Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end
[Petter Reinholdtsen] I was told on IRC by the bug reporter, bammes, that his installation worked when he did not use characters like * and # in the password. This made me check the code to see if the root and first user password are properly quoted in the source. The attached patch fix a few missing quotes. The patch is untested, because I lack my test bench here. I've commited this patch with updates, but there is one problematic part of the code left. This code in debian-edu-config/share/debian-edu-config/d-i/pre-pkgsel: cat $file EOF debian-edu-config debian-edu-config/kdc-password password $ROOTPWD debian-edu-config debian-edu-config/kdc-password-again password $ROOTPWD debian-edu-config debian-edu-config/ldap-password password $ROOTPWD debian-edu-config debian-edu-config/ldap-password-again password $ROOTPWD debian-edu-config debian-edu-config/first-user-name string $FIRSTUSERNAME debian-edu-config debian-edu-config/first-user-fullname string $FIRSTUSERGECOS debian-edu-config debian-edu-config/first-user-password password $FIRSTUSERPWD EOF # Pass user and password information into the target cat $file | LANG=C chroot /target debconf-set-selections || \ error Failed to load preseed values from $file. rm $file The problem is with '#' in the password and debconf-set-selections. debconf-set-selections will stop processing when it find a #, causing debian-edu-config debian-edu-config/first-user-password password #secret to be read like debian-edu-config debian-edu-config/first-user-password password This in turn make the code setting up the first user pick the root passoword as the first users password because no password were provided. If the root password contain #, the resulting password might be empty (I am not sure, have not tested). Neither is good. :) But I am unable to find a way to quote # in passwords that debconf-set-selections. will accept. Anyone got any ideas? -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end
[Petter Reinholdtsen] I was told on IRC by the bug reporter, bammes, that his installation worked when he did not use characters like * and # in the password. I tried different variations without triggering in the hang (like foo#bar and foo*bar), until I tried '*#secret'. The *# combination at the start causes the hang. The reason is that /usr/share/debian-edu-config/d-i/pre-pkgsel passes on the password but cut it short before #, and thus only * is passed on as the password. This in turn get shell expanded when the password is used without quotes. I've uploaded code to add quotes to squeeze-test, but the problem with # is unsolved. I hope this will avoid the hang. It will still set the wrong password. :( -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end
tags 664976 + pending thanks [Petter Reinholdtsen] I've uploaded code to add quotes to squeeze-test, but the problem with # is unsolved. I hope this will avoid the hang. It will still set the wrong password. :( I can confirm that the hang disappeared by quoting the passwords properly in ldap-debian-edu-install and kerberos-kdc-init. To fix the incorrect handling of passwords with '#' in them, I ended up copying and editing debconf-set-selection to fix bug #636219. I just completed a test installation with squeeze-test using *#secret#* as the password, and this time it worked just fine. I saw claims that #636219 is fixed in wheezy. We can remove this copy when we move to wheezy, or get a fix backported to squeeze and drop our workaround when it is in place. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end
[Steven Chamberlain] Hi, The timestamps in syslog are confusing. Seems like they are interchangeably UTC or localtime. Yes. The syslog messages from /target/ have localtime, and the ones from d-i have UTC. Anyway, assuming the log entries are the right order, it looks like OpenLDAP got started before it was configured. Given that it work for others, I believe LDAP is properly configured in the common case. I was told on IRC by the bug reporter, bammes, that his installation worked when he did not use characters like * and # in the password. This made me check the code to see if the root and first user password are properly quoted in the source. The attached patch fix a few missing quotes. The patch is untested, because I lack my test bench here. -- Happy hacking Petter Reinholdtsen Index: share/debian-edu-config/tools/kerberos-kdc-init === --- share/debian-edu-config/tools/kerberos-kdc-init (revisjon 77145) +++ share/debian-edu-config/tools/kerberos-kdc-init (arbeidskopi) @@ -263,7 +263,7 @@ GID=1000 chown -R $UID:$GID $HOMEDIR -pwlen=$(echo -n $FIRSTUSERPWD | wc -c) +pwlen=$(echo -n $FIRSTUSERPWD | wc -c) echo Creating Kerberos principal for $USERDN (password length $pwlen) kadmin.local -q add_principal -pw $FIRSTUSERPWD -x dn=$USERDN $FIRSTUSERNAME 12 db_set debian-edu-config/first-user-password '' Index: ldap-tools/ldap-debian-edu-install === --- ldap-tools/ldap-debian-edu-install (revisjon 77145) +++ ldap-tools/ldap-debian-edu-install (arbeidskopi) @@ -254,7 +254,7 @@ ## Create and distribute a random password and ## its hash for the ldap gosa-admin account: GOSAPWD=`slappasswd -g -h {CLEARTEXT}` - GOSAPWDHASH=`slappasswd -s $GOSAPWD -h {SSHA}` + GOSAPWDHASH=`slappasswd -s $GOSAPWD -h {SSHA}` GOSACONFDIR=/etc/gosa/ GOSACONF=gosa.conf GOSAADMINSDN=$(awk '/dn: cn=gosa-admins,/ { print $2 }' /etc/ldap/gosa.ldif) @@ -306,11 +306,11 @@ ## Create and distribute a random password and its hash ## for the kdc service accounts kadmin and kdc-service: KDCPWD=`slappasswd -g -h {CLEARTEXT}` - KDCPWDHASH=`slappasswd -s $KDCPWD -h {SSHA}` + KDCPWDHASH=`slappasswd -s $KDCPWD -h {SSHA}` KDCCONFDIR=/etc/krb5kdc/ KEYFILE=service.keyfile ## convert to {HEX} encoding: - KDCPWDHEX=`echo $KDCPWD | xxd -g0 -ps | sed s/0a$//` + KDCPWDHEX=`echo $KDCPWD | xxd -g0 -ps | sed s/0a$//` KRB_CONT_DN=`awk '/dn: cn=kerberos,/ { print $2 }' /etc/ldap/krb5.ldif` mkdir -p $KDCCONFDIR @@ -327,7 +327,7 @@ SAMBAPWD=$(slappasswd -g -h {CLEARTEXT}) # then generate hashed Samba password, this will be needed for bootstrapping # cn=smbadmin in root.ldif - SAMBAPWDHASH=$(slappasswd -u -s $SAMBAPWD) + SAMBAPWDHASH=$(slappasswd -u -s $SAMBAPWD) # first portion of bootstrap (everything except samba.ldif) for ldif in \ @@ -440,7 +440,7 @@ EOF # Store root's password temporarily in secrets.tdb (for cn=admin,ou=ldap-access,BASEDN) -smbpasswd -c /etc/samba/smb-debian-edu-ldapbootstrap.conf -w $ROOTPWDCLEAR +smbpasswd -c /etc/samba/smb-debian-edu-ldapbootstrap.conf -w $ROOTPWDCLEAR # This will initialize the sambaDomainName=DOMAIN object in LDAP and # generate a sambaSID for DOMAIN. @@ -455,7 +455,7 @@ # now set up our auto-generated Samba password (created further above) that shall be # used in smb.conf and with smbldap-tools # (i.e. for cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no)... -smbpasswd -c /etc/samba/smb.conf -w $SAMBAPWD +smbpasswd -c /etc/samba/smb.conf -w $SAMBAPWD # also put the $SAMBAPWD also into smbldap_bind.conf chmod 0600 /etc/smbldap-tools/smbldap_bind.conf @@ -489,7 +489,7 @@ fi # Generate NT/LM hashes for Samba's Administrator account - SAMBA_ADMPWD_HASHES=$(perl -MCrypt::SmbHash -e print join(q[:],ntlmgen \$ARGV[0]), $/; $ROOTPWDCLEAR) + SAMBA_ADMPWD_HASHES=$(perl -MCrypt::SmbHash -e print join(q[:],ntlmgen \$ARGV[0]), $/; $ROOTPWDCLEAR) SAMBA_ADMPWD_LMHASH=$(echo $SAMBA_ADMPWD_HASHES | cut -d : -f1) SAMBA_ADMPWD_NTHASH=$(echo $SAMBA_ADMPWD_HASHES | cut -d : -f2)
Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end
On Thu, Mar 22, 2012 at 12:35:14AM +0100, Bernhard Hammes wrote: Package: debian-edu-config Version: 1.453 Severity: normal *** Please type your report below this line *** installer hang during debian-edu-profile run at the end. on tty4 error stating debian-edu-config-finish-install entropy pool is 3009 after trying to add more chrooting into /target and doing /etc/init.d/bind9 restart did help to proceed (suggestion from #debian-edu) . After reboot, login with my non-root user via kde/tty did not work (krb/sldap fail?), nfs-kernel-server failed to start, too. included files: output of pstree and ps -ef from the time during the hanging installer /var/log/installer/ from this machine: http://garkein.pupes.de/debian-edu-installer-log.tar.gz (maybe someone wants to reupload it on a proper debian place) Thank you for the bug report. I had a look at the installation log (syslog), and found this part which I believe is where the installation get stuck: Mar 21 22:04:11 in-target: cfengine:tjener:du-install: The LDAP server slapd seems not to be running. Trying to start slapd. Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting OpenLDAP: slapd. Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting domain name service ...: bind9. Mar 21 22:04:11 in-target: cfengine:tjener:du-install: ldap_sasl_bind(SIMPLE): Can' t contact LDAP server (-1) Mar 21 22:04:11 in-target: cfengine:tjener:du-install: No domains configured. Exiti ng... Mar 21 22:04:11 in-target: cfengine:tjener:du-install: When run by root: Mar 21 22:04:11 in-target: cfengine:tjener:du-install: smbpasswd [options] [use rname] Mar 21 22:04:11 in-target: cfengine:tjener:du-install: otherwise: Mar 21 22:04:11 in-target: cfengine:tjener:du-install: smbpasswd [options] Mar 21 22:04:11 in-target: cfengine:tjener:du-install: options: Mar 21 22:04:11 in-target: cfengine:tjener:du-install: -L local mode (must be first option) Mar 21 22:04:11 in-target: cfengine:tjener:du-i Mar 21 22:04:55 debian-edu-config-finish-install: low on entropy, pool is 128. tryi ng to add more Mar 21 22:08:52 debian-edu-config-finish-install: entropy pool is 3050 after trying to add Mar 21 22:18:32 init: process '/usr/bin/tail -f /var/log/syslog' (pid 376) exited. Scheduling for restart. Mar 21 22:18:32 init: starting pid 22788, tty '/dev/tty4': '/usr/bin/tail -f /var/log/syslog' Mar 21 23:46:29 named[22708]: received control channel command 'stop -p' After this point, the ldap-debian-edu-install script exits without stopping the services it started (slapd, bind, etc), and get stuck waiting for these services to exit. The only running one in your case was bind, and when it was restarted the file descriptor connecting d-i to bind was closed and the installer could continue. I have no idea why smbpasswd failed to connect to LDAP. Perhaps the LDAP server is starting too slow, or smbpasswd is starting too fast. -- Happy hacking Petter Reinholdtsen -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end
Hi, The timestamps in syslog are confusing. Seems like they are interchangeably UTC or localtime. Anyway, assuming the log entries are the right order, it looks like OpenLDAP got started before it was configured. Mar 21 22:03:10 in-target: Main Tree Sched: shellcommands.secondpass pass 1 @ Wed Mar 21 23:03:09 2012 Mar 21 22:03:10 in-target: Executing script /usr/sbin/snakeoil-on-ice...(timeout=5,uid=-1,gid=-1) Mar 21 22:03:10 in-target: (Setting umask to 77) Mar 21 22:03:10 in-target: cfengine:tjener:oil-on-ice: info: Running /usr/sbin/snakeoil-on-ice Mar 21 22:03:10 in-target: cfengine:tjener:oil-on-ice: cmp: /etc/skel/.mozilla/firef OpenLDAP and BIND are started now: Mar 21 22:04:04 init: starting pid 375, tty '/dev/tty3': '-/bin/sh' Mar 21 23:04:05 slapd[22694]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 16 2011 02:53:39) $ buildd@murphy:/build/buildd-openldap_2.4.23-7.2-i386-Y1mwvF/openldap-2.4.23/debian/build/servers/slapd Mar 21 23:04:10 slapd[22695]: slapd starting Mar 21 23:04:10 named[22708]: starting BIND 9.7.3 -4 -u bind Mar 21 23:04:11 named[22708]: running Mar 21 23:04:11 su[22717]: Successful su for bind by root Mar 21 23:04:11 su[22717]: + ??? root:bind Mar 21 23:04:11 su[22717]: pam_unix(su:session): session opened for user bind by (uid=0) Mar 21 23:04:11 su[22717]: pam_unix(su:session): session closed for user bind Mar 21 22:04:11 in-target: ox/debian-edu.default/cert_override.txt: Datei oder Verzeichnis nicht gefunden Mar 21 22:04:11 in-target: cfengine:tjener:oil-on-ice: info: /usr/sbin/snakeoil-on-ice: snakeoil-on-ice: -rw-r--r-- 1 root root 702 21. Mär 23:03 /opt/ltsp/i386/etc/iceweasel/profile/cert_override.txt Mar 21 22:04:11 in-target: cfengine:tjener: Finished script /usr/sbin/snakeoil-on-ice Mar 21 22:04:11 in-target: Performance(Exec(/usr/sbin/snakeoil-on-ice)): time=0.1491 secs, av=0.1491 +/- 0.0316 But only afterward is the SSL certificate generated for slapd: Mar 21 22:04:11 in-target: Main Tree Sched: shellcommands.thirdpass pass 1 @ Wed Mar 21 23:03:11 2012 Mar 21 22:04:11 in-target: Executing script /usr/bin/mkslapdcert...(timeout=0,uid=-1,gid=-1) Here slapd may be already running, but not configured properly, so an attempt to contact it might fail. But then any attempt to start it, would be ignored, because it's already running. Mar 21 22:04:11 in-target: cfengine:tjener:du-install: The LDAP server slapd seems not to be running. Trying to start slapd. Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting OpenLDAP: slapd. Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting domain name service...: bind9. Mar 21 22:04:11 in-target: cfengine:tjener:du-install: ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1) So, firstly, why did slapd get started early? (By snakeoil-on-ice?) And secondly, maybe ldap-debian-edu-install should begin by trying to stop slapd, just in case it's already running at that point. Or otherwise perform a 'restart' instead of 'start'. Regards, -- Steven Chamberlain ste...@pyro.eu.org -- To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org
Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end
Package: debian-edu-config Version: 1.453 Severity: normal *** Please type your report below this line *** installer hang during debian-edu-profile run at the end. on tty4 error stating debian-edu-config-finish-install entropy pool is 3009 after trying to add more chrooting into /target and doing /etc/init.d/bind9 restart did help to proceed (suggestion from #debian-edu) . After reboot, login with my non-root user via kde/tty did not work (krb/sldap fail?), nfs-kernel-server failed to start, too. included files: output of pstree and ps -ef from the time during the hanging installer /var/log/installer/ from this machine: http://garkein.pupes.de/debian-edu-installer-log.tar.gz (maybe someone wants to reupload it on a proper debian place) -- System Information: Debian Release: 6.0.4 APT prefers stable APT policy: (500, 'stable') Architecture: i386 (x86_64) Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores) Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Versions of packages debian-edu-config depends on: ii base-files 6.0squeeze4 Debian base system miscellaneous f ii bind9-host [host 1:9.7.3.dfsg-1~squeeze4 Version of 'host' bundled with BIN ii cfengine22.2.10-2Tool for configuring and maintaini ii debconf [debconf 1.5.36.1Debian configuration management sy ii debconf-utils1.5.36.1debconf utilities ii debian-edu-artwo 0.0.33-2Debian Edu themes and artwork ii desktop-profiles 1.4.15+nmu1 framework for setting up desktop p ii discover 2.1.2-5 hardware identification system ii education-tasks 0.855 Debian Edu tasks for tasksel ii fping2.4b2-to-ipv6-16.1 sends ICMP ECHO_REQUEST packets to ii host 1:9.7.3.dfsg-1~squeeze4 Transitional package ii ldap-utils 2.4.23-7.2 OpenLDAP utilities ii libconfig-inifil 2.52-1 Read .ini-style configuration file ii libfilesys-df-pe 0.92-3+b1 Module to obtain filesystem disk s ii libhtml-fromtext 2.05-5.1Mark up text as HTML ii libio-socket-ssl 1.33-1+squeeze1 Perl module implementing object or ii libnet-ldap-perl 1:0.4001-2 client interface to LDAP servers ii libnet-netmask-p 1.9015-4parse, manipulate and lookup IP ne ii libterm-readkey- 2.30-4 A perl module for simple terminal ii libtext-unaccent 1.08-1+b1 provides functions to remove accen ii lockfile-progs 0.1.15 Programs for locking and unlocking ii lsb-base 3.2-23.2squeeze1Linux Standard Base 3.2 init scrip ii mime-support 3.48-1 MIME files 'mime.types' 'mailcap ii net-tools1.60-23 The NET-3 networking toolkit ii ng-utils 0.7-1 Tool to access netgroups from the ii openssl 0.9.8o-4squeeze7Secure Socket Layer (SSL) binary a ii patch2.6-2 Apply a diff file to an original ii python 2.6.6-3+squeeze6interactive high-level object-orie ii python-notify0.1.1-2+b2 Python bindings for libnotify ii smbldap-tools0.9.5-1 Scripts to manage Unix and Samba a ii ssl-cert 1.0.28 simple debconf wrapper for OpenSSL ii tftp 0.17-18 Trivial file transfer protocol cli Versions of packages debian-edu-config recommends: ii ddccontrol 0.4.2-6 a program to control monitor param ii libjavascript-perl 1.16-3module for executing embedded Java ii libnotify-bin 0.5.0-2 sends desktop notifications to a n ii lsof 4.81.dfsg.1-1 List open files ii memtest86+ 4.10-1.1 thorough real-mode memory tester ii resolvconf 1.46 name server information handler ii syslinux 2:4.02+dfsg-7 collection of boot loaders Versions of packages debian-edu-config suggests: ii atftpd 0.7.dfsg-9.1 advanced TFTP server -- Configuration Files: /etc/bind/db.0.168.192.in-addr.arpa. changed [not included] /etc/bind/db.1.168.192.in-addr.arpa. changed [not included] /etc/bind/db.10.in-addr.arpa. changed [not included] /etc/bind/db.intern changed [not included] /etc/bind/db.subnet00.intern. changed [not included] /etc/bind/db.subnet01.intern. changed [not included] /etc/gosa/gosa.conf changed [not included] -- debconf information: * debian-edu-config/kdc-password: (password omitted) * debian-edu-config/kdc-password-again: (password omitted) debian-edu-config/ldap-password-again: (password omitted) debian-edu-config/ldap-password: (password omitted) * debian-edu-config/first-user-password: (password omitted) * debian-edu-config/update-hostname: false