From 9e9cfaabeae23bb9792ffb130ab75fe784ed9734 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jan=20Sch=C3=A4r?= Date: Thu, 1 Jun 2023 15:25:01 +0200 Subject: [PATCH] Update after finals 2023 --- .gitignore | 2 +- config/class/41-warning.sh | 2 +- config/class/50-host-classes | 2 +- config/class/FAIBASE.var | 6 ++- config/package_config/PARTICIPANT | 2 +- config/scripts/CONTESTANT/10-config | 1 + config/scripts/PARTICIPANT/10-config | 14 +++++++ config/setup-bern.sh | 28 +++++++++++--- .../systemd/timesyncd.conf.d/ntp-server.conf | 3 +- .../contest-lock@soi.ch/extension.js | 5 +++ readme.md | 37 +++++++++++-------- tools/create-certs.sh | 4 +- 12 files changed, 78 insertions(+), 28 deletions(-) diff --git a/.gitignore b/.gitignore index 24a7ff6..4c9d324 100644 --- a/.gitignore +++ b/.gitignore @@ -2,5 +2,5 @@ config/downloads/ config/simplefiles/CONTESTANT/opt/ tools/output/ -tools/backups-* +tools/backups* tools/certs/ diff --git a/config/class/41-warning.sh b/config/class/41-warning.sh index 04af016..e712ecd 100755 --- a/config/class/41-warning.sh +++ b/config/class/41-warning.sh @@ -9,7 +9,7 @@ if [ X$action = Xdirinstall ]; then return 0 fi -grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0 +#grep -q INSTALL $LOGDIR/FAI_CLASSES || return 0 [ "$flag_menu" ] || return 0 out=$(tty) diff --git a/config/class/50-host-classes b/config/class/50-host-classes index f5d0212..76c1515 100755 --- a/config/class/50-host-classes +++ b/config/class/50-host-classes @@ -3,6 +3,6 @@ # assign classes to hosts based on their hostname # do not use this if a menu will be presented -[ "$flag_menu" ] && exit 0 +#[ "$flag_menu" ] && exit 0 echo "FAIBASE DEBIAN XORG GNOME PARTICIPANT CONTESTANT" diff --git a/config/class/FAIBASE.var b/config/class/FAIBASE.var index 2df3e11..8ac3b3e 100644 --- a/config/class/FAIBASE.var +++ b/config/class/FAIBASE.var @@ -19,6 +19,10 @@ MAXPACKAGES=800 PARTICIPANT_USER_NAME=soi PARTICIPANT_USER_PW='$y$j9T$h5VhMd4KkdmbxdZD1gO0N/$1hvwZgO8pQw13Xd6jaNXbtkbqVOC4W/ia/KXOcCGYvB' -if [ $FAI_ACTION = "install" ]; then +if [ "$FAI_ACTION" = "" ]; then + FAI_ACTION=install +fi + +if [ "$FAI_ACTION" = "install" ]; then LOGUSER=fai fi diff --git a/config/package_config/PARTICIPANT b/config/package_config/PARTICIPANT index 0d94fef..97f7d29 100644 --- a/config/package_config/PARTICIPANT +++ b/config/package_config/PARTICIPANT @@ -8,7 +8,7 @@ netcat htop chromium-l10n codeblocks emacs geany gedit joe kate kdevelop nano vim vim-gtk3 gcc g++ gdb ddd valgrind python3 pypy -evince gnome-terminal konsole byobu +evince gnome-terminal konsole byobu cmake # from third-party repositories atom sublime-text code # requested by particants (gnome-tweaks can be used e.g. to change the function of Caps Lock key) diff --git a/config/scripts/CONTESTANT/10-config b/config/scripts/CONTESTANT/10-config index d8785ab..f94dd8a 100755 --- a/config/scripts/CONTESTANT/10-config +++ b/config/scripts/CONTESTANT/10-config @@ -16,6 +16,7 @@ $ROOTCMD systemctl disable bluetooth.service $ROOTCMD systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target sed -i 's|"homepage": ".*"|"homepage": "https://finals.soi.ch/"|' $target/etc/chromium/master_preferences +sed -i 's|"homepage_is_newtabpage": true,|"homepage_is_newtabpage": false,|' $target/etc/chromium/master_preferences # Disable panels in gnome-control-center DISABLE_DESKTOP="$ROOTCMD dpkg-statoverride --force-statoverride-add --update --add root root 640" diff --git a/config/scripts/PARTICIPANT/10-config b/config/scripts/PARTICIPANT/10-config index 60626f0..f3dda07 100755 --- a/config/scripts/PARTICIPANT/10-config +++ b/config/scripts/PARTICIPANT/10-config @@ -36,6 +36,20 @@ if ! grep -q '_T("soi")' $target/usr/share/codeblocks/templates/wizard/config.sc sed -i 's|// project wizards|RegisterWizard(wizProject, _T("soi"), _T("A SOI task"), _T("Console"));|' $target/usr/share/codeblocks/templates/wizard/config.script fi +# Add a default keyring to avoid a prompt to create one when launching Chromium +mkdir -p $target/etc/skel/.local/share/keyrings/ +chmod og= $target/etc/skel/.local/share/keyrings/ +echo -n "Default_keyring" > $target/etc/skel/.local/share/keyrings/default +cat > $target/etc/skel/.local/share/keyrings/Default_keyring.keyring << EOF +[keyring] +display-name=Default keyring +ctime=0 +mtime=0 +lock-on-idle=false +lock-after=false +EOF +chmod og= $target/etc/skel/.local/share/keyrings/Default_keyring.keyring + # add super user account if [ -n "$SUPER_USER_NAME" ]; then if ! $ROOTCMD getent passwd $SUPER_USER_NAME ; then diff --git a/config/setup-bern.sh b/config/setup-bern.sh index 5887498..1236e62 100755 --- a/config/setup-bern.sh +++ b/config/setup-bern.sh @@ -5,7 +5,7 @@ error=0; trap 'error=$(($?>$error?$?:$error))' ERR # save maximum error code FAI=/var/lib/bernconfig target=/ -apt-get install libnss3-tools gnome-tweaks fonts-firacode +apt-get install -y libnss3-tools cmake gnome-tweaks fonts-firacode rsync --archive \ --exclude /etc/apt \ @@ -20,22 +20,40 @@ rsync --archive \ --exclude /root \ $FAI/simplefiles/CONTESTANT/ $target -sed -i 's|firefox-esr|firefox_firefox|' $target/etc/dconf/db/local.d/00-favorite-apps - $ROOTCMD dconf update # Install soi header tar --overwrite -xf $FAI/downloads/soi-header.tar.gz -C $target/usr/local/include --strip-components=2 soi-header/include/ +sed -i 's|"homepage": ".*"|"homepage": "https://finals.soi.ch/"|' $target/etc/chromium/master_preferences +sed -i 's|"homepage_is_newtabpage": true,|"homepage_is_newtabpage": false,|' $target/etc/chromium/master_preferences + +# Disable sleep +$ROOTCMD systemctl mask sleep.target suspend.target hibernate.target hybrid-sleep.target + # Disable panels in gnome-control-center DISABLE_DESKTOP="$ROOTCMD dpkg-statoverride --force-statoverride-add --update --add root root 640" $DISABLE_DESKTOP /usr/share/applications/gnome-bluetooth-panel.desktop $DISABLE_DESKTOP /usr/share/applications/gnome-online-accounts-panel.desktop $DISABLE_DESKTOP /usr/share/applications/gnome-sharing-panel.desktop +# Add a default keyring to avoid a prompt to create one when launching Chromium +mkdir -p $target/etc/skel/.local/share/keyrings/ +chmod og= $target/etc/skel/.local/share/keyrings/ +echo -n "Default_keyring" > $target/etc/skel/.local/share/keyrings/default +cat > $target/etc/skel/.local/share/keyrings/Default_keyring.keyring << EOF +[keyring] +display-name=Default keyring +ctime=0 +mtime=0 +lock-on-idle=false +lock-after=false +EOF +chmod og= $target/etc/skel/.local/share/keyrings/Default_keyring.keyring + # Auto login -sed -i 's/# AutomaticLoginEnable = true/AutomaticLoginEnable = true/g' $target/etc/gdm3/custom.conf -sed -i 's/# AutomaticLogin = user1/AutomaticLogin = contestant/g' $target/etc/gdm3/custom.conf +sed -i 's/# AutomaticLoginEnable = true/AutomaticLoginEnable = true/g' $target/etc/gdm3/daemon.conf +sed -i 's/# AutomaticLogin = user1/AutomaticLogin = contestant/g' $target/etc/gdm3/daemon.conf exit $error diff --git a/config/simplefiles/CONTESTANT/etc/systemd/timesyncd.conf.d/ntp-server.conf b/config/simplefiles/CONTESTANT/etc/systemd/timesyncd.conf.d/ntp-server.conf index eeae7b8..e134603 100644 --- a/config/simplefiles/CONTESTANT/etc/systemd/timesyncd.conf.d/ntp-server.conf +++ b/config/simplefiles/CONTESTANT/etc/systemd/timesyncd.conf.d/ntp-server.conf @@ -1,3 +1,2 @@ [Time] -NTP=finals.soi.ch -FallbackNTP=10.0.0.9 +NTP=finals.soi.ch 10.0.0.9 diff --git a/config/simplefiles/CONTESTANT/usr/share/gnome-shell/extensions/contest-lock@soi.ch/extension.js b/config/simplefiles/CONTESTANT/usr/share/gnome-shell/extensions/contest-lock@soi.ch/extension.js index 8e6eaf7..bd87b99 100644 --- a/config/simplefiles/CONTESTANT/usr/share/gnome-shell/extensions/contest-lock@soi.ch/extension.js +++ b/config/simplefiles/CONTESTANT/usr/share/gnome-shell/extensions/contest-lock@soi.ch/extension.js @@ -158,6 +158,11 @@ function updateCountdown () { minutesToStart.toString().padStart(2, '0') + '∶' + secondsToStart.toString().padStart(2, '0'); + // Force a redraw of the entire label widget. Without this, there sometimes + // appears a small artifact to the right of the text, which is only visible + // every other second. This seems to be a bug in the rendering engine itself. + labelCountdown.queue_redraw(); + const nextUpdateTime = 1000 - nowTime % 1000 countdownTimeoutId = GLib.timeout_add( GLib.PRIORITY_HIGH, diff --git a/readme.md b/readme.md index 38a7a89..97dfb32 100644 --- a/readme.md +++ b/readme.md @@ -118,7 +118,6 @@ subnet 10.0.0.0 netmask 255.255.255.0 { option routers 10.0.0.9; option domain-name "contest"; option domain-name-servers 10.0.0.9; - option time-servers 10.0.0.9; option ntp-servers 10.0.0.9; server-name contestserver; next-server 10.0.0.9; @@ -160,9 +159,6 @@ FAI_CONFIGDIR=/srv/soifai/config Edit `/etc/fai/fai.conf` and uncomment `LOGUSER=fai`. Clone this repository and move it to `/srv` (move with sudo). -If the fai server is on an external SSD, you can shut it down, mount the SSD on your personal laptop and copy the repo onto it, that way you don't need your private ssh key on the fai server. -Make sure that the execute bits on the scripts are also copied. - Set up FAI: @@ -462,13 +458,27 @@ Then, install the laptops as in the section "Installing the machines". This is a list of problems that we had and how we solved them. -**cpptools VS code extension crashes.** -Fixed by using an older of cpptools, which you can download in the "Version History" tab on the marketplace website. -This happened because we were unknowingly using a pre-release. +**DHCP server not running.** +This happens if the network cable was not plugged in when booting. +``` +systemctl status isc-dhcp-server.service +systemctl restart isc-dhcp-server.service +``` **Network booting fails.** Fixed by disabling Secure Boot in the system settings. +**Problems with RTL8153-based USB Ethernet adapters.** +I suspect that problems are caused by faulty firmware in the adapters. +We had a strange problem where network booting failed when the laptops were connected to a Netgear GS316P switch, but worked when connected to a Netgear GS108 switch. +The adapters have issues when connected over USB 3, but work fine over USB 2. +You can force USB 2 by connecting adapters via an USB 2 extension cable. +Half-inserting the USB connector also works in a pinch. + +**Installation of packages fails.** +Check that the date is set correctly in the system settings. +If you get a HTTP 503 error, try restarting `apt-cacher-ng`. + **Installed system does not boot.** Fixed by changing boot mode from legacy/BIOS to UEFI. @@ -479,17 +489,14 @@ We don't know why this happens yet, but we have a workaround: Just run `systemct parallel-ssh -h hostlist systemctl start gdm ``` -**dhcp server not running.** -This happens if the network cable was not plugged in when booting. -``` -systemctl status isc-dhcp-server.service -systemctl restart isc-dhcp-server.service -``` - -**User indicator does not appear** +**User indicator does not appear.** Fixed by adding the gnome shell version from `gnome-shell --version` to the list of supported versions: `shell-version` in `simplefiles/CONTESTANT/usr/share/gnome-shell/extensions/user-indicator@soi.ch/metadata.json`. The same applies for the contest-lock extension. +**cpptools VS code extension crashes.** +Fixed by using an older of cpptools, which you can download in the "Version History" tab on the marketplace website. +This happened because we were unknowingly using a pre-release. + ## Config space diff --git a/tools/create-certs.sh b/tools/create-certs.sh index b9dd7d0..8d0b565 100755 --- a/tools/create-certs.sh +++ b/tools/create-certs.sh @@ -19,7 +19,9 @@ cat < ca.json EOF -cfssl gencert -initca ca.json | cfssljson -bare ca +if [ ! -f ca.pem ]; then + cfssl gencert -initca ca.json | cfssljson -bare ca +fi cat <client-config.json {