Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end

2012-03-25 Thread Petter Reinholdtsen 
[Petter Reinholdtsen]
 I was told on IRC by the bug reporter, bammes, that his installation
 worked when he did not use characters like * and # in the password.
 This made me check the code to see if the root and first user
 password are properly quoted in the source.  The attached patch fix
 a few missing quotes.  The patch is untested, because I lack my test
 bench here.

I've commited this patch with updates, but there is one problematic
part of the code left.  This code in
debian-edu-config/share/debian-edu-config/d-i/pre-pkgsel:

cat  $file EOF
debian-edu-config debian-edu-config/kdc-password password $ROOTPWD
debian-edu-config debian-edu-config/kdc-password-again password $ROOTPWD
debian-edu-config debian-edu-config/ldap-password password $ROOTPWD
debian-edu-config debian-edu-config/ldap-password-again password $ROOTPWD
debian-edu-config debian-edu-config/first-user-name string $FIRSTUSERNAME
debian-edu-config debian-edu-config/first-user-fullname string $FIRSTUSERGECOS
debian-edu-config debian-edu-config/first-user-password password $FIRSTUSERPWD
EOF
# Pass user and password information into the target
cat $file | LANG=C chroot /target debconf-set-selections || \
error Failed to load preseed values from $file.
rm $file

The problem is with '#' in the password and debconf-set-selections.
debconf-set-selections will stop processing when it find a #, causing

  debian-edu-config debian-edu-config/first-user-password password #secret

to be read like

  debian-edu-config debian-edu-config/first-user-password password 

This in turn make the code setting up the first user pick the root
passoword as the first users password because no password were
provided.  If the root password contain #, the resulting password
might be empty (I am not sure, have not tested).  Neither is good. :)

But I am unable to find a way to quote # in passwords that
debconf-set-selections. will accept.  Anyone got any ideas?
-- 
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end

2012-03-25 Thread Petter Reinholdtsen 
[Petter Reinholdtsen]
 I was told on IRC by the bug reporter, bammes, that his installation
 worked when he did not use characters like * and # in the password.

I tried different variations without triggering in the hang (like
foo#bar and foo*bar), until I tried '*#secret'.  The *# combination at
the start causes the hang.

The reason is that /usr/share/debian-edu-config/d-i/pre-pkgsel passes
on the password but cut it short before #, and thus only * is passed
on as the password.  This in turn get shell expanded when the password
is used without quotes.  I've uploaded code to add quotes to
squeeze-test, but the problem with # is unsolved.  I hope this will
avoid the hang.  It will still set the wrong password. :(
-- 
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end

2012-03-25 Thread Petter Reinholdtsen 
tags 664976 + pending
thanks

[Petter Reinholdtsen]
 I've uploaded code to add quotes to
 squeeze-test, but the problem with # is unsolved.  I hope this will
 avoid the hang.  It will still set the wrong password. :(

I can confirm that the hang disappeared by quoting the passwords
properly in ldap-debian-edu-install and kerberos-kdc-init.  To fix the
incorrect handling of passwords with '#' in them, I ended up copying
and editing debconf-set-selection to fix bug #636219.  I just
completed a test installation with squeeze-test using *#secret#* as
the password, and this time it worked just fine.

I saw claims that #636219 is fixed in wheezy.  We can remove this copy
when we move to wheezy, or get a fix backported to squeeze and drop
our workaround when it is in place.
-- 
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end

2012-03-24 Thread Petter Reinholdtsen 
[Steven Chamberlain]
 Hi,
 
 The timestamps in syslog are confusing.  Seems like they are
 interchangeably UTC or localtime.

Yes.  The syslog messages from /target/ have localtime, and the ones
from d-i have UTC.

 Anyway, assuming the log entries are the right order, it looks like
 OpenLDAP got started before it was configured.

Given that it work for others, I believe LDAP is properly configured
in the common case.

I was told on IRC by the bug reporter, bammes, that his installation
worked when he did not use characters like * and # in the password.
This made me check the code to see if the root and first user password
are properly quoted in the source.  The attached patch fix a few
missing quotes.  The patch is untested, because I lack my test bench
here.
-- 
Happy hacking
Petter Reinholdtsen
Index: share/debian-edu-config/tools/kerberos-kdc-init
===
--- share/debian-edu-config/tools/kerberos-kdc-init (revisjon 77145)
+++ share/debian-edu-config/tools/kerberos-kdc-init (arbeidskopi)
@@ -263,7 +263,7 @@
 GID=1000
 chown -R $UID:$GID $HOMEDIR
 
-pwlen=$(echo -n $FIRSTUSERPWD | wc -c)
+pwlen=$(echo -n $FIRSTUSERPWD | wc -c)
 echo Creating Kerberos principal for $USERDN (password length $pwlen)
 kadmin.local -q add_principal -pw $FIRSTUSERPWD -x dn=$USERDN 
$FIRSTUSERNAME 12
 db_set debian-edu-config/first-user-password ''
Index: ldap-tools/ldap-debian-edu-install
===
--- ldap-tools/ldap-debian-edu-install  (revisjon 77145)
+++ ldap-tools/ldap-debian-edu-install  (arbeidskopi)
@@ -254,7 +254,7 @@
   ## Create and distribute a random password and
   ## its hash for the ldap gosa-admin account:
   GOSAPWD=`slappasswd -g -h {CLEARTEXT}`
-  GOSAPWDHASH=`slappasswd -s $GOSAPWD -h {SSHA}`
+  GOSAPWDHASH=`slappasswd -s $GOSAPWD -h {SSHA}`
   GOSACONFDIR=/etc/gosa/
   GOSACONF=gosa.conf
   GOSAADMINSDN=$(awk '/dn: cn=gosa-admins,/ { print $2 }' /etc/ldap/gosa.ldif)
@@ -306,11 +306,11 @@
   ## Create and distribute a random password and its hash
   ## for the kdc service accounts kadmin and kdc-service:
   KDCPWD=`slappasswd -g -h {CLEARTEXT}`
-  KDCPWDHASH=`slappasswd -s $KDCPWD -h {SSHA}`
+  KDCPWDHASH=`slappasswd -s $KDCPWD -h {SSHA}`
   KDCCONFDIR=/etc/krb5kdc/
   KEYFILE=service.keyfile
   ## convert to {HEX} encoding:
-  KDCPWDHEX=`echo $KDCPWD | xxd -g0 -ps | sed s/0a$//`
+  KDCPWDHEX=`echo $KDCPWD | xxd -g0 -ps | sed s/0a$//`
   KRB_CONT_DN=`awk '/dn: cn=kerberos,/ { print $2 }' /etc/ldap/krb5.ldif`
 
   mkdir -p $KDCCONFDIR
@@ -327,7 +327,7 @@
   SAMBAPWD=$(slappasswd -g -h {CLEARTEXT})
   # then generate hashed Samba password, this will be needed for bootstrapping
   # cn=smbadmin in root.ldif
-  SAMBAPWDHASH=$(slappasswd -u -s $SAMBAPWD)
+  SAMBAPWDHASH=$(slappasswd -u -s $SAMBAPWD)
  
   # first portion of bootstrap (everything except samba.ldif)
   for ldif in \
@@ -440,7 +440,7 @@
 EOF
 
 # Store root's password temporarily in secrets.tdb (for 
cn=admin,ou=ldap-access,BASEDN)
-smbpasswd -c /etc/samba/smb-debian-edu-ldapbootstrap.conf -w $ROOTPWDCLEAR
+smbpasswd -c /etc/samba/smb-debian-edu-ldapbootstrap.conf -w 
$ROOTPWDCLEAR
 
 # This will initialize the sambaDomainName=DOMAIN object in LDAP and
 # generate a sambaSID for DOMAIN.
@@ -455,7 +455,7 @@
 # now set up our auto-generated Samba password (created further above) 
that shall be 
 # used in smb.conf and with smbldap-tools
 # (i.e. for cn=smbadmin,ou=samba,dc=skole,dc=skolelinux,dc=no)...
-smbpasswd -c /etc/samba/smb.conf -w $SAMBAPWD
+smbpasswd -c /etc/samba/smb.conf -w $SAMBAPWD
 
 # also put the $SAMBAPWD also into smbldap_bind.conf
 chmod 0600 /etc/smbldap-tools/smbldap_bind.conf
@@ -489,7 +489,7 @@
   fi
 
   # Generate NT/LM hashes for Samba's Administrator account
-  SAMBA_ADMPWD_HASHES=$(perl -MCrypt::SmbHash -e print join(q[:],ntlmgen 
\$ARGV[0]), $/; $ROOTPWDCLEAR)
+  SAMBA_ADMPWD_HASHES=$(perl -MCrypt::SmbHash -e print join(q[:],ntlmgen 
\$ARGV[0]), $/; $ROOTPWDCLEAR)
   SAMBA_ADMPWD_LMHASH=$(echo $SAMBA_ADMPWD_HASHES | cut -d : -f1)
   SAMBA_ADMPWD_NTHASH=$(echo $SAMBA_ADMPWD_HASHES | cut -d : -f2)

Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end

2012-03-22 Thread Petter Reinholdtsen 
On Thu, Mar 22, 2012 at 12:35:14AM +0100, Bernhard Hammes wrote:
 Package: debian-edu-config
 Version: 1.453
 Severity: normal
 
 *** Please type your report below this line ***
 installer hang during debian-edu-profile run at the end. on tty4 error
 stating
 debian-edu-config-finish-install entropy pool is 3009 after trying to
 add more
 chrooting into /target and doing /etc/init.d/bind9 restart did help to
 proceed (suggestion from #debian-edu) .
 After reboot, login with my non-root user via kde/tty did not work
 (krb/sldap fail?), nfs-kernel-server failed to start, too.
 included files:
 output of pstree and ps -ef from the time during the hanging installer
 
 /var/log/installer/ from this machine:
 http://garkein.pupes.de/debian-edu-installer-log.tar.gz (maybe someone
 wants to reupload it on a proper debian place)

Thank you for the bug report.  I had a look at the installation log
(syslog), and found this part which I believe is where the
installation get stuck:

Mar 21 22:04:11 in-target: cfengine:tjener:du-install: The LDAP server slapd 
seems 
not to be running. Trying to start slapd.
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting OpenLDAP: slapd.
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting domain name 
service
...: bind9.
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: ldap_sasl_bind(SIMPLE): 
Can'
t contact LDAP server (-1)
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: No domains configured. 
Exiti
ng...
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: When run by root:
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: smbpasswd [options] 
[use
rname]
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: otherwise:
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: smbpasswd [options]
Mar 21 22:04:11 in-target: cfengine:tjener:du-install: options:
Mar 21 22:04:11 in-target: cfengine:tjener:du-install:   -L   
local
 mode (must be first option)
Mar 21 22:04:11 in-target: cfengine:tjener:du-i
Mar 21 22:04:55 debian-edu-config-finish-install: low on entropy, pool is 128. 
tryi
ng to add more
Mar 21 22:08:52 debian-edu-config-finish-install: entropy pool is 3050 after 
trying
 to add
Mar 21 22:18:32 init: process '/usr/bin/tail -f /var/log/syslog' (pid 376) 
exited. 
Scheduling for restart.
Mar 21 22:18:32 init: starting pid 22788, tty '/dev/tty4': '/usr/bin/tail -f 
/var/log/syslog'
Mar 21 23:46:29 named[22708]: received control channel command 'stop -p'

After this point, the ldap-debian-edu-install script exits without
stopping the services it started (slapd, bind, etc), and get stuck
waiting for these services to exit.  The only running one in your case
was bind, and when it was restarted the file descriptor connecting d-i
to bind was closed and the installer could continue.

I have no idea why smbpasswd failed to connect to LDAP.  Perhaps the
LDAP server is starting too slow, or smbpasswd is starting too fast.
-- 
Happy hacking
Petter Reinholdtsen



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end

2012-03-22 Thread Steven Chamberlain 
Hi,

The timestamps in syslog are confusing.  Seems like they are
interchangeably UTC or localtime.

Anyway, assuming the log entries are the right order, it looks like
OpenLDAP got started before it was configured.

 Mar 21 22:03:10 in-target:  Main Tree Sched: shellcommands.secondpass pass 1 
 @ Wed Mar 21 23:03:09 2012

 Mar 21 22:03:10 in-target: Executing script 
 /usr/sbin/snakeoil-on-ice...(timeout=5,uid=-1,gid=-1)
 Mar 21 22:03:10 in-target: (Setting umask to 77)
 Mar 21 22:03:10 in-target: cfengine:tjener:oil-on-ice: info: Running 
 /usr/sbin/snakeoil-on-ice
 Mar 21 22:03:10 in-target: cfengine:tjener:oil-on-ice: cmp: 
 /etc/skel/.mozilla/firef

OpenLDAP and BIND are started now:

 Mar 21 22:04:04 init: starting pid 375, tty '/dev/tty3': '-/bin/sh'
 Mar 21 23:04:05 slapd[22694]: @(#) $OpenLDAP: slapd 2.4.23 (Jun 16 2011 
 02:53:39) $   
 buildd@murphy:/build/buildd-openldap_2.4.23-7.2-i386-Y1mwvF/openldap-2.4.23/debian/build/servers/slapd
 Mar 21 23:04:10 slapd[22695]: slapd starting
 Mar 21 23:04:10 named[22708]: starting BIND 9.7.3 -4 -u bind

 Mar 21 23:04:11 named[22708]: running
 Mar 21 23:04:11 su[22717]: Successful su for bind by root
 Mar 21 23:04:11 su[22717]: + ??? root:bind
 Mar 21 23:04:11 su[22717]: pam_unix(su:session): session opened for user bind 
 by (uid=0)
 Mar 21 23:04:11 su[22717]: pam_unix(su:session): session closed for user bind

 Mar 21 22:04:11 in-target: ox/debian-edu.default/cert_override.txt: Datei 
 oder Verzeichnis nicht gefunden
 Mar 21 22:04:11 in-target: cfengine:tjener:oil-on-ice: info: 
 /usr/sbin/snakeoil-on-ice: snakeoil-on-ice: -rw-r--r-- 1 root root 702 21. 
 Mär 23:03 /opt/ltsp/i386/etc/iceweasel/profile/cert_override.txt
 Mar 21 22:04:11 in-target: cfengine:tjener: Finished script 
 /usr/sbin/snakeoil-on-ice
 Mar 21 22:04:11 in-target: Performance(Exec(/usr/sbin/snakeoil-on-ice)): 
 time=0.1491 secs, av=0.1491 +/- 0.0316


But only afterward is the SSL certificate generated for slapd:

 Mar 21 22:04:11 in-target:  Main Tree Sched: shellcommands.thirdpass pass 1 @ 
 Wed Mar 21 23:03:11 2012

 Mar 21 22:04:11 in-target: Executing script 
 /usr/bin/mkslapdcert...(timeout=0,uid=-1,gid=-1)

Here slapd may be already running, but not configured properly, so an
attempt to contact it might fail.  But then any attempt to start it,
would be ignored, because it's already running.

 Mar 21 22:04:11 in-target: cfengine:tjener:du-install: The LDAP server slapd 
 seems not to be running. Trying to start slapd.
 Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting OpenLDAP: 
 slapd.
 Mar 21 22:04:11 in-target: cfengine:tjener:du-install: Starting domain name 
 service...: bind9.
 Mar 21 22:04:11 in-target: cfengine:tjener:du-install: 
 ldap_sasl_bind(SIMPLE): Can't contact LDAP server (-1)

So, firstly, why did slapd get started early?  (By snakeoil-on-ice?)

And secondly, maybe ldap-debian-edu-install should begin by trying to
stop slapd, just in case it's already running at that point.  Or
otherwise perform a 'restart' instead of 'start'.

Regards,
-- 
Steven Chamberlain
ste...@pyro.eu.org



-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of unsubscribe. Trouble? Contact listmas...@lists.debian.org

Bug#664976: debian-edu-config: installer hang during debian-edu-profile run at the end

2012-03-21 Thread Bernhard Hammes 
Package: debian-edu-config
Version: 1.453
Severity: normal

*** Please type your report below this line ***
installer hang during debian-edu-profile run at the end. on tty4 error
stating
debian-edu-config-finish-install entropy pool is 3009 after trying to
add more
chrooting into /target and doing /etc/init.d/bind9 restart did help to
proceed (suggestion from #debian-edu) .
After reboot, login with my non-root user via kde/tty did not work
(krb/sldap fail?), nfs-kernel-server failed to start, too.
included files:
output of pstree and ps -ef from the time during the hanging installer

/var/log/installer/ from this machine:
http://garkein.pupes.de/debian-edu-installer-log.tar.gz (maybe someone
wants to reupload it on a proper debian place)

-- System Information:
Debian Release: 6.0.4
  APT prefers stable
  APT policy: (500, 'stable')
Architecture: i386 (x86_64)

Kernel: Linux 2.6.32-5-amd64 (SMP w/2 CPU cores)
Locale: LANG=de_DE.UTF-8, LC_CTYPE=de_DE.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash

Versions of packages debian-edu-config depends on:
ii  base-files   6.0squeeze4 Debian base system
miscellaneous f
ii  bind9-host [host 1:9.7.3.dfsg-1~squeeze4 Version of 'host' bundled
with BIN
ii  cfengine22.2.10-2Tool for configuring and
maintaini
ii  debconf [debconf 1.5.36.1Debian configuration
management sy
ii  debconf-utils1.5.36.1debconf utilities
ii  debian-edu-artwo 0.0.33-2Debian Edu themes and artwork
ii  desktop-profiles 1.4.15+nmu1 framework for setting up
desktop p
ii  discover 2.1.2-5 hardware identification system
ii  education-tasks  0.855   Debian Edu tasks for tasksel
ii  fping2.4b2-to-ipv6-16.1  sends ICMP ECHO_REQUEST
packets to
ii  host 1:9.7.3.dfsg-1~squeeze4 Transitional package
ii  ldap-utils   2.4.23-7.2  OpenLDAP utilities
ii  libconfig-inifil 2.52-1  Read .ini-style
configuration file
ii  libfilesys-df-pe 0.92-3+b1   Module to obtain filesystem
disk s
ii  libhtml-fromtext 2.05-5.1Mark up text as HTML
ii  libio-socket-ssl 1.33-1+squeeze1 Perl module implementing
object or
ii  libnet-ldap-perl 1:0.4001-2  client interface to LDAP
servers
ii  libnet-netmask-p 1.9015-4parse, manipulate and
lookup IP ne
ii  libterm-readkey- 2.30-4  A perl module for simple
terminal
ii  libtext-unaccent 1.08-1+b1   provides functions to
remove accen
ii  lockfile-progs   0.1.15  Programs for locking and
unlocking
ii  lsb-base 3.2-23.2squeeze1Linux Standard Base 3.2
init scrip
ii  mime-support 3.48-1  MIME files 'mime.types' 
'mailcap
ii  net-tools1.60-23 The NET-3 networking toolkit
ii  ng-utils 0.7-1   Tool to access netgroups
from the
ii  openssl  0.9.8o-4squeeze7Secure Socket Layer (SSL)
binary a
ii  patch2.6-2   Apply a diff file to an
original
ii  python   2.6.6-3+squeeze6interactive high-level
object-orie
ii  python-notify0.1.1-2+b2  Python bindings for libnotify
ii  smbldap-tools0.9.5-1 Scripts to manage Unix and
Samba a
ii  ssl-cert 1.0.28  simple debconf wrapper for
OpenSSL
ii  tftp 0.17-18 Trivial file transfer
protocol cli

Versions of packages debian-edu-config recommends:
ii  ddccontrol 0.4.2-6   a program to control
monitor param
ii  libjavascript-perl 1.16-3module for executing
embedded Java
ii  libnotify-bin  0.5.0-2   sends desktop notifications
to a n
ii  lsof   4.81.dfsg.1-1 List open files
ii  memtest86+ 4.10-1.1  thorough real-mode memory
tester
ii  resolvconf 1.46  name server information handler
ii  syslinux   2:4.02+dfsg-7 collection of boot loaders

Versions of packages debian-edu-config suggests:
ii  atftpd  0.7.dfsg-9.1 advanced TFTP server

-- Configuration Files:
/etc/bind/db.0.168.192.in-addr.arpa. changed [not included]
/etc/bind/db.1.168.192.in-addr.arpa. changed [not included]
/etc/bind/db.10.in-addr.arpa. changed [not included]
/etc/bind/db.intern changed [not included]
/etc/bind/db.subnet00.intern. changed [not included]
/etc/bind/db.subnet01.intern. changed [not included]
/etc/gosa/gosa.conf changed [not included]

-- debconf information:
* debian-edu-config/kdc-password: (password omitted)
* debian-edu-config/kdc-password-again: (password omitted)
  debian-edu-config/ldap-password-again: (password omitted)
  debian-edu-config/ldap-password: (password omitted)
* debian-edu-config/first-user-password: (password omitted)
* debian-edu-config/update-hostname: false