp clients (thin and fat) by calling
      get-ldap-ltsp-config.
    - Add share/ltsp/init-ltsp.d/60-edu-nsswitch.  For Debian Edu
      diskless workstations: Modify priority to make KERBEROS work.
    - Remove now obsolete files:
      + share/debian-edu-config/ltsp_set_runlevel
      + share/debian-edu-config/ltsp_local_mount
      + share/ltsp/ltsp_config.d/debian-edu-config-rwbind
      + share/ltsp/ltsp_config.d/debian-edu-config-ldap
    - Comment out lines in 032-edu-pkgs concerning obsoleted files.
  * Change Makefile to reflect these changes.

  * uploaded to the Debian Edu archive as debian-edu-config 1.704~svn79463

  [ Wolfgang Schweer ]
  * ltsp-build-client (used by d-i ltsp-client-builder.udeb).
    Change configuration to fix ltsp chroot installation:
    - Preseed dictionaries-common/default-wordlist and default-ispell
      in /usr/share/ltsp/plugins/Debian-custom/032-edu-pkgs with
      values taken from the server side debconf data base.
    - Replace aptitude (in 032-edu-pkgs) by apt-get to avoid failure
      due to missing aptitude.
  * testsuite/ltsp: Use IP for NFS mount just in case only a hostname
    but not a fqdn has been set in GOsa.

 -- Holger Levsen <holger@debian.org>  Fri, 17 May 2013 20:10:30 +0200

debian-edu-config (1.703) unstable; urgency=low

  * uploaded to the Debian Edu archive as 1.703~svn79344:

  [ Wolfgang Schweer ]
  * debian-edu-ltsp:
    - Change target distribution from squeeze to wheezy.
    - Add workaround to fix ltsp chroot installation by calling
      /usr/share/debconf/fix_db.pl and dpkg --configure -a after
      ltsp-build-client if ltsp-build-client fail.

  * uploaded to the Debian Edu archive as 1.703~svn79150:

  [ Wolfgang Schweer ]
  * Drop setting "allow_weak_crypro = true" in /etc/krb5.conf. Thanks
    to Andreas B. Mundt for the hint.
  * Fix some ltsp related scripts: path of etckeeper, release name.
  * Fix dovecot setup:
    - Don't modify configfiles
    - Put Debian Edu specific settings into /etc/dovecot/local.conf
    - Add dovecot/local.conf

  [ Petter Reinholdtsen ]
  * Switch wpad-extract to use libproxy-tools instead of
    libjavascript-perl which is no longer available in Squeeze.  This
    remove the ability to override the WPAD url in
    /etc/debian-edu/config.  Patch from Mike Gabriel (Closes: #660257).

  * uploaded to the Debian Edu archive as 1.703~svn78957:

  [ Wolfgang Schweer ]
  * Add nameserver entry in main-server network interfaces file
    to get at least one nameserver entry for resolvconf.
  * Add cf.ldap2zone to cfengine config file.

  [ Petter Reinholdtsen ]
  * Insert code fixing the network setup during installation written
    by Wolfgang Schweer in debian-edu-install to the
    /usr/share/debian-edu-config/d-i/finish-install file where it
    belong.

  * uploaded to the Debian Edu archive as 1.703~svn78931:

  [ Petter Reinholdtsen ]
  * Reintroduce debian-edu-config-gosa-netgroups package and undo fix
    for BTS report #662967 using commit r77645 and the svn content of
    share/debian-edu-config/netgroups, as the package is still needed
    because the netgroup package did not make it into wheezy.

  [ Wolfgang Schweer ]
  * Add missing quote character in cf.ldap2zone
  * Remove code from d-e-c/d-i/finish-install, now obsolete due to the
    debian-edu-config-gosa-netgroups package.
  * Make Conflicts: for debian-edu-config-gosa-netgroups fit gosa version.

  * uploaded to the Debian Edu archive as 1.703~svn78902

  [ Wolfgang Schweer ]
  * Fix error in gosa.conf file.
  * Make cf.ldap2zone work.

  * uploaded to the Debian Edu archive as 1.703~svn78886:

  [ Petter Reinholdtsen ]
  * Change KDE default favorite list in kickoffrc to use Libreoffice
    instead of OpenOffice, as the latter is no longer installed in
    Wheezy.

  [ Wolfgang Schweer ]
  * cf/cf.apt: avoid double entry in sources.list
  * /etc/gosa/gosa.conf:
    - adopt for gosa 2.7.4 and make it compatible with ldap-debian-edu-install
    - make gosa-sync work on passwords (This is a workaround for #698544)
  * cf/cf.network:
    - do not restart networking, this breaks d-i
    - split into cf.bind and cf.ldap2zone
  * cf/cf.ldap2zone: fix BIND_DATA location in /etc/default/ldap2zone
  * ldap-bootstrap/gosa.ldif: add entry to make netgroup member names visible
  * Provide gosa netgroups plugin in (/usr/)share/d-e-c/netgroups and install
    it using update-gosa in target in finish-install.
  * gosa-sync: Let Kerberos policy password violations be reported in
    GOsa and prevent setting such an unsynced password in GOsa.  Script
    provided by Andreas B. Mundt (debian-lan project).
  * gosa.conf: drop postmodify entry in admin section, obsoleted by gosa-sync.

 -- Holger Levsen <holger@debian.org>  Sat, 16 Mar 2013 15:18:14 -0700

debian-edu-config (1.702) unstable; urgency=low

  [ Mike Gabriel ]
  * In gosa-create script: Invalidate libnss cache before applying chown
    on new home directories. Fixes multiple failures during mass user
    import into GOsa².
  * password-fix-squeeze-r0: allow home[0-9] as home directory.
  * Fix smbaddclient.sh, use ,,set +e'' instead of non-bash-syntax
    ,,unset -e''.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 02 Dec 2012 12:20:39 +0100

debian-edu-config (1.701) unstable; urgency=low

  * Drop start-wlan initscript, which is disabled since 2007 and has seen it's
    last development in 2005. (Closes: #602621)
  * Drop report-reboot initscript which is disabled since years and which just
    duplicates (but not matches) logchecks functionality. (Closes: #602622)
  * Update README to refer to architecture design of Squeeze at least.

 -- Holger Levsen <holger@debian.org>  Sat, 23 Jun 2012 00:52:18 +0200

debian-edu-config (1.700) unstable; urgency=medium

  * Bump version number to 1.700 to make obvious this is targeted for wheezy.
  * Drop debian-edu-config-gosa-netgroups package and make debian-edu-config
    replace it. (Closes: #662967)

 -- Holger Levsen <holger@debian.org>  Sun, 10 Jun 2012 15:37:14 +0200

debian-edu-config (1.456) squeeze-test; urgency=low

  [ Petter Reinholdtsen ]
  * Changing debconf-set-selections-edu to not set the debconf
    template default value for passwords, to avoid storing the root
    and first user passwords in templates.dat (Closes: #711251).
    Copied from Wheezy version.
  * Add new test case to detect and report passwords lingering in the
    debconf database (bug #711251).  Copied from Wheezy version.
  * Add postinst code to purge the leftover passwords from the debconf
    database when debian-edu-config is upgraded from a vulnerable
    version.
  * Fix automount check, make sure it is skipped for Main-Server,
    Roaming Workstation and Standalone profiles.  Copied from Wheezy
    version.
  * Add new filesystem testsuite check to report too full file
    systems, meaning file systems with less than 10% left.  Copied
    from Wheezy version.
  * Fix typo in error reporting in the taskpkgs testsuite check, and
    add support for checking the Minimal profile there.  Copied from
    Wheezy version.
  * Extend network testsuite to detect if BTS report #705900 is
    present.  Copied from Wheezy version.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 10 Jun 2013 10:03:01 +0200

debian-edu-config (1.455) squeeze; urgency=low

  [ Wolfgang Schweer ]
  * Fix /etc/hosts for LTSP diskless workstations. (Closes: #699880)
  * Make ltsp_local_mount script work for multiple devices.

  [ David Prévot ]
  * Fix some typos in old changelog entries.

  [ Petter Reinholdtsen ]
  * Add new testsuite test automount, to make it easier to debug
    autofs problems on clients.

 -- Holger Levsen <holger@debian.org>  Sun, 24 Feb 2013 09:43:14 +0000

debian-edu-config (1.454) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Add new tool password-fix-squeeze-r0 to correct users with only
    two days password expiration time in Kerberos, cleaning up after
    bug #664596.
  * Change creation of first user to use the same Kerberos policy
    as all other users.
  * Make sure to quote handling of clear text passwords when setting
    up LDAP and Kerberos during installation, in case they include
    some shell special characters.  Partly solve #664976.
  * Add a copy of debconf-set-selections called
    debconf-set-selections-edu from debconf version 1.5.36.1 to fix
    #636219 and allow us to handle '#' characters in the root or first
    users password.
  * Use our own debconf-set-selections-edu when passing passwords from
    d-i to /target/, to make sure '#' is allowed in the passwords
    (Closes: #664976).
  * Fixes for gosa-sync (updating Kerberos password):
    - Make sure all variables are quoted, to make script more robust.
      Thanks to Steven Chamberlain for the suggestion.
    - Make sure script doesn't fail if the password contains the "
      character.  Based on patch from Samuel Krempp.  Partly fixes
      #665696.  The rest need to be fixed in the GOsa² code.
    - Stop syslogging the new password string when changing password
      in GOsa².
  * Fix typo in output from debian-edu-update-netblock.
  * Make sure to send output from debian-edu-update-netblock cron job
    to /dev/null, to avoid emails every 5 minutes.  Syslogging should
    be enough output from the cron job.

  [ David Prévot ]
  * index.html.en: Fix starting uppercase in language name (respect localized
    typographic rules).

  [ Wolfgang Schweer ]
  * tools/gosa-create: Fix email address for new user's welcome mail.
  * Correct Kerberos user policy, make sure to not expire password
    after 2 days, but instead use default [none] (Closes: #664596).

  [ Mike Gabriel ]
  * In gosa-create script: Invalidate libnss cache before applying chown
    on new home directories. Fixes multiple failures during mass user
    import into GOsa².
  * password-fix-squeeze-r0: allow home[0-9] as home directory.
  * In gosa-netgroups plugin: make sure that assigning a system to a NIS
    netgroup using the NIS netgroups tab of a GOsa² system object does not
    erase entries of attribute type "memberNisNetgroup" from the NIS netgroup
    object. Closes: #687256.
  * Fix smbaddclient.sh, use ,,set +e'' instead of non-bash-syntax ,,unset -e''.

  * Translation updates:
    - Add Danish web page from Joe Hansen. (Closes: #664790)

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 30 Nov 2012 21:28:21 +0100

debian-edu-config (1.453) unstable; urgency=low

  * Team upload.

  [ David Prévot ]
  * Fix missing last entries in PXE boot menu. (Closes: #661392)
  * Fix typo in web page (spotted by Nigel Barker).

  [ Petter Reinholdtsen ]
  * Make sure ltspfs-mounter-kde do nothing when using Gnome, and make
    it more robust.
  * Update debian-edu-pxeinstall, use ln -sf when updating d-i image
    symlinks to make it possible to run the script again to update the
    PXE setup.

  [ Mike Gabriel ]
  * Fix Samba domain logon script for teachers. Also map Windows drives
    provided in netlogon/config/standarddrives-teachers.bat.

  * Translation updates:
    - Updates for German web page from Wolfgang Schweer.
    - Updates for Portuguese web page from André Lasfargues. (Closes:
      #661612)
    - Add Japanese web page from Nigel Barker.

 -- Holger Levsen <holger@debian.org>  Sat, 03 Mar 2012 12:32:15 +0100

debian-edu-config (1.452) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Make sure to syslog when ldapdump.sh is starting and stopping slapd,
    to make it easier to figure out what caused it if slapd fail to
    start.  Related to bug #659667.
  * Add locking in ldapdump.sh using lockfile-progs, to make sure only
    one such process is running at a given time (Solves Skolelinux
    bug #1213).
  * Make sure ldapdump.sh try 5 times to stop and start slapd, to reduce the
    chance of ending up without an LDAP server (Closes: #659667).
  * Log when setting up network interface, to try to figure out why it
    sometime is wrong.
  * Increase timeout for the ltspfs mount notification to 5 seconds, to
    give the user more time to read it.  Patch from Wolfgang Schweer.
  * Add new script /usr/share/debian-edu-config/ltspfs-mounter-kde
    which can be symlinked into /etc/ltspfs/mounter.d/ for those that
    want to load the freshly mounted LTSPFS directory into dolphin.
    Based on code from Wolfgang Schweer.

  * Translation updates:
    - Updates for Chinese web page from Andrew Lee.
    - Fix lang tag for Chinese, Norwegian and Portuguese.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 23 Feb 2012 13:27:01 +0100

debian-edu-config (1.451) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Remove no longer active developers Finn-Arne Johansen, Morten Werner
    Forsbring, Steffen Joeris and Klaus Ade Johnstad from uploaders
    list.
  * Add depend on ${python:Depends} for
    /etc/ltspfs/mounter.d/edu-notify, build-depend on python-support
    and add dh_pysupport to rules to get it working.  Thank you
    lintian for discovering this.
  * Fix typo in gosa-create, make sure #! is first on the first line.
    Thank you lintian for discovering the problem.
  * Improve first-user related debconf template text and flag them
    as only for internal use, to keep lintian happy.
  * Mention which arguments for subnet-change are autodetected.
  * Make sure cups-queue-autoreenable talk to CUPS using the loopback
    interface to be allowed to re-enable print queues, and improve error
    reporting if cupsenable fail.
  * Make sure cups-queue-autoflush talk to CUPS using the loopback
    interface to be allowed to flush all print queues.
  * Rewrite sitesummary2ldapdhcp to create GOsa netdevices instead of
    servers, to make sure the objects can be removed.
  * Adjust sitesummary2ldapdhcp to not create new LDAP objects if a
    object with the same MAC address alrady exist.

  [ Mike Gabriel ]
  * Set copyPaste flag to true in /etc/gosa/gosa.conf.

  * Translation updates:
    - Updates for French web page from David Prévot.
    - Updates for Spanish web page from Hector Oron.
    - Updates for Catalan web page from Hector Oron.
    - Fixed orthographic error in spanish web page from José L. Redrejo
      Rodríguez.
    - Fix typo in German web page from Holger Levsen.

 -- Holger Levsen <holger@debian.org>  Sat, 11 Feb 2012 21:59:19 +0100

debian-edu-config (1.450) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Document that debian-edu-munin-node.conf need to change when using
    subnet-change.
  * Move libjavascript-perl from depends to recommends, to see if it still
    is installed and to get our packages to propagate to wheezy while we
    figure out a solution for #631045.
  * Raise versioned dependency on education-tasks from (>= 0.842~svn60380)
    (>= 0.853), to ensure we get the current one and detect when only the
    old version is available.

  * Translation updates:
    - Updates Indonesian debconf translation from Kurniawan Haikal
      (Closes: #658563).

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 05 Feb 2012 13:36:01 +0100

debian-edu-config (1.449) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Remove obsolete mimelnk/applnk/msword.desktop file, as Squeeze
    handle doc files just fine without it.
  * Change password hash for the 'admin' LDAP user from {CRYPT} to
    {SSHA}, to get a hash type understood by GOsa and allow the
    password to be changed from within GOsa.  Both work with LDAP
    bind.
  * Add new tool auto-addfirmware to automatically detect firmware
    needed by kernel modules and install them from non-free.
  * Add new tool ltsp-addfirmware to make it easier to add required
    firmware to the LTSP initrd.  Based on code from Wolfgang Schweer.
  * In kerberos-kdc-init, give slapd 5 seconds to start to make sure
    slapd is operational when kerberos try to talk to it.
  * Make sure all gosa hook scripts syslog with the script name in the
    syslog tag.
  * Make sure the output from kadmin.local in gosa-sync is syslogged
    when changing password, to make it possible to figure out why when
    it fail.
  * Rewrite gosa-sync to avoid exposing the new password in the process
    list for every local user to see.
  * Disable workaround for #656309 in libpam-krb5 on Roaming
    Workstations, as they use libpam-sss and not libpam-krb5.
  * Re-enable cfengine rules for nslcd.conf and ldap.conf on Roaming
    Workstation, which was disabled by mistake to drop rule to edit
    nsswitch.conf.
  * Rewrite sitesummary2ldapdhcp to present the changes it want to do
    before activating the changes.
  * First user related:
    - Make sure single word full name for first user do not break the
      installation by setting given and family name to the same word
      when this happen.
    - Make sure gecos field for first user in LDAP is ASCII, to match
      schema constraint.
    - Move LDAP definition for first user to separete ldif, to make it
      easier to figure out when loading it fail during installation.
    - Add more logging when creating the first user, to notice when it
      fail.
  * Remove obsolete cfengine rule calling
    /usr/share/doc/kaffeine/install-css.sh when Internet connectivity is
    available during installation.  The script is no longer present in
    Squeeze.
  * Adjust nsswitch check in ldap-client testsuite test to not report
    incorrect problem on Roaming Workstation.
  * Add wicd preconnect hook set_wireless_mac_from_eth0 to use the
    same MAC address for both wired and wireless interfaces, to allow
    one static DHCP entry to work with both.  Based on code from José
    L. Redrejo Rodríguez.
  * Add cfengine rule to remove network-manager on Roaming Workstation
    to give wicd a chance to do its job uninterrupted.
  * Remove obsolete powerdns code from run-at-firstboot, as we now use
    bind9.
  * New tool ldap2bind-updatezonelist to generate
    /etc/bind/named.conf.ldap2zone, to make sure it is updated when
    new DNS zones are added to LDAP.
  * Updates for subnet-change:
    - Add more debug output.
    - Add code to edit /etc/exports, /etc/network/interfaces,
      /etc/samba/smb-debian-edu.conf and /etc/squid/squid.conf.
    - Add code to update goServer and ipHost LDAP objects.
    - Adjust code to update DNS to handle A records used by ldap2zone.
    - Add code to handle moving to smaller subnets by scaling down IP
      range.
    - Make sure to update dhcpSharedNetwork LDAP objects too, and
      complete DHCP part of LDAP update.
    - Run /usr/share/debian-edu-config/tools/gosa-sync-dns-nfs after
      updating LDAP to generate new DNS zone files for bind.
    - Add code to update reverse DNS entries in LDAP.
    - Call new tool ldap2bind-updatezonelist to make sure
      /etc/bind/named.conf.ldap2zone list the new reverse IP range.
  * Fix two perl warnings in our Debian::Edu perl module.
  * Make sure /etc/wicd/scripts/preconnect/set_wireless_mac_from_eth0
    is installed with execute bit set to get it working.
  * Remove redundant empty attribute macAddress for gatway ipHost object
    in LDAP.
  * Call sitesummary-client at the end of the installation, to try to
    save one reboot when setting up new machines.
  * Make sure squid-update-cachedir run with a predictable locale, and
    make it more robust.
  * Update list of active munin plugins at first boot, to make sure all
    services present are monitored.

  [ Andreas B. Mundt ]
  * Add 'permitted_enctypes = des-cbc-crc' to krb5.conf. Needed for
    latest squeeze point release (see #657802) to get NFSv4 with
    kerberos working.

  [ Petter Reinholdtsen ]
  * Add encryption types used by sssd in the Kerberos setup of the KDC
    to get Roaming workstations working.  Setting 'permitted_enctypes
    = des-cbc-crc rc4-hmac des3-cbc-sha1-kd aes128-cts-hmac-sha1-96
    aes256-cts-hmac-sha1-96', as des-cbc-crc is not used by sssd.
    This fixes regression introduced trying to fix BTS report #657802.

  * Translation updates:
    - Updates for Dutch web page from Jeroen Schot (Closes: #658076).

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 02 Feb 2012 23:14:09 +0100

debian-edu-config (1.448) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Add forgotten script /usr/share/debian-edu-config/tools/pxe-
    addfirmware to the binary package.  Make script more robust.
    Thanks to Wolfgang Schweer for discovering the problems and
    proposing fixes.
  * Move the code inserted by cfengine into the network-manager
    dispatcher.d hook into its own file, to avoid upgrade problem.
    The code is used to update the hostname from DNS.  Add code in
    postinst to remove the now obsolete conffile
    /etc/cfengine/debian-edu/cf.network-manager during upgrades.
  * Move pre-pkgsel and finish-install code to adjust tasksel and set
    up network from debian-edu-install to debian-edu-config, to make
    it easier to change the network configuration, avoid problems with
    updating the PXE installation and bringing all related
    configuration into the debian-edu-config package.  Add breaks
    debian-edu-install (<< 1.521) to ensure a new version of the
    debian-edu-install package is used.
  * Make sure finish-install script do not exit too early if the
    entropy gathering job has exited early.
  * Change default gateway from 10.0.2.1 to 10.0.0.1 and update
    DNS A and PTR records to reflect this.
  * Add GOsa netdevices object for the default gateway to make it
    easier to change its DNS entry from GOsa.
  * Enable our menu overrides on standalone installations by adding
    MENUREORDER=true in /etc/debian-edu/config.
  * Extend the dynamic DHCP range on the thin client network from 200-
    253 to 20-243, to handle more thin clients without any
    configuration.
  * Remove redundant and non-changable loopbacknet ipNetwork from
    LDAP.  It is already in /etc/network, and hardwired in the
    kernel.
  * Add empty directory /etc/skel/.local/share in package as a
    workaround for kdelibs bug #655243.
  * Get rid of hardcoded IP addresses in CUPS configuration.  Use @LOCAL
    instead of 10.0.0.0/8 and tjener instead of 10.0.2.2, to make it
    easier to change IP setup.
  * Extend the dynamic DHCP range on the backbone network from
    10.0.2.100-10.0.3.242 to 10.0.16.20-10.0.31.254  (aka 10.0.16.0/20),
    to handle more clients without any changes to the configuration.
    This allow around 4k clients to get IP addresses out of the box.
  * Add new netgroup cups-queue-autoreenable-hosts used to re-enable
    stopped CUPS print queues every hour for the members of that
    group.  Uses new tool cups-queue-autoreenable.  Make tjener a
    member by default.
  * Add new netgroup cups-queue-autoflush-hosts used to get CUPS
    servers to flush the queue every night.  Uses new tool
    cups-queue-autoflush to call 'cancel -a'.  Enable this on the
    Main-server by default.
  * Purge network-manager in the LTSP chroot, now that bug
    #592479 is fixed.
  * Updated sitesummary2ldapdhcp:
    - Use the new LDAP subtree for DHCP objects.  Report error and
      continue when failing to create DHCP object.  Teach it to create
      GOsa server objects for new hosts.
    - Adjust it to search for its LDAP administrator objects instead
      of hardcoding the DN, and allow any admin user to be used.
    - Change it to only update by default, and to add new server
      objects when -a is used.
  * Add nb translation for the gosa-netgroups module.
  * Network blocking / exam mode:
    - Rewrite debian-edu-update-netblock to set new rules using
      iptables-restore to do this as an atomic operation to get it
      working on LTSP clients.
    - Add netgroup netblock-hosts in LDAP to list machines that should
      activate the network blocking and file group nonetblk used by
      debian-edu-update-netblock to exclude selected users from
      network blocking.
    - Add cron job to consult LDAP every 5 minutes to see if network
      blocking should be enabled or not.
    - Add /sbin to PATH in debian-edu-update-netblock to get the
      script working from cron.
    - Allow system users nslcd, openldap, xrdp, www-data, avahi,
      dovecot, statd and daemon full Internet access also when network
      blocking is in effect, to make sure system services keep working
      as they should.
  * Add --previous to msgmerge call in www/Makefile to keep previous
    strings when updating tranlations.  Patch from David Prévot.
  * Rewrite build rule for the welcome page to use po4a
    (Closes: #655516).  Patch from David Prévot.
  * Remove obsolete script /usr/share/debian-edu-config/tools/ldap-users.pl.
  * Make sure all sambaSIDs are bootstrapped using $SAMBASID and fix
    typo causing duplicate sambaSid.
  * Add backup testsuite test to detect bug #626884.
  * Remove closing of file descriptors when starting bind from
    ldap-debian-edu-install which was introduced to try to solve the
    problem before we understood the entropy hang.
  * Adjust www/index.html.en to become valid XHTML.  Patch from
    David Prévot.
  * Migrate 'localadmin' user from /etc/passwd to the first LDAP user.
    Make first LDAP user a member of the teachers group to enable the
    KDE menu overrides.  If user-setup-udeb ask for information on the
    first user on the Main-Server installs, use this information when
    setting it up the first LDAP user instead of using 'localadmin' as
    the username.
  * Add new pwdchange.desktop KDE menu option for networked profiles
    to make it easier for users to figure out where to change the
    password (Closes: #653912).  Include many translations for the
    password changing menu entry using patch from Wolfgang Schweer.
  * Add workaround for #656309 in libpam-krb5 by replacing
    /usr/share/pam-configs/krb5 with our own version, to get passwd
    and all tools using it to change the kerberos password.  Using PAM
    to change the password do not change the LDAP and Samba passwords,
    and should in general be avoided.  Call 'pam-auth-update
    --package' after updating /usr/share/pam-configs/ to activate the
    change.
  * Remove the ldap-auth group intended to force users to authenticate
    using Kerberos.  It is not used yet, and probably can't be used
    for its intended purpose for Squeeze as GOsa uses LDAP bind to
    authenticate users.
  * Remove now obsolete traces of super-admin user.

  [ Mike Gabriel ]
  * Additionally to the README.unused-ldifs file all LDAP bootstrap files
    that are not used in D-E squeeze anymore are marked as obsolete in their
    file header.
  * Remove obsolete ldif files (files not LDAP-bootstrapped anymore on main
    server installation) during package upgrades.
  * Add global GOsa² ACL to LDAP's BaseDN that disables
    to manipulate gotoMode, userPassword and faiState via
    GOsa². Consequences: (a) The Mode and the Actions drop-down
    menus become inactive (read-only) for server systems. (b) Setting
    of root accounts on server's gets disabled. (c) FAI is not in use
    on a D-E network by default. All three functionalities
    are broken with the D-E version of GOsa² (2.6.11), so it is better
    to disable those options.
  * A host within a netgroup should always be represented by two
    nisNetgroupTriple values, one for (<hostname>,,), one for
    (<fqdn>,,), as different netgroup clients handle these differently.
    The GOsa² netgroups plugin also supports this. Fixing this for the
    netgroups in LDAP bootstrap.
  * Add main-server (aka tjener) to fsautoresize-hosts netgroup during
    LDAP bootstrap to enable automatic LVM file system resizing by
    default.
  * Set minimum password length to 5 characters (GOsa², Kerberos via
    policy).  For Samba the default is 5, libpam-krb5 also uses 5 by
    default.
  * Replace super-admin DN by administrative group DN gosa-admins.
    Add initial user to this gosa-admins group.
  * Add Kerberos policy ,,hosts'' on main server installation.
  * Add gosa-create-host script as possible post-create hook for
    GOsa² system creation (not activated in GOsa² yet).

  * Translation updates:
    - Updates for Italian debconf templates from Claudio Carboncini.
    - Updates for French web page from David Prévot.
    - Updates for Russian web page from Yuri Kozlov (Closes: #656752).

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 21 Jan 2012 20:31:28 +0100

debian-edu-config (1.447) unstable; urgency=low

  [ Mike Gabriel ]
  * Fix of usage check in ldap-add-host-to-netgroup script.
  * Search Debian Edu code for ldapsearch statements and remove
    line breaks from DN search results (by piping the output through
    perl -p0e 's/\n //g'). Several ldapsearch commands had their
    output already piped through the named Perl expression, but for a
    few (more recent) scripts this had not been applied yet.
    Closes: #650366.
  * Add LTSP client builder script that removes 70-persistent-net.rules
    from /etc/udev/rules.d.
  * Call gosa-sync-dns-nfs as postcreate, postremove and postmodify hooks
    from GOsa² whenever a GOsa² system is touched.
  * Make the netgroupAccount tab visible for user accounts.

  [ Petter Reinholdtsen ]
  * Add donation link on the start web page.
  * Change Nagios description on the start web page to reflect the
    fact that we now set up predefined password for the nagiosadmin
    user.  This calls for updated translations.
  * Raise trigger point for adding entropy from 100 to 130, and log
    the new pool size after adding entropy.
  * Kill entropy gathering background job when cfengine is done, to
    avoid blocking umount at the end of the installation.
  * Update cfengine rules for iceweasel to ensure created file
    /etc/skel/.mozilla/firefox/profiles.ini is readable by everyone
    and not only the root user.
  * Fix incorrect package name credited for the divert in
    update-iceweasel-homepage.
  * Add cfengine rule to change default start page for iceweasel.  For
    standalone profiles, use http://www.skolelinux.org/, while for all
    other profiles fetch the URL from LDAP the same way the default
    welcome page is fetched from LDAP.  Make sure to use double quotes
    and escape : in shellcommands.  Restructure how cf.iceweasel is
    included to set up default page also on standalone profiles.
    Syslog when the default start page is changed.  Make sure
    everybody can read /etc/iceweasel/browserconfig.properties.
  * Adjust show-welcome-webpage to make sure first time users on
    Standalone profiles also get to see a welcoming web page.  Also
    change it to only fetch page URL from LDAP for Networked profiles,
    to ensure Standalone installations get http://www.skolelinux.org/
    also when booted for the first time in a network where the DNS
    name ldap exist and provide start page information.
  * Add init.d script iceweasel-ldapconf to update Iceweasel default
    start page at boot, to make it possible to update the default by
    rebooting instead of having to reinstall.  Only execute it on
    networked profiles to not change Standalone setups.  Make sure
    init.d/iceweasel-ldapconf do not run on LTSP clients (Closes: #654529).
  * Check that /opt/ltsp/i386/etc/ldap/ssl/ldap-server-pubkey.pem is
    readable by everyone, to detect problem reported by Klaus Ade
    Johnstad.
  * Make sure the /opt/ltsp/i386/etc/ldap/ssl/ldap-server-pubkey.pem
    file is readable by everyone when it is copied in place using the
    fetch-ldap-cert init.d scripts.
  * Make code checking permissions for /etc/resolv.conf report the
    current permission when it is wrong.
  * Add LDAP indexes for zoneName, relativeDomainName and sudoUser to
    avoid warnings in syslog and speed up LDAP searches.
  * Increase LDAP server file descriptor limit from 1024 to 32768,
    to raise the number of clients working out of the box from ~110
    to ~5500.
  * Print something when setting up kerberos, to be able to find
    the script run in the log.
  * Log processes using mount points below /target/ from
    finish-install, to detect leftover processes.  Tried to kill them
    but this seem to kill more than it should.  Report an error if
    there any such processes, while ignoring mount points and paths
    that can not be opened..
  * Move pre-pkgsel code to create localadmin user the
    debian-edu-install package.  Add breaks debian-edu-install (<<
    1.521~svn74617) to ensure a new version of the debian-edu-install
    package is used.
  * Move pre-pkgsel code to pass root password to the kerberos setup
    process to the debian-edu-install package.
  * Fix standalone installation by making sure missing ldap-password
    and kerberos-password templates are ignored in the finish-install
    script.
  * Do not add the localadmin user to the groups audio, video, cdrom,
    floppy and plugdev, as device access should be handled using
    policykit these days.
  * Change mkslapdcert to save the public certificate in
    /etc/ldap/ssl/ldap-server-pubkey.pem to ensure samba and kerberos
    find it when they look for it, and removing the need to download
    it on the main-server at first boot.  This fixes the kerberos
    setup.  Also avoid problem when installing Main-Server via PXE on
    a network with the ldap DNS name defined (Closes: #570773).
  * To reduce the default home directory footprint for users and
    reduce the IO strain on the file server when a classroom full of
    new users log in, reduce the akonadi disk usage by changing the
    mysql innodb log file size from 64 to 4 MiB.
  * debian-edu-ltsp-audiodivert: Drop audacity from diverted audio
    applications as it seem to work with PulseAudio now.  Add FIXME
    to remind us to review the application list regularly.
  * Add new tool gosa-sync-dns-nfs to update DNS from LDAP and
    re-export NFS exports when a host is added to DNS and netgroups.
  * Partly revert NTP change introduced by Mike Gabriel in version
    1.446~svn73330.  Reintroduce local clock on the main-server to
    ensure clients can sync with the main-server even when all the
    machines are disconnected from the Internet.  When they are on the
    Internet, all will sync with pool.ntp.org machines.  Add comment
    in cf.ntp explaining the purpose of the change.
  * Adjust default PXE menu, lift menu entries higher on the screen to
    allow all lines to show on the default screen resolution.
  * Update PXE setup on the Main-Servers first boot, to make sure
    proxy settings show up in /etc/debian-edu/www/debian-edu-install.dat.
  * Quiet down sbin/debian-edu-pxeinstall by removing 'set -x'.  The
    script is working well and do not always need debug output.
  * Avoid editing nsswitch.conf on roaming workstations, as the
    default setup with sssd should be working fine.
  * Remove obsolete readahead tuning code in run-at-first-boot.  We
    no longer use a readahead implementation where it is relevant.
  * Update from Lenny to Squeeze our PXE installation workaround used to
    ensure our updated udebs are used.
  * Fix fallback code for setting up roaming workstations to avoid
    crashing when symlinking our static sssd configuration in place.
  * Test suite:
    - Correct DNS lookup test to find ltsp servers at new FQDN.
    - Extend LDAP server test to verify that search work also before
      flodding the server with LDAP connections.
    - Tried to extend the flood test to use use 33000 connections
      instead of 1200, to test the new limit, but this caused too much
      load, needed too much memory and extending file-max, so the
      change was undone.  Keeping the test to check 1200 connections,
      to ensure the server do not have the original limit on 1024 file
      descriptors.
    - Make sure to increase /proc/sys/fs/file-max before flodding the
      LDAP server with connections, to avoid running out.
    - Extend LDAP server test to report number of connections per
      client.
    - Add kerberos test to check for network services kerberos/udp,
      kpasswd/tcp and kerberos-adm/tcp.
    - Move common test code from individual test scripts to
      /usr/share/debian-edu-config/testsuite-lib.sh.
    - Add DNS test to detect if ldap2zone still send email every hour
      (BTS #653053).
    - Add new test reporting the number of FIXMEs in the
      documentation.
    - Add new test to verify that etckeeper is installed and active.
    - Add LTSP tests to verify that the LTSP chroot is NFS exported
      and working as it should.
    - Remove xfs testsuite test, as xfs is no longer used by
      LTSP clients and will be removed from our task list.

  [ Holger Levsen ]
  * www/index.html.en:
    - add "GOsa²" to all "LDAP administration" strings
    - mention that GOsa² can also be used to add+edit machines.
    - move "local services" section in the right menu above "debian-edu"
      section.
    - improve grammar.
    - improve ordering of local services.
  * www/*.po:
    - update to reflect changes in english source.
    - add "GOsa²" to many "LDAP administration" strings.
    - update german .po file for the "add+edit machines" addition.
  * www/Makefile: accept translations with 70% translation rate (down
    from default 80%).

  [ Petter Reinholdtsen ]
  * www/Makefile: Move translation rate limit to a variable to make it
    easier to change.
  * www/index.html.en: Convert Debian-edu, debian-edu and variations to
    Debian Edu to be consistent with the project documentation and the
    official web pages.

  * Translation updates (from before the last rewrite):
    - Updates for www/zh.po from Andrew Lee (李健秋).

  * Translation updates (after the last rewrite):
    - Updates for www/nb.po from Petter Reinholdtsen.
    - Updates for www/ca.po from Hector Oron (Closes: #654024).
    - Updates for www/es.po from Hector Oron (Closes: #654023).
    - Updates for www/de.po from Jürgen Leibner and Holger Levsen.
    - Updates for www/it.po from Claudio Carboncini.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 06 Jan 2012 10:39:54 +0100

debian-edu-config (1.446) unstable; urgency=low

  * Release of thirty-nine prereleases done in Debian Edu to Debian sid,
    aimed at Debian squeeze. See below for exact list of changes.

  * debian-edu-config (1.446~svn74353) squeeze-test; urgency=low

  [ Petter Reinholdtsen ]
  * Change approach to increase entropy in
    /usr/share/debian-edu-config/d-i/finish-install to trigger
    disk IO instead of trying to increase the entropy amount by
    adding to /dev/urandom.
  * Reintroduce file descriptor closing when starting bind9, as
    it seem to solve part of the problem.

  * debian-edu-config (1.446~svn74336) squeeze-test; urgency=low

  [ Petter Reinholdtsen ]
  * Undo change to close file descriptor 3 when starting bind9.
    It did not really address the problem, which is running out
    of entropy during installation.
  * Add code in /usr/share/debian-edu-config/d-i/finish-install
    to try to add more entropy when running low.

  * debian-edu-config (1.446~svn74325) squeeze-test; urgency=low

  [ Petter Reinholdtsen ]
  * Disable browser.safebrowsing.malware.enabled and
    browser.safebrowsing.enabled in Iceweasel, to avoid excessive I/O
    on the home directory server when several users log in.
    (Closes: #652535)
  * Make sure to close file descriptor 3 when starting bind9 from the
    installer, to avoid hanging the installer while waiting for it to
    close.

  * debian-edu-config (1.446~svn74311) squeeze-test; urgency=low

  [ Petter Reinholdtsen ]
  * Add new LDAP index for uniqueMember attribute in
    slapd-squeeze_debian-edu.conf, to ensure libnss-ldapd searches are
    processed quickly and syslog do not will up with heaps of messages
    stating "<= bdb_equality_candidates: (uniqueMember) not indexed".
  * Extend testsuite/ldap-server to include a simple stress test
    ensuring that the LDAP server work also with more than 1024 LDAP
    connections open.  Should ensure that problem discovered with
    Debian Edu/Lenny do not resurface.

  * debian-edu-config (1.446~svn74227) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Prepare LTSP rwbind on diskless workstations for /var/log/ntpstats
    (addresses #638287), currently commented out because of RAM consumption
    on diskless workstations.
  * Provide LTSP rwbind on diskless workstations for /var/lib/alsa. Silence
    an error report on diskless workstation shutdown.

  [ Andreas B. Mundt ]
  * Fix regex in gosa-remove: A username may contain dots.

  * debian-edu-config (1.446~svn74195) squeeze-test; urgency=low

  [ Holger Levsen ]
  * Makefile: deploy cf.pxeinstall too.

  * debian-edu-config (1.446~svn74178) squeeze-test; urgency=low

  [ Holger Levsen ]
  * ldap-tools/mkslapdcert: make more robust.
  * cf/cf.adduser and cf.dhcpserver: don't run sbin/debian-edu-pxeinstall
    anymore, instead add a new script cf/cf.pxeinstall for this
    purpose. (Closes: #630970)
  * If this still doesn't make the hanging at the end of debian-edu-profile
    finish-install go away, I suggest to try with /dev/urandom, to be set in
    slapd-cert.cnf.

  * debian-edu-config (1.446~svn74165) squeeze-test; urgency=low

  [ Holger Levsen ]
  * ldap-tools/mkslapdcert: invoke /etc/init.d/urandom start of
    /var/lib/urandom/random-seed doesn't exist.

  * debian-edu-config (1.446~svn74129) squeeze-test; urgency=low

  [ Holger Levsen ]
  * ldap-tools/mkslapdcert: try harder to fix #630970, grep in more
    directories.

  * debian-edu-config (1.446~svn74128) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * ldap2bind command during LDAP bootstrap (installation) has to
    run as user ,,bind''.
  * Fix for SVN r74090, saving of roaming profiles.
  * Assure that all Samba related config files are included in d-e-c package,
    esp. adding Win7+Samba related patches and cmd scripts.

  * debian-edu-config (1.446~svn74106) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Add cf.krb5client to Makefile.

  * debian-edu-config (1.446~svn74095) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Fix saving of roaming profiles for Windows XP.
  * Disable UAC on Windows 7 systems by default.
  * Samba netlogon: fix for 1stlogon.bat script plus filename
    fix for IE proxy registry patch.

  * debian-edu-config (1.446~svn74072) squeeze-test; urgency=low

  [ Holger Levsen ]
  * cupsd-debian-edu.conf: allow printing from 10.0.0.0/8.
  * ldap-bootstrap/dhcp.ldif and ipnetworks.ldif: updated for using
    10.0.0.0/8.
  * cf/cf.syslog and cf.ltsp: updated for using 10.0.0.0/8.
  * /etc/cfengine/cfservd.conf: updated for using 10.0.0.0/8.
  * tools/subnet-change: updated to use 10.0.0.0/8.

  [ Mike Gabriel ]
  * Suppress dovecot warning message that appears on daemon start
    if IMAP login has not happened so far.
  * Disable IPv6 for Samba on Skolelinux systems (clients+server).
  * LDAP-bootstrap: Add _kerberos TXT record for default realm INTERN,
    add _kerberos-master SRV record and _kerberos-adm SRV record. Cfengine:
    Manipulate krb5.conf file on all networked systems, setting dns_lookup_kdc
    and dns_lookup_realm to true. (Closes: #629062, #638285)
  * Initial sync of DNS information from LDAP to bind9 config during LDAP
    bootstrap.
  * Provide registry patchset and some helper scripts (.bat) that facilitate
    Windows 7 (or Windows 2008 Server) joining to the SKOLELINUX Samba domain.
  * Handle removal of conffiles (init scripts: update-hostname, open-backdoor,
    resize_lvm) in preinst _and_ postinst.
  * Make 1stlogon.bat script (Samba netlogon share) functional for WinXP and
    Win7.

  * debian-edu-config (1.446~svn74028) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Disabled debugging option (set -x) in mkslapdcert.
  * Add php.ini (PHP5) for Debian Edu server.
  * Tweak php.ini for GOsa² mass imports (raise execution and input time,
    memory limit, closes: #638434).
  * Work around libnss caching problems and script error handling in Samba.

  * debian-edu-config (1.446~svn74012) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Update dnsd testsuite to reflect changes in SVN-r73890 (Kerberos
    using _udp, not _tcp).
  * Add missing expression ,,passwd'' after nscd -i in add machine script
    option of smb.conf.
  * Moved (Samba-related) groups and GOsa² templates from gosa.ldif to
    samba.ldif.
  * GOsa²-netgroups: Hide GOsa² user templates from objects that are shown
    available for netgroup membership.
  * GOsa²-netgroups: Allow netgroup membership for gosaTerminal objects.

  * debian-edu-config (1.446~svn73998) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Set Samba Administrator password (LMHASH/NTHASH) during LDAP bootstrap.
  * Provide DNS service during bootstrap of Samba LDAP objects, fetch
    LDAP certificate before creating the Samba domain in LDAP.

  * debian-edu-config (1.446~svn73987) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * cn=smbadmin needs write access on the sambaDomainName=SKOLELINUX object.
  * Fix for chicken-and-egg problem during LDAP/Samba bootstrap.
  * Move cn=smbadmin creation to root.ldif.
  * Hide several (more) Samba specific groups from GOsa² (i.e. from the GOsa²
    administrators)
  * Assure that password for cn=smbadmin gets set properly during
    first part of LDAP bootstrap (i.e. when root.ldif is processed).
  * Set givenName: GOsa² and sn: System Administrator for uid=super-admin.
  * Add dhcp options default-lease-time and max-lease-time to global DHCP
    options (closes: #638274).
  * Explicitly allow smbd access from ,,localhost''.
  * Fix for failing ,,net getlocalsid'' command after LDAP bootstrap.
  * Enforce usage LDAP BaseDN as ldap computer suffix in smb.conf.
  * Enforce search mask in smbldap-tool for LDAP groups to BaseDN.
  * Add default OU for GOsa² winstations to LDAP bootstrap.
  * Invalidate nscd passwd cache immediately after calling
    Samba's add machine script, also make sure we raise no
    exception when running the add machine script.
  * Make ldap-debian-edu-install work when run during
    installation.
  * Allow a little pause between creation of the basic Samba
    machine object and the actual domain joining.

  * debian-edu-config (1.446~svn73951) squeeze-test; urgency=low

  [ Daniel Hess ]
  * Revert Samba's config file back to a state usable without Kerberos.
    - Accessing shares like user's home directory already works again.
    - Joining Windows hosts to the Skolelinux domain still does not work
      and needs further work on the smbaddclient.pl script.

  [ Mike Gabriel ]
  * Update Gosa netgroups, pulled in from:
    https://oss.gonicus.de/repositories/gosa-contrib/netgroups/trunk
    (closes: #629060, #629347).
  * Fix for gosa-remove script: the part in which the script searches for
    purgable homes does now search with -maxdepth 1 which speeds up user
    removal tremendously on systems with many many homes.
  * Removal of home dirs: do not chown root:root the whole later-to-be-remove
    home dir tree, only chown root:root for home dir basefolder to block
    access (closes: #629347).
  * GOsa-netgroups: Fix missing LDAP description field when viewing
    netgroups of a system.
  * GOsa-netgroups: Allow winstations to have netgroups, fix for gosa.conf
    and plugin code.
  * GOsa-netgroups: Samba machine accounts have a trailing '$' sign, handle
    these when enumerating netgroup members.
  * Update of smb.conf, preparing for NT4 domain controller support on
    Debian Edu main server.
  * Add Samba helper script smbldap-machineadd-gosa, derived from
    smbldap-useradd script. Adding smbldap-tools as dependency for
    debian-edu-config.
  * Provide smbldap-tools config for smbldap-machineadd-gosa script.
  * Add smbldap-machineadd-gosa script to package.
  * Update LDAP bootstrap for Samba related LDAP objects, add NIS netgroup
    for Windows workstations (common scenario is dual boot functionality:
    winstation and diskless workstation).
  * Fix for missing URI in passdb backend ldapsam (smb.conf).
  * SAMBA Domain Computers group has to be visible for GOsa².
  * Grant slightly wider permissions for cn=smbadmin to give the account
    the right to create Samba machine accounts in the SKOLELINUX domain.
  * Add sambaPrimaryGroupSID for uid=Administrator.
  * Add DHCP definitions for subnet01.intern (as there already is a
    subnet01.intern defined for DNS).
  * Rename backbone DHCP shared network to ,,intern''. Rename subnet00
    DHCP shared network to subnet00.intern, for subnet01 accordingly.
    This makes the DHCP name space very similar to the DNS naming
    conventions (closes: #638275).
  * Cosmetic rename of super-admin fullname.
  * Add sambaProfilePath and sambaLogonScript defaults to GOsa² account
    templates (i.e. for NewTeacher and NewStudent).
  * sambaRID fixes for groups ,,students'' and ,,teachers''.
  * Giving examples for shared-teachers and shared-students shares, fixing
    minor typos in smb.conf.
  * Provide a completely new netlogon script infrastructure: on first
    domain logon, IE and Firefox get configured to use tjener's proxy
    and in firefox the SKOLELINUX www.intern home page is set as the
    default browser home page.
  * Add new netlogon scripts to debian-edu-config package (in Makefile).
  * Use direct path to LDAP cert in smbldap.conf instead of using a
    symlink.
  * Fix for smbldap.conf, correcting ou container for new SMB machines.
  * Replace $SAMBAPWD in smbldap_bind.conf during installation.

  [ Petter Reinholdtsen ]
  * Correct the Vcs-Browser link in the control file to use the new paths.

  [ Andreas B. Mundt ]
  * Use UDP SVR record instead of TCP for Kerberos.  By default, the KDC
    does not listen on any TCP ports.

  [ Holger Levsen ]
  * share/debian-edu-config/d-i/finish-install: don't run "edu-etcvcs init"
    one more time, esp. not after already having committed.
  * Fix Makefile for Mike.

  * debian-edu-config (1.446~svn73823) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Fix code in sbin/debian-edu-pxeinstall and sbin/snakeoil-on-ice
    grabbing DNS from leases file.

  * debian-edu-config (1.446~svn73805) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Never leave /etc/hostname back empty.
  * Update tjener webpage logo.
  * Grab DNS from leases file in sbin/debian-edu-pxeinstall and
    sbin/snakeoil-on-ice if resolv.conf is missing.
  * Add code to trigger disk read/write to create some entropy when
    preparing the LDAP certificate. (to address #630970)
  * Fix machine ou in slapd.conf and smb-debian-edu-client.conf.
  * Add regular expression match for newer kernels' lvm-devices to
    sbin/debian-edu-fsautoresize.  Thanks Petter for the hint.  Really
    show percentage. (Closes: #631357).

  * debian-edu-config (1.446~svn73734) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Do not forget moving the systems' tab in /etc/gosa/gosa.conf.
  * Add FIXME concerning NFSv4 and Kerberos.
  * Try to use a temporay /etc/resolv.conf in snakeoil-on-ice and
    debian-edu-pxeinstall if /etc/resolv.conf is empty or missing.

  [ Holger Levsen ]
  * cf/cf.kdm and testsuite: remove workarounds for #582568 as we don't rely
    on root logins into kde nor gnome anymore.

  * debian-edu-config (1.446~svn73702) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Fix error in cfengine rule.

  * debian-edu-config (1.446~svn73693) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Clear LDAP password from debconf database in finish-install.
  * Rearranging GOsa menu:  Move important stuff to the top of the list.
  * Modify cfengine rules to update /etc/hostname name from DHCP.

  * debian-edu-config (1.446~svn73652) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Add debconf templates for "ldap-password-again",
    "ldap-password-mismatch" and "ldap-password-empty".
  * Fetch ldap-password in the same manner as it already works for the
    kdc-password.

  * debian-edu-config (1.446~svn73615) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Remove code introduced to install GOsa for testing as it is installed
    by default now.
  * Send output from gosa-encrypt-passwords to /dev/null to not waste the
    log with useless messages.

  [ Daniel Hess ]
  * Add debconf template for "debian-edu-config/ldap-password" which is
    never shown, but makes debconf complain anyway if not avaible.

  * debian-edu-config (1.446~svn73556) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Clean ldap-debian-edu-install a bit and make it more robust.
  * Revert modification in cf.ldapserver, script is run as root.
  * Make sure the data in a deleted user's home directory is only
    accessible to root.  (Closes: #629626).

  [ Mike Gabriel ]
  * Update for smb.conf on Debian Edu main server. Needs more work
    around smbldap-tools support.

  * debian-edu-config (1.446~svn73555) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Revert modifications in gosa.conf as they do not accomplish the
    intended.

  [ Mike Gabriel ]
  * Add NIS Netgroups tabs for systems (they were missing in the
    dh_install configuration file).
  * Drag in latest GOsa netgroups plugin code (r629) from
    https://oss.gonicus.de/repositories/gosa-contrib/netgroups/trunk
    (Closes: #629347).

  * debian-edu-config (1.446~svn73536) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Fix the username-generator in gosa.conf to allow editing the
    generated username.  (It must not generate several names to make
    strictNamingRules="false" work).

  [ Daniel Hess ]
  * Remove 'ou=systems,dc=skole,dc=skolelinux,dc=no' definition from
    gosa.ldif and change the ou attribute in root.ldif to match the
    rename from machines to systems: This fixes a problem with the
    ldap bootstrap that breaks while adding the second
    'ou=systems,dc=skole,dc=skolelinux,dc=no' in gosa.ldif.

  * debian-edu-config (1.446~svn73528) squeeze-test; urgency=low

  [ Daniel Hess ]
  * Revert modifications from svn revision 73509 as they made things
    worse.

  * debian-edu-config (1.446~svn73521) squeeze-test; urgency=low

  [ Daniel Hess ]
  * Make sure that /var/lib/dovecot exists before trying to create a
    file there.

  * debian-edu-config (1.446~svn73510) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Silence dovecot's boot message before first IMAP login success
    (Closes: #629043).

  [ Daniel Hess ]
  * Move debconf interaction from ldap-debian-edu-install into a
    separate script to test if interferences between the rest of
    ldap-debian-edu-install and debconf causes the "'finish-install'
    succeeded but requested to be left UN configured" problem with d-i.

  * debian-edu-config (1.446~svn73486) squeeze-test; urgency=low

  [ Holger Levsen ]
  * Remove depends on debian-edu-config-gosa-netgroups from
    debian-edu-config's depends. Only depend on it from the main-server task.

  * debian-edu-config (1.446~svn73485) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * revert smb.conf on main server to security=DOMAIN (let
    Samba authenticate against LDAP again, not Kerberos)
  * disallow Samba root logins
  * disallow Samba anonymous logins
  * ou=machines is ou=systems when LDAP is used with GOsa²

  * debian-edu-config (1.446~svn73463) squeeze-test; urgency=low

  [ Holger Levsen ]
  * Remove our backdoor (which was poorly implemented and misnamed feature,
    see the buglog for details). (Closes: #629040)

  [ Daniel Hess ]
  * Remove not working '019-kernel-selection' script.

  * debian-edu-config (1.446~svn73449) squeeze-test; urgency=low

  [ Mike Gabriel ]
  * Fix missing "]"s in debian-edu-pxeinstall.
  * Run ldap-debian-edu-install as root (from cfengine).
  * No network-manager tweaks on main server (tjener).
  * Drop a local ntp test from testsuite which has become obsolete.
  * Add README for unused .ldif files.

  * debian-edu-config (1.446~svn73396) squeeze-test; urgency=low

  [ Daniel Hess ]
  * Make 'debian-edu-config-gosa-netgroups' depend on 'gosa':
    Postinstall scripts calls update-gosa and fails if 'gosa'
    is not yet installed.

  * debian-edu-config (1.446~svn73373) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Modify gosa.conf to allow for editing the generated uid.

  [ Daniel Hess ]
  * Add new variable 'ROOTPWDSSHAHASH' for ldap bootstraping:
    - Use the new ssha hash password in gosa.ldif for super-admin's
      userPassword: This should allow changing the password with gosa.

  [ Mike Gabriel ]
  * Move NIS Netgroups further up in the GOsa² sidebar menu.

  * debian-edu-config (1.446~svn73330) squeeze-test; urgency=low

  [ Daniel Hess ]
  * HashComment redundant security.d.o entry before adding our own to
    sources.list. (via cf.apt)

  [ Mike Gabriel ]
  * Use Debian's default NTP servers again for main server.
  * Use user Kerberos tickets for NFSv4 authentication/authorization on
    diskless workstations (Closes: #629049)
  * Beautify cf.adduser's Replace statements
  * cf.adduser: configure adduser.conf so that local users are now created
    with Debian's default again.
  * Add gosa-netgroups (from gosa-contrib 2.7 which is not in squeeze) as new
    binary package debian-edu-config-gosa-netgroup (Closes: #602859)
  * Make debian-edu-config-gosa-netgroups conflict with gosa >= 2.7
  * tools/kerberos-kdc-init: remove unused heimdal function.
  * add myself to uploaders in control file
  * remove .svn folders in debian-edu-config-gosa-netgroups when building
    the binary package

  [ Holger Levsen ]
  * Remove /etc/dhcp/dhclient-exit-hooks.d/hostname-update and
    /etc/init.d/update-hostname as nowadays dhcp clients pick up their dns
    name from dhcp just fine. The code in question is from 2002 and nobody
    remembers why it should be necessary. (Closes: #629060)
  * Also drop /usr/sbin/update-hostname-from-ip

  * debian-edu-config (1.446~svn73270) squeeze-test; urgency=low

  [ Andreas B. Mundt ]
  * Add the tabs for the netgroups plugin in gosa.conf.
  * Add some descriptions to the netgroups in LDAP.
  * Change netmask in /etc/exports until GOsa supports 10.0.2.0/23.
  * Rework slapd-cert.cnf and make DNS aliases (subjectAltName) work.
  * Prepare gosa.conf for the netgroups plugin.
  * Enable HTTP in sources.list for APT. Most schools will have HTTP
    available today (Closes: #617368).
  * Disable DVD in sources.list for APT. Remove volatile repository, add
    squeeze-updates.
  * Testsuite: Check for TLS connection to ldap.intern if TLS connection
    to the ldap server reported by the SRV record fails.
  * Switch on password encryption in the GOsa configuration.

  [Jürgen Leibner]
  * correct typo in 'index.html.de'

  [Mike Gabriel]
  * Add cfengine script that modifies /etc/adduser.conf (Closes: #617384).
  * Move DHOME= setting from cf.homes to cf.adduser
  * Make CN for slapd cert match FQDN as returned by reverse DNS resolver.
    (Closes: #621800).
  * Deny root login for KDM.
  * ldap-tools/mkslapdcert: use SHA-1 algorithm for slapd TLS cert, refer to
    http://www.win.tue.nl/hashclash/rogue-ca/ for more information on MD5
    insecurity.
  * Cleanup of GOsa test code
  * Fix some typos.

  [ Holger Levsen ]
  * Add Brazilian Portuguese translation by Eder L. Marques (Closes: #617726)

  [ Andreas B. Mundt ]
  * Continue the rework of DHCP/DNS-setup.
  * Use FQDN for ldap-server in smb-debian-edu.conf. Thanks to Andreas
    Schockenhoff for testing and reporting.
  * Fix testsuite DNS-lookups for subnets.
  * Rework DHCP-setup in gosa-server.ldif.
  * Improve names for ltspservers and subnets.
  * Adapt testsuite to reflect new setup.
  * Remove ldap user 'admin' for now as it conflicts with the admin in
    ou=ldap-access.
  * Fix cfengine-rule.
  * Make locate-syslog-collector returning a sensible default host if no
    DNS server is available.
  * Allow NetworkManager to manage devices in /etc/network/interfaces.
    Further testing needed. If we are lucky, some hooks in
    /etc/dhcp/dhclient-* can be removed, as they are included in NM.
  * Add ldap user 'admin'. This user is going to have limited permissions
    compared to the super-admin. ACLs not yet implemented.
  * Prepare two sub-networks in ldap by default for the thin-clients.
    Needs further testing.

  [ Andreas B. Mundt ]
  * Send a simple test-mail to root when running the postoffice
    test-suite. Minor fixes to latest commits.
  * Remove ldapserver from the 10.0.2-zone.  Add extra 192.168.-zone to
    make ltspserver resolvable as 192.168.0.254.
  * Rename cf.ldap2bind to cf.bind. Add rule to switch off IPv6 for
    bind to silence IPv6 lookup failure messages.
  * Fix bug in debian-edu-ldapserver that inhibits the fallback to 'ldap'
    as ldap server.  State the cause of failure precisely in the log.
  * Add mail alias for bind pointing to root.
  * Allow users of group 'bind' to write in /etc/bind/.  Needed to make
    ldap2bind chronjob work.
  * Add 'current_directory = /' to exim's rootmail transport configuration
    to make mail services to root work again.
  * Adapt testsuite to DNS implementation.
  * Remove duplicate A-records from DNS configuration to make sure the
    reverse address mapping needed for reliably issuing a Kerberos service
    ticket works.  To move services to another machine, add the machine to
    DNS, remove the CNAME-record(s) and modify the service record(s) to
    point to that new machine.
  * Rework gosa-server.ldif. Tested by bootstrapping the ldap tree.
    Recreate zone information for bind from the ldap tree.
  * Fix bugs in cf.homes and cfengine.conf that broke the installation.
    Tested by running cfengine in the spoiled system after applying the
    fixes to the mentioned files.
  * Make sure idmapd is started (/etc/defaults/nfs-common). Needed to test
    NFSv4 with Kerberos security.
  * Overhaul DNS setup of GOsa/bind in gosa-server.ldif.  I had to revert
    the stuff added to make powerDNS work, it completely breaks GOsa's
    functionality.

  [ Christian Külker ]
  * Fix typo in www/index.pot and www/*.po.

  [ Andreas B. Mundt ]
  * Provide zone configuration files named.conf.ldap2zone, db.intern and
    db.2.0.10.in-addr.arpa. for bind to make sure DNS works right after
    installation. May need polishing and further testing (the files should
    be replaced by identical files from ldap in the first ldap2bind run).

  [ Petter Reinholdtsen ]
  * Adjust testsute/hardware to also handle ddccontrol to report DDC
    information, and prefer this over the disappearing xresprobe.
  * Fix incorrect shell test in dhclient-exit-hooks.d scripts (Closes:
    #610841).

  [ Andreas B. Mundt ]
  * Switch on NFS4 (sec=sys) for mounting the home directories with the
    automounter.  Enable services needed to test sec=krb5p:krb5i:krb5
    (done in cf/cf.homes).
  * Switch from pdns to bind and ldap2zone.  This enables management of
    hosts with GOsa and has been done to enable further testing. Obviously
    it could be reverted and needs to be agreed on.  Also needs
    documentation if kept for the release. Add debian/TODO.Squeeze.
  * Fix inconsistent naming of environmental variable USERPASSWORD in
    tools/gosa-sync.

  [ Holger Levsen ]
  * Fix tools/nbdswap-cleanup to delete the swapfiles. Add check which
    prevents the script from running twice.
  * Move debian/po/ru.po to www/ and restore the debian/po/ru.po file that
    was in 1.444 - thanks to Christian Perrier for spotting this!
    (Closes: #605245)
  * Add translation to Brasilian Portuguese of the www starting page,
    thanks to Gilberto Dos Santos Alves.

  [ Petter Reinholdtsen ]
  * Change asound.conf to always pass audio to pulseaudio (and not only
    for LTSP), to ensure Adobe Flash audio do not block access to the
    audio device for other programs.  Drop no longer needed Xsession.d
    code to set ALSA_DEFAULT_PCM when thin clients log in.
  * Adjust some of the gosa-server.ldap DNS entries to work with
    PowerDNS, by adding associatedDomain attribute.
  * In gosa-server.ldif, change ldap, syslog, kerberos and kpasswd
    from CNAMEs to A records, to make sure they can be referred in SRV
    and MX entries.  Fix typos in some SRV records.
  * Adjust PowerDNS setup to look for its object from the LDAP root,
    as its old subtree have moved and we do not want to track its
    location.
  * Change DHCP server setup to look for
    (&(objectClass=dhcpService)(cn=tjener) used by GOsa instead of the
    entry (&(objectClass=dhcpService)(cn=dhcp) from the old service
    subtree.
  * Add code to expand $MAC in ldap-debian-edu-install, for
    gosa-server.ldif to get it.  Make sure to use / and not : as the
    sed substitution character, to ensure MACs can include :.
  * Make sure SRV records have FQDN to ensure the names extracted match
    the SSL certificate names.
  * Test suite:
    - Extend DNS server test to verify that CNAME and SRV records are
      present in DNS.  Also add tests for the service specific A
      records (ldap/kerberos/postoffice/domain).
    - Make DNS test more robust by setting LC_ALL=C.
    - Add test in pxeinstall to ensure that tftp server is configured
      to use /var/lib/tftpboot/.
  * PXE server setup:
    - Remove support for now obsolete d-i-bootimages package in setup
      script.
    - Use cdn.debian.net instead of ftp.skolelinux.org as the default
      Debian mirror when installing the main-server from DVD, to get a
      mirror close to the machine instead of one in Norway.
    - Drop vga=788 as kernel argument for PXE installation, to get
      newt based d-i to work on Dell Latitude D505.
  * Updated Spanish web page translation by Hector Oron (Closes: #606088).
  * Added Catalonian web page translation by Hector Oron (Closes: #606108).
  * Remove 'Terminal=False' from
    etc/xdg/autostart/welcome-webpage.desktop to get Gnome as well as
    KDE to use it.  Gnome complain that it do not understand the
    Terminal entry.
  * Update web page translation framework to handle the new translations.
  * Add workaround for bug #606313, while it isn't fixed in the
    ltsp-server package.
  * Disable code to write a special xorg.conf file on HP Mini 2133.
    The X server in Squeeze seem to handle autodetection.
  * Drop code to install b43-fwcutter on HP Mini 2133.  It is done
    by d-i and discover-pkginstall in Squeeze.

  [ Ronny Aasen ]
  * Adjust some of the gosa-server.ldap, adding fqdn to cnames, and
    adding missing objectClass entries.

  [ Claudio Carboncini ]
  * Updated the Italian translation of the web page.

  [ Jürgen Leibner ]
  * Completed translation of the german www starting page.
  * Corrected some typos in the translation of the german www starting page.

 -- Holger Levsen <holger@debian.org>  Fri, 23 Dec 2011 18:13:10 +0100

debian-edu-config (1.445) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Add ltsp-build-client custom script to override the default kernel
    choice from 486 to 686, to allow us to change the kernel on the
    DVD.
  * Drop dependency on autofs-ldap.  First of all, the Squeeze version
    is called autofs5-ldap, and secondly it is already a depends of the
    networked profiles.
  * Make sure run-at-firstboot only configure pdns if it is installed.

  [ Vagrant Cascadian ]
  * Also define KERNEL_VERSION, as some other plugins may use it.

  [ Andreas B. Mundt ]
  * Include gosa-server.ldif in ldap bootstrapping.

  [ Translations ]
  * Update Russian debconf translations thanks to Yuri Kozlov. (Closes: 603548)

  [ Holger Levsen ]
  * As #602765 has been fixed, again, stop deploying a copy of
    /etc/ldap/schema/autofs.schema which belongs to the autofs(5)-ldap package.
    (Closes: #602084)

 -- Holger Levsen <holger@debian.org>  Tue, 16 Nov 2010 23:07:44 +0100

debian-edu-config (1.444) unstable; urgency=low

  * Turn dependency on lsof into a recommends. lsof is only used by
    two optional tools related to LTSP services, while debian-edu-config
    has many other uses. (Closes: #585712)
  * Stop deploying a copy of /etc/ldap/schema/autofs.schema which belongs to
    the autofs-ldap package. Depend on autofs-ldap instead. (Closes: #602084)
    Thanks to Ralf Treinen and edos.debian.net!

 -- Holger Levsen <holger@debian.org>  Sat, 06 Nov 2010 17:58:58 +0100

debian-edu-config (1.443) unstable; urgency=low

  [ Jürgen Leibner ]
  * Little cleanup of the smb.conf and adjust the examples to match
    the new configuration using kerberos.

  [ Andreas B. Mundt ]
  * Complete gosa-server.ldif: Add missing dns and dhcp entries.
  * Add echo message to help the user with re-initializing the
    kerberos KDC.
  * Improve password changes done by GOsa: Do not show common users the
    passwords in the process list

  [ Petter Reinholdtsen ]
  * Rewrite setup-roaming to use sssd+libpam-mklocaluser instead of
    libpam-ccreds+libpam-localoffline and nscd.  Make it use a
    sssd.conf file included in the package, to make it possible to
    update the configuration using package upgrades.  Switch to use
    Kerberos for authentication, and purge libpam-ldapd and
    libpam-krb5 to avoid duplicate password checking and nscd to avoid
    duplicate caching.
  * Add libpam-mklocaluser hook script for roaming workstations to add
    a KDE and Gnome bookmark/places link to the SMB exported home
    directory when the local user is created.  Use sambaHomePath
    attribute from LDAP if it is set to locate the SMB mount point,
    and generate if from the NFS mount point if the attribute is not
    set.
  * Adjust the roaming NSS setup to use LDAP for network names too.
  * Adjust roaming setup, remove obsolete nslcd config and add sss to
    netgroup part of nsswitch.conf to use it when sssd get netgroup
    support.
  * Try to generates sssd configuration dynamically and fall back to
    static setup if this fail.
  * Depend on ldap-utils to ensure ldapsearch is available when it is
    needed by the autodetection and test code.
  * Adjust roaming setup, purge the killer package to avoid throwing
    out the user when idle.
  * Add default config for networkmanager-kde on networked KDE
    systems, to not start it at login.
  * Add autostart entry to start the web browser with http://www/ as
    the welcome page when a user log in for the first time.  The URL
    is fetched from LDAP using the labeledURI attribute from RFC 2079
    in the users LDAP object and all parent objects up to and
    including dc=skole,dc=skolelinux,dc=no object, as well as the root
    DSE, to make it easy for administrators to change the start page
    for new users using the LDAP protocol. Add labeledURIObject object
    class to LDAP subtree object People, Students and Teachers as well
    as the base object.
  * Test suite:
    - Rewrite dnsd tests to no longer look for obsolete DNS entries
      (the ltspserver00, static00 and static200 entries are no longer
      in DNS).
    - Start on code to check the Kerberos server.
    - Add LTSP test to verify that IPv4 forwarding is enabled in the
      kernel.
    - Add LTSP test to verify that the default settings are available
      in LDAP.
    - Add LTSP test to verify that ldinfod can be contacted outside
      localhost (detects #519316 in inetutils-inetd).
    - Extend samba test to verify the sambadomain object is present in
      LDAP.
    - Extend samba test to verify that the net binary is available,
      and use it to verify that the Domain Admins group is listed in
      the samba group map.
    - Change samba test to look for the smbadmin user anywhere in
      LDAP, and not under a fixed CN.
    - Adjust ldap-client test to not check nscd but instead check sssd
      with roaming workstations.
    - Add ldap-client test to verify that only one of krb5, ldap and
      sss PAM modules is enabled.
    - Change ldap-client test to not look for cn=machines which seem
      to be unused but look for cn=admins instead.  Change it also to
      search only from the base to not require any specific structure.
    - Extend ldap-client test to check that certificate verification
      is enabled for nslcd, sssd and ldapsearch.
    - Start on test suite for the sudo in LDAP setup.
    - Update dhcpd test to look for the new binary name dhcpd.
    - Extend ldap-server to verify that encryption is enforced for
      LDAP bind.
    - Change the CUPS test to only check http access to www on the
      Main-Server profiles, and check access to localhost for all
      profiles.  Add check for https.
    - Create new nagios test script, to verify that Nagios do not
      report any errors after installation.
    - Try to detect and report if bug #582568 in kde/kdm is still
      present in the kdm test.
    - Add webcache test to detect and report squid bug causing APT
      to fail (#591839).
    - Update ldap-client test to use new automount LDAP content.
  * Add /etc/ltspfs/mounter.d/edu-notify based on proposal in #575031
    to make sure inserting USB sticks on thin clients give some visual
    feedback to the user.  Disable it when a Gnome environment is
    detected, as Gnome detect ltspfs mounts on its own.  Depend on
    python-notify to make sure it work.
  * Remove unused LDAP subtrees Domains and Pam.
  * Move super-admin LDAP object from ou=people to ou=People, as the
    former do not exist as a subtree in LDAP while the latter do.
  * Change ldap-debian-edu-install script to report problems using the
    error: prefix to make sure the error reporting code running after
    installation is able to see errors from this script.  Report error
    if kerberos setup fail.
  * Rename PW variable in ldap-debian-edu-install to ROOTPWDHASH, to
    be consistent with the other password variables in the script and
    make it clear that it is the hash and not the clear text password.
  * Some cleanup in the ldap-debian-edu-install script.  Make sure
    files with clear text passwords (/etc/krb5kdc/service.keyfile,
    /etc/gosa/gosa.random_secret, /var/lib/samba/secrets.tdb) are not
    readable by others than the users that should have access when
    they are created.
  * Add new LDAP subtree ou=networks with subnet base and mask of the
    known subnets.  Subtree name is based on recommondation from
    draft-howard-rfc2307bis-02.txt.
  * Move sambaDomain LDAP object and samba related user objects
    (cn=smbadmin, uid=root) to a ou=samba subtree.
  * Reinsert loading of DNS names into LDAP, while we try to figure
    out how to get diskless workstations working without them.
  * Disable autofs on the main-server, to avoid hiding the local
    file systems.
  * Samba initialization (samba-debian-edu-admin)
    - Rewrote minor bashism to work with dash.
    - Enable debug output to figure out why it fail.  Make sure the
      script fail on the first error.
    - Try to get initialization working by reintroducing the admins
      and jradmins group without using the lis schema.
    - Try to get initialization working by rewriting it to call
      the samba-debian-edu-admin on first boot and not from cfengine
      within d-i, because it depend on operational DNS, LDAP and Samba
      server.
    - Remove net groupmap calls in samba-debian-edu-admin, as they do
      not work and the admins and jradmins groups already have the
      sambaSID they need in LDAP.  Guessing we can live without Samba
      knowing about the students and teachers groups.
    - Merge the remaining samba configuration into
      ldap-debian-edu-install, because the removal of the calls to
      'net groupmap' removed the need to set up samba on first boot.
      Remove call to samba-debian-edu-admin in run-at-first-boot and
      flag samba-debian-edu-admin as obsolete.
    - Remove samba-debian-edu-admin script, it is now obsolete and its
      task has been integrated into ldap-debian-edu-install.
  * Add dhclient-exit-hooks.d entry to update proxy settings using the
    wpad-url option sent from the DHCP server.  Verify/update the
    proxy setting every time a dhcp reply is received.  Rewrite proxy
    setup using WPAD to disable the use of a proxy if no WPAD file is
    found.
  * Add /etc/dhcp/dhclient-exit-hooks.d/hostname-update to update
    hostname from DNS when a DHCP request change the IP address.
  * Extend the debian-edu-ldapserver script to return the LDAP base
    found in the LDAP server root DSE when -b is used, the kerberos
    realm when -r is used and the kerberos server when -k is used.
  * Write on new test tool ldap-createuser-krb5 to create a user in
    LDAP, Samba and Kerberos from the command line.  Use
    gosaDepartment objects as its LDAP base and to use an existing
    group if it exist.  Generate gecos field using 'iconv
    ASCII//TRANSLIT' to make sure posixAccount get the ASCII version
    it need.
  * Filter ldapsearch output in ldap-createuser-krb5 through
    "perl -p0e 's/\n //g'" to make sure long lines are not wrapped
    and breaking the script, and wish for -T support in ldapsearch.
  * Add script ldap-add-host-to-netgroup to add hosts to netgroups
    from the command line.
  * Add ForceType to apache config, to enforce .html.nb pages to
    text/html and not application/matematica.
  * Add a call to munin-cron in run-at-firstboot after the
    configuration is generated, to ensure http://www/munin/ work when
    the test suite is executing.
  * Remove cfengine rule to set sysctl value net.ipv4.ip_forward=1 on
    LTSP servers.  This is handled by init.d/enable-nat which also set
    up the NATing that needs the IP forwarding.
  * Change cfengine rule for KDM setup to not list previous user in
    non-standalone profiles.
  * Add README.OID to document the LDAP OIDs we have used so far.
  * Create new experimental objectclass dnsDomainAux to allow DHCP and DNS
    entries to have the same LDAP object.  Make sure to include all the
    attributes added to dnsdomain2 in 2008 according to <URL:
    http://linuxnetworks.de/doc/index.php/PowerDNS_LDAP_Backend/Downloadexperimental
    >.
  * Add FEIDE schemas (noreduperson-1.5-openldap.schema,
    eduperson-200806-openldap.schema and
    eduorg-200210-openldap.schema) to the binary package.  The schemas
    were downloaded from <URL:http://www.feide.no/ldap-schema-feide>.
  * Remove control entry for cfinputs_version in all cf.* files,
    as it only produce a different warning and did not really quiet
    down cfengine.
  * Remove unused cfengine rules for ldap clients.
  * Run 'etckeeper commit' at the end of the first boot, to record any
    changes to /etc/ done during boot.  Throw away output, there is no
    need to clutter the boot with the debug output.
  * Add workaround for #584434 in kdm, making sure kdm starts after
    krb5-kdc to get a local Kerberos kdc working with kdm.
  * Wrap long lines in pdns-debian-edu-conf and update comment on
    local_address setup.
  * Remove profile.d and Xsession.d code to set umask and add
    pam-auth-config entry to use pam_umask to do it instead.
  * Change pam_group setup for pam-auth-config to only use it for
    interactive logins.
  * Remove obsolete code in postinst to set file permissions on
    /etc/skel/.kde/share/config/kmailrc.  The file is no longer
    part of this package.
  * Expermental LDAP based LTSP configuration:
    - Add experimental ltsp_config.d script to look up configuration
      in LDAP.  Start on draft ltspclientaux.schema to be able to
      store the LTSP configuration in DHCP or DNS objects.
    - Copy LTSP configuration from /etc/debian-edu/lts.conf.dist into
      the LDAP object cn=ltspConfigDefault,cn=ltsp to test the this.
    - Avoid running ldapsearch when the LDAP server is unavailable, to
      avoid very log pauses during boot.
    - Make sure the code do not try to look up MAC address in LDAP if
      /proc is not mounted and not try to find hostname if it is not
      yet set.
    - Add caching to the script fetching LTSP configuration from LDAP
      to only do it once during boot, and make sure to only look up
      LDAP config if the cache directory is writable.
  * Add _kerberos._tcp and _kpasswd._tcp SRV record in DNS.
  * Remove ocsinventory DNS record.  No-one found time to set up the
    server part so far, so remove this ununsed placeholder.
  * Remove unused bootps, db and afsdb DNS record.  Neither is
    currently used, and bootps do not really make sense when we use
    DHCP.
  * Move all DNS reverse entries from dns_ranges.ldif to
    dns_arpa.ldif, to make it easier to test pdns in strict mode.
  * Start on ldap-createmachine script to add a computer to LDAP.
  * Remove www-server option from the DHCP setup, as it is ununsed
    and we will fetch the default URL from LDAP and not DHCP.
  * Remove workaround for bad init.d script dependencies in nslcd,
    as bug #585968 is fixed in Squeeze.  Add breaks on nslcd (<< 0.7.7)
    and code in the postinst to remove /etc/insserv/overrides/nslcd.
  * Remove replaces/provides/conflicts on ldap-skolelinux, cfengine-
    skolelinux and ncs.  These packages were removed 6 years ago.
  * Depend on debconf-utils to make sure debian-edu-pxeinstall
    find debconf-get-selections.
  * Get sitesummary2ldap working for updating the DHCP entry for the
    machines registered with sitesummary.  Rename it to
    sitesummary2ldapdhcp, and install it in the binary package.
  * Split DHCP bootstrap file in two, one with the generic configuration
    and one with the dhcpHost entries.
  * Use /media/cdrom instead of /cdrom.  The latter was made obsolete in
    Etch or Lenny.
  * Add vga=788 to the kernel arguments used with PXE installations,
    to match the argument used on the CD and DVD.
  * Change PXE setup to preseed apt-setup/local0 with test repository
    on test installations, to avoid duplicate entries in sources.list.
  * Remove obsolete debian-edu-etc-svk script, since we now use
    etckeeper.
  * Replace calls to etcinsvk in postinst with calls to etckeeper.
  * Update init.d/update-hostname to look for update-hostname-from-ip
    in its new location /usr/sbin/ where it belong.
  * Fix typo in the debian-edu-hd-warn script causing it to fail.
  * Correct pam-auth-config entry to use pam_umask to use the session
    and not the auth section.
  * Introduce new LDAP group ldap-admins with full access to LDAP.
    Add cn=admin and cn=gosa-admin as initial members of the group,
    making sure the group have one of the required member attribute.
    Drop slapd.conf access rule for gosa-admin, as its access is
    granted through the group.
  * Move adduser script to ldap-tools (and install it in /usr/bin/)
    and rename it to ldap-add-user-to-group.  Extend script to handle
    groupOfNames groups.
  * Explain in ldap-debian-edu-install how to reinitialize ldap.
  * Make sure ldap-debian-edu-install report an error if ldif loading
    fail.
  * Move netgroup subtree object to the netgroup.ldif file next to the
    subtree members.
  * Introduce new LDAP subtree ou=ldap-access, for user and group
    objects used to update LDAP.  Move ldap-admins group and admin,
    gosa-admin users into this subtree.
  * Modify LTSP plugin:
    - Change build of diskless workstation (032-edu-pkgs) to use LTSP
      method chroot_mount for mounting tha APT cache.
    - Add code to report what is blocking umount of CHROOT_MOUNTED
      entries.
    - Remove obsolete scripts 010-http-proxy and 099-progress-log.
      Their code is now in the ltsp package.
    - Make sure Kerberos and LDAP automatic configuration is invoked
      when building chroots for diskless workstations, unless building
      chroot on a main-server.
    - Add new workaround for bug #593770 in LTSP (failing to generate
      resolv.conf based on DHCP settings), and remove the old
      workaround.  This should speed up the client boot a bit.
    - Move extra bind mount entries for diskless workstation from
      init.d config file to optional ltsp_config.d fragment, to make
      sure it is set in the initrd when the bind mounting is done.
    - Brush up ltsp_local_mount to work with new LTSP version, make
      sure it do not copy etckeeper .git directory and try to umount
      bind mounted files in /etc/ before bindmounting /etc/
      read-writable to avoid hiding existing bind mounts.
    - Correct help text for --no-diskless-edu-workstation in the LTSP
      plugin.
  * Rename ou=hosts subtree to ou=dns, to avoid ou=hosts which
    according to draft-howard-rfc2307bis-02.txt should contain ipHost
    LDAP objects.
  * Move dhcp config in LDAP into new subtree ou=dhcp.
  * Add workaround for bug #589915 in slapd by making sure
    fetch-ldap-cert starts before krb5-kdc during boot.
  * Make sure fetch-ldap-cert give pdns 2 seconds to start before
    trying to locate the LDAP server using DNS.
  * Drop conflict on debian-edu-install (<= 0.616), it was published
    in 2004.
  * Drop conflict on samba (<<3.0.0), it was published in 2003.
  * Drop alternative depend on discover1.  It is no longer in Debian.
  * Remove all our pam.d files, as we use pam-auth-update now
  * Remove code in debian-edu-hwsetup calling discover-pkginstall,
    as this is done by debian-installer (hw-detect) in Squeeze.
  * Rephrase server web page to use 'LDAP administration' instead
    of 'Lwat' as the link text, and improve explanation on where the
    link leads.
  * Drop translation flag from kerberos debconf templates, as they
    will normally not be show to any user.
  * Depend on libterm-readkey-perl for sitesummary2ldapdhcp to work.
  * Create new Perl module Debian::Edu, and move functions to find
    LDAP server, LDAP base and prompt for passwords there to avoid
    duplicate code in our scripts.  Make sure it use LDAP settings
    from /etc/ldap/ldap.conf when set, to allow clients to change
    these in one place and affect our Perl LDAP scripts.  Depend on
    fping to make sure Debian::Edu find it when needed.
  * Reduce DNS timeouts in Debian::Edu when looking for LDAP and
    Kerberos server, to make sure a result is returned quicker when no
    DNS server is available.  Reduced runtime from 6.5 to 1.5 minute.
  * Extend ldap2netgroup to list member netgroups too.
  * Reimplement debian-edu-ldapserver using Perl to add support for
    -s servername and use it to speed up scripts using it.
  * Add "ServerAlias *" to our cupsd.conf file, to make cups accept
    requests using any name/interface.
  * Reinsert the machines group wanted by /etc/samba/smbaddclient.pl.
  * Change powerdns configuration to connect to ldapi:// to ensure the
    unix socket is used to communicate with the LDAP server.
  * Change init.d/fetch-ldap-cert to syslog and stop looking up LDAP
    server when it isn't needed.
  * Rewrite init.d/enable-nat to use LSB style output functions.
  * Change slapd.conf to include "localssf 128", to make sure
    connections using the unix socket (ldapi://) is considered safe
    enough to bind and update LDAP.
  * Extend workaround for bug #585966 to also include pdns-recursor in
    the $named definition, to ensure DNS lookup is working also for
    external DNS names.
  * Add new LDAP indexes for macAddress and dhcpHWAddress attributes,
    to ensure LTSP configuration and DHCP server searches are
    processed quickly.
  * Add new LDAP index for createTimestamp attribute, to ensure query
    from Lwat cron job is processed quickly.
  * Add LDAP index for aRecord to make sure powerdns reverse lookups
    are quick.
  * Remove LDAP server and base argument from scripts using the
    ldaptools that reads /etc/ldap/ldap.conf, to allow the settings in
    that file to be used instead.
  * Rewrite tools/passwd script to find LDAP objects dynamically,
    and use the LDAP server and base settings from ldap.conf.
  * Adjust debian-edu-ldapserver, to return default values for
    main-server during installation, when dynamic lookup is not
    possible.
  * Extend debian-edu-ldapserver with option -f to fall back to
    default values if autodetection fail.
  * Rewrite cfengine rules for LDAP clients to fetch LDAP server and
    base using debian-edu-ldapserver to fetch it dynamically during
    installation using -f to get default values if autodetection fail.
  * Make sure debian-edu-ldapserver do not use localhost to generate
    settings, to avoid getting bogus Kerberos realm.
  * Change SRV entries in DNS to use the service DNS names to allow
    the services to be relocated by only updating one DNS entry and
    not on the clients copying the SRV entries to their local
    configuration.
  * Fix minor typo in server-hosts netgroup.  Remove unused domain
    part from triplet.
  * Add workaround for bug #582568 in kdm by touching
    /root/.local/kaboom using cfengine during installation.
  * Add cfengine rule to purge libpam-ldapd after installation, as a
    workaround for bug #591773 in nslcd.
  * Provide hook scripts in /usr/share/debian-edu-config/d-i/ for
    debian-edu-profile-udeb to call from within d-i.
  * Enable bootlogd for test installations in cfengine, to give us
    access to the boot messages after the boot.
  * Add code in the finish-install hook to install the Gosa packages
    for testing on the main-server.
  * Point web page link for LDAP administration to gosa, now that we
    concluded to use it for Squeeze.
  * Add attributes objectClass=gosaAccount and uid=admin to admin user
    object, to try to get the object to show up in Gosa.
  * Add code in d-i pre-pkgsel hook to dynamically look up sitesummary
    server, LDAP server and base as well as Kerberos realm and server
    to use it to preseed sitesummary-client, nslcd, lwat and
    krb5-config on all networked profiles.
  * Configure syslog collector on clients dynamically during
    installation based on 'syslog' DNS name and _syslog._udp SRV
    record, and remove old static configuration.  Update DNS to
    provide this SRV record and not the unused _syslog._tcp entry.
  * Remove unused log-servers from DHCP setup, both for the server and
    the clients.
  * Make cfengine rule for LDAP clients more robust and make sure the
    ldap.conf file do not change when cfengine is executed several
    times.
  * Add _kerberos TXT record in DNS with the Kerberos realm as
    content, to allow packages like krb5-config and sssd to
    automatically detect the realm.
  * Add workaround for bug #592479 in network-manager triggered when
    building the LTSP chroot, by creating /var/lib/NetworkManager
    before trying to purge network-manager.
  * Create new group cn=ldap-auth,ou=ldap-access with the users that
    should be allowed to authenticate using LDAP bind.  Not used yet,
    as I am unsure how to do that and unsure what will break if we
    force the use of Kerberos authentication.
  * Correct cfengine rule to detect the installation environment to
    look for /sbin/start-stop-daemon.REAL instead of
    /etc/inittab.real.  The latter do not exist during installation
    any more.
  * Replace Package with Packages in squid.conf as a workaround for
    bug #591839 in squid.
  * Change SSL certificate specification for the LDAP server to use
    ldap.intern as its common name and list DNS:ldap as DNS:ldap and
    DNS:localhost to try to get certificate checking working.
  * Change gosa.conf to use ldap.intern instead of localhost as its
    connection point, to avoid certificate error when connecting.
  * Add policykit rule to make members of the admins group admins
    according to policykit.
  * Change ldap.conf to check SSL certificate when using TLS.
  * Point nslcd.conf to the SSL certificate for the LDAP server.
  * Make sure nslcd start after init.d/fetch-ldap-cert to have the
    cert file available when it is needed.
  * Change debian-edu-pxeinstall to also detect diskless workstations
    using pam-krb5 or pam-sss.
  * Adjust debian-edu-pxeinstall to work with the new debian-installer
    netboot debs.
  * Stop showing status when starting and stopping services in
    init.d/enable-nat, as it is mostly noise during boot and shutdown.
  * Make sure to purge libnss-mdns on stationary machines, as in
    not standalone and not roaming profiles.
  * Change automount map for autofs5-ldap to list a generic
    /skole/tjener/& entry to handle any subpoint under that path
    without any changes to LDAP.
  * Adjust automount options in LDAP to reduce timeout and make sure
    the home directory is mounted with more secure and efficient
    settings.
  * Update standards-version from 3.8.4 to 3.9.1.  No changes needed.
  * Adjust sitesummary2ldapdhcp to work with recent changes in the
    Debian::Edu perl module.
  * Add link to http://linuxsignpost.org/ on the default page shown to
    new users.
  * Update Norwegian Bokmål (nb) web page translation.
  * Switch powerdns to strict LDAP mode, to make it possible to do DNS
    updates by only adjusting one LDAP object.  Drop the reverse map
    from LDAP because of this.  Adjust the DNS testsuite to handle
    multiple DNS names replies for reverse lookups.
  * Move ACL list for powerdns to config file generated at first
    boot, to avoid hardcoding subnet addresses in the package.
  * Start on subnet-change script to change the IP subnet used by the
    main-server (LDAP and files).  It is not complete, yet.  Depend on
    libnet-netmask-perl for the script to work.
  * Add code to migrate from slapd.conf to slapd.d style configuration
    when setting up LDAP during installation.  Not enabled by default,
    as slapd since 2.4.23-5 work with slapd.conf.  We should migrate
    to slapd.d and drop our slapd.conf file.
  * Add new tool notify-local-users to allow root to send a
    desktop.org style notifications to all local users. Add
    libnotify-bin as a recommend, to ensure it work out of the box.
  * Add reference to ALSA dmix setup in asound.conf.

  [ Andreas B. Mundt ]
  * Kerberos implementation:
    - Add debconf questions and templates to ask for the Kerberos master
      key during installation of the main-server. Avoid infinite loop by
      limiting the number of kdc password queries for debconf.
    - Add script to initialize the kerberos KDC. The script is called by
      ldap-debian-edu-install.
    - Reset debconf questions in kerberos-kdc-init only if password is
      empty, to avoid asking for the KDC password on package update.
    - Cleanup of the kerberos-kdc-init script. Add debugging to slapd
      startup. (Commented after successful implementation).
    - Use start-stop-daemon.REAL during installation when needed to start
      slapd.
    - Switch kerberos to access ldap using the ldapi:/// unix socket.
      This makes the KDC setup work at install time. Possible security
      issues still have to be checked, but it might be better to use the
      socket anyway for performance reasons.
    - Add smtp service principal and fix minor issues for host/service
      principals.
    - Add more kerberos checks to the test suite.
  * GOsa implementation:
    - Add configuration file gosa.conf for gosa.
    - Add schema-files from gosa. The files might be removed later and be
      replaced by the debian gosa (-schema) package(s).
    - Add scripts to process changes in ldap. The gosa-* scripts will be
      called by gosa hooks when creating or removing a user and to
      synchronize kerberos and posix/ldap passwords.
  * LDAP modifications:
    - Modify ldap bootstrapping to enable gosa and kdc out of the box.
    - Add default sudo-ldap configuration in sudo.ldif and configure
      sudo-ldap.
    - Modify ACLs in slapd-squeeze_debian-edu.conf to allow kdc and gosa
      access the ldap database.
    - Add KRB5_KTNAME=/etc/krb5.keytab.ldap to /etc/default/slapd.
  * Mailing system:
    - Switch from courier to dovecot imap server configuration.
    - Modify exim4 configuration (user lookup in ldap).
  * Miscellaneous:
    - Fix cfengine rules in cf.ldapserver and cf.ldapclient: Skip
      modifications (i.e. on a second run), if they are already in place.
    - Remove cfengine rules to modify the umask for lenny. The modification
      is default in squeeze, but can be overwritten using the etc/profile.d/
      directory.
    - Remove old exim configuration and directory not used anymore; adapt
      Makefile.
    - Remove never used configuration file krb5-winbind-debian-edu.conf.
  * Enable GSSAPI authentication with kerberos ticket to exim4 smtp server.
  * Remove some debug code from the kerberos-kdc-init script.
  * Fix typos in cfengine config and clean it up a bit.
  * Make krb5.conf, kdc.conf and kadm5.acl readable for everybody.
  * Remove confused exit in kerberos KDC setup script.
  * Replace the manipulated automount.schema file and replace it by the
    autofs.schema file provided by the autofs5-ldap package.
  * Modify autofs.ldif to work with the autofs5-ldap package.
  * Remove cfengine rules not needed with the improved autofs.ldif.
  * Add code to figure out distinguished names needed for KDC setup.
  * Remove ignored automounter variable AUTOFS_ENABLED from cfengine
    rule.
  * Move gosa-* executables to /usr/share/debian-edu-config/tools/.
  * Move all sysadmin executables from /usr/bin/ to /usr/sbin/.
  * Remove unused bin/debian-edu-pxelinux.cfg.
  * Add experimental DHCP/DNS GOsa server configuration to
    gosa-server.ldif as example and for reference.
  * Switch most ou=* in ldap-bootstrap/*.ldif to lower case. There are
    still capital case references around in other files; we should clean
    up and avoid them from now on for consistency.
  * Add commented cfengine rule to filter ldap posix accounts and not
    show templates as normal users. Not activated because of #311188;
    let's see if we really need it.
  * Add cifs/tjener principal and corresponding keytab entry.
  * Move debconf questions from the package's configuration script to
    the kerberos-kdc-setup script to only ask for any password if the
    KDC is really set up. This makes sure no password is left in the
    database.
  * Modify for DHCPv4 transition starting with patch from Mehdi Dogguy
    (Closes: #585064).
  * Remove /etc/dhclient-exit-hooks as it is empty.
  * Remove /etc/insserv/overrides/dhcp3-server as it is not needed any
    more.
  * Remove files in /etc/dhcp3/ if they have not been modified. It is
    superseded by /etc/dhcp/.
  * Add breaks with old dhcp3-client and dhcp3-server packages.
  * Fix conflicting groupID numbers in predefined posix groups. Make sure
    they are the same compared to what has been used in Lenny.
  * Add Samba attributes to the GOsa user templates. Minor fixes.
  * Switch GOsa's ldap snapshot feature on by default for testing.

  [ Daniel Hess ]
  * Replace $SAMBACRYPTPW with $SAMBAPWDHASH in samba.ldif to fix
    setting the password for smbadmin by ldap-debian-edu-install.

  [ Jürgen Leibner ]
  * Add entries to smb.conf to use kerberos in a way to have tjener as
    an authentificationserver for samba as testcase.
  * Modified / reordered some entries in smb.conf for better reading.

  [ Holger Levsen ]
  * Unfuzzy translations of web page where possible, else just
    make sure the links are correct.

 -- Holger Levsen <holger@debian.org>  Sat, 30 Oct 2010 16:49:05 +0200

debian-edu-config (1.442) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Remove obsolete rules entry to install init.d/boot_xconf, which
    was removed in version 1.430.
  * Avoid error from init.d/fetch-ldap-cert when /opt/ltsp/ is
    missing.
  * Make init.d/fetch-ldap-cert depend on $named to make sure DNS work
    when it look for the LDAP server.
  * Reduce depend on resolvconf to recommends, to make it possible to
    remote it when resolvconf is not needed.
  * Make sure index.html.zh is included in the binary package.
  * debian-edu-pxeinstall:
    - Change how the script find the time/zone preseeding value, to
      cope with its package changed from d-i to tzsetup-udeb.
    - Make sure it exits with an error if it is unable to find d-i images.
    - Disable default proxy settings, to make it work also when
      installing a main-server via PXE.
    - Fix script to pass on mirror settings from the installed system
      without crashing with the new debconf template names.
  * Change cfengine ordering of update-proxy-from-wpad to make sure it
    is executed after debian-edu-pxeinstall to fix problem with
    main-server installations.
  * Remove code to run cfengine several times during installation,
    as the bug crashing cfengine on the first run seem to have
    been fixed.
  * Adjust debian-edu-ltsp to make sure it always umount the CD, also
    if the installation fail.
  * Move active content of ltsp-make-client from ltsp-make-client into
    a ltsp-build-client pluing, to allow us to build the LTSP chroot
    in one pass instead of two (Closes: #580255).  New option
    --no-diskless-edu-workstation to disable it. Remove
    ltsp-make-client, it is no longer needed  (Closes: #581077).
  * Modify LTSP plugin:
    - Change how the Squid proxy workaround (no pipelining) for APT in
      LTSP is implemented, to make sure the setting is not overwritten
      by the Debian/010-http-proxy script in ltsp-server.  Enable it
      just after debootstrap ran.
    - Move code in plugin to allow untrusted packages from CD and bind
      mounting /var/cache/apt/archives into the ltsp chroot earlier
      (from after-install to install), to make sure both
      EARLY_PACKAGES and LATE_PACKAGES are shared with the host apt
      cache.
    - Rewrite installation of diskless workstation to query tasksel
      for the aptitude command to use, and use it directly to get
      output from the installation process.
    - Enable etckeeper also for LTSP clients.  Install it early, and
      commit several times while setting up a diskless workstation.
    - Remove useless trailing space from some lines.
    - Disable new cron jobs (apt-xapian-index, dpkg, etckeeper,
      killer, logrotate, readahead, readahead-monthly) in Squeeze on
      diskless workstations.
    - Purge resolvconf on diskless workstations, and leave it to LTSP
      to update it at boot.
    - Source /etc/default/locale to fetch current default LANG setting
      during installation, to try to get the tasksel installation to
      pick the correct language packages.
    - Drop code to update the LDAP SSL certificate during building, as
      this is done by init.d/fetch-ldap-cert when the thin client
      server boots.
    - Move code to update Iceweasel web server certificate override to
      the snakeoil-on-ice script.
    - Adjust boot setup for diskless workstation to handle new scripts
      in Squeeze.
    - Disable init.d/bluetooth on thin clients, as it fail to start
      and they are unlikely to have use for it.
    - Purge network-manager, as it causes the client to hang during
      boot and we do not want dynamic network configuration.
    - Purge network-manager-openvpn, network-manager-pptp,
      network-manager-vpnc, openvpn, wpasupplicant, hdparm, hddtemp,
      readahead, readahead-fedora, ppp and popularity-contest when
      building diskless workstations, which do not make sense on LTSP
      clients.  Use aptitude to purge unwanted packages, because it do
      not return an error code when trying to purge packages that are
      not installed like apt-get does.
    - Make sure to remove packages from LTSP chroot which are no longer
      needed after purging unwanted packages.
    - Add workaround for failure to migrate from sudo to sudo-ldap
      when installing diskless workstations (see #586887).
  * Change default-ltsp-client-setup to also look for a DNS server on
    $SERVER, to try harder to get DNS working if IP addresses was
    changed.
  * Test suite:
    - Correct ldap-client test to look for /etc/nslcd.conf and not the
      nss-ldapd.conf and pam_ldap.conf we no longer use.
    - Rewrite samba test to not exit on first error, but test several
      things in case only some problems are present.
    - Add new test for ltsp, verifying that the resolv.conf inside and
      outside the LTSP chroot have the same content.
    - Add new webserver test checking that http://www/munin/,
      http://www/sitesummary/ and http://www/debian-edu-doc/ work.
    - Add new cups test checking that http://www:631/ work.
    - Add new filesystem test, reporting an error if autofs is hiding
      the real mount point for /skole/tjener/home0/.
  * Make the tools/adduser script more robust, by avoiding hardcoded
    DN paths and instead look up admin user and requested group in
    LDAP before adding a user to the group.
  * Correct cleanup code in preinst to only run on upgrades, not first
    time installations, to avoid removing loadcpufreq when installed
    in a diskless workstation chroot.
  * The init.d/resize_lvm script is now obsolete, as online resizing
    has worked since Lenny.  Remove it, and make sure to remove it
    during upgrades too.
  * Update our dhclient config to reflect changes to dhcp3-client
    between versions 3.0.4-13 and 3.1.3-2 (adding domain-search and
    rfc3442-classless-static-routes options).
  * Remove NameVirtualHost line at the start of the apache
    configuration, to avoid warning from apache when it starts.  It do
    not seem to be needed.
  * Correct munin entry in our apache configuration, to make the munin
    page available.
  * Add tool missing-desktop-file to detect packages with Debian
    menu file and no XDG desktop file.
  * Add code to preinst and postinst to rename
    /etc/debian-edu/www/index.html.no to
    /etc/debian-edu/www/index.html.nb during upgrades, and remove
    incorrect removal code.
  * Add file share/debian-edu/common/share/config/kickoffrc with our
    KDE 4 favorites, adding iceweasel, OpenOffice.org Writer and
    gcompris and removing konqueror.
  * Add workaround to make pdns an optional implementation of $named
    while we wait for its bug to be fixed (#585966).  The
    /etc/insserv.conf.d/debian-edu-config file should be removed
    when it is fixed.
  * Add insserv override files for ntp (#585772), nslcd (#585968) and
    dhcp3-server (#586035) while we wait for their respective bugs to
    be fixed.  The files in /etc/insserv.conf.d/ should be removed
    when the bugs are fixed.
  * Add workaround for bug #585966 in pdns by sleeping for two seconds
    in init.d/fetch-ldap-cert and making sure pdns starts before the
    dhcp server.
  * New tool debian-edu-ldapserver to find current LDAP server, for
    use by scripts.
  * Change init.d/fetch-ldap-cert to use new script
    debian-edu-ldapserver.

  [ Andreas B. Mundt ]
  * Miscellaneous:
    - Switch package repositories to squeeze.
    - Add default nepomukserverrc configuration file: Do not start Nepomuk
      by default to keep the default disk space requirements low.

  [ Jürgen Leibner ]
  * Added some info into README about SMB configuration

  [ Holger Levsen ]
  * Add Danish translation, thanks to Joe Dalton. (Closes: #581044)
  * Provide source/format and set it to 1.0.

  [ Xavier Oswald ]
  * Updated French web page translation.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 05 Jul 2010 19:18:56 +0200

debian-edu-config (1.441) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Updated Standards-Version from 3.8.3 to 3.8.4.  No changes needed.
  * Make sure ltsp-update-kernels is called on first boot, in case the
    LTSP initrd was changed during installation.
  * Disable code to insert PXE installation workaround for upgrading
    old udebs, as it is not yet needed for Squeeze.
  * Rename now obsolete language code 'no' to 'nb' for web page.
  * Drop kickerrc config from /etc/skel/ to avoid KDE upgrade dialog
    for first time users, as the configuration it was supposed to
    implement are no longer relevant in KDE 4 (Closes: #570784).
  * Add script share/debian-edu-config/tools/kerberos-kdc-init to
    initialize a Kerberos server.  Not installed into the binary
    packages, as it need more work.
  * Move sbin/debian-edu-pxefirmware to share/debian-edu-config/tools/,
    as it should not be in the default path.
  * Move where the IP forwarding is enabled from /etc/sysctl.conf to
    /etc/sysctl.d/edu-ltsp.conf, to avoid upgrade problems.
  * Adjust LTSP chroot build rules to apply the apt configuration
    workaround for Skolelinux bug #1419 also in the LTSP chroot, to
    avoid download problems when using the Squid proxy.
  * Adjust desktop-profiles trigger for networked installs to also
    look for /etc/nslcd.conf to also work when we migrate to
    libpam-ldapd.
  * Change pam-configs entry for pam_group from type Primary to
    Additional, to properly reflect its task.  Change its priority to
    0 as its priority do not matter when it is of type Additional.
    Solve problem discovered with libpam-heimdal.
  * Add code to handle new "Roaming workstation" profile, and use new
    script /usr/share/debian-edu-config/tools/setup-roaming to
    configure machine for disconnected operation.  Adjust test suite
    to handle the new profile.
  * Reduce dependency of xresprobe to recommends, and remove
    arcitecture flags in recommends list, as it do not work and breaks
    the build.

  [ Andreas B. Mundt ]
  * Add myself to Uploaders.
  * Remove old krb5-kdc.schema and add new kerberos.schema from the debian
    krb5-kdc-ldap package.
  * Copy slapd-lenny_debian-edu.conf to slapd-squeeze_debian-edu.conf and
    add schema and ACLs for kerberos there.
  * Change Makefile to use slapd-squeeze_debian-edu.conf.
  * Add commented code to debian-edu-config.postinstall to not forget
    removing old conffile(s) at a later stage.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 01 May 2010 21:50:04 +0200

debian-edu-config (1.440) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Updated hardcoded fallback distribution name for the LTSP build
    and PXE setup from lenny to squeeze (used when lsb_release do not
    know the distribution name).

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 20 Apr 2010 19:32:44 +0200

debian-edu-config (1.439) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Drop calls to the obsolete debconf-set-frontend tool, and use
    DEBIAN_FRONTEND=noninteractive in debian-edu-winbind instead.
  * Change mirror preseeding in debian-edu-pxeinstall to use "new"
    style preseeding for manual mirror selection (Closes: #570783).
  * Disable /etc/security/group.conf editing for local device access
    in Squeeze.  We still need it for fuse group membership and LTSP
    device access.
  * Disable editing of /etc/profile for Squeeze, and use the new
    /etc/profile.d/ feature instead to override the default umask.
    Depend on base-files (>= 5.3) for this (Closes: #370348).  Also
    disable /etc/skel/.bash_profile editing which seem to be obsolete
    in Lenny and Squeeze.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 15 Apr 2010 21:27:32 +0200

debian-edu-config (1.438) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * New script sbin/debian-edu-pxefirmware to add firmware files to the
    initrd used with PXE installation, to get PXE installation working
    for hardware needing non-free firmware.  Do not include it in the
    binary package yet, as it need more work.
  * Remove dependency on etcinsvk.  It depend on svk which is going
    away from Debian (Closes: #569793).
  * Adjust cfengine rule for kdm to allow root logins in Squeeze too,
    and only edit kde3 stuff in Lenny.
  * Adjust LTSP build rules to only add the local apt section if a CD
    already has a local section in its apt source (Closes: #573079).
  * Rewrite how translated web pages are handled, and use po4a to
    generate the non-english pages using .po files.  Convert web pages
    to XHTML to get po4a working.  The old translations has been
    manually migrated by someone that recognize the language.
  * Change install rule to install the Italian web page to the
    package.
  * Added Norwegian Bokmål debconf translation.
  * Add /usr/share/pam-configs/edu-group to configure pam_group when
    using pam-auth-update, as a workaround while we wait for #370346
    to be fixed.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 04 Apr 2010 19:44:58 +0200

debian-edu-config (1.437) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust debian-edu-ltsp-audiodivert to generate wrappers that also
    work if the user have the $wrapper environment set, and document
    in a comment the source packages for padsp and esddsp.
  * Correct start dependencies for init.d/fetch-ldap-cert, making sure it
    starts after slapd (Closes: #566973).
  * Make sure fsautoresize cron job look for both short and long host
    name in the fsautoresize-hosts netgroup, to make it compatible with
    the host netgroups generated by lwat.
  * Configure powerdns to use localhost as its LDAP server, to remove the
    need to change this when changing subnet for the installation.
  * Include time zone selection in PXE installation preseeding file,
    to avoid problems when an unusual language/keyboard/region
    combination is used (Solves Skolelinux bug #1436).  Do not change
    existing installations, as it can overwrite local changes done
    after installation.
  * Only enable our pam.d files on lenny.  For Squeeze, we will use
    pam-auth-update.
  * Remove usplash on machines with video card ATI ES1000 as found on
    HP Proliant DL385 G6 (partly solves Skolelinux bug #1427).
  * Configure the bind addresses for powerdns during first boot, to
    make sure all interfaces are listed in local-address, causing the
    source IP address on DNS replies to be correct independent of the
    interface used.  (Solves Skolelinux bug #1441).  Do not change
    existing installations, as it can overwrite local changes done
    after installation.
  * Add new test verifying the netgroup setting in /etc/nsswitch.conf.
  * Correct non-verbose code path for init.d/update-hostname to not
    report bogus failure.
  * Add test for LDAP server verifying that the downloaded server
    certificate matches the slapd server certificate, to detect
    incorrectly downloaded certificates.

  [ Ronny Aasen ]
  * Add ForceType to apache config, to enforce .html.es pages to
    html. (Solves Skolelinux bug #1413)

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 03 Mar 2010 21:26:59 +0100

debian-edu-config (1.436) unstable; urgency=low

  [ Vagrant Cascadian ]
  * Update email address to use vagrant@debian.org.

  [ Petter Reinholdtsen ]
  * Make ltsp-make-client disable the cron jobs we do not want to have
    enabled on a diskless workstation (Solves Skolelinux bug #1432, #1433).
    Do not change existing ltsp chroots on upgrades as there is no way
    to know if the current configuration is intended or not.
  * Make ltsp-make-client disable exim4 on thin clients and diskless
    workstations (Solves Skolelinux bug #1434).  Do not change
    existing ltsp chroots on upgrades as there is no way to know if
    the current configuration is intended or not.
  * Update update-proxy-from-wpad to make sure it create files that
    are readable by all (Solves Skolelinux bug #1431).  Do not
    fix existing installations as there is no way to know during
    package upgrade if /etc/environment and /etc/apt/apt.conf should
    be read protected or not.

 -- Holger Levsen <holger@debian.org>  Thu, 04 Feb 2010 18:48:25 +0100

debian-edu-config (1.435) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Output recipe for installing the iwlagn wireless driver
    in debian-edu-hwsetup if the iwlagn kernel module is not
    loaded on hardware that need it.
  * Remove usplash on machines with nVideo video card with PCI id
    10DE:06EB, to avoid black on black screen when and after usplash
    is running.  Detected on Dell Latitude E6500.
  * Drop the 'splash' boot argument from LTSP and PXE boots.  It is no
    longer needed as installing usplash is enough to activate it.
  * Provide new tool update-iceweasel-homepage to change the default home page
    used by Iceweasel.
  * Adjust ltsp-make-client to only create symlinks to init.d scripts
    if the symlinks do not exist, to make sure ltsp-make-client can
    process the same chroot several times without failing (Solves
    Skolelinux bug #1423).
  * Remove etcinsvk calls from cfengine-debian-edu.  It slow down the
    script a lot when called outside the installer.
  * Return to two calls to cfengine in cfengine-debian-edu.  The last
    run appear to no longer be needed, and running three times make
    the installation change behaviour depending on the speed of the
    computer.
  * Make sure /etc/environment is created by update-proxy-from-wpad
    if it is missing make sure the proxy settings are activated also
    for non-proxied installations.

  [ John S. Skogtvedt ]
  * Fix tools/passwd:
    - Check return code rather than output of ldappasswd as suggested
      by Christian Ostheimer (Skolelinux bug #1365).
    - Pass -s option to smbpasswd so it reads password from stdin.

  [ Holger Levsen ]
  * Make debian-edu-hwsetup more reliable.

  [ Ole-Anders Andreassen]
  * Translated to norwegian and added smb-roaming-profiles-nb.conf to
    trunk/src/debain-edu-conf/doc/examples .

  [ Jürgen Leibner ]
  * Generalize the deploy of the samba roaming profile examples in the Makefile

 -- Holger Levsen <holger@debian.org>  Sat, 30 Jan 2010 22:23:20 +0100

debian-edu-config (1.434) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust ltsp-make-client used to improve LTSP based diskless
    workstations:
    - Make sure to make /etc/ldap/ssl/ldap-server-pubkey.pem readable
      by all users, to get screen unlocking to work (Solves Skolelinux
      bug #1415).
    - Make sure to disable gdm in runlevel 4 the same way kdm is
      disabled, to try to get the gnome option working (Skolelinux bug
      #1420).
    - Start cron in runlevel 3, to get shutdown-at-night to work.
    - Purge munin-node and xfs from chroot.  We do not want these
      network services running, and having them installed confused
      sitesummary when generating Nagios configuration.
  * Remove obsolete cfengine rules only affecting sarge and etch installs.
  * Change lenny cfengine rules to run on lenny and later (aka
    squeeze).
  * Adjust lwat cfengine rules to make sure the "sambaPwdLastSet"
    settings are only inserted when it is missing.
  * Add new tool wpad-extract making it possible to extract the proxy
    setting from a WPAD file on the command line.  Depend on
    libjavascript-perl to get it to work.
  * Add postinst code to correct permissions on ldap-server-pubkey.pem
    in LTSP chroot and fix skolelinux bug #1415 on upgrades.
  * Add code in the preinst to remove obsolete conffiles in
    /etc/nagios/ and /etc/cfengine/.  Not removing obsolete files in
    /etc/bind/ and /etc/ldap/ to avoid breaking those still using bind
    and slapd config from Etch during upgrades.
  * Add test to detect incorrect permissions on /etc/resolv.conf.
  * Make sure LTSP resolv.conf is readable by all also on DVD installs
    (Solves Skolelinux bug #1416).  Fix this bug on upgrades too.
  * Adjust debian-edu-pxeinstall to improve the PXE installation
    experience:
    - Rewrite how a test installation is detected, to make sure it
      work on both DVD, netinst and PXE installs.
    - Make sure to preseed ftp to use the same proxy as http.
    - Make sure to fetch proxy settings from /etc/environment if they
      are set there.
    - Make sure to only create thin client and diskless LTSP options
      when the main-server is a thin client server.
  * Speed up the test suite when no Internet is available by using
    netstat --numeric-hosts when checking if a given port is open, to
    avoid unneeded DNS lookups.
  * Use ltsp-arch-debian-edu in ltsp test code to make sure all parts
    use the same way to figure out the LTSP architecture.
  * Change ltsp-arch-debian-edu to only run dpkg once.
  * Do not run snakeoil-on-ice in the LTSP client chroot to avoid
    error during installation when it is unable to fetch SSL
    certificate from https://www/.
  * Provide installation option (kernel argument
    edu-skip-ltsp-make-client) to skip the step converting LTSP chroot
    to a combined thin client/diskless workstation chroot (Solves
    Skolelinux bug #1417).
  * Add etc/skel/.kde/share/config/kickerrc enabling
    mediaapplet.desktop for users, to make sure the direct media
    applet is started.  The file was created by logging in and adding
    the applet to kicker.  The list of default applets in kicker is
    hardcoded in the source, so this is the only non-forking way to
    add a default applet.  The list of applications in
    share/debian-edu/common/share/apps/kicker/default-apps is
    overrided.
  * Run sitesummary client and server parts at first boot, to make
    sure munin config is configured imediately.
  * Remove some old cruft from bin/debian-edu-ltsp, and make sure it
    runs ltsp-update-sshkeys after the ltsp chroot is generated.
  * Add APT option "Acquire::http::Pipeline-Depth 0;" to make sure
    package downloading work well througth Squid (partly solves
    skolelinux bug #1419).
  * Rewrite how cfengine detect a thin client server environment, to
    make sure a simple main-server is not mistaken as a thin client
    server.
  * Rewrite how cfengine detect a workstation environment, to make
    sure both kde and gnome environments are detected while not
    detecting it for a standalone installation.
  * New testcase for workstations to detect if cfengine fail to
    update mplayer configuration.
  * Disable nagios configuration in cfengine.  This is now done by
    sitesummary using preseeding.
  * Create an empty /etc/nagios3/htpasswd.users to make sure the
    documenteed htpasswd call can add the nagiosadmin user.
  * Use wpad-extract in webcache test to verify that the wpad file
    work.
  * Make sure everything looking for the wpad.dat file is using the
    URL http://wpad/wpad.dat.
  * Provide new tool update-proxy-from-wpad to update /etc/envionment
    and APT proxy settings using the content of a wpad file.  Updates
    /etc/apt/apt.conf, the file created by debian-installer with proxy
    information.  Use it to update the settings during installation.
  * Remove obsolete cfengine rule for updating the permissions of
    /etc/kde3/kioslaverc.  This file is no longer created by us.
  * Make sure debian-edu-pxeinstall is used on main-server installs
    too, not only on combined main-server+thin-client-server installs.
  * Remove trailing slash from directory entries in cf.iceweasel, to
    try to avoid error from cfengine when the directories exist.
  * Run cfengine three times to recover from bug in cfengine.  Try to
    commit to etcinsvk between each run.  Save output from the
    cfengine run in /var/log/installer/cfengine-debian-edu-*.log for
    easier debugging.
  * Make all cfengine files and directories rules use consistent mode=
    and act= statements.
  * Make sure mplayer cfengine rule is executed on workstations as
    well as standalone profiles.
  * Remove code creating /etc/inittab.real for cfengine to find.  It is
    no longer needed as the udebs use -Dinstallation now.

  [ José L. Redrejo Rodríguez ]
  * Added /var/lib/gdm if it exist to the list of writable dirs for
    diskless using Gnome.

  [ Morten Werner Forsbring ]
  * Fixed a cfengine-syntaxproblem in cf/cf.dhcpserver.
  * Changed from using action=create to action=touch in cf/* as this should
    be a workaround for a bug reported to cfengine upstream
    (https://cfengine.org/pipermail/help-cfengine/2008-November/004434.html).

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 21 Jan 2010 14:22:38 +0100

debian-edu-config (1.432) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust nbdquery, make sure to throw away error messages from lsof
    to avoid passing noise to nbdswap-cleanup.
  * Correct URL used in chguserpw.desktop, to use https://www/lwat
    instead of https://tjener/, to make sure the Icewease SSL overrides
    take effect when visiting the password change page.
  * Add ltsp test checking the Debian Edu profile setting in
    /opt/ltsp/arch/etc/debian-edu/config, to detect problem discovered
    by Ole-Anders Andreassen.
  * Adjust ltsp-make-client used to improve LTSP based diskless
    workstations:
    - Correct typo, copy the cert_override.txt file without --parent.
    - Report content of host resolv.conf when DNS lookup fail, to make
      it easier to debug.
    - Send messages to stdout instead of stderr, to avoid reordering
      of messages because of independend buffering of stdout and
      stderr.
    - Bind-mount the APT cache earlier, to make sure it is used for
      all package installations.
    - Add more status reporting to make it easier to figure out when
      the script fail, if it fails.
    - Move diskless workstation specific init.d scripts to
      /usr/share/debian-edu-config/ and symlink them in place to make
      sure the files belong to a package and can be bugfixed using the
      normal upgrade mechanism.
    - Avoid boot warning when booting non-laptop diskless workstations
      by only making /var/lib/acpi-support writable if it exist.
    - Do not install libpam-mount and smbfs, until someone can explain
      why they are needed on the default diskless workstations setup.
      They are missing on the DVD and give different diskless
      workstation environment when installing from DVD and netinst Cd.
    - Insert new init.d scripts after enabling and disabling init.d
      scripts, to make sure update-rc.d reorder the boot sequence
      based on dependencies.  This solve slow boot and USB mount
      issues on diskless workstations.
    - Disable the xdebian-edu-firstboot init.d script, it is not
      needed on LTSP clients.
    - Drop rule to disable now removed init.d script boot_xconf.
  * Add resolvconf update script to copy the current /etc/resolv.conf
    to the LTSP chroots when it changes, to make sure apt and other
    tools work in the chroots.
  * Update Nagios configuration:
    - Add check for swap usage, report warning when less than 10% is
      free, and critical when less tha 5% is free.
    - Change process count warning and criticial limits from 250/400
      to 500/1000, as a thin client server easily will reach the 250
      process limit.
    - Change check for DNS to look up the DNS server address instead
      of www.skolelinux.org, to make sure the check work also without
      Internet access.
  * Remove now-obsolete configuration and setup for usbmount.  We use
    dbus and hal for this these days.
  * Fix minor typo in snakeoil-on-ice.

  [ Oded Naveh ]
  * Modified snakeoil-on-ice to allow update of an existing override
    file by testing the content of the file not only its existence.

 -- Holger Levsen <holger@debian.org>  Mon, 11 Jan 2010 22:48:19 +0100

debian-edu-config (1.431) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust ltsp-make-client used to improve LTSP based diskless
    workstations:
    - Purge lvm2 from the LTSP chroot, to avoid hang during shutdown
      (Solves skolelinux bug #1403).
    - Do not add '@include common-pammount' in pam.d/kdm, as
      /etc/pam.d/common-pammount is missing and including a
      non-existing file is a fatal error for PAM.
    - Make sure to look for the same /etc/exports entry as cfengine
      inserts, to make sure duplicate entries are not inserted.
    - Make sure /var/lib/acpi-support/ is writable, for acpi-support
      to be able to write its status files.
    - Fix minor typo in code copying /etc/environment to LTSP chroot.
  * Enable diskless workstations on all thin-client-server
    installations, not only combined main-server+thin-client-server.
  * Adjust debian-edu-pxeinstall to improve the PXE installation
    experience:
    - Write default PXE menu to debian-edu/ instead of pxelinux.cfg/,
      and write default menus for diskless workstations and thin
      clients to make it easier to change this after installation.
    - Remove redundant mkdir calls.
    - Rewrite preseed/early_command to parse the Package list to find
      the latest udebs to install, to avoid having to maintain a list
      of extra udebs to install on ftp.skolelinux.org.  Based on code
      from Vagrant Cascadian.
    - Correct code used to detect DVD installs.  Grep
      case-IN-sensitive in /etc/apt/sources.list.
    - Mention which desktop will be installed in the PXE menu entry for
      doing installations.
    - Make sure to fetch the upgraded udebs from the test repository
      if the main-server installation was using a test build.
  * Adjust the xorg.conf file generated for HP Mini 2133 by
    debian-edu-hwsetup, to make its formatting match the file
    generated by xdexconf, to make it easier to compare the two.
    Rewrite how the keyboard layout is detected to try to get it
    working.
  * Add SuspendTime=60 to arts configuration used with thin client
    logins, to make the setting consistent with the value currently
    used.
  * Rewrite sound setup for thin clients to use Pulseaudio and ALSA
    forwarding to Pulseaudio for everything using ALSA, and divert
    binaries and add wrappers using padsp for audacity and gtick to
    get these packages currently using OSS /dev/dsp by default to
    work.  Keeping ESD configuration for KDE on thin clients, as it
    did not work without it.  Need to find fix for kmix on thin clients.
    (Solves skolelinux bug #1370)
  * Extend self test of LTSP to verify that the packages we want to
    have installed in LTSP is installed in LTSP.  Depend on
    education-tasks (>= 0.842~svn60380) to make sure the
    education-thin-client task is available.
  * Adjust timezone self test to report the detected timezone when it
    isn't the expected one.
  * Adjust powerdns configuration, make sure clients on the thin client
    network (192.168.0.0/24) also can do recursive DNS lookups.
  * Change DNS check in Nagios, stop poking www.google.com all the time.
    Look up www.skolelinux.org instead.
  * Add test to verify that the SSL related files are identical inside
    and outside LTSP.
  * Add 'allow-recursion-override=on' to the powerdns configuration, to
    make sure DNS lookups are quick even when no Internet connection is
    available (Solves Skolelinux bug #1410).
  * Change recommend on memtest86 to memtest86+, to recommend the same
    package that is recommended from the education-common and
    education-main-server packages.
  * Remove symlink
    /etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt
    and directory /etc/skel/.mozilla/firefox/debian-edu.default/ from
    package.  Also remove cfengine rule generating this symlink.  Both
    should be a file created by snakeoil-on-ice.
  * Make sure snakeoil-on-ice make
    /etc/iceweasel/profile/cert_override.txt readable for everyone and
    create the file
    /etc/skel/.mozilla/firefox/debian-edu.default/cert_override.txt
    (and not a symlink) as using a symlink to a root owned file make
    it impossible for the user to update the list of overrided
    certificates. (Solves skolelinux bug #1409).
  * Report when snakeoil-on-ice is executed, to make it easier to find it
    in the installation logs.
  * Remove commented and useless dh_link line related to the
    cert_override.txt file in debian/rules
  * Add code in webserver test script to ensure the cert_override.txt
    symlink is gone.
  * Make sure /etc/iceweasel/profile/cert_override.txt on diskless
    workstations is readable by all.
  * Correct rsyslog client configuration, make sure the file pointed
    to by /etc/rsyslog.d/debian-edu-client.conf exist (renamed
    share/debian-edu-config/rsyslog-clients to
    share/debian-edu-config/rsyslog-client to avoid having to change
    the symlinks on existing installations).
  * Rewrite syslog test to check rsyslog config and not sysklogd config,
    and to verify that installations of everything except Standalone is
    either forwarding syslog messages or collecting them (or both for
    Thin-Client-Server).
  * Add more LDAP client tests, report if group lookup work, services
    nscd and nslcd is operational and try to use ldapsearch when TLS
    is required.  Extend it to collect more information in the ldap
    client test from nscd.  Add code to check the client side copy of
    the LDAP server SSL certificate.  Also report DNS settings for the
    LDAP server (SRV and A record, this all closes: #570773).
  * Make sure sbin/debian-edu-update-netblock is included in the package.
  * Convert ldap2netgroup to find LDAP server using DNS SRV records and
    correct handling of command line arguments.
  * Make sure to not stop thin client NAT rules, and not remove the
    LTSP audio diverts during upgrades.
  * Remove obsolete cfengine rule modifying lts.conf on thin client
    servers.  The file is copied from /etc/debian-edu/lts.conf.dist
    now.
  * Remove obsolete and disabled cfengine rule trying to work around a
    no longer present bug in rc.local on LTSP clients.
  * Make sure to install openbsd-inetd on LTSP clients, to get our
    scripts nbdquery and nbdswapd-cleanup working, and make sure to
    not disable inetd in ltsp-make-clients.
  * Log to syslog when executing run-at-firstboot.
  * Use ltsp-build-client plugins and not cfengine rules to generate
    resolv.conf, set up nbdquery and copy lts.conf in the LTSP chroot
    to make sure the LTSP chroot can be generated with the same content
    after installation.
  * Remove SOUND=Y and LOCALDEV=Y from default lts.conf file.  Both
    are now obsolete as the default enable sound and local devices.
  * Fix postinst code handling upgrades to really remove the obsolete
    boot_xconf init.d script and reorder the report-reboot and
    update-hostname  script.
  * Add tool squid-update-cachedir useful for updating the cache size
    used by the Squid configuration based on partition size.  Call this
    tool from cfengine instead of using cfengine/shell magic to set the
    correct Squid cache size during installation.
  * Adjust squid configuration to cache files with size up to 150 MB,
    to make sure all the debian packages installed over PXE can be
    cached.
  * Depend on xresprobe on i386 and amd64, and report ddcprobe output
    from testsuite/hardware to get information about the display.
  * Remove now redundant cfengine rule for nbdswapd (now added by
    ltsp-server), and rewrite the nbdswap-cleanup scripts to use the
    new port number 9572 instead of the old port number 9210.
  * Change charset of www/index.html.no to UTF-8, and fix an incorrect
    character.  Add missing link to alternative page.
  * Change www/index.html.nl, add link to missing alterantive page.
  * Add the Italian web pages and link to it from the other packages
  * Link web pages to http://wiki.debian.org/DebianEdu instead of
    http://developer.skolelinux.no/.
  * Remove now obsolete directories /etc/nagios/debian-edu/hosts/ and
    /etc/nagios/debian-edu/hostgroups/ from the package.
  * Fix typo in ltsp-make-client leading to the cert_override.txt
    file only being readable for root (Solves Skolelinux bug #1409).

  [ Holger Levsen ]
  * Rename example PXE boot file default-ltsp.cfg to default-thin.cfg.
  * debian-edu-config.postinst: Remove cruft. (=very old commented out
    code which was in use before 2003.)

 -- Holger Levsen <holger@debian.org>  Thu, 07 Jan 2010 11:58:44 +0100

debian-edu-config (1.430) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Adjust ltsp-make-client used to enable LTSP based diskless
    workstations:
    - Make sure the loopback interface is enabled at boot.
    - Make sure to enable bootmisc.sh, dbus, hal and pulseaudio on
      diskless workstations (runlevel 3).
    - Disable ltsp-client-core in runlevel 3, to avoid ldm on
      diskless workstations.
    - Make sure package depend on instead of recommend patch, as patch
      is used to configure KDM.
    - Disable init.d scripts readahead, readahead-desktop, stop-readahead,
      lvm2, resize_lvm, hdparm, xfs, rsync, hddtemp and fam on thin clients
      and diskless workstations, as neither should be needed and we want
      them to boot faster.
    - Disable portmap, nfs-common, nslcd and rwhod on thin clients.
    - Make sure portmap and nfs-common only start on diskless workstations.
    - Remove useless code copying /etc/hosts from host environment.
      The client seem to boot fine without it, and it would have to
      copy to hosts.ltsp to work.
    - Make sure /var/spool/rwho/ is writable to get rwhod working.
    - Add code to adjust resolv.conf during boot depending on which
      DNS server address is working, unless already set in lts.conf.
      Test 10.0.2.2 and 192.168.1.254.  Disable resolvconf.
    - Make /var/cache/hald/ writable for hald to start at boot.
    - Make sure SSL certificate for the LDAP server is available on
      the clients by copying it if available on the server or making
      sure init.d/fetch-ldap-cert will work during boot.
    - Rewrite how the Workstation task is installed to behave exactly
      like debian-installer/pkgsel (Solves skolelinux bug #1400).
    - Group code to fetch the SSL certificate for the LDAP server in
      one location.
    - Move extra entries for /etc/defaut/ltsp-client-setup to a file
      included in the package, to make it easier to update the
      content using apt.
    - Disable resolvconf, as dhclient isn't running and resolvconf
      thus fail to do anything useful.
    - Rewrite how APT options are specified, from the command line to
      a file in /etc/apt/apt.conf.d/, to make sure tasksel is also
      using the required options.
    - Make sure tasksel diverts are cleaned up even if tasksel fail.
    - Drop code inserting our own policy-rc.d, and instead set
      LTSP_HANDLE_DAEMONS=false to tell the LTSP policy-rc.d to not
      start any services in the chroot.
    - Make sure all messages are sent to stderr.
    - Try harder to get aptitude to accept the unauthenticated
      packages on the CD/DVD.
    - Make test for detecting a configured LTSP environment more
      robust.
    - Correct how the LDAP SSL certificate is copied into the LTSP
      chroot, to get it to work in combined main-server +
      thin-client-server installations and avoid unneeded work during
      boot.
    - Adjust how the internal web server SSL certificate is made
      available for iceweasel to make sure it is copied into the LTSP
      chroot.
  * Add cfinputs_version = ( 2 ) in all cfengine files, to document
    the format and avoid warning from cfengine.
  * Clean up Iceweasel proxy configuration, avoiding several conficting
    configuration settings.  Make sure only the WPAD configuration is
    used, and move all proxy handling to cf.squid.
  * Add test to verify that the automatic proxy configuration file (WPAD)
    is available.
  * Use /usr/bin/update-ini-file to edit iceweasel ini file instead of
    editing the file using edit rules.  Less prone to error.
  * Change update-hostname-from-ip to fall back to interface eth0 if
    there is no default route available.
  * Avoid dpkg -S in bin/update-hostname-from-ip to speed up the DNS
    lookup.  Use 'getent hosts <IP>' instead.
  * Remove cfengine rule to add '*' to kdm/Xaccess and do not enable
    XDMC in kdmrc, as LTSP is using SSH to log in now, and thus do not
    need XDMC access.
  * Remove cfengine rule to disallow root login for standalone
    installs. it seem to be the default in Debian.
  * Make sure init.d/fetch-ldap-cert return exit code 1 when it fail
    to download the certificate.
  * Make sure ltsp-make-client copy the Iceweasel certificate override
    file every time it is executed, instead of expecting
    snakeoil-on-ice to do this.  This required rewriting the cfengine
    rules to have four passes running shell commands.
  * Fix typo and improve messages in snakeoil-on-ice.
  * Add code in postinst to remove the now obsolete conffile
    /etc/init.d/boot_xconf on upgrades.
  * Leave the creation of /opt/ltsp/*/etc/iceweasel/profile/ to
    ltsp-make-client and not cfengine.  Drop cfengine rule.
  * Disable cfengine rule creating
    /opt/ltsp/*/etc/ltsp/update-kernels.conf, as the boot arguments
    provided there are now set using pxelinux.
  * Adjust debian-edu-pxeinstall to improve the PXE installation
    experience:
    - Drop d-i default PXE entries from our PXE menu.
    - Move PXE menu separator entries to the toplevel file, to have
      better control over their placement and avoid the empty line at
      the end on the menu.
    - Preseed the locale and keyboard settings from the main-server
      installation.  This depend on the debian-edu-profile-udeb
      copying the cdebconf failes into /target a bit earlier than
      normal.
    - Preseed the apt source settings from the main-server
      installation, unless it was installed from DVD (for DVD installs
      hard code http://ftp.skolelinux.org/debian).
    - Add hack to fetch list of updated udebs to install directly from
      http://ftp.skolelinux.org/skolelinux/pxe-lenny-extra-udeb during
      PXE installation, to work around the fact that the Debian/Lenny
      packages are old and produce too small partitions and fail to
      hide the tasksel question.  (Solves skolelinux bug #1401).
    - Use above hack to install newer ltsp-client-builder, to try to
      get PXE installation of LTSP servers working (Related to
      skolelinux bugs #1369).
    - Install same desktop type via PXE as the one that was selected
      for the main-server installation.  Add workaround for d-i
      refusing to accept tasksel/desktop= as kernel argument.  Use
      desktop= instead.
    - Hardcode host name to 'pxeinstall' during installation.  It is
      changed at boot anyway based on DNS lookups, so no need to slow
      down the installation with that question.
    - Fix typo in ltsp preseeding (Solves skolelinux bugs #1369).
    - Append the content of
      /etc/debian-edu/www/debian-edu-install.dat.local when generating
      the PXE preseeding file, to make it easier to have local
      overrides and still be able to rerun debian-edu-pxeinstall.
    - Make it easier to adjust the behaviour by reading
      /etc/debian-edu/pxeinstall.conf after variables are set if the
      file exist.  Made a few more parameters set based on variables
      (proxy, url to extra udebs) to make it possible to
      adjust these values.
  * New script debian-edu-hwsetup to have a place to implement
    hardware specific tweaks.  Currently remove usplash on Acer Aspire
    One, avoid the white on white console and fix xorg.conf on HP Mini
    2133 (keep keyboard setting) and install hardware specific
    packages using discover-pkginstall.
  * New tool pipegraph, to debug strange debconf problems.

  [ Holger Levsen ]
  * debian-edu-pxeinstall: re-order PXE menu entries.

  [ Ronny Aasen ]
  * Alter wpad.pac to go direct on unresolveable addresses. (Closes
    skolelinux bug: 1068)

  [ John S. Skogtvedt ]
  * ltsp-client-setup: fix typo, wait max 1 second per host.

 -- Holger Levsen <holger@debian.org>  Tue, 15 Dec 2009 18:40:31 +0100

debian-edu-config (1.429) unstable; urgency=low

  [ Holger Levsen ]
  * Explain how to choose DNS service names in README.

  [ Petter Reinholdtsen ]
  * Fix typo in debian-edu-pxeinstall to get it to find the d-i images
    on disk, and add code to try to install d-i-bootimages before
    looking for the images.
  * Change cf.dhcpserver to run debian-edu-pxeinstall also when no
    Internet connection is detected, as the d-i-bootimages package is
    now available on the DVD.
  * Change incorrect rule in cf.apt to trigger only for workstations
    with Internet connectivity.
  * Copy configuration changes done in the xdebian-edu-firstboot
    script in debian-edu-install to
    share/debian-edu-config/tools/run-at-firstboot, to allow us to
    keep all configuration settings in this package.
  * Fix typos in ltsp-make-client, and make sure package installation
    is done after the media is mounted when using CD or DVD.  Try
    harder to mount CD and DVD when running ltsp-make-client during
    installation.
  * Change ltsp-make-client to only rewrite the ltsp environment
    resolv.conf if DNS lookups do not work.
  * Correct use of invoke-rc.d in resolvconf hook, add /usr/sbin/ to
    PATH before calling invoke-rc.d.  Solve bug introduced in version
    1.425.
  * Increase space requirement for /opt from 4928 to 5073 in
    ltsp-make-client to allow 10% free space when enabling diskless
    workstations.
  * Move code in ltsp-make-client to check and correct resolv.conf
    before using apt if the current resolv.conf one do not work.
  * Enable diskless workstation support on combined
    main-server+thin-client-server during installation by calling
    ltsp-make-client from cfengine, and add code in
    debian-edu-pxeinstall to detect this and enable a new PXE menu
    option for this.  Adjust autorunlevel selection code to allow
    runlevel to be specified as a kernel option to LTSP.
  * Update Standards-Version from 3.8.2 to 3.8.3.  No change needed.
  * Fix how ltsp-make-client handle resolv.conf handling, to get it
    working also when there are no comments in the file.  Only copy
    resolv.conf in LTSP if DNS resolving is working in the host
    environment.
  * Fix debian-edu-pxeinstall path to file created when diskless
    workstation support is detected.
  * Make sure ltsp-make-client copies the /etc/debian-edu/config file
    into the chroot to avoid error messages from debian-edu-install
    when it is installed.
  * Add policy-rc.d in LTSP chroot while ltsp-make-client is running,
    to avoid daemons starting in the process.
  * Correct code downloading LDAP SSL certificate in ltsp-make-client.
  * Make sure ltsp-make-client create /etc/debian-edu/ before trying
    to create a file in the directory.
  * Fix typo in sed command used to copy /etc/debian-edu/config.
  * Make ltsp-make-client replace the resolvconf symlink in the LTSP
    chroot with a file, to avoid a dangling symlink on the clients.
    Make sure /etc/resolvconf/run is writable to give resolvconf a
    chance to work.
  * Move iceweasel proxy configuration to a js file that is only enabled
    on networked installs, to get standalone installs working properly.

  [ Jonas Smedegaard ]
  * Tighten leading comment in etc/default/backdoor: Fix non-utf8
    whitespace, strip trailing spaces and add missing final dot.

  [ Daniel Hess ]
  * Fix adding rw_dirs directories to /etc/default/ltsp-client-setup
    by ltsp-make-client script.
  * Add '/etc/network/run' to rw_dirs and add stanza for loopback to
    /etc/network/interfaces, so that ifupdown will create the
    loopback interface for us. Makes nfs-common able to register statd
    service (instead of failing to start).
  * Add default values for NET_ETH and MASK_ETH to ltsp-make-client.
    Needed if ltsp-make-client is executed out of the installer (default
    now for Lenny, if the terminal server profile is installed), would
    break NFS exports (in /etc/exports) otherwise.

 -- Holger Levsen <holger@debian.org>  Thu, 03 Dec 2009 13:28:27 +0100

debian-edu-config (1.428) unstable; urgency=low

  [ Holger Levsen ]
  * Apply patch by John S. Skogtvedt fixing some missing ranges in
    ldap-bootstrap/dns_ranges.diff

  [ Jürgen Leibner ]
  * Split doc/examples/smb-roaming-profiles.conf into language depending files.
    Now there is a source file doc/examples/smb-roaming-profiles-en.conf in
    English and doc/examples/smb-roaming-profiles-de.conf as the first
    translation to German.

  [ Petter Reinholdtsen ]
  * Extend ltsp-make-client to use --allow-unauthenticated as apt
    argument when installing from CD or DVD, to work around the
    missing archive signature on those medias.
  * Stop using aptitude in ltsp-make-client, as it do not understand
    --allow-unauthenticated.
  * Introduce new function in_target() in ltsp-make-client to make it
    easier to adjust the chroot environment in a constent way.

  [ Philipp Hübner ]
  * Modify nagios3 configuration to not monitor sshd on the default gateway
    and to not monitor fuse filesystems when monitoring disk space.
    (Closes skolelinux#1389)

  [ Holger Levsen ]
  * share/iceweasel/defaults/preferences/debian-edu.js: force proxy usage,
    thanks to Ralf Gesellensetter and Philipp Hübner. (Closes: #499709)
  * Apply patch by John S. Skogtvedt so that the following DNS names are
    created in LDAP (and thus are known to DNS too)
     ltspserver00-19 10.0.2.10
     printer00-19    10.0.2.30
     static00-49     10.0.2.50
     dhcp000-154     10.0.2.100  # dhcp000-155 in db.10, but 100+155=255
     dhcp155-399     10.0.3.1    # dhcp156-399 in db.10, ends at 10.0.3.245
     ltsp001-253     192.168.0.1 # ltsp200-253 are dynamic
   (Closes skolelinux#1391)

  [ Petter Reinholdtsen ]
  * Change depend on atftpd | tftpd-hpa to suggests, to avoid pulling in the
    tftp daemon on clients.  Pull the package in using the tasks instead.

  [ Daniel Hess ]
  * Move init.d/resize_lvm after checkfs during boot, to make sure the
    file systems are checked before we try to resize them.
  * Add /etc/dbus-1/system.d/hal-debian-edu.conf: Restrict reception of
   'DeviceAdded' and 'PropertyModified' messages. Stops KDE and GNOME
   popup boxes to show up on thinclient users for devices added into
   LTSP server.  (Closes Skolelinux bug: 1376)

  [ Petter Reinholdtsen ]
  * Add new testsuite test pxeinstall to check that the PXE boot
    environment is correctly set up.
  * Drop test for dhcp001.intern from testsuite/dnsd, to reflect
    new DNS configuration.
  * Undo LDAP change to the DHCP configuration done in version 1.425
    (Fix wrong filename on cn=INTERNAL).  The file name
    /var/lib/tftpboot/pxelinux.0 is the correct one for cn=INTERNAL,
    while /var/lib/tftpboot/ltsp/i386/pxelinux.0 is the correct one
    for cn=THINCLIENT.  The former is set up by debian-edu-pxeinstall.

  [ Vagrant Cascadian ]
  * add patch to recommends, as ltsp-make-client uses it.
  * drop "terra" from /etc/lsb-release.

  [ Petter Reinholdtsen ]
  * Drop empty directory /etc/bind/debian-edu/ from package.
  * Rewrite debian-edu-pxeinstall to install the text version of the
    installer in the PXE environment.
  * Rewrite testsuite/dnsd to look for LTSP client IP addresses that are
    present in the new DNS configuration.
  * Adjust init.d script dependencies to run after syslog and in a more
    fixed position during boot when concurrent booting is enabled.

  [ Oded Naveh ]
  * Add and install cf.lwat, Closes Skolelinux bug #1364.

 -- Holger Levsen <holger@debian.org>  Sun, 01 Nov 2009 14:27:01 +0100

debian-edu-config (1.426) unstable; urgency=low

  [ Oded Naveh ]
  * Removed settings in cf/cf.squid that are now Debian default in squid.conf.
    close #1353 (skolelinux).
  * Adjust testsuite/dnsd to powerdns responses, partial fix #1352 (skolelinux).
  * Install /etc/skel/.mozilla to create a default Iceweasel profile with the
    cert_override.txt in new home directories, see #1328 (skolelinux).
  * Install script to accept the snakeoil certificate on Iceweasel: #1328.
  * Rebirth of cf.iceweasel, invoke the script from cfengine: #1328.

  [ Vagrant Cascadian ]
  * debian/copyright: point to GPL-2 explicitly.

  [ Holger Levsen ]
  * Apply patch by John S. Skogtvedt which adds some more names to DNS:
    - ltspserver - was missing, but referred to in DHCP config
    - ltspserver00, printer00, static00 - template entries which have the
      nice effect that DNS lookup in lwat will work for these three names,
      which can be helpful if the user doesn't remember what to enter.
    - the range ltsp200-ltsp253, which is the DHCP range for unknown thin
      clients. Many users probably have less than 50 thin clients, for them
      this means that DNS will work for the thin clients and no extra work is
      needed.
    - Reverse DNS entries for all of the above.
  * Thanks, John!

  [ Vagrant Cascadian ]
  * install education-thin-client in ltsp-build-client plugins rather than a
    list of other packages, as it depends on all needed packages.

  [ Oded Naveh ]
  * Set web cache size to 80% of /var/spool/squid by cfengine-debian-edu.

  [ Vagrant Cascadian ]
  * default web pages:
    - add links for default content in English on some pages.
    - add note to translators to not translate the names of the languages in
      navigation links.
  * move files in /var/www to /etc/debian-edu/www, and adjust apache2
    configuration accordingly. reduces lintian errors, and is more FHS
    compliant.
  * update Standards-Version to 3.8.2, no changes needed.

  [ Jürgen Leibner ]
  * Added doc/examples/smb-roaming-profiles.conf as an example how to make
    samba working with 'roaming profiles' discussed at
    "http://bugs.skolelinux.org/show_bug.cgi?id=1064"
    This example is according to the sugestions made for using roaming profiles
    You can read it at "http://www.samba.org/samba/docs/using_samba/ch04.html"

 -- Vagrant Cascadian <vagrant@freegeek.org>  Tue, 21 Jul 2009 09:52:26 +0200

debian-edu-config (1.425) unstable; urgency=low

  [ José L. Redrejo Rodríguez ]
  * updated ldap-debian-edu-install to add ldif files for powerdns
  * added cf/cf.pdns to fix pdns-recursor configuration
  * added ldap-bootstrap/dns ldif files
  * added etc/powerdns/pdns.d/pdns-debian-edu.conf and updated Makefile

  [ Vagrant Cascadian ]
  * Actually install plugin to add keys to the LTSP chroot's apt keyring.
  * Exit cron.hourly script when debian-edu-config is no longer installed by
    checking for presence of debian-edu-fsautoresize and innetgr.
    Patch by Filippo Giunchedi <filippo@debian.org> (Closes: #493338)
  * Remove most traces of lessdisks, as it was removed from Debian.
  * Use invoke-rc.d to reload bind in resolvconf script, so that it respects
    the policy layer (and fixes lintian warning).
  * Call update-mime without full path in postinst, as suggested by Debian
    Policy 6.1.
  * purge Packages and Release files that debootstrap may have copied
    incorrectly, which prevents apt from fetching the correct Packages files
    when installing from NETINST CD
  * add ltsp-build-client plugin (backported from upstream) so that it respects
    http proxy settings for apt when building ltsp chroot
  * update Standards-Version to 3.8.1, no changes needed.
  * update debian/compat to version 7, as older versions are no longer used.
  * build-depend on debhelper >= 7
  * add "set -e" to preinst, so that errors stop package from installing
  * lower priority to extra, as it depends on several packages that are
    priority extra, to comply with debian policy 2.5.

  [ Holger Levsen ]
  * Add depends to net-tools.
  * Remove cf.bind9 and etc/bind - we don't need it anymore.
  * Rename testsuite/bind9-dns to testsuite/dnsd.
  * Cleanup and fix cf/cfengine.conf so that cf.pdns is executed.
  * Include patch from John Skogtvedt to ldap-bootstrap/dhcp.ldif to enhance
   the LDAP structure to work better with the changes in lwat adding support
   for managing DHCP with lwat.
   - Fix wrong filename on cn=INTERNAL
   - Add another dhcpGroup to cn=INTERNAL, because of the 250-host dhcpGroup
    limit (there is room for more than 250 hosts on the 10.0.2.0/23 network)
   -  Remove all per-host filenames. It's confusing and a source of errors
      if the filename on dhcpSharedNetwork/dhcpGroup is changed and only a few
      hosts have filename set.

  [ Luk Claes ]
  * Fix Italian translation: s/nagios2/nagios3/.
  * Remove obsolete nagios2 stuff.

  [ Petter Reinholdtsen ]
  * Replace pam_foreground with pam_ck_connector.so in
    etc/pam.d/common-session-debian-edu, to move to consolekit instead
    of pam-foreground for tracking sessions for device access.
  * Extend the README with ideas for LDAP based client configuration.
  * Adjust debian-edu-pxeinstall to handle memtest86+ as well as
    memtest86.
  * Extend debian-edu-pxeinstall to fetch boot images from the
    d-i-bootimages package if it is installed.

  [ Oded Naveh ]
  * Install override plugin to remove existing chroot at before-install.
    This plugin is primarily intended to serve during system installation.

  [ Vagrant Cascadian ]
  * only delete existing LTSP chroot if --purge-chroot commandline option is
    specified.
  * ltsp-build-client plugins: default --purge-chroot to true when CD install
    is detected

  [ Ronny Aasen ]
  * change loglevel of ldap server from 0 to none, to get critical errors in
    the log.
  * change the server check of cfengine, to look for the Main-Server string in
    /etc/debian-edu/config. checking of named is useless after we replaced
    bind.
  * add bind, and pdns checks to cfengine. and use it in the bind cf script.
  * Adapt smbaddclient.pl to tbldump output in lenny, while keeping backwards
    compatibility.
  * add some common samba indexes to slapd-lenny_debian-edu.conf

  [ Daniel Hess ]
  * Update samba.schema from Samba version found in Lenny.
    The Samba version found in Lenny uses some new attributes not yet
    supported by out LDAP setup.
  * Allow smbadmin (the administrative user used by Samba) to access
    some more attributes. The Samba version in Lenny seems to be very
    unhappy if it can not add or modify this attributes.
  * Load (include) dnsdomain2.schema on slapd-lenny_debian-edu.conf
    needed by powerdns.
  * Correct webcache cname and add some cnames of tjener to ldap
  * Fix pdns cfengine script to really change local-port of recursor.
  * Add SRV records for _ldap and _syslog to the LDAP DNS bootstrap
    file. Fixes libnss-ldapd lookups with 'uri DNS' configuration.

 -- Vagrant Cascadian <vagrant@freegeek.org>  Tue, 12 May 2009 22:01:23 -0700

debian-edu-config (1.424) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Make sure samba test is executed also on combined servers.
  * When copying the host sources.list, avoid cdrom entries to try to
    get the installation working with netinst CD.
  * Make iceweasel the default browser, as it handle multimedia and
    flash pages better than konqueror.
    - Use it as the x-www-browser alternative using
      etc/apt/apt.conf.d/99-edu-prefer-iceweasel.
    - Tell KDE to use it as its default browser in
      /usr/share/debian-edu/common/share/config/kdeglobals.
    - Make it show up in the KDE panel instead of konqueror for all
      users using
      /usr/share/debian-edu/common/share/apps/kicker/default-apps.
  * Add OOo Writer to the default KDE panel.
  * Existing LDAP SSL certificate should only be a warning, not an
    error.  This avoid an error report during installation when both
    cfengine runs work as they should.
  * Increase lifetime of OpenLDAP SSL certificate from 30 days to 10
    years.
  * Add cfengine rule to remove the generated /var/www/index.html blocking
    our translated web pages.
  * Restructure debian-edu-pxeinstall, moving pxelinux.0 from
    /var/lib/tftpboot/debian-edu/ to /var/lib/tftpboot/ and changes
    following from this move, to allow us to fetch files from
    /var/lib/tftpboot/ltsp and thus enable thin client boot using the
    new PXE menu.
  * Adjust PXE boot setup to install KDE desktops by default, and use boot=nfs
    for thin client boots.
  * Rewrite default DHCP config to tell klients to boot using the new
    path.
  * Adjust debian-edu-fsautoresize to only process each mounted device
    once.  This solve problem during installation of workstation where
    /dev/.static/dev was incorrectly handled.
  * Get debian-edu-reboot-when-idle to work by using start-stop-daemon
    to detatch the process and by using 'who' to check if the machine
    is idle.  Translate some of the comments in the script.
  * Change mkslapdcert to allow everyone access to the public certificates
    in /etc/ldap/ssl/.  Thanks to Daniel Hess for the investigation and
    proposed solution.  This get LWAT working again.
  * Change how the networked desktop profile is enabled.  Avoid dpkg,
    as it is slow and might fail if the database is locked.  Look for
    /etc/pam_ldap.conf as a flag file instead.  It should be present
    on all machines using LDAP to check passwords.
  * Add draft script ldap-tools/sitesummary2ldap, trying to populate
    machine objects in LDAP based on the collected sitesummary information.
  * Add DNS alias ocsinventory for use by OCS Inventory clients to
    connect to their server.
  * Change /etc/export on LTSP servers to allow clients to boot from the
    Debian Edu backbone network as well (10.0.2.0/23).
  * Add cfengine edit rule for /etc/mplayer/mplayer.conf to get
    <URL:http://www.filmarkivet.no/open/> working.  It is a workaround
    for bug #491403.
  * Disable adept notifier in all networked installs, instead of only
    for LTSP clients and students.  It should only be enabled in
    standalone profiles.
  * Adjust ltsp-make-client to get it working better in Lenny:
     - Use aptitude to install the tasks instead of tasksel to get
       better output when it fail.
     - Try to automatically resize LTSP partition if it is too small.
     - Do not fail if LANG is not set.
     - Do not fail when using LDAP based dhcp server.
     - Disable CDROM apt source automatically instead of failing if it
       is enabled.
  * Add support for automatic LVM resize of /opt/ in ltsp-make-client.
  * Ajust LTSP client build hooks to install aptitude and
    debian-edu-archive-keyring to make sure it is installed in every
    LTSP chroot.
  * Change installation of init.d scripts boot_xconf report-reboot to
    make sure the order and runlevel of the LSB headers match the
    update-rc.d call.
  * Move start of init.d/update-hostname before $syslog, to make sure
    we get the correct hostname in logs on the first boot.
  * Change dependencies from tftp to tftp | tftp-hpa to avoid conflicting
    with ltsp-client-core and allowing debian-edu-config to be installed in
    an LTSP chroot.
  * Move start of init.d/open-backdoor after $syslog, to make sure
    any error is logged.

  [ Vagrant Cascadian ]
  * LTSP: disable gpg verification for debootstrap when doing CD install.
  * add "boot=nfs" to default boot options for thin clients

  [Bart Cornelis]
  * Regenerate desktop-profile cache as we added profiles

  [ Holger Levsen ]
  * Added Italien version /var/www/index.html.it thanks to Claudio Carboncini.
  * Added Swedish debconf translations thanks to Martin Bagge. (Closes: #503600)
  * Added Russian debconf translations thanks to Yuri Kozlov. (Closes: #496948)
  * Added Japanese debconf translations thanks to Hideki Yamane. (Closes:
    510717)
  * Move "boot=nfs" to the beginning of the LTSP boot options, as one will
    hardly ever want to remove it.

  [ Vagrant Cascadian ]
  * Added ltsp-build-client plugin (099-progress-log) that logs when each step
    of ltsp-build-client is finished.
  * Fix bug in ltsp-build-client plugin preventing debian-edu-archive-keyring
    from being installed in the debootstrap phase.
  * Always add server's /etc/apt/trusted.gpg to the LTSP chroot's apt keyring.
  * Add myself to Uploaders.
  * Add flags to allow Debian-Maintainer uploads.

 -- Holger Levsen <holger@debian.org>  Wed, 18 Mar 2009 21:59:26 +0100

debian-edu-config (1.423) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Reorder squid.conf cfengine rule to work with the file in Lenny.
  * Drop squid.conf edit rule for adding the CUPS and webmin ports
    (631 and 10000), as it is now the default in squid.
  * Rewrite squid.conf access rule to allow access for all RFC 1918
    nets (10.0.0.0/8, 172.16.0.0/12 and 192.168.0.0/16), and not only
    the backbone and thin client net, to reduce the difference between
    our and the default squid configuration.
  * Add cfengine code to initialize PXE install during install.
  * Rewrite PXE install script to use DNS name and not IP address to
    find preseed file.  Also make sure the file it creates are
    readable by everyone.
  * Preseed DNS domain in PXE installs to get less questions asked.
  * Make sure test installs using PXE uses the test repository.
  * Call sync before and after cfengine, to see if it solve the
    strange problem with cfengine not running to completion.
  * Adjust LDAP client test to match the current correct
    configuration.
  * Make debian-edu-fsautoresize more verbose when -v is used.
  * Added new helper script iceweasel-plugin-support useful for
    listing the claimed mime types of mozilla plugin.
  * Move iceweasel prefs file from /usr/lib to /usr/share, to avoid
    overriding all iceweasel configuration (Closes: #491536).
  * Change cfengine rule for thin-client server to only do related
    edits on thin-client-server installs.
  * Only build the PXE installation environment if we can download
    files from the the Internet, until we find another way to fetch
    the d-i (PXE) boot images.
  * Drop cfengine rules for nss-ldap, we use nss-ldapd now.
  * Run /usr/share/doc/kaffeine/install-css.sh during installation for
    workstation and standalone profiles if downloading from the
    Internet work.
  * Split out ldap-server-getcert tool from the fetch-ldap-cert init.d
    script.
  * Added script debian-edu-winbind moved from the debian-edu-install
    package.
  * Try to get LTSP installation working, by installing
    debian-edu-archive-keyring using debootstrap and using apt option
    --allow-unauthenticated until our CD is signed.
  * Use lsb_release output to avoid hardcoding distribution name in
    debian-edu-pxeinstall (Closes: #489715).
  * Try to get PXE install of LTSP servers working by preseeding
    ltsp-build-client-udeb.
  * Add LTSP build plugin to accept the local component when
    installing from CD, and to append the host sources.list to the
    LTSP chroot sources.list to get the same set of packages
    available.

  [ Vagrant Cascadian ]
  * Add ltsp plugin to default to lenny if distribution detection
    fails.

  [ Translations ]
  * Updated Turkish from Mert Dirik (Closes: #491929).

  [ Holger Levsen ]
  * Remove Andreas Stockholm from uploaders, thanks Andreas!

 -- Holger Levsen <holger@debian.org>  Fri, 25 Jul 2008 23:24:10 +0000

debian-edu-config (1.422) unstable; urgency=low

  * preinst: compare against in Debian released versions only when
    handling conffile removals.
  * debian/control: Turn depends on memtest86 and syslinux into
    recommends on amd64 and i386 only, so that the package is
    installable on other archs.

 -- Holger Levsen <holger@debian.org>  Wed, 16 Jul 2008 14:21:43 +0000

debian-edu-config (1.421) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Correct DHCP server configuration in LDAP and on disk.
  * Report test duration instead of time stamps.
  * Remove obsolete code in testsuite used to to rename
    /etc/skolelinux/config to /etc/debian-edu/config.
  * Speed up some tests by reducing number of ping packages used from
    3 to 1.
  * Speed up DNS test suite by only looking up external DNS entries if
    ping reches the the IP address in question.
  * Speed up package installation test by only quering dpkg once for
    the list of installed packages.
  * Correct timezone test to work properly, and fix bugs in handling
    of BR and SE country codes.
  * Depend on discover | discover1 for the hardware test.
  * Increase cfengine editfilesize from 150k to 200k, to make sure it
    can edit squid.conf (now 164k).
  * Update syslog configuration to configure rsyslog instead of
    sysklogd.
  * Move iceweasel client proxy setting from cf.iceweasel to cf.squid
    to have it next to the configuration of environment and KDE.  This
    make cf.iceweasel obsolete.  Remove the conffile.
  * Change wpad URL passed on using DHCP from http://10.0.2.2/wpad.dat
    to http://www/wpad.dat, to make it easier to redirect using DNS.
    Add the wpad info to the DHCP packages sent on the thin client
    network too.
  * Remove obsolete debian/debian-edu-config.modules and the call to
    dh_installmodules.  It was useful in Woody, a long time ago.
  * Depend on resolvconf to get the correct DNS client configuration.
  * Change iceweasel and KDE proxy settings to use "Web Access
    Protocol Discovery" for proxy configuration, to avoid hardcoding
    proxy settings on the clients.  Add wpad DNS alias to get this
    working with Firefox.
  * Remove KDE test to check for the new proxy setting indicator, as it no
    longer make sense.
  * Change LTSP test to look for /etc/hosts in the chroot, not just the
    /etc/ directory, as the latter is generated by cfengine.
  * Add a rootDSE ldif entry to provide extra information in the
    OpenLDAP rootDSE.
  * Add RFC 2782 style service entries for ldap, http and syslog in
    DNS.
  * Add smtp-server and www-server options to the DHCP server setup,
    pointing to http://www/ and postoffice.
  * Provide replacement /etc/dhcp3/dhclient.conf file, to add options
    ntp-servers, log-servers, smtp-server, www-server, wpad-url to the
    request list.
  * Add script /usr/sbin/debian-edu-pxeinstall to generate a PXE boot
    environment for installing Debian Edu.
  * Provide PXE boot image /var/lib/tftpboot/debian-edu/pxelinux.0
    on backbone network by default, and enable PXE installation.
    Depend on atftpd | tftpd-hpa, tftp, syslinux, memtest86 and
    debian-edu-artwork to get the needed files.
  * Add empty netgroup shutdown-at-night-hosts for make it easier to
    activate it on clients.  Add generator for the server part using
    this netgroup.
  * Fix samba test to run only on Main-Server, where the samba packages
    are installed.
  * Add cron job to automatically run 'debian-edu-fsautoresize -n' on
    hosts listed as member of the fsautoresize-hosts netgroup, to make
    it easier to automatically extend LVM volumes on a large site.
  * Change testsuite/ldap-client to use the LDAP rootDSE to locate the
    LDAP base.
  * Remove unused and old LDAP schemas norEduPerson and EduPerson.
  * Added script /usr/share/debian-edu-config/tools/qemu-test-network
    to test a complete network using qemu.
  * Rewrite how the networked desktop-profile settings are enabled, to
    activate when the education-networked package is installed, instead
    of when the education-standalone package is not installed.
  * Edit init.d scripts to remove bashism in text output.  No use
    providing translation hooks when the rest of the i18n framework
    is missing (Closes: #486029).
  * Move etcinsvk from Recommends to Depends, to make sure it always is
    installed.

  [ Holger Levsen ]
  * Remove obsolete code checking for /etc/skolelinux in
    bin/debian-edu-hd-warn, share/debian-edu-config/tools/logoutkill.sh
    and share/debian-edu-config/tools/nightkill.sh
  * Change the hardcoded distribution name in /usr/sbin/debian-edu-pxeinstall
    to lenny, so that this will continue to work when testing becomes stable.
  * Rewrite test for etcinsvk in postinst to keep lintians checkbashism test
    quiet.

 -- Holger Levsen <holger@debian.org>  Wed, 16 Jul 2008 11:31:45 +0000

debian-edu-config (1.420) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Add Xsession.d fragment to trunkate or remove ~/.xsession-errors.
  * Move iceweasel configuration into separate files in
    /lib/iceweasel/defaults/pref/ to avoid editing a conffile during
    installation.
  * Enable spell checking in both single-line and multi-line fields
    in iceweasel.
  * Add usplash to list of packages to install in the LTSP chroot.
  * Correct fatal typo in debian-edu-fsautoresize.

  [ Holger Levsen ]
  * testsuite/network: rename the "barebone" profile to "minimal", add a test
    for the Sugar profile.
  * testsuite/taskpkgs: add a check for the Sugar profile.
  * testsuite/kdm: do not run this for the Sugar profile.
  * testsuite/ldap-client, ntp and squid: also run these teste for the Minimal
    profile.
  * debian-edu-test-install: Add timestamps to the logfile when running the
    tests.

  [José L. Redrejo Rodríguez]
  * Added gconf values to limit visibility of usb mounted disks on Gnome

 -- Holger Levsen <holger@debian.org>  Thu, 26 Jun 2008 18:52:29 +0000

debian-edu-config (1.419) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Avoid error from init.d/fetch-ldap-cert when /etc/ldap/ldap.conf
    is missing.
  * Correct munin-node configuration to avoid boot hang.  Remove
    /etc/munin/debian-edu-munin.conf and add
    /etc/munin/debian-edu-munin-node.conf with correct content.
  * Change testsuite/ldap-client to look for /etc/nss-ldapd.conf instead
    of the old /etc/libnss-ldap.conf.
  * Remove option schemacheck from slapd-lenny_debian-edu.conf, as it is
    not supported by slapd version 2.4.7.
  * Remove option TLSCipherSuite from slapd-lenny_debian-edu.conf as
    version 2.4.7 of slapd in Debian is linked with gnutls which provide
    a different set of cipher names (see #462588).  Hoping the default
    gnutls settings are ok.
  * Depend on openssl to pull in SSL tools for certificate
    generation and checking.
  * Change mkslapdcert to generate certificate file with openldap:openldap
    ownership, to make sure slapd can read it.  Drop cfengine rule doing
    the same.
  * Correct cfengine rule to detect lenny installs.
  * Add missing dhcp.schema to slapd.conf and package.
  * Drop cfengine rule to remove the LVM volume debianedufreespace.
    This task is better left to the installer scripts.
  * Add cfengine edit rule for kdm to avoid listing all users in the
    KDM login screen.
  * Disable adept notifier for all LTSP clients, also non-students.
  * Remove debian-edu-etc-svk code, and moved it to separate package
    called etcinsvk. (Closes: #482386)
  * New cfengine rule to allow NFS clients to access the servers FAM
    service, to reduce the amount of NFS traffic from each client.
  * Change debian-edu-fsautoresize to syslog when resizing.

  [ Ronny Aasen ]
  * Cfengine scripts fail becouse cf.munin is gone.  Removed
    references to cf.munin.
  * Fix typo in ldap-debian-edu-install file path

  [ Holger Levsen ]
  * Switch to nagios3.
  * debian/rules: use binary-indep instead of binary-arch, as the package is
    architecture independent.
  * Make sure to remove slapd-etch_debian-edu.conf which was left over
    from change done by Patrick Winnertz in version 1.418.
  * Remove empty directories /usr/share/lintian/overrides/ and
    /usr/share/man/man1/
  * Added copyright statement to debian/copyright.
  * Bump Standards-Version to 3.8.0.
  * Add Vcs- pseudo-headers to debian/control.

 -- Holger Levsen <holger@debian.org>  Sat, 21 Jun 2008 14:58:59 +0000

debian-edu-config (1.418) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Improve init.d/open-backdoor, to save the correct pid file when
    started and remove it when killed.
  * Correct LSB header of init.d/boot_xconf to match reality.
  * Do not stop update-hostname during shutdown to stop wasting time.

  [ Patrick Winnertz ]
  * Fix some lintian errors concerning deprecated keys in desktop entrys.
  * Switched to dhcp3-server-ldap in order to store dhcp informations in ldap
  * Removed cf.munin in favour of using the default file.
  * Removed cf.ssh .. X11Forwading is enabled now by default
  * Switched some configuration stuff for lenny (basically replaced etch in
    cf.* scripts with lenny)
  * Remove obsolte nagios1 stuff

 -- Patrick Winnertz <winnie@debian.org>  Fri, 04 Apr 2008 23:52:37 +0200

debian-edu-config (1.417) unstable; urgency=low

  [ Morten Werner Forsbring ]
  * Syntax-cleaning in cf/cf.homes and removing redundant stuff.
  * Remove workaround for #375077 (libnss-ldap) failed to bind to LDAP
    server) in cf/cf.ldapclient, as this is fixed in etch and newer (the
    create-action is not a valid file-action in cfengine 2.2.3).
  * Bumped the standards-version to 3.7.3 (no changes).
  * Replaced the Listen-interface debian-edu-ssl-default Apache-site with
    NameVirtualHost (Listen-stuff is already present in ports.cfg).
  * Added 'ServerName www' to the debian-edu Apache-sites.
  * Drop running discover2 from testsuite/hardware as it does not have
    as nice --format functionality as discover1, and we did not come up
    with a alternative solution for the formatting.

  [ Petter Reinholdtsen ]
  * Add code in preinst to remove obsolete and unmodified conffiles,
    both init.d scripts and other files (Closes: #458524).
  * Correct paths in cf/cf.ltsp to use $(ltsp_arch) instead of hardcoding
    i386, to get it working better on non-i386 and non-amd64 architectures.
  * New helper program ltsp-arch-debian-edu returning the ltsp architecture,
    to fix cfengine configuration with cfengine version 2.
  * Use new helper program ltsp-arch-debian-edu to set ltsp_arch variable,
    to get it working with both cfengine 1 and 2.
  * Add workaround for /dev/pts/ mount missing when d-i installs this package,
    by trying to mount it in debian-edu-etc-svk if it is missing.
  * Only configure libnss-ldap when it is installed.  It should not be
    configured when the new libnss-ldapd is used.
  * Change ltsp-make-client to make /var/lib/ntp writable, to make sure
    ntpd can store its drift file.
  * Escape : in cfengine scripts to get them working with cfengine version 2.2.
  * Start on a script to enable or disable exam mode.  Currently just
    an empty shell.

  [ Patrick Winnertz ]
  * Prepare for a new upload to debian
  * Added Homepage field to control
  * Bump standards Version to 3.7.3

 -- Patrick Winnertz <winnie@debian.org>  Thu, 07 Feb 2008 10:11:27 +0100

debian-edu-config (1.416+svn39964) terra; urgency=low

  [ Petter Reinholdtsen ]
  * Comment out call from apt to debian-edu-etc-svk, as it messes
    with the terminal and make some install scenarios hang.
  * Set SVKBATCHMODE in debian-edu-etc-svk to enable non-interactive
    mode when used with svk version 2.0.1-1 and above.
  * Fix exim config fix for bug #1264 to not fail in LTSP chroots, where
    exim isn't installed.

  [ Patrick Winnertz ]
  * Rename cf.mozilla to cf.iceweasel and made it modify the correct files
    (Closes Skolelinux bug: 1298)
  * Made iceweasel use icedove instead of mozilla-thunderbird

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 23 Jan 2008 13:44:07 +0100

debian-edu-config (1.416+svn39828) terra; urgency=low

  * Make sure our extra LTSP packages and preseeding is used also when LTSP
    chroot is generated after installation.
  * Change APT hook for the debian-edu-etc-svk call do not block waiting for
    input by redirecting stdin from /dev/null.
  * Ignore failures from debian-edu-etc-svk in the postinst while we wait for
    svk bug #435786 to be fixed.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 14 Dec 2007 23:44:20 +0100

debian-edu-config (1.416+svn39481) terra; urgency=low

  [ Ronny Aasen ]
  * Adding groupmap commands to samba-debian-edu-admin, for the default groups
    jradmin, students,teachers. part of the fix for #1270
  * Cleaning up swap files for thinclients that are powerdown/unreachable.
    Solves Skolelinux bug #1281.

  [ Petter Reinholdtsen ]
  * Add ltsp-build-client script fragment to pull in alsa-utils when
    building the thin client chroot.  Solves Skolelinux bug #1288,
    at least for new installs.
  * Make sure init.d/update-hostname only run on boot.
    (Solves skolelinux bug #1287).
  * Make sure init.d/boot_xconf only run on boot.
  * Quiet down nbdswap-cleanup when nc fail to connect to the client.
  * Undo some description changes in root.ldif, and sync the names with
    samba-debian-edu-admin, using 'institution' instead of 'school' to
    cater for users who do not call themselves schools.

  [ Daniel Hess ]
  * Adding groupmaps to the root.ldif so they get added during installation.
    Let samba-debian-edu-admin set sambaNextRid to 1003 to don't collide with
    the rids used in root.ldif.

 -- Petter Reinholdtsen <pere@debian.org>  Sat,  1 Dec 2007 14:06:44 +0100

debian-edu-config (0.416+svn39160) terra; urgency=low

  * Do not allow debian-edu-etc-svk commit to break apt upgrades.
    Solves Skolelinux bug 1283.
  * Configure debian-edu-etc-svk to ignore the machine generated
    file /etc/mtab.
  * Use debian-edu-etc-svk commit instead of the old update in
    the postinst.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 24 Nov 2007 12:11:10 +0100

debian-edu-config (0.416+svn39072) terra; urgency=low

  * Fix INTERFACE setting in update-hostname-from-ip (Solves Skolelinux
    bug #1282).

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 21 Nov 2007 23:38:38 +0100

debian-edu-config (0.416+svn38891) terra; urgency=low

  [ Ronny Aasen ]
  * Fix a bug in the mailconfiguration. Mails are not sent via smarthost. Also
    check for the bug on upgrades and fix the link if needed.
    Solves skolelinux bug #1264

  [ Daniel Hess ]
  * Add ltsp_local_mount init-script to setup access to local cdroms on
    diskless workstations by making /etc/mtab writeable and creating
    /media entries. Solves skolelinux bug #1234.

  [ Klaus Ade Johnstad ]
  * Replaced 127.0.0.1 with www in index.html for Sitesummary

  [ Morten Werner Forsbring ]
  * Adjust the Nagios disk-limits to 10% and 5% for warning and critical.
  * Default to not send mail from Nagios.
  * Really remove the slbackup cfengine-stuff (as it wasn't used).
  * Change my lastname.

  [ Finn-Arne Johansen ]
  * Make smbaddclient invalidate passwd cache whenever a samba
    workstation is joined to the domain (Solves Skolelinux bug #1269)
  * Make update-hostname-from-ip use the interface with the default gw to
    fetch the hostname, to make it work on a laptop with wireless
    and others

  [ Petter Reinholdtsen ]
  * Link to the language specific documentation directories from the
    default web pages for German, Norwegian Bokmål and Dutch.
  * Add link to the Russian start web page from the other start pages.
  * Update cfengine-debian-edu to use the current flag file
    (/etc/inittab.real), and not the woody flag file.  Remove obsolete
    test base-config which is looking for the woody flag file.
  * Remove unused cfengine variable 'domain' from cfengine.conf, as it
    broke configuration of the live CD.
  * Do not create /etc/ntp.conf on standalone installs.  The ntp
    packages are not installed in standalone mode.
  * Remove share/debian-edu/students/share/config/kdesktoprc, as it
    do not seem to have a purpose, and block the default background
    image in debian-edu-artwork to show up for users with the studends
    KDE profile.
  * Disable editing of KDE language profile files in
    /usr/share/locale/l10n/no/, as it was only needed in woody and sarge.
  * Remove obsolete cf/cf.pcmcia and cf/cf.mime-support.
  * Remove all woody entries from cf/*.
  * Remove useless/redundant cf/cf.nat.
  * Correct handling of or (|) in cfengine rules.
  * Change slapd handling in ldap-debian-edu-install, to avoid
    starting slapd if it wasn't running when the script started.
  * Detect sudo environment in debian-edu-etc-svk, and fetch $HOME
    from the passwd file in this case. (Solves Skolelinux bug #1271)
  * Change cfengine rules to make sure /skole/tjener/home0/ exist even
    when manual partitioning is used. (Solves Skolelinux bug #1276)
  * Add APT hook for debian-edu-etc-svk to commit before and after
    packages are installed, to make it easier to figure out what changes
    were done by apt.
  * Change init.d/resize_lvm dependency, making lvm optional, to allow
    the package to be installed with insserv when lvm isn't installed.

  [ Patrick Winnertz ]
  * Added chguserpw.desktop which is part of lwat to installed it
    automatically on the desktop of students.

  [ Luk Claes ]
  * Removed myself from uploaders.

 -- Patrick Winnertz <patrick.winnertz@skolelinux.org>  Wed, 08 Aug 2007 12:58:57 +0200

debian-edu-config (0.415) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Change LTSP build rules to use a network based APT source when
    build LTSP chroot with amd64 netinst CD, as the CD is missing the
    i386 binaries needed.
  * Remove cfengine rule to update /etc/default/update-hostname.  It
    is now handled by preseeding.  Solves skolelinux bug #1228.

  [ Daniel Hess ]
  * For network based LTSP build on amd64 change build rules:
    . Set option_mirror_value instead of MIRROR and add
      option_extra_mirror_value for skolelinux/local packages.
    . Set local as component for exta_mirror and remove it for all other
      mirrors.
    . Add the Debian-Edu archive key as in debian-edu-archive-keyring to
      the apt-keys list, so it is available when the Release file is checked.
    . Check for http_proxy set to "high" and unset it, if it is.
      This seems to be a bug with debconf, which returns always "high" after
      the debconf priority (which is high) was been read.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 20 Jul 2007 17:08:03 +0200

debian-edu-config (0.414) unstable; urgency=low

  [ Daniel Heß ]
  * Add suffix for group mappings to samba config. Allow samba to add
    groupmapping existing groups in the slapd config. This restores the
    old behaviour from when groupmaps where stored external.
  * Add Samba groupmap information to "admins" group when loading root.ldif
    in ldap-debian-edu-install. (Closes skolelinux bug #1223)
  * Include "displayName" attribute in the groupmap. This is not required
    for it to work, but it's displayed in Windows and is less confusing
    this way.

  [ Petter Reinholdtsen ]
  * Remove cfengine rule to edit /etc/opera6rc.fixed and other
    references to Opera.  Opera is no longer included.
  * Add more debug output to ldap-debian-edu-install.
  * Disable editing of /etc/inputrc, as testing show that it is no
    longer needed to support 8-bit characters in bash.
  * Remove bogus calls to db_go in debian-edu-config.postinst.

  [ Holger Levsen ]
  * Modified /etc/lsb-release to only include DISTRIB_DESCRIPTION.

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 18 Jul 2007 00:26:20 +0200

debian-edu-config (0.413) unstable; urgency=low

  [ Ronny Aasen and Petter Reinholdtsen ]
  * Fixed a bug in cfengine's ltsp_arch variable, that broke the
    installer.  Based on patch from Klaus Ade Johnstad.  Fixes
    skolelinux bug #1196.

  [ Klaus Ade Johnstad ]
  * Fixed typo introduced in fix for skolelinux bug #1196
  * Fixed tail according to new syntax, 's/tail +/tail -n +/g'
    in /usr/sbin/ltsp-make-client
  * Fixed bug #1220, typo in lts.conf

  [ Petter Reinholdtsen ]
  * Update ltsp testsuite to use i386 on amd64 systems to fix
    skolelinux bug #1200.
  * Fixed debian-edu-etc-svk initialization using expect, and
    improved the script to a point where it is working properly.
  * Make it possible to enable debian-edu-etc-svk by preseeding
    debian-edu-config/etc-in-svk, and include cronjob for updating
    the svk state of /etc/.  Depend on svk and expect to make
    sure the needed packages are installed.
  * Make sure init.d/start-wlan is not executed during package
    installation, as it can kill the network connection on laptops.
  * Change init.d/fetch-ldap-cert to extract the server certificate
    using the SSL protocol, instead of downloading it over HTTP.
  * Correct ldap-tools/mkslapdcert to extract the server certificate
    (and no the public key) and make it available for download, as this
    is the file needed by clients interested in verifying the SSL
    connection to the LDAP server.
  * Rewrite ldap.conf to use the downloaded LDAP server certificate to
    verify the connection, trying to make it possible to disable the
    'TLS_REQCERT never' setting to enforce this.  It is not yet
    working, so the 'TLS_REQCERT never' is still needed.  This is
    related to skolelinux bug 1211.
  * Move stray client side LDAP configuration from cf.ldapserver
    to the more correct cf.ldapclient.
  * Remove kdm theme cfengine rules.  They are no longer needed.
  * Renamed the 'update' command in debian-edu-etc-svk to commit.
    The old command still work, but will be removed in the future.
  * Add proposed APT sources in the LTSP chroot as well.  Related to
    skolelinux bug #1168.
  * Remove code in mkslapdcert to make the LDAP SSL certificate
    available from the web server.  It is no longer needed when
    fetch-ssl-cert can fetch it directly from the LDAP server.
    Make sure to only try to download the certificate if it
    is mentioned in the LDAP config.
  * Modify cfengine rule for editing /etc/libnss-ldap.conf and
    /etc/pam_ldap.conf to avoid editing if the host setting already is
    present.
  * Improve usage information printed by debian-edu-fsautoresize.
  * Extend testsuite/taskpkgs to detect if a package in a task is
    missing.
  * Update cfengine rule for /etc/hosts.allow to also allow access
    from 10.0.2.0/23 to tftp and portmap, making sure diskless
    workstation boots get access.
  * Allow 127.0.0.1 NFS mount privileges to the LTSP chroot, to
    get qemu testing to work out of the box.
  * Updates in ltsp-make-client:
    - General cleanup and convert it to use aptitude
      instead of apt-get to track manually installed packages.
    - Make sure it installs debian-edu-archive-keyring, and
    - fetches the LDAP SSL certificate.
    - Add code verify that enoug disk space is available in
      /opt/ltsp/$arch before starting.  Using 4096 MiB as the limit.
    - Add code to make sure /var/lib/dbus and /media is writable
      by dbus.  Solves skolelinux bug #1180.
    - Stop installing usbmount.  It does not work at the moment,
      and is not needed when udev/hal is working.
  * Specify SCREEN_07=ldm in lts.conf to make sure ldm is still
    enabled on thin clients after ltsp-make-clients installed
    kdm.  Solves skolelinux bug #1210.

  [ Steffen Joeris ]
  * Include debian-edu-etc-svk under the SBIN programs in the Makefile
    to make sure it is included in the binary package
  * Make sure that the start page translations are in sync with the
    English page (Closes skolelinux bug #1156)
   - Include updated Spanish start page
    Thanks to José L. Redrejo
   - Include initial Russian start page
    Thanks to Yuri Kozlov
   - Include updated German start page
    Thanks to Ludger Sicking
   - Include updated French start page
    Thanks to Xavier Oswald
   - Include updated Norwegian start page
    Thanks to Frode Jemtland
   - Include updated Dutch start page
    Thanks to Thijs Kinkhorst
  * Delete old obsolete directories from the old kde-profile
  * Add kgeography, gcompris, gimp and stopmotion to the students
    desktop (See skolelinux bug #1199)
  * Make sure that the standard kde start menu is recognized and avoid
    having an empty menu (Closes skolelinux bug #1199)
  * Remove obsolete desktop-directories dir from students kiosk mode
  * Change slapd-etch_debian-edu.conf to allow the members of the admin
    group to perform their administrative privileges
    (Closes skolelinux bug #1146)
  * Uncomment code in debian-edu-etc-svk to call aptitude, because the
    dependencies are already solved via Depends field and it would
    cause the installer to fail (Closes skolelinux bug #1205)
    Thanks to Daniel Heß
  * Remove dependency against debianutils as this package is essential
  * Make sure that Makefile clean call will honour failures
  * Remove some kde restrictions from the kiosk mode, only keep the
    rule that students are not allowed to start a new session and can't
    become root via kde. Thanks to Klaus Ade Johnstad for some advice
  * Include configuration file for adept_notifer to tell the application
    not to start during login (Closes skolelinux bug: #1151)

  [ Daniel Heß ]
  * Let cupsd listen on /var/run/cups/cups.sock for connections from
    local clients like the KDE printer ui (Closes skolelinux bug #1207)
  * Change slapd (ldap) config to restrict jradmins from changing the
    passwords of users with higher privileges (members of the admins group,
    smbadmin and the rootdn). This could had been used to set new passwords
    and gain access to accounts with higher privileges.
    Many thanks to Steffen Joeris for helping to implement this.

 -- Steffen Joeris <white@debian.org>  Thu, 12 Jul 2007 21:53:16 +0200

debian-edu-config (0.412) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Remove init.d/loadcpufreq, as the functionality is moved
    to the cpufrequtils package.
  * Add new pam.d/common-auth-debian-edu activated on standalone
    installations to make sure console users is given access to
    local devices.
  * Remove obsolete pam.d files not used since woody.
  * Provide access to the scanner group for users on the console.
    Based on patch to user-setup in Ubuntu.
  * Make default /usr/share/debian-edu-config/fsautoresizetab and
    include it in the package.
  * Change quoting in the dhcpd.conf editing in sbin/ltsp-make-client
    to try to get it working with bash (Related to Skolelinux bug #1060).
  * Install localization-config in ltsp-make-client, and run it after
    the packages are installed, trying to fix skolelinux bug #1127.
  * Make sure all pxe booting clients use the same path to pxelinux.0
    in dhcpd.conf.
  * Remove support for etherboot/non-pxe boot in dhcpd.conf.  Those
    with such network cards will have to add it manually.
  * Make sure the munin server is treated as a munin client when
    collecting information to get the new sitesummary integration
    working out of the box.  Change how munin-client.conf is updated
    to get the cfengine rule working.
  * Drop the fuse group from the list of groups assiged to console users,
    and make it a group assigned to all logged in users on thin clients,
    to make it easier to enable local device access on thin clients.
  * Make sure kderc is updated to enable the special desktop icons
    for the root user and the members of the admins group.
  * Make sure /var/www/index.html.?? files uses relative URLs when possible,
    and use the symbolic www DNS name instead of tjener.
  * Modified squid to access SSL on port 631, and change all links to Cups
    to use https on this port.
  * Change ldap-tools/mkslapdcert to secure the directory where the
    certificate is created before creating the certificate, and make
    the public key available in a separate file to make it easier to
    copy it to the clients.
  * Create init.d script fetch-ldap-cert to download after apache starts
    the LDAP SSL certificate on clients when they boot, unless it already
    is downloaded.
  * Rename ESERVER to the correct ESPEAKER in the desktop-profile trigger
    for thin client sound settings in KDE.  Fixes skolelinux bug #1183.
  * Add fuse to /etc/modules on thin-client-servers, to make sure
    local device access work out of the box when enabled.  Fixes
    skolelinux bug #1184.
  * Enable sound on LTSP thin clients by default, and let those who want
    silent clients disable it by changing to SOUND=N in lts.conf, instead
    of the other way around.
  * Add 000-arch-detection plugin for ltsp-build-client, to install i386
    LTSP chroot on amd64 machines.  Fixes skolelinux bug #1195.
  * Remove obsolete/renamed scripts cfengine-skolelinux, skolelinux-hd-warn,
    skolelinux-restart-services and skolelinux-test-install.  The rename
    was done in 2004, so documentation should be updated by now.
  * Enable local device access on LTSP thin clients by default.
  * Rename cfengine variable de_arch to ltsp_arch, to make it more obvious
    what the variable is used for.  Change its content to i386 on amd64.

  [ Ronny Aasen ]
  * Remove the timeout on nbd-server, it removed the swapfile from the
    client while it's running.
  * Cleanup the slapd config file. Rename from sarge to etch. And
    update the cf script to match. And remove the old woody file from
    the package.
  * Added sambaNextRid to smbadmin's acl. needed in order to join
    machines to the domain.
  * Added ldap-users.pl with dependencies from webmin 1.180, used by
    samba to create machine accounts in ldap.
  * Edited smbaddclient.pl to use the provided ldap-users.pl, and not
    webmin.
  * Added configfile to support the links to debian-edu-doc made from
    the local webpage.
  * Added script to cleanup the ltsp network swapdir daily (Closes
    Skolelinux Bug #1169)
  * Added script nbdquery. shows ports in use by nbd-client on ltsp clients
  * Changed nbdswapd-cleanup to use nbdquery on the ltsp clients, and edited
    cf.ltsp to activate nbdquery on the ltsp clients
  * Add dependency on lsof
  * Added nbdquery to the makefile

  [ Holger Levsen ]
  * Relabeled descriptions to say "all $foo in the institution"
    instead of "...school"

  [ Klaus Ade Johnstad ]
  * Small fix of comments in dhcpd.conf
  * Removed Norwegian comments in dhcpd.conf
  * Removed unneeded stanzas for ltsp-clients

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 16 Jun 2007 15:17:06 +0100

debian-edu-config (0.411) unstable; urgency=low

  [ Steffen Joeris ]
  * Remove icons from the kiosk desktop for student users which relate
    to uninstalled software (Closes Skolelinux Bug #1140)
  * Remove obsolete kiosk-profile directory as it is now divided into
    individual directories
  * Allow students to run a shell and the kde command execution
  * Include the kiosk mode for root
   - Give root the tjener desktop icon to call the internal webpage
   - Update Makefile and add the tjener.desktop file
   - Update debian-edu-config.postinst to generate additional config
     entry for the root kiosk mode

  [ Petter Reinholdtsen ]
  * Add the fuse group to the list of groups assigned during login, trying to
    get LTSP local device access working out of the box.
  * Avoid hardcoding the IP address on the default apache web page.
  * Avoid hardcoding IP addresses in the nagios config.  This will
    cause problem in case DNS is unavailable, but make it easier to
    change IP subnet.
  * Add pam-foreground as an optional pam session module, to get
    /var/run/console/ populated with information needed by dbus
    to give special privileges to users on the console.
  * Edit /etc/security/group.conf to set up local device access
    to local users for all profiles, not just standalone and
    workstation.
  * Remove unused directory /etc/kde2/kdm from package.
  * Correct URL to popularity-contest in the default web page.
  * Drop the popularity-context section in the default web page,
    as it is part of the default install now.
  * Add group description to the LDAP groups missing it
    (Closes skolelinux bug #1132).
  * Add new init.d script loadcpufreq based on scripts found in the
    powernowd package in Ubuntu to load the required cpufreq kernel
    modules, and edit /etc/default/cpufrequtils to enable ondemand
    cpu scaling to save power.
  * Change install rule to fail on errors copying files.
  * Add LC_ALL=C in bin/update-hostname-from-ip to make sure the
    output format is known.
  * Use the service name in tjener.desktop, to make it easier
    to use a different DNS domain.
  * Modify cf.ltsp to not export /var/opt/ltsp/swapfiles.  Swap is
    done using nbd and not nfs now.
  * Removed obsolete cf/cf.sarge-installation-cleanup and cf/cf.devfsd.
  * Avoid hardcoding DNS domain name on the web page.  Use relative
    links where it is possible.
  * New script sbin/debian-edu-fsautoresize making it easier to resize LVM
    volumes.  Add depend on libfilesys-df-perl to get it working.
  * Minor cleanup related to the init.d/nbd-poll script.

  [ Bart Cornelis (cobaco) ]
  * Added Dutch translation

  [ Holger Levsen ]
  * Added myself to uploaders.
  * added catalan translation, thanks to René Mérou
    <ochominutosdearco@gmail.com>
  * converted /var/www/index.html.?? files to unicode (Closes: Skolelinuxbug
    #1142)

  [ Ronny Aasen ]
  * Added configuration for network swap out of the default install.
    (Closes Skolelinux bug #1087)
  * Generate random nagios password at installation time (Closes skolelinux
    bug #1119)
  * Edit testsuite/bind9-dns to support bind9-host
  * Edit ltsp-make-client to include preseeds for popularity-contest.
  * Edit ltsp-make-client to prevent starting a second instance of all deamons
    in the chroot.
  * Make a working resolv.conf for the ltsp thin clients. (Closes Skolelinux
    bug #1073)
  * Provide debian's default DB_CONFIG before making the ldap DB's, shameless
    rip from slapd.postinst. (Closes Skolelinux bug #1150)
  * Renamed index.html.nb to index.html.no (Closes Skolelinux bug #1148)
  * Changed links on nagios to https.
  * Added a variable in cfengine, and replaced i386 in cf scripts.
  * Added support for bind9-host to update-hostname-from-ip.
  * Cleaning up cf.exim, mail should own /var/lib/maildirs
  * New syntax in authldaprc (Closes Skolelinux bug #1163)
  * Added slbackup-php in the webpage
  * Added a /debian-edu-doc to the webpage
  * Added subtree_check on exports made by ltsp-make-client (Closes Skolelinux
    bug #1167)
  * Forcing the use of encryption on cups administration pages.
  * Dropped developer pages, we use the wiki. on the webpage.
  * Updated the url for the mailinglists. On the webpage.
  * Make nbd-server save in the correct swapfile dir. avoid creating large files
    in /tmp (Closes Skolelinux bug #1169)

  [ Finn-Arne Johansen ]
  * Prepared for better integration with resolvconf

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 27 May 2007 08:47:19 +0200

debian-edu-config (0.410) unstable; urgency=low

  [ Patrick Winnertz ]
  *Include wpad for autoconfiguring the proxy for clients.

  [ Steffen Joeris ]
  * Correct the path to the kiosk profile in /etc/kderc
  * Remove unneeded .desktop files from the applications and Desktop sections
    for kiosk profile as these are not on the CD
  * Adding first version of the kpanel for the student kiosk profile
    which includes some generic directories and the some of the current
    applications
  * Remove webmin check from testsuite scripts as we do not have webmin
    anymore and this always reports an error after the installation
  * Drop the ispell-dict-default script from the testsuite as we are no
    longer distributing the education-desktop-other metapackage on the
    first CD due to space limits and therefore no longer including the
    various dictionaries and make sure that bogus error messaging after
    the installation is avoided
  * Do not perform the bind9-dns check after installation in case a
    standalone profile will be installed
  * Only perform network check for showmount if nfs-common is installed
    and therefore exclude the Standalone profile from this check
  * Disable all syslog checks on Standalone profile as it is not setup
  * Add myelf to uploaders
  * Add information about kiosk mode students to README
  * Drop cf.apache script and make sure that cf.apache2 script is
    installed
  * Include Spanish debconf translation (Closes: #407474)
    thanks to Javier Ruano
  * Include initial Portuguese debconf translation (Closes: #414060)
    thanks to Ricardo Silva

  [ Petter Reinholdtsen ]
  * Extend filesystem test to report ext3 file systems without the
    resize_inode feature.

  [ Ronny Aasen ]
  * disable cf.apache since we are installing apache2 now.
  * configure apache2 userdir with our homedir location
  * provide a new apache2 default sitefile, showing our frontpage and correct
    hostmaster email address.
  * provide a new apache2 ssl default sitefile, using a selfsigned cert.
  * modified debian/rules to use a debian-edu-config.links file
  * using cf.apache2 to enable userdir and  ssl modules.
  * using cf.apache2 to disable the debian stock default site, and enable our
    own ssl and regular default site files
  * Deleted webmin from our web frontpage
  * Added link to sitesummary on our web frontpage
  * fixed link to nagios on web frontpage
  * Added experimental nagios2 configuration /etc/nagios2/debian-edu
  * Added and enabeled cfengine script cf.nagios2
  * mount nfs with the tcp argument in automounter ldap
  * Add lwat to the local homepage
  * Add append_domain to squid.conf, to fix broken resolv on non FQDN
  * Make Nagios ignore space checks on special filesystems
  * Trying to remove the spare freespace partition properly, in cf.fstab
  * Update testsuite/timezone, /etc/localtime is not a symlink anymore.
  * alter the way we configure bind9, to avoid breaking on bind
    reconfiguration

  [ Finn-Arne Johansen ]
  * chown /var/lib/ldap to openldap after slapadd has been run as root

 -- Steffen Joeris <white@debian.org>  Fri,  9 Mar 2007 19:22:09 +1100

debian-edu-config (0.409) unstable; urgency=low

  [ Luk Claes ]
  * Added myself to uploaders.

  [ Petter Reinholdtsen ]
  * Adjust cfengine test for detecting etch, to look for '4.0' and not
    'testing', to match the current version.
  * Change testsuite/bind9-dns to not report missing Internet
    connectivity as an error.
  * Change testsuite/ispell-dict-default to handle locales with UTF-8 or
    other non-ISO-8859-1 charmaps properly.

 -- Luk Claes <luk@debian.org>  Wed, 22 Nov 2006 22:31:59 +0100

debian-edu-config (0.408) unstable; urgency=low

  [ Ronny Aasen ]
  * Add authorative to dhcp configuration
  * reordering cf.ldapclient fixes libnss-ldap
  * Modify cf.ntp to support setting the clock on startup
  * Add /etc/lsb-release with some initial values. This should remove the need
    to preseed ltsp with --dist since lsb-release should function as expected
  * remove cf.popcon from the makefile. since cf.popcon is removed
  * added ltsp plugin in order to configure ltsp pxelinnux to use usplash
  * added nosuid to /tmp in cf.fstab
  * creates /opt/ltsp/i386/etc/ltsp/update-kernels.conf tru cf.ltsp
    this enables usplash in ltsp booting clients

  [ Steffen Joeris ]
  * Include French translation for debconf questions (Closes: #392190)
    Thanks to Guilhelm Panaget
  * Delete apt settings for woody and sarge, to clean up a bit
  * Delete old kdesktoprc for the kiosk profile
  * Make sure that the kiosk profile is installed in a hierachic order
  * Include new desktop icon framework for the debian_edu_pupils
  * Update the package build to honor the new kiosk files
  * Include German translation for debconf questions (Closes: #396383)
    Thanks to Helge Kreutzmann
  * Add special desktop restrictions to the debian_edu_pupils kiosk
    mode
  * Add the first customized kmenu for the debian_edu_pupils kiosk
    profile which is divided into the disciplines

  [ Petter Reinholdtsen]
  * Enable esd sound in KDE for thin client users by adding a new desktop
    profile thin-client for all users with LTSP_CLIENT and ESERVER set
    in the environment.
  * Modify default pam.d/common-auth to use pam_group, to make it easier
    to provide local device access to the user logged into the console.
    Rewrite pam_group config to include more groups and also work on
    tty1-9 logins.  Activate it on thin-client-server installs, as well
    as workstation and standalone installs.

  [ Morten Werner Olsen ]
  * Removing all traces of bind8.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 19 Nov 2006 13:56:08 +0100

debian-edu-config (0.407) unstable; urgency=low

  [ Ronny Aasen ]
  * Modify cf.ldapclient, Altering libnss-ldap default bind policy to soft
  * Added commented volatile sources for etch to cf.apt
  * modify cf.fstab, to delete the dummy freespace logical volume
  * fix the regex matcing /tmp  in cf.fstab
  * updated www.uio.no ip address in testsuite
  * dont run debian-edu-ltsp, we use ltsp-client-builder

  [ Petter Reinholdtsen ]
  * Correct exit code and output handling in update-hostname-from-ip.
  * Drop code to edit /etc/defaults/ntpdate.  It is no longer needed.
  * Moved testing of network settings from debian-edu-install to
    testsuite/network.
  * Add DNS alias sitesummary.intern for the sitesummary collector.

  [ Steffen Joeris ]
  * Include Czech translation for debconf questions (Closes: #391475)
    Thanks to Miroslav Kure

 -- Petter Reinholdtsen <pere@debian.org>  Wed,  4 Oct 2006 13:50:48 +0200

debian-edu-config (0.406) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Use 'tail -n +3' instead of 'tail +3' in ntp test, to avoid warning.
  * Make dash test more robust.
  * Update test to detect missing webmin and report that.
  * Correct syslog UDP activation code to edit /etc/default/syslogd,
    not /etc/default/sysklogd.
  * Fix typo in webmin test script.
  * Modify testsuite/kde to accept execute bit on /etc/kde3/kioslaverc.
    No idea why the file is executable, but we only need to check if it is
    readable for all.
  * Correct testsuite/webcache to not test a non-proxying connection to
    squid.  It does not, and should not, work.
  * Add testsuite/ltsp to detect if the LTSP chroot is installed on
    the thin client server.
  * Modify ntp test to check if /etc/default/ntpdate have syntax errors.
  * Change init.d/update-hostname to use the LSB log functions and to
    not print anything when VERBOSE=no.  Add depends on lsb-base.
  * Removed useless chkconfig line from init.d scripts.

  [ Steffen Joeris ]
  * Mark update-hostname debconf question as internal and fix
    typo at enable-nat question (Closes: #388062)
  * Fix typo in update-hostname debconf question to make sure lintian
    is happy
  * Change hash commenting for /etc/default/ntpdate file, because
    current code breaks configuration for main-server(only), because
    of if-clause
  * Remove mime-types from cf.mime-support which are already merged into
    the mime-support package and write bugreport against mime-support
    for the rest to make sure we can remove cf.mime-support soon

  [ Ronny Aasen ]
  * Added cf.fstab, purpose is to add /tmp as tmpfs in fstab
  * Modify dhcp configuration to look for pxelinux.0 in the correct location
  * ldm fail if Xsession is not executable, edit cf.ltsp to make sure
    /etx/X11/Xsession is +x

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 24 Sep 2006 17:26:20 +0200

debian-edu-config (0.405) unstable; urgency=low

  [ Patrick Winnertz ]
  * Removed obsolete alternative dependency on cfengine, because it
    is going to be removed from debian.

  [ Petter Reinholdtsen ]
  * Rewrite base-config test to no longer report the missing
    dbootstrap_settings as an error.  It is not present on etch.
  * Adjust syslog cfengine rule to enable UDP listening on etch.
  * Adjust webserver test to accept as a success both either apache2
    or apache running.
  * Update debian-edu-ltsp to work with both old and new version of
    ltsp-server.  Change default dist from sarge to etch, and add
    new option --dist to make it easier to change it.
  * New test 'dash' to check that /bin/sh points to dash, not bash.
  * Remove cfengine rule to set GreetString in kdmrc.  Leave this to
    debian-edu-artwork.  Use debian-edu-artwork script to enable KDM
    theme.
  * Updated LSB header for the init.d scripts.

  [ Steffen Joeris ]
  * Cleanup the cf scripts and remove cf.shell and cf.webmin entries
    and adjust the Makefile
  * Deactivate slbackup configuration part via cfengine for combo servers
    as it is merged into the installer,
  * Add dh_link to debian/rules and use it for linking the ldapdump
    script into the needed slbackup directory and deactivate the
    generation via cfengine
    merge it into the installer
  * Move the enable-nat part for the thin-client-server into the
    postinst script and deactivate the cf.nat cfengine call
  * Start the debian-edu-config.prerm script and make sure that the
    enable-nat init script is called if nat is enabled
  * Remove the cf.issue file as we don't use it anymore
  * Change code for enable-nat script to make it compliant with policy
    and use the code snipplet from dh_installinit
  * Add debconf template to ask if enable-nat should be activated or not
    (Closes: #365140)
  * Start the debian-edu-config.config script for the debconf question
  * Include code into debian-edu-config.postinst script to avoid starting
    enable-nat script if debconf boolean is false
  * Add po-debconf to Build-Depends-Indep as we need it for the debconf
    templates
  * Start the po files for the debconf templates
  * Add code to debian-edu-config.postinst to start the kde kiosk
    profiles for debian-edu which creates basic configuration for
    the /etc/kderc and the /etc/kde-user-profile as a mapping file

  [ Ronny Aasen ]
  * Avoid touching the conffile named.conf of bind9, instead give it the
    option -c filename in the non conffile /etc/default/bind9
  * Edit cf.ldapserver and slapd-sarge_debian-edu.conf to try to run
    slapd as the default openldap user.
    (Closes Skolelinux Bug #1112)
  * Fixed wrong dist variable in debian-edu-ltsp, blocked execution
  * Workaround for a bug in ltsp-build-client.
  * add --accept-unsigned-package, since our cd is not signed yet.
  * add a workaround for bug #375077 to avoid the long lookuptimes
    that occure after the cfengine run edits nsswitch.conf.
  * PXElinux in etch have changed it needs next-server and
    root-path options in dhcp now.
  * incresed editfilesize in cfengine.conf, squid'c config was larger
    then the previous value.
  * make debian-edu-pxelinux.cfg use syslinux from the chroot
  * pxelinux don't like symlinks. copied pxelinux and images instead
    since hardlinks dont work across devices
  * added the mandatory nfs export flag for subtree_check or not
  * remove debian-edu-pxelinux.cfg from cf.ltsp
    instead call ltsp-server from debian-edu-ltsp

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 17 Sep 2006 17:13:00 +0200

debian-edu-config (0.404) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Remove the cron job bin/filehandle_ctl.sh.  It is no longer needed
    with linux 2.6 kernels.
  * Comment out cf.shell, as the same setting can be activated
    using preseeding now.
  * Update standards-version from 3.6.2 to 3.7.2.  No change needed.
  * Add depend on ${misc:Depends} to get a debconf dependency for the
    hidden debconf question available for preseeding.

  [ Steffen Joeris ]
  * Change build-depends-indep to build-depends as debhelper is needed
    during the clean target
  * Increase debhelper level to 4
  * Remove obsolete calls for conffiles in Makefile
  * Cleanup debian/rules to remove the obsolete calls too
  * Adding md5sum file for package
  * Change DESTDIR to package name instead of tmp to adjust packaging
    to current debhelper level

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 20 Aug 2006 23:27:54 +0200

debian-edu-config (0.403) unstable; urgency=low

  [ Steffen Joeris ]
  * Update sources.list and adjust it for etch as non-US is gone
  * Remove cf.webmin as webmin is gone
  * Remove obsolete cf.shorewall
  * Remove obsolete cf.kdm_hdwarn as kde is doing this check now
  * Remove obsolete cf.udev as we are configuring the rights
    for the sound device via pam (Closes: #370350)
  * Remove obsolete cf.amanda as we are using other backup methods (Closes:
    #370393)
  * Fix configuration of squid.conf in cf.squid
  * Adjust path for dhcpd.conf in cfrunhosts.pl
  * Adjust Makefile because of removed files
  * Fix configuration for authldaprc in cf.imap

  [ Frode Jemtland ]
  * Translated norwegian comment in cfengine.conf to english. Fixed
    skolelinux bug #1088

  [ Ronny Aasen ]
  * Removed webmin from ltspserver profile cfengine run.

  [ Bart Cornelis (cobaco) ]
  * Use desktop-profiles instead of debian-edu specific script to set up the
    kde-profiles (Fixes skolelinux bug #1005).

  [ Petter Reinholdtsen ]
  * Correct LSB dependency info in resize_lvm init.d script.

 -- Petter Reinholdtsen <pere@debian.org>  Fri,  4 Aug 2006 19:36:49 +0200

debian-edu-config (0.402) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Update the resize_lvm init.d script:
    - use MiB instead of LVM PE as size unit.
    - Make sure it is installed in rcS.d/
    - Make sure it isn't started during install nor upgrade.
    - Rename variable MOUNTPOINT to DEVNAME to reflect its content.
    - Use lvextend instead of lvresize to be compatible with LVM 1.x.
      Thanks to Finn-Arne for this idea.
    - Do not include the resize_lvm default file in the package, to
      avoid upgrade problems on installations where it is modified.
  * Update standards-version from 3.6.1 to 3.6.2.

  [ Finn-Arne Johansen ]
  * Added resize_lvm init-script
  * Treat sarge and etch as !woody to simplify scripting with cfengine
  * Keep the slapd config from sarge (not renaming it to "*-!woody_*")
  * Added etch templates for sources.list (maybe it's not needed)

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 19 Apr 2006 22:50:02 +0200

debian-edu-config (0.401) unstable; urgency=low

  [ Petter Reinholdtsen ]
  * Fix syntax error in boot_xconf.  (Closes: #343457)
  * Achnowledge old upload. (Closes: #301565)
  * Modified the ltsp-make-client script used for building diskless
    workstations:
    - Modify code to rename rc#.d symlinks instead of removing them,
      to avoid them to reappear after an upgrade.
    - Reinsert init.d scripts ifupdown and networking when building
      diskless workstation, to make sure the loopback network interface is
      enabled.
    - Make sure to only update /etc/exports once when executing
      ltsp-make-client several times.
    - Move network interface name into variable to make it easier to
      change.
    - Use the apt location of ltsp-server instead of ltsp-client to
      detect the apt source to use, as the latter might not be
      installed nor available on the server.
    - Add /opt/ltsp instead of /opt/ltsp/i386 to /etc/exports, to be
      compatible with the update done by the ltsp package itself.
  * Add dependency on host to make sure init.d/update-hostname work.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 23 Mar 2006 13:08:44 +0100

debian-edu-config (0.400) unstable; urgency=low

  [ Patrick Winnertz ]
  * Changed symlink of /bin/sh from /bin/ash to /bin/dash
  * Added shellcommands section in cf.shell in order to invoke dpkg-divert
    --add /bin/sh (Closes Skolelinux Bug #1041)

  [ Benjamin Sonntag ]
  * Added manpages for some binaries in this package. Also added a mechanism
    in Makefile so that /bin /sbin and ldapprograms manpages are autodetected
    and installed too.
  * Added file for backdoor in /etc/default (still disabled by default, but
    useful to know how to fill it)
  * Added documentation in README file for samba ssh and apache.
  * Corrected lintian warning on xboot_conf not having restart and
    reload cases.
  * Added CFBINFILES to Makefile so that cfd and cfrunhosts.pl are now
    executables.

  [ Steffen Joeris ]
    * Distribution umask only in /etc/profile
        (Closes Skolelinux Bug #996)
    * Disable connection settings in courier-imap
      so that the cf.imap is running and the
      courier-imap is not running by default
      (Closes Skolelinux Bug #998)
    * change ntp-configuration to not use pool.ntp.org
      and let the clients search for ntp.intern
      (Closes Skolelinux Bug #1024)
    * Dropping kmail preconfiguration
      (Closes Skolelinux Bug #550 and #1017)
    * Also remove conffiles for kmail from
      /usr/share/debian-edu/* and update Makefile
    * still providing sound permission changes for devfs if someone
      still uses kernel24
    * update Makefile for cf.udev

  [ Henning Sprang ]
  * Now configuring NTP with cfengine (cf/cf.ntp).
    (Closes Skolelinux bug #1024)

  [ Bjorn Ove Grotan ]
  * Fixed typo in tools/jrpasswd

  [ Ragnar Wisloff ]
  * Added example of settings for serial mouse to lts.conf. Fixes #584.

  [ Finn-Arne Johansen ]
  * Fixed typo in when creating pxelinux config for old ltsp
  * Added permissions to set timestamps when passwords was changed
  * Display menu for pxebooting devices if more than one netbooting
    solution is installed
  * Set PATH for ldapdump.sh to properly stop/start slapd.
    (Closes Skolelinux bug #1000)
  * Cleaned up the dependencies of debian-edu-config, only include the
    necesarry packages for installing this package.
  * added HOST variable for talking to the ldap-server
  * Set the correct permission on samba passwords.
    (Closes Skolelinux bug #1007)
  * Added support for doing a netbased installation of ltsp in debian-edu
  * Added support for installing ltsp in another location than /opt/ltsp/i386
  * Extended/rewritten script for creating diskless/stateless workstations
  * Split up the configuration of courier imap, should close
    skolelinux bug #998
  * Added dependency to ng-utils (should close Skolelinux bug #1033)
  * Stopped imap from running on a unencrypted port
  * Removed positive test for imap2 (unencrypted port)
    (closes Skolelinux #1038)
  * Added commented out cfengine code to set up access to local devices
    when logged in via kdm on non-server
    (alternativ fix for Skolelinux #974)
  * Added sample definition for shared folder in samba
  * Added sample config for usbmount
  * Added sample config for pam_mount on stateless clients
  * Added script for making stateless workstations to the package,
    should be ready for testing
  * Added workaround for missing background.png in ltsp-themes
    (Skolelinux #1035)
  * Set up mozilla-firefox to use kprinter and A4 as default. Thanks to
    Klaus Ade Johnstad for finding the bug (and the solution)
    (Closes Skolelinux #1042)
  * use pam_group instead of manipulating the devices to get access to
    local devices
  * ldap-debian-edu-install needs to use bash for now
  * Dont test for a running squid on a thin-client-server. Thanks to
    Ole-Anders Andreassen for finding this bug (Closes Skoleliux #1054)
  * Add support for detecting Arch in debian-edu-ltsp
    (Closes Skolelinux #1055)
  * Modified slapd-sarge-debian-edu.conf to allow jradmins to change
    passwords, and admins to add user
  * Dont use bash on diskless workstation, since it breaks
    ltsp-client-setup (Closes Skolelinux #1059)
  * Removed extra "-e" in ltsp-make-client breaking dhcpd.conf
    (Closes Skolelinux #1060)
  * No need to allow users to read their own encrypted samba password
  * Need to allow samba root to update nextID, and to search the samba
    Attributes (Closes Skolelinux #1061)
  * Define wins server in dhcp, to allow windows clients to resolv the
    samba domain (Closes Skolelinux #1067)

  [ Patrice Neff ]
  * Added support for using cfengine server
  * Enabled configuration of the sysstat system
  * Cleaned up the test for squid
  * Cleaned up test for XFS
  * Included libnet-ldap-perl required by some of the ldap-tools
  * Added a Spanish translation of the index page at var/www/index.html.es
  * Allow port 10000 in Squid configuration (so that Webmin is accessible)

  [ Morten Werner Olsen ]
  * Removing /etc/skel/.kde/share/config from debian/dirs.
  * Removing all references to /etc/default/ntp-servers (isn't owned by
    any packages).
  * Cleaning up cf/cf.ntp and commenting out all references to
    pool.ntp.org and using 127.127.1.0 as default for main-server (as
    NTP will understand that is using the local clock as reference).
  * Fix /etc/default/ntpdate for non-Main-server's (point to ntp).
  * Fixing Finn-Arne's email-address in the 0.397 changelog entry
    (prevents lintian-error).
  * Disabling the xfree-test that assume that xfree86 is started.
  * Disabling the kdm-tests that assumes that kdm is started.
  * Now defaulting to not sending any Nagios-mails.
  * Change my email-address in the Uploaders-field. :)

  [ Andreas Schuldei ]
  * making slapd use ipv4 only in cf.ldapserver (for uml testframework, where
    long timeouts occure when probing for ipv6 stuff)

  [ Frode Jemtland ]
  * Found a updated version of debian-edu-config/bin/debian-edu-ltsp in one of
    my test servers. This seemd to me to be a improvment to get disk less
    workstations to work, with ltsp. Probably need more files from this
    installation to get it to work
  * Updated the index.html.en and index.html.de with a plea to install the
    popcon package
  * Added a German var/www/index.html.de by Ralf Gesellensetter
  * Updated rest of the index files to have a link to the German translation
  * Changed special norwegian characters to html codes

  [ Bart Cornelis (cobaco) ]
  * Added var/www/index.html.nl with a Dutch translation of the default page.
  * Updated the other index.html pages to have a link to the Dutch version
  * Added dutch index.html in the Makefile script

 -- Morten Werner Olsen <werner@debian.org>  Sat,  4 Mar 2006 19:33:13 +0100

debian-edu-config (0.399) unstable; urgency=low

  [ Bjorn Ove Grotan ]
  * Added administrative password-change utility (tools/jrpasswd)

  [ Morten Werner Olsen ]
  * Added LDAP-database dump script (tools/ldapdump.sh)
  * Added etc/slbackup/pre.d to debian/dirs
  * Added a cfengine-hook that symlinks the tools/ldapdump.sh into
    /etc/slbackup/pre.d/ (fixes debian-edu bug #923)
  * Fixed the permissions on the config-file (pxelinux.cfg/config) for
    PXE-booting.
  * Updated cf/cf.kdm to get a little bit more interesting background for
    the login-screen.
  * Added myself as uploader.
  * Deliver mail to root as the mail-user (not root). This prevented mail
    for root to be delivered.

  [ Petter Reinholdtsen ]
  * Fix typo in testsuite/webcache, using correct argument to find.
  * Close stdin/stdout when restarting the wlan to avoid hanging on
    first time installs.
  * Add LSB init.d headers to document boot time dependencies.
  * Use new script debian-edu-ltsp to build LTSP environment
    using the new LTSP debian packages.
  * Make sure missing sound card don't give a warning dialog box.
  * Make sure testsuite/php is no longer used.  We do not
    install PHP any more.
  * Only run testsuite/{ldap-server,webmin,webserver} on Main-Server
    installs.
  * Only run testsuite/{ldap-client,ntp,webcache} on Main-Server,
    Workstation and Thin-Client-Server installs.
  * Only run testsuite/dhcpd on Main-Server and Thin-Client-Server
    installs.
  * Only report missing kdm and X server as information when running
    the testsuite, as these are started after this point in the
    installation sequence.
  * Start on script ltsp-make-client to convert a LTSP thin client
    chroot to a more complete client installation.

  [ Maximilian Wilhelm ]
  * Added exim4 LDAP configuration for server and client
    (Closes: #276769)

  [ Finn-Arne Johansen ]
  * Added firefox proxy, cache and printer config
  * Fixed detection of 2.4-kernel
  * Included the munin cfengine script, and fixed the munin script
  * Made cfengine-debian-edu work with both cfengine and cfengine2
  * Better detection of group "installation"
  * Replaced all occurences in chengine of "installasjon" with
    "installation"
  * Disabled FifoDir for kdm on non-standalone, to prevent shutdown from
    a logged in session
  * Disabled shutdown from non-local display for kdm (fixes debian-edu
    bug #949)
  * Updateded /etc/samba/slapaddclient.pl because tdbdump is relocated
  * Set up automounting via ldap
  * Disabled listing of hashed password to unauthenticated users
    (fixes debian-edu bug #945)
  * Gave smbadmin access to the Machine Subtree (fixes debian-edu bug #950)
  * Installation script for lessdisks thin client is availible, but does
    not run by default
  * Set up ldap users on lessdisks clients
  * Set a more suited certificate for the postoffice (Closes: #301288)
  * Fixed Typo preventing hidden home dir mounting from Windows server
    Thanks to Bernt Johnsen AFK for discovering
  * Close debconf fd before init-script runs, prevents initscripts
    from runing cleanly (Fixes debian-edu bug: #301565)
  * Made nightkill a bit more quiet
  * Made debian-edu-config Replace,Conflict and Provide ncs
    (fixes debian-edu bug #975)
  * Fixed missing translation from installasjon -> installation in cf.cups
    (Fixes debian-edu bug: #967)
  * Disabled ldap idletimeout, since kdm fails to set up a new connection
  * tftpboot files are moved from /tftpboot into /var/lib/tftpboot,
    rewritten dhcpd.conf, and added script debian-edu-pxelinux.cfg to
    help maintain pxelinux.cfg/default (Partly closes: #905)
  * Fixed typo in tools/ldapdump.sh to remove error-message
  * Added support for using /usr/share/d-e-c/tools/passwd as non-root user
  * Fixed permission on samba passwords for ldap

  [ Ragnar Wisloff ]
  * Corrected cfengine edit line for USE_XFS in cf.ltsp to make LTSP
  * Changed permissions on /etc/skel/.kde/share/config/kmailrc to make
    only user readable. (Fixes debian-edu bug #887)
  * Added cf.sysstat which enables the sysstat system
  * Added Nagios config files and amended cf.nagios to fit. (Fixes
    debian-edu bug #953 and #954).
  * Fixed missing logos from NAgios package.
  * Added UserDir config to cf.apache. Fixes debian-edu bug #639.

  [ Frode Jemtland ]
  * Corrected errors about php4 in cf.apache
  * Updated information about ServerAdmin in cf.apache
  * Added language support for nb, no and nn in cf.apache
  * Commented out mime type nb in cf.apache
  * Fixes skolelinux bug: #938 and #864
  * Added files to /var/www: index.html.nb, index.html.en,
    logo-trans.png, skl-ren_css.css. Fixes debian-edu bug: #942.
  * Fixed typos in html files.

  [ Andreas Schuldei ]
  * extending ldap-debian-edu-install to deal with cases where /etc/shadow
    does not exist (for uml test installations)

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 11 Dec 2005 21:00:32 +0100

debian-edu-config (0.398) unstable; urgency=low

  * Finn-Arne Johansen
    - Added common-auth|account|passwd-ldap-debian-edu for ldap
      authentication, Tried to enable it for Sarge only
      (Closes: #275031).
    - Added detection of sarge in lessdisks-chroot.
    - Added conf-files for winbind/ads authentication, with dummy variables
    - Added pam_env to common session to support /etc/environment
    - better detection of woody/sarge
    - fixed kdm to not show userlist on sarge (Closes: #294048)
    - fixed kdm to allow root logins on server console (Closes: #294047)
    - moved dbootstrap_settings on sarge, to prevent cfengine from detect a
      clean installation if run again
    - Remove custom Xsession, to get kdm to honour
      /etc/alternatives/x-session-manager
    - Rewrite of debian-edu-restart-services
    - Added test for samba to debian-edu-test-install
    - Make sure ldap is stopped during ldap-debian-edu-install
    - Added new imapd.pem for courier-imap-ssl certificate
    - fixed some ACL stuff in ldap-schema/lis.schema to make it work
    - Disabled devfsd for 2.6 kernels (use udev instead)
    - changed slapd-debian-edu.conf -> slapd-sarge_debian-edu.conf to
      support slapd 2.2
    - Moved skript for setting up X in lessdisks ws at boot from d-e-install
      (also updated)
    - Replaced cfengine with cfengine2
    - sett correct path to cfagent
  * Bart Cornelis
    - Set up proxy + kmail when inside a debian-edu network.
  * Petter Reinholdtsen
    - Get PCI reporting working in Sarge.
  * Bjørn Ove Grøtan
    - Updated norEduPerson.schema
  * Andreas Schuldei
    - add writeableBy for ACL usage to ldap-schema/lis.schema

 -- Andreas Schuldei <andreas@debian.org>  Sat,  4 Jun 2005 21:36:07 +0200

debian-edu-config (0.397) unstable; urgency=high

  * Andreas Schuldei
    - added afs entries to the named zone files
  * Finn-Arne Johansen
    - Changed samba into using tls instead of ldaps
    - Changed test for services in inetd.conf, not lines containing the
      name of service (Closes: #288912)
  * Klaus Ade Johnstad
    -Removed a space, to avoid errormessage "bad substitution"
     when running /usr/bin/debian-edu-hd-warn

 -- Finn-Arne Johansen <finnarne@bzz.no>  Thu,  6 Jan 2005 11:48:33 +0100

debian-edu-config (0.396) unstable; urgency=low

  * Correct code to make sure /etc/kde[23]/kioslaverc.  It need to
    create the file if it missing, as the 'files' section is executed
    before the 'shellcommands' section.
  * Remove share/debian-edu/common/share/config/kioslaverc.  Not all
    profiles uses a proxy (standalone does not), so KDE should not
    always use a proxy.
  * Move editing of /etc/ldap/ldap.conf from cf.ldapclient to
    cf.ldapserver where it belongs, and where it can be part of the
    cfengine rules already editing the file.
  * Do the same editing of /etc/ldap/ldap.conf in woody and sarge, as
    the rules were similar enough, and seem to differ only for
    historical reasons.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 23 Oct 2004 20:43:23 +0200

debian-edu-config (0.395) unstable; urgency=low

  * Finn-Arne Johansen
    - Set Thin client nfs-access to be async
    - Added, but deactivated code to set nscd cache size
    - Updated ldap initialisation to set up group mapping from unix
      group admins to samba group "Domain Admins" (fixes skolelinux
      bug #812)
    - Updated format for slapd.conf to specify both ldap and ldaps as
      service
    - Added pointer to certificate file on sarge server install
    - Set ldap clients to never check certificate
    - Updated samba.schema to support sambaPasswordHistory
    - Added test for squid spool dir ownership
    - Added host definition for ldap-clients
  * Klaus Ade Johnstad
    - Added some more host-templates in dhcpd-debian-edu.conf,
      and some space between the lines, to avoid some gruff
      in the comment fields in webmin-dhcp.
  * Petter Reinholdtsen
    - Add test to detect errors with /etc/kde[23]/kioslaverc.
    - Make sure /etc/kde[23]/kioslaverc is readable by all.
  * Maximilian Wilhelm
    - Complete rewrite of /etc/group to LDAP migration script.

 -- Joey Hess <joeyh@debian.org>  Tue,  5 Oct 2004 16:29:20 -0400

debian-edu-config (0.394) unstable; urgency=low

  * Finn-Arne Johansen
    - Fixed bashism in detection of workstation profile in cfengine.conf
    - Added slapdconfig for sarge (bdb backend, commented out for now)
    - Changed ldap-bootstrap script to support exim4, and nonexisting samba
    - Added support for sarge in cfengine.conf
    - Fixed squid config for sarge
    - Fixed slapd Database setup for sarge
    - Changed detection of ltspserver profile
  * Petter Reinholdtsen
    - Correct xfree86 test.  It should no longer report errors on
      Main-server installs.
    - Enable postinst code to handle debconf preseeding for
      init.d/update-hostname.  It is now working as it should.
    - Document some problems with init.d/open-backdoor.
    - Make sure open-backdoor print a message when it is enabled.
  * Maximilian Wilhelm
    - Added ldap base dn to client config
    - Added CNAME kerberos for tjener to db.intern
    - Localized debian-edu-hd-warn correctly and added chech if X is running

 -- Petter Reinholdtsen <pere@debian.org>  Sun,  8 Aug 2004 13:28:30 +0200

debian-edu-config (0.393) unstable; urgency=low

  * Andreas Schuldei
    - Remove unnecessary and wrong lines from the autofs.ldif. objectclasses
      OU and automoutMap can not be in the same ldap entry, with stricter
      checking as in openldap 2.1.X.
  * Finn-Arne Johansen
    - Remove path from temporary filename for ldap-user-clean-attic.sh.
      (Fixes skolelinux bug #786)
  * Petter Reinholdtsen
    - Add debconf template install rule.
    - Add quotes (") around the value stored in
      /etc/default/update-hostname to make sure it is a valid sh-script
      even if the value is junk.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 17 Jun 2004 10:16:04 +0200

debian-edu-config (0.392) woody; urgency=low

  * Petter Reinholdtsen
    - Change xfree86 test to only warn if X isn't running.  X is
      started after the test is executed, so it isn't really an error.
    - Make it possible to configure init.d/update-hostname at install
      time using an hidden debconf value.
    - Restart bind before ntpd, as ntpd need to look up 'ntp' in DNS.
  * Finn-Arne Johansen
    - Added ldap-user-clean-attic.sh to the command line ldap tools
    - Changed number of imap clients allowd to connect from same host
      (closes: #459)

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 14 Jun 2004 09:27:02 +0200

debian-edu-config (0.391) woody; urgency=low

  * Finn-Arne Johansen
    - Improved a workaround for bug #286 in skolelinux, #156332 in debian
      to ensure that the dhcp server is restartable after installation

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 12 Jun 2004 22:06:24 +0200

debian-edu-config (0.390) woody; urgency=low

  * Petter Reinholdtsen
    - Only test XFree86, kdm and xfs if it is supposed to
      be installed (!Main-Server).
    - Insert code in debian-edu-restart-services to force dhcpd
      restart as a workaround for skolelinux bug #286.  Not sure if it
      works, but it is better to have this code here instead of in
      debian-edu-install.
    - Add test to check if host 'ldap', 'ntp', 'syslog' and 'webcache'
      is reachable.
    - Started in README on highlevel description of the configuration
      changes done.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 11 Jun 2004 00:04:30 +0200

debian-edu-config (0.389) unstable; urgency=low

  * Finn-Arne Johansen
    - Fetch sambasid for PDC instead of domain.
  * Petter Reinholdtsen
    - Rewrote samba-debian-edu-admin script to make timeout length a
      variable, and to fetch hostname short form only once.
    - Remove trailing space from line ends and the
      samba-debian-edu-admin file.

 -- Petter Reinholdtsen <pere@debian.org>  Thu,  3 Jun 2004 18:07:44 -0300

debian-edu-config (0.388) unstable; urgency=low

  * Finn-Arne Johansen
    - Set smaller cache size for mozilla
    - Fixed type and missing entries in mozilla proxy settings

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 31 May 2004 01:53:18 -0300

debian-edu-config (0.387) unstable; urgency=low

  * Finn-Arne Johansen
    - Fixed some missing samba objects to the ldap tree.
    - Changed procedure to fetch sambaSID.
    - Updated Makefile to include cf.mozilla.
    - Tries to take up the network interface before fetching sambaSID.
    - Changed samba-debian-edu-admin to ensure that sambaSID is
      availible when needed.
    - Disabled samba password change.
    - Disabled samba root access to shared resources.
    - Added sample entry for assigning static ip to workstations,
      (fixes SL #750).

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 28 May 2004 14:36:35 -0300

debian-edu-config (0.386) unstable; urgency=medium

  * Finn-Arne Johansen
      - Updated slapd.conf to limit the write access of smbadmin

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 21 May 2004 23:36:04 +0200

debian-edu-config (0.385) unstable; urgency=medium

  * Petter Reinholdtsen
    - Change webmin test to check the config file before checking if
      the server is listening to the correct port.  Also changed it to
      not die on the first error, but to do all checks before setting
      the return code.
  * Finn-Arne Johansen
    - Changed DHCP lease time.
    - Moved samba clients to a subtree under ou=People.
  * Andreas Schuldei
    - Make the retrival of the machine group dynamic in
      etc/samba/smbaddclient.pl.

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 20 May 2004 22:28:22 +0200

debian-edu-config (0.384) unstable; urgency=low

  * Finn-Arne Johansen
    - Changed config of samba, and rewritten smbaddclient.pl script to
      ease the adding of NT clients.
    - Removed nss_base_passwd from libnss-ldap.conf to allow use of
      ou=machines for samba clients.
    - Added config for mozilla to use webcache, and kprinter.
  * Petter Reinholdtsen
    - Reinsert nss_base_passwd into libnss-ldap.conf, as it might have
      unwanted side effects, like removed users and machines showing
      up as existing users.
    - Add test for webmin allow line in /etc/webmin/miniserv.conf.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 15 May 2004 19:44:45 +0200

debian-edu-config (0.383) unstable; urgency=low

  * adding organisational unit Machines to root.ldif for samba.

 -- Andreas Schuldei <andreas@debian.org>  Wed,  5 May 2004 21:38:39 +0200

debian-edu-config (0.382) unstable; urgency=low

  * Finn-Arne Johansen
    - Added missing samba-debian-edu-install script
  * Andreas Schuldei
    - performance tuning for slapd: adding some indices and keeping the db in
      RAM

 -- Andreas Schuldei <andreas@debian.org>  Wed, 28 Apr 2004 19:12:41 +0200

debian-edu-config (0.381) unstable; urgency=low

  * Finn-Arne Johansen
    - Added config for samba 3.0
  * Petter Reinholdtsen
    - Only create samba LDAP config on first time install.

 -- Andreas Schuldei <andreas@debian.org>  Wed, 28 Apr 2004 17:27:13 +0200

debian-edu-config (0.380) unstable; urgency=low

  * Petter Reinholdtsen
    - Fix typo in cf.webmin.  The file is called /etc/webmin/config,
      not /etc/webmin/config.conf.
    - Add cfengine rule in cf.webmin to rewrite
      /etc/webmin/dhcpd/config to use dhcp version 3 instead of
      version 2. (Fixes skolelinux bug #666)
    - Renamed every file using 'skolelinux' prefix and postfix, to
      using 'debian-edu' instead.  Added compatibility wrapper scripts
      to avoid breaking installation while changing.  This will break
      existing installations, but is needed to be done before we
      stabilise for consistency.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 26 Apr 2004 20:09:52 +0200

debian-edu-config (0.379) unstable; urgency=low

  * Remove cf.mkinitrd from the include list in cfengine.conf too.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 23 Apr 2004 23:30:09 +0200

debian-edu-config (0.378) unstable; urgency=low

  * Klaus Ade Johnstad
    - Changed the warning/explanation in 10skolelinux-one-login-per-host
      from Norwegian into English.
  * Petter Reinholdtsen
    - Changed webmin configuration to use PAM for authentication,
      removing the need to keep a separate user database in webmin.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 23 Apr 2004 00:06:47 +0200

debian-edu-config (0.377) unstable; urgency=low

  * Petter Reinholdtsen
    - Add test taskpkgs to check if the correct task packages are
      installed.
  * Klaus Ade Johnstad
    - Added the special forwarders need for Skoleetaten i Oslo, in
      named-bind9.conf
    - Added the correct path to the dhcp3 script, in
      dhcpd-skolelinux.conf

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 20 Apr 2004 00:07:37 +0200

debian-edu-config (0.376) unstable; urgency=low

  * Petter Reinholdtsen
    - Do not edit /usr/X11R6/lib/X11/xkb/rules/xfree86.lst any more,
      as we are using XFree86 4.2 now, and the changes are already there.
    - Rewrite edit rule for xfree86.lst in cf.locales to insert the same
      text as is used in XFree86 4.2.
    - Remove cf.mkinitrd, as DELAY=0 is the default in debian-installer.
    - Remove edit rule for /etc/network/interfaces from cf.ldap, as this
      file is updated correctly by debian-edu-profile-udeb in d-i now.
    - Modify update-ini-file to add a section if the ini-file only consist
      of comments.  (Skolelinux bug #633)

 -- Petter Reinholdtsen <pere@debian.org>  Thu, 15 Apr 2004 00:09:12 +0200

debian-edu-config (0.375) unstable; urgency=low

  * Andreas Schuldei
    - Renamed the 'guest' group to 'none' and the 'jnadmin' group
      to 'jradmin' in root.ldif.
    - Adding an attic OU for deleted users, and added an attic
      capability flag in root.ldif.
  * Petter Reinholdtsen
    - Add missing newline at the end of ldap-bootstrap/root.ldif.

 -- Petter Reinholdtsen <pere@debian.org>  Wed, 14 Apr 2004 10:00:19 +0200

debian-edu-config (0.374) unstable; urgency=low

  * Petter Reinholdtsen
    - Report output from rpcinfo -p when testing the network status.
  * Andreas Schuldei
    - Adding a default class to root.ldif, removing the generic age
      group.
  * Finn-Arne Johansen
    - Modified password script to allow changing of admin password.
      (fixes skolelinux #236)
  * Ragnar Wisloff
    - Added nagios to list of services to restart.

 -- Petter Reinholdtsen <pere@debian.org>  Thu,  1 Apr 2004 22:34:09 +0200

debian-edu-config (0.373) unstable; urgency=low

  * Petter Reinholdtse
    - Change /etc/exports rule for /skole/tjener/home0 to only
      export to selected host netgroups by default.
  * Bjørn Ove Grøtan
    - Commented out indexing of eduPerson-related parts in slapd.conf
      since we're not using EduPerson.schema yet.

 -- Petter Reinholdtsen <pere@debian.org>  Tue, 30 Mar 2004 23:31:31 +0200

debian-edu-config (0.372) unstable; urgency=low

  * Petter Reinholdtsen
    - Improve the mail content sent from init.d/report-reboot.
    - Avoid restarting init.d/report-reboot on installs and
      upgrades. (Closes: #240776)
    - Do not use EduPerson.schema yet.
    - Make sure debian-edu-mailcap is installed without execute bit.
  * Ragnar Wisloff
    - Fixed typos in cf.nagios

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 29 Mar 2004 21:35:47 +0200

debian-edu-config (0.371) unstable; urgency=low

  * Bjørn Ove Grøtan
    - Add norEduPerson.schema to the package.
  * Petter Reinholdtsen
    - Make sure to install EduPerson.schema and norEduPerson.schema,
      to get slapd to start. (Fixes Skolelinux bug #664)
    - Make sure newly added scripts in /usr/share/ are installed
      with execute bit.
    - Make sure /etc/init.d/report-reboot is a conffile.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 28 Mar 2004 22:50:44 +0200

debian-edu-config (0.370) unstable; urgency=low

  * Finn-Arne Johansen
    - Adding script to change users password in ldap (also samba)
    - Moved nice to have script from /usr/sbin/ into /usr/share...
    - Added code to set umask when logging in with kdm
    - Added the script located in share into the Makefile
  * Petter Reinholdtsen
    - Updated testsuite/dhcpd to check dhcpd version 3.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 27 Mar 2004 16:57:14 +0100

debian-edu-config (0.369) unstable; urgency=low

  * Bjørn Ove Grøtan
    - adding ACL for smbadmin and performance tuning
  * Petter Reinholdtsen
    - Add workaround for apache problem in skolelinux-restart-services.
      This should make sure the missing apache parent process is
      worked around.  (Skolelinux bug #636)
  * Ragnar Wisloff
    - Changed cf.nagios to use forced symlinks

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 27 Mar 2004 11:58:23 +0100

debian-edu-config (0.368) unstable; urgency=low

  * Petter Reinholdtsen
    - Add new init.d script report-reboot, which can send
      an email when a server boots.
    - Implement 'status' argument to init.d/open-backdoor,
      reporting if the SSH backdoor is running or not.
    - Add Finn-Arne Johansen as uploader.
    - Remove all '.#*' files in clean target, to make sure this
      cruft do not make it into the source package.

 -- Petter Reinholdtsen <pere@debian.org>  Mon, 15 Mar 2004 22:19:29 +0100

debian-edu-config (0.367) unstable; urgency=low

  * Replaced dhcp with dhcp3-server in skolelinux-restart-services, should fix
    #286 and #421

 -- Finn-Arne Johansen <faj@bzz.no>  Thu,  4 Mar 2004 20:50:19 +0100

debian-edu-config (0.366) unstable; urgency=low

  * Fixed config for dhcp3

 -- Finn-Arne Johansen <faj@bzz.no>  Wed,  3 Mar 2004 22:27:21 +0100

debian-edu-config (0.365) unstable; urgency=low

  * changed distribution from UNRELEASED to unstable

 -- Andreas Schuldei <andreas@debian.org>  Wed,  3 Mar 2004 17:15:44 +0100

debian-edu-config (0.364) unstable; urgency=low

  * Rune Nordbøe Skillingstad
    - Package now conflicts debian-edu-install <= 0.616. (Closes: #235734)
  * Petter Reinholdtsen
    - Restart autofs at the end of the install, to make sure the new
      configuration is used.

 -- Rune Nordbøe Skillingstad <runesk@linpro.no>  Tue,  2 Mar 2004 09:20:24 +0100

debian-edu-config (0.363) unstable; urgency=low

  * Finn-Arne Johansen
    - Added /etc/mailcap
    - Added /etc/dhcp3/dhcp-skolelinux.conf
  * Petter Reinholdtsen
    - Make sure to include cf.nagios in the package.
    - Removed cf.modules as it is unused now.
    - Add missing quote character in cf.apache. (Closes: #235537)
  * Rune Nordbøe Skillingstad
    - Restart nscd
    - Fixed bug: /etc/dhcp3 was not created in install in Makefile
    - Moved /etc/mailcap to /lib/mime/packages/debian-edu-mailcap and using
      update-mime in postinst script
    - Package now depends on mime-support.

 -- Petter Reinholdtsen <pere@debian.org>  Mon,  1 Mar 2004 17:28:06 +0100

debian-edu-config (0.362) unstable; urgency=low

  * Ragnar Wisløff
    - Added cf.nagios and changes to cfengine.conf to include cf.nagios
  * Rune Nordbøe Skillingstad
    - Moved mime.types from cf.apache to cf.mime-support
    - Added rewriting of apache to cf.apache

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 29 Feb 2004 17:06:43 +0100

debian-edu-config (0.361) unstable; urgency=low

  * Rune Nordbøe Skillingstad
    - Fixed wrong loggin in bind9 configuration
    - Moved restarting of services from cf-files to
      skolelinux-restart-services
    - Moved skolelinux-test-install and skolelinux-restart-services
      here from debian-edu-install
    - No more initializing of LDAP if data exists
  * Ragnar Wisløff
    - Changed default kernel for thin clients to PXE

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 29 Feb 2004 15:42:13 +0100

debian-edu-config (0.360) unstable; urgency=low

  * Alex Brasetvik
    - New netgroups infrastructure.
  * Petter Reinholdtsen
    - Get rid of warning message if the user isn't allowed access to
      the sound device (artsmessagerc) and dialog box on initial login
      asking about default configuration (kpersonalizerrc).
    - Avoid confusing users about the disabled ssh tunneling
      script. (Closes: #233174)
  * Rune Nordbøe Skillingstad
    - Added ltsp network in acl for squid
    - Changed to use bind9

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 28 Feb 2004 17:42:09 +0100

debian-edu-config (0.359) unstable; urgency=low

  * Make sure /etc/default/update-hostname is created when needed.
  * Move named configuration from /etc/bind/ to /etc/bind/debian-edu/,
    to reduce the chance of a name conflict with existing zone
    files.  (Closes: #232805)

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 15 Feb 2004 15:43:26 +0100

debian-edu-config (0.358) unstable; urgency=low

  * Petter Reinholdtsen
    - Convert init.d/start-wlan to POSIX sh notation.
    - Make sure init.d/update-hostname is enabled for all profiles
      except the main-server profile.
  * Bart Cornelis
    - Changed occurences of devel@skolelinux.no to debian-edu@l.d.o
      everywhere.
  * Finn-Arne Johansen
    - Include sbin/logoutkill.sh and sbin/nightkill.sh in
      the package.

 -- Petter Reinholdtsen <pere@debian.org>  Sun, 15 Feb 2004 11:18:37 +0100

debian-edu-config (0.357) unstable; urgency=low

  * Make sure it is safe to run 'init.d/enable-nat start' several times.

 -- Petter Reinholdtsen <pere@debian.org>  Sat,  7 Feb 2004 20:49:18 +0100

debian-edu-config (0.356) unstable; urgency=low

  * Petter Reinholdtsen
    - Return 0 and not 5 from init.d scripts if the service is
      unavailable to avoid errors in Debian.  The LSM specify 5 as the
      return value, but this give warnings from invoke-rc.d in Debian
      Woody.
    - Fix typo in init.d/enable-nat.
    - Make sure init.d/update-hostname is disabled by default.
    - Avoid error message from mii-tool in init.d/start-wlan.

 -- Petter Reinholdtsen <pere@debian.org>  Sat,  7 Feb 2004 20:27:39 +0100

debian-edu-config (0.355) unstable; urgency=low

  * Petter Reinholdtsen
    - Improve init.d/ltspnet-nat, making sure it enables IPv4
      forwarding if it isn't enabled already.
    - Improve Linux Software Base complience for all init.d scripts.
    - Include init.d/backdoor and init.d/wlan in package.
    - Use dh_installinit to install and enable init.d scripts.  This
      gets rid of some lintian warnings

 -- Petter Reinholdtsen <pere@debian.org>  Sat,  7 Feb 2004 19:53:48 +0100

debian-edu-config (0.354) unstable; urgency=low

  * Petter Reinholdtsen
    - Improve init.d/ltspnet-nat.  Add 'restart' and 'status'
      arguments.  Make it possible to override the default
      configuration using /etc/default/ltspnet-nat.
    - Add depends on iptables as init.d/ltspnet-nat need it.

 -- Petter Reinholdtsen <pere@debian.org>  Sat,  7 Feb 2004 10:07:46 +0100

debian-edu-config (0.353) unstable; urgency=medium

  * Petter Reinholdtsen
    - Make sure bin/update-ini-file handle missing files by creating
      them first, and then leave it to Config::IniFiles to update the
      content.
    - Change Build-Depends to Build-Depends-Indep as this package is
      architecture 'all'.
    - Add Andreas Schuldei as uploader.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 31 Jan 2004 20:19:56 +0100

debian-edu-config (0.352) unstable; urgency=medium

  * Petter Reinholdtsen
    - Jump to version number to 0.352 make sure it is higher than the
      version used in Skolelinux / Woody (0.351.skolelinux.#).
    - Fixed several syntax errors in ldap-bootstrap/root.ldif: All
      lisAclGroups needed a 'member' attribute, the Variables object
      was listed twice, and the cn and dn of object 'juadmins' was not
      the same.
    - Made sure all groups are object class posixGroup.
    - Reordered objectClass specifiers to make sure all objects use
      the same order; top, RFC-standardized groups, and site-specific
      groups.
    - Make sure ldap-skolelinux-install exit on first error, to try to
      detect if it fail.
    - Rewrite update-ini-file from using libconfig-ini-perl to using
      libconfig-inifiles-perl, to get a dependency which exist both in
      Woody and Sarge.
  * Per Harald Westby
    - cf.apache adds entries for OpenOffice.org document types
      to /etc/mime.types
  * Finn-Arne Johansen
    - Added scripts to remove stray processes.  One for logout
      (logoutkill.sh), and one for a nightly cron task (nightkill.sh).
    - Added script apt-get-update-files-download that gives somewhat a
      better message whenever there is new packages waiting to be
      installed.

 -- Petter Reinholdtsen <pere@debian.org>  Fri, 30 Jan 2004 22:46:09 +0100

debian-edu-config (0.1) unstable; urgency=low

  * Initial upload, based on the current Skolelinux version 0.350-7.

 -- Petter Reinholdtsen <pere@debian.org>  Sat, 17 Jan 2004 16:00:09 +0100