The SourceForge mirrors, that store the Debian packages for the m23 server and the m23 clients, seem to use transparent HTTPs redirects since a few day. APT struggles on this behaviour as long as the package "apt-transport-https" is not installed.

The m23 update (patch level 100899) adjusts the scripts for the client installation. Please install the update via APT (apt-get update; apt-get dist-upgrade). Install the package "apt-transport-https" via apt-get install apt-transport-https before the update, if you run into an error.

The package mirrors of the Trinity Desktop Environment have changed, which leads to problems and error messages when installing m23 clients with the distributions Debian 7 Wheezy and Debian 8 Jessie.

But you can fix this problems easyly by editing the appropriate package sources lists (don't forget your self-created lists) via the m23 webinterface ("Packages" → "Package sources"). Exchange the trinitydesktop.org lines with the new entries:

Debian 7 Wheezy

deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian wheezy main
deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-builddeps-r14.0.0/debian wheezy main

Debian 8 Jessie

deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian jessie main
deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-builddeps-r14.0.0/debian jessie main

From this version on, m23 offers support for m23 clients using Ubuntu 16.04 LTS Xenial Xerus. A set of desktop environments is, of course, included for the new Ubuntu. Friends of the Univention Corporate Servers will be happy to hear that the m23 app is now available in the Univention App Center. As always, several small improvements have also been made to various parts of the software.

Ubuntu 16.04 LTS Xenial Xerus

For your m23 clients using Ubuntu 16.04, you can choose between these five preconfigured graphical desktops: KDE, Mate, LXDE, Unity und XFce. This includes a couple of new or updated programs. The usual m23 functionality is now also available for m23 clients with Ubuntu 16.04.

The adjustments which had to be performed to add the new Ubuntu version to m23 were rather small, fortunately, which is why this m23 version is already available such a short time after the Ubuntu release - faster than ever in the history of m23.

The largest chunk of time was taken up by making adjustments for systemd, as the version coming with Ubuntu seemed to exhibit random behaviour (correct execution, failure during execution, no execution at all) when running the m23-specific XOrg recognition routines. Lastly, the only thing that worked – after lots of tests –, was to install specially configured SysVinit scripts on the clients, as even a configuration using "systemd unit files" was not successful. If someone reading this knows of a better, permanently workable solution, please contact us.

m23 app available for UCS

Another novelty is the m23 app, which you can install onto your Univention Corporate Server via the Univention App Center.

Unlike is the case for the other m23 server platforms, on UCS, apt-cacher-ng is used to cache software packages instead of Squid. In the m23 app, the following m23 components are deactivated, to avoid collision with UCS-specific components: DHCP server, LDAP server, IP management, firewall, virtualization and client backup.

The little things

m23 is now able to integrate clients with dynamical IP adresses. The corresponding dialog offers a button for this. When a new client is created, an appropriate client's time zone matching the selected language will now be suggested. The bootloader LILO, which is deprecated, can no longer be selected.

The documentation was updated to include a hint about the script /m23/bin/externalDHCPControl.sh, which is called with parameters (action, client name, IP, network mask, MAC address) for any change concerning a client's DHCP boot configuration. This is especially useful when you intend to not use the internal m23 DHCP server, but an external one, which can be configured dynamically using externalDHCPControl.sh.

The new developer tool meldFileDevelVsRelease allows to compare a file in the release and development version. The script m23Search no longer yields inappropriate results for the geshi files. The base system archive for the distribution that will be installed will first be downloaded completely to the m23 server and be checked for authenticity using the GPG signature.

Downloads / Update

The new version is available as an update via the m23 interface, via apt (Attention: the package source server for m23-specific packages is now "heanet.dl.sourceforge.net". Setup is described in the installations guide), as ISO file for burning the m23 server installation CD, as preinstalled virtual machine, or as image file for Raspberry Pi (the last three are available in the download section).

The major new feature of the latest m23 version rock 16.1 is that it now supports the Univention Corporate Server as an additional platform for the m23 server. Further changes concern updates for supported client distributions and desktops.

Univention Corporate Server

From this m23 version on, the m23 server packages can also be installed on UCS 4.0 or 4.1. Soon, the m23 Server App will be also available in the Univention Corporate Server's App Center.

Installing m23 packages on UCS

If you can't wait any longer, you can use the following guide to install the packages on your UCS (using a root shell).

m23 requires packages which are available in the unmaintained package branch of UCS. You need to activate this by entering:

ucr set repository/online/unmaintained="yes"

And of course, you'll also need the package sources list for the m23 server packages. Paste it into the new file "/etc/apt/sources.list.d/m23debs.list":

deb http://heanet.dl.sourceforge.net/project/m23/m23inst ./

Now, update the package index by doing an apt-get update and finally, install m23 via apt-get install m23.

m23 user interface on UCS

The m23 web interface is now available on your UCS via this URL: https://<UCS-Adresse/IP>/m23admin.

The m23 interface in UCS does, however, not offer all features you can find on an ordinary m23 server with a standard Debian. This is due to the fact that there would be collisions with some components of the UCS. These are the features that are not available: LDAP server, IP management (m23 DHCP server), firewall, virtualization and client backup.

Other updates

Concerning the supported client distros, there have been a few changes: Debian 6 and 7 now include the package sources for TDE R14 and Debian 6 now also contains the LTS package sources. The new Linux Mint version 17.3 Rosa has been added. Debian desktops now also install the language packages automatically.

Downloads / Update

The latest version is available as an update via the m23 interface, via APT (Note: package sources server for m23-specific packages is now "heanet.dl.sourceforge.net", setup as described in the installation guide), as ISO file to burn the m23 server installatio CD, as preinstalled virtual machine or as an image file for Raspberry Pi (the latter three are available in the download section).

With m23 rock 15.2, Debian 8 Jessie has found its way into m23. For use on the clients, the distributions Linux Mint 17.2 Rafaela and Linux Mint 17.1 Rebecca have been added. The automated mirror selection will take care of a smooth client installation, even in case of an outage of the SourceForge servers. Security is another focus of this release, which brings an integrated firewall and extends access protection.

Debian 8 Jessie for m23 server and m23 clients

Debian 8 Jessie is the distro which will be installed if you use the m23 server installation ISO or the pre-configures VirtualBox appliance in this release.
The m23 server installation deb packages will still work with Debian 7 Wheezy, though. On m23 clients, Debian 8 is available now, too.

Debian 8, if used as m23 client distribution, offers a wide range of desktop environments: Mate (optionally in a minimized version, with only the essential packages installed), Cinnamon, Gnome, KDE, TDE, LXDE and Xfce.

systemd is now being used on m23 clients, replacing SysVinit. The clients now use grub 2 and language packages will be installed automatically.

Some smaller changes were necessary for using Debian 8 on the m23 clients: for example, the hardware detection routines had to be adapted, in order to prevent VirtualBox clients from being recognized as being running in VMWare (this is important for setting up the graphics mode). The package sources, for which a signed inRelease file is created automatically, had to be adapted, too.

Porting the m23 server to Debian 8 required changes, too. For example, switching to MySQLi API, Apache 2.4 and Squid 3 proved necessary. What had to stay is SysVinit, as there were problems caused by systemd during ISO installation.

More distributions

The development tasks for supporting the additional client distributions Linux Mint 17.2 Rafaela and Linux Mint 17.1 Rebecca have been pleasantly unspectacular. For the users, these bring many small improvements, such as updated versions of the Mate and Cinnamon desktop environments and of other Linux-Mint-specific tools.

Automated mirror selection to protect from server outages

Sometimes, server outages can't be avoided. Still, this is very annoying if the server providing the currently needed package sources is not available. Just recently, all SourceForge servers were down - but the m23 client packages are hosted there. This situation made it impossible for some of you to install new m23 clients during the outage. To prevent this annoyance from happening again, m23 now has an automated mirror selection, which tries to find a currently available server. This mode will not only be used for determining the package source of the client packages, but also for the base system archives download. The base system archives for any distribution you have used for your setup will now also be saved locally and verified by GPG signatures.

Security

From this version on, the m23 server comes with a simple firewall, which, with default settings and after activation, will block any access (except for SSH) from outside the local network. The SSH server is also protected by Sshguard. The basic default firewall rules can be extended directly via the m23 interface, using the syntax of iptables commands.

Additionally, client ID and client IP will now be checked for a match when the current job script is being requested. The m23 server constitutes an exception for this concept, because, of course, it will still need to access all tasks (to be able to display the script's output).

Odds and ends

The dialog for choosing the client's distribution now displays a description of the selected desktop. The dialog for the creation of client images now uses the HTML API 2 which prevents your entries from being lost after an error message was shown. Also, the dialog now suggests a random network port for the transfer of the disk or partition image from the client to the m23 server. In the client recovery dialogs, a click on "No" (to cancel) now no longer leads to the client overview page, but to the control center of the corresponding client. The m23 server backup will now also save the settings for the firewall, openLDAP and BackupPC.

Downloads / Update

The latest version is available as an update via the m23 interface, via APT (Attention: package source server for m23-specific packages is now "heanet.dl.sourceforge.net". Setup instructions can be found in the installation guide.), as ISO file to burn the m23 server installation CD, as preinstalled virtual machine or as image file for RaspberryPi (the last three can be found in the Download section).