The latest version of m23 comes with a new option to sign local package sources (including GPG key management), new configuration settings for an m23 server that is using a proxy and a new command line tool that allows users to modify the m23 source code in predefined locations. This release also includes a bunch of smaller changes and fixes.

Signing Package Sources

To enable the installation of m23 clients using a fixed set of packages, or to allow for a setup without internet connection, it has already been possible to set up local package sources on the m23 server for a long time. What's new is that these can now be signed, to protect them from being tampered with. The m23 interface now provides a dialog for managing your GPG keys and an option to add a signature in the package source architect and the package architect dialogs. The public key of the GPG key that was used for the signature will be imported to the m23 clients to allow them to verify the package authenticity.

System-wide Proxy Settings

In the case of running an m23 server behind a proxy server, it was previously necessary to change the settings in different places in order to allow the m23 server to work as usual. Now there is a quick an easy option to configure a proxy server system-wide, and to activate / deactivate using it, available in the m23 interface. The proxy settings from this dialog will be used for all apt and wget calls, for accessing the internet from the m23 api and for the squid proxy that caches client packages.

Modifying the Source Code with m23customPatch

With the m23customPatch tool, users can modify the m23 source code in predefined places. The modifiable code regions are marked as being deletable / modifiable. With the help of a corresponding m23customPatch file, it is, for example, now possible to exchange the logo in the m23 web interface.

This and That

During the installation of the client base system, the package apt-transport-https will now be included, to enable access to package sources using HTTPS. A new option for client recovery allows to merge multiple identical client jobs into one. Client groups can now have a description associated with them. The m23 api was extended by functions for writing and reading the key-value database for client parameters. The modular m23 command line tool can now also be used to create, delete or list admin accounts for the m23 web interface. Instead of a (possibly insecure) DSA SSH key, the m23 server will now create an 8k RSA SSH key when it is being installed.

Corrections

Upon integration of an existing client, m23 no longer waits for the download of a non-existant base system archive to finish. The function HELPER_xargsRecursive, which is, for example, used to split package lists, now takes all elements into account. For packages that are being downloaded into a local package source, the file names will now be adapted, so they only contain valid characters. The bash code that writes m23fetchjob works correctly now and ASSI_prepareClient no longer calls a non-existant function.

Downloads / Update

The latest version is available as an update via the m23 interface, via APT (Note: the package sources server for packages specific to m23 is now"heanet.dl.sourceforge.net", setup as described in the installation guide), as ISO file for the creation of a bootable medium, as preinstalled virtual machine or as image file for RaspberryPi (the latter three can be found in the download section).

The SourceForge mirrors, that store the Debian packages for the m23 server and the m23 clients, seem to use transparent HTTPs redirects since a few day. APT struggles on this behaviour as long as the package "apt-transport-https" is not installed.

The m23 update (patch level 100899) adjusts the scripts for the client installation. Please install the update via APT (apt-get update; apt-get dist-upgrade). Install the package "apt-transport-https" via apt-get install apt-transport-https before the update, if you run into an error.

The package mirrors of the Trinity Desktop Environment have changed, which leads to problems and error messages when installing m23 clients with the distributions Debian 7 Wheezy and Debian 8 Jessie.

But you can fix this problems easyly by editing the appropriate package sources lists (don't forget your self-created lists) via the m23 webinterface ("Packages" → "Package sources"). Exchange the trinitydesktop.org lines with the new entries:

Debian 7 Wheezy

deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian wheezy main
deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-builddeps-r14.0.0/debian wheezy main

Debian 8 Jessie

deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-r14.0.0/debian jessie main
deb http://mirror.ppa.trinitydesktop.org/trinity/trinity-builddeps-r14.0.0/debian jessie main

From this version on, m23 offers support for m23 clients using Ubuntu 16.04 LTS Xenial Xerus. A set of desktop environments is, of course, included for the new Ubuntu. Friends of the Univention Corporate Servers will be happy to hear that the m23 app is now available in the Univention App Center. As always, several small improvements have also been made to various parts of the software.

Ubuntu 16.04 LTS Xenial Xerus

For your m23 clients using Ubuntu 16.04, you can choose between these five preconfigured graphical desktops: KDE, Mate, LXDE, Unity und XFce. This includes a couple of new or updated programs. The usual m23 functionality is now also available for m23 clients with Ubuntu 16.04.

The adjustments which had to be performed to add the new Ubuntu version to m23 were rather small, fortunately, which is why this m23 version is already available such a short time after the Ubuntu release - faster than ever in the history of m23.

The largest chunk of time was taken up by making adjustments for systemd, as the version coming with Ubuntu seemed to exhibit random behaviour (correct execution, failure during execution, no execution at all) when running the m23-specific XOrg recognition routines. Lastly, the only thing that worked – after lots of tests –, was to install specially configured SysVinit scripts on the clients, as even a configuration using "systemd unit files" was not successful. If someone reading this knows of a better, permanently workable solution, please contact us.

m23 app available for UCS

Another novelty is the m23 app, which you can install onto your Univention Corporate Server via the Univention App Center.

Unlike is the case for the other m23 server platforms, on UCS, apt-cacher-ng is used to cache software packages instead of Squid. In the m23 app, the following m23 components are deactivated, to avoid collision with UCS-specific components: DHCP server, LDAP server, IP management, firewall, virtualization and client backup.

The little things

m23 is now able to integrate clients with dynamical IP adresses. The corresponding dialog offers a button for this. When a new client is created, an appropriate client's time zone matching the selected language will now be suggested. The bootloader LILO, which is deprecated, can no longer be selected.

The documentation was updated to include a hint about the script /m23/bin/externalDHCPControl.sh, which is called with parameters (action, client name, IP, network mask, MAC address) for any change concerning a client's DHCP boot configuration. This is especially useful when you intend to not use the internal m23 DHCP server, but an external one, which can be configured dynamically using externalDHCPControl.sh.

The new developer tool meldFileDevelVsRelease allows to compare a file in the release and development version. The script m23Search no longer yields inappropriate results for the geshi files. The base system archive for the distribution that will be installed will first be downloaded completely to the m23 server and be checked for authenticity using the GPG signature.

Downloads / Update

The new version is available as an update via the m23 interface, via apt (Attention: the package source server for m23-specific packages is now "heanet.dl.sourceforge.net". Setup is described in the installations guide), as ISO file for burning the m23 server installation CD, as preinstalled virtual machine, or as image file for Raspberry Pi (the last three are available in the download section).

The major new feature of the latest m23 version rock 16.1 is that it now supports the Univention Corporate Server as an additional platform for the m23 server. Further changes concern updates for supported client distributions and desktops.

Univention Corporate Server

From this m23 version on, the m23 server packages can also be installed on UCS 4.0 or 4.1. Soon, the m23 Server App will be also available in the Univention Corporate Server's App Center.

Installing m23 packages on UCS

If you can't wait any longer, you can use the following guide to install the packages on your UCS (using a root shell).

m23 requires packages which are available in the unmaintained package branch of UCS. You need to activate this by entering:

ucr set repository/online/unmaintained="yes"

And of course, you'll also need the package sources list for the m23 server packages. Paste it into the new file "/etc/apt/sources.list.d/m23debs.list":

deb http://heanet.dl.sourceforge.net/project/m23/m23inst ./

Now, update the package index by doing an apt-get update and finally, install m23 via apt-get install m23.

m23 user interface on UCS

The m23 web interface is now available on your UCS via this URL: https://<UCS-Adresse/IP>/m23admin.

The m23 interface in UCS does, however, not offer all features you can find on an ordinary m23 server with a standard Debian. This is due to the fact that there would be collisions with some components of the UCS. These are the features that are not available: LDAP server, IP management (m23 DHCP server), firewall, virtualization and client backup.

Other updates

Concerning the supported client distros, there have been a few changes: Debian 6 and 7 now include the package sources for TDE R14 and Debian 6 now also contains the LTS package sources. The new Linux Mint version 17.3 Rosa has been added. Debian desktops now also install the language packages automatically.

Downloads / Update

The latest version is available as an update via the m23 interface, via APT (Note: package sources server for m23-specific packages is now "heanet.dl.sourceforge.net", setup as described in the installation guide), as ISO file to burn the m23 server installatio CD, as preinstalled virtual machine or as an image file for Raspberry Pi (the latter three are available in the download section).