Skolelinux は Debian Edu プロジェクトにより作成される Linux ディストリビューションです。Debian Pure Blends ディストリビューションの一つとしては公式の Debian サブプロジェクトです。

学校から見るとこれは Skolelinux は全面的に学校ネットワーク向けに設定された、そのまま使える環境を提供するバージョンの Debian だということです。

ノルウェーの Skolelinux プロジェクトは2001年7月2日に創設され、同じような時期に Raphaël Hertzog さんがフランスで Debian-Edu を始めました。2003年に2つのプロジェクトは統合しましたが、名前はどちらも残りました。「Skole」と (Debian-)「Education」はそれぞれの地域で最もよくわかる語なのです。

ノルウェーで最初に主な対象とした団体は 6-16 歳の年齢層を扱う学校でした。現在このシステムは世界中の複数の国で利用されていますが、導入されているほとんどはノルウェー、スペイン、ドイツ、フランスです。

{{attachment:Debian_Edu_Network_Stretch.png}}

絵は仮のネットワーク接続形態のスケッチです。Skolelinux はデフォルトではネットワークに通常のワークステーションやシンクライアントサーバ (及びそれに結びつけられるシンクライアントやディスクレスワークステーション) は複数、一方中心サーバはただ一台を仮定しています。ワークステーションの数は好きなように多くも少なくもできます (無くても多数でも可)。シンクライアントサーバについても同様でそれぞれが分離したネットワークを構成するため、クライアントとシンクライアントサーバの間の通信がネットワークサービスの他の部分に影響することはありません。

中心サーバが学校ネットワークごとに1台だけというのは、中心サーバが DHCP を提供し、それを行うのはネットワーク中に1台のマシンだけだからです。別のマシンでサービスを提供させた上で当該サービスについてそのコンピュータに向かうように DNS の別名を設定することで、サービスを中心サーバから他のマシンに移動させることは可能です。

Skolelinux は標準では単純にするためインターネット接続には別個のルータを利用します。モデムと ISDN 接続を Debian で利用するようにもできますが、Skolelinux はそのままではそういった設定は行いません (デフォルト状況の調整に必要な準備については別に言及されているはずです)。

Skolelinux インストーラによりインストールされる Linux マシンはすべて、中央コンピュータ、ほとんどの場合中心サーバから管理できます。SSH を経由して全マシンへのログイン (root はデフォルトで許可されません) が可能になるため、結果としてマシンへの完全アクセスを得られるということになります。

設定ファイルの編集には cfengine を利用します。サーバで更新されたファイルがクライアントに送られます。クライアントの設定変更はサーバの設定を変更して自動配布させるだけです。

ユーザ情報は全て LDAP ディレクトリに保管されます。ユーザアカウントの更新はこのデータベースに対して行い、クライアントのユーザ認証にはこれが利用されます。

様々なプロファイルの目的についてはネットワーク構成の章で説明しています。

テスト済みハードウェアの一覧を http://wiki.debian.org/DebianEdu/Hardware/ で提供していますがこのリストが完成することはないでしょう。

http://wiki.debian.org/InstallingDebianOn is an effort to document how to install, configure and use Debian on some specific hardware, allowing potential buyers to know if that hardware is supported and existing owners to know how get the best out of that hardware.

Debian でサポートされているハードウェアの素晴らしいデータベースが http://kmuto.jp/debian/hcl/ にあります。

デフォルトのネットワーク構成で利用する場合は以下のようになります。

インターネットへの接続には外部インターフェイスがインターネットに接続し、内部インターフェイスは IP アドレス 10.0.0.1、ネットマスク netmask 255.0.0.0 で動作しているルータ/ゲートウェイが必要です。

ルータで DHCP サーバを動作させるべきではありません。DNSサーバを動作させることはできますが、これは必要なく利用されません。

古いPCを活用したルータ兼ファイアウォールを探している場合、IPCop か floppyfw を勧めます。

何らかの組み込みルータやアクセスポイントが必要な場合は OpenWRT の利用を勧めますが、もちろん元のファームウェアも利用できます。元の ファームウェアを利用する方が簡単です。OpenWRT を使うことで選択や制御の幅が広がります。OpenWRT のウェブページ、サポートされているハードウェアで一覧を確認してください。

異なるネットワーク設定を利用することも可能 (その手順は書かれています) ですが、既存のネットワーク基盤によってそれが強制されるということでないのなら異なる設定にするよりもデフォルトのネットワーク構成にしておくことを勧めます。

運用環境のシステムへのインストールを始める前に Debian Stretch リリースノートを読んでおく、最低でも一見しておくことを勧めます。Debian Edu/Skolelinux を試してみてください。普通に動作するはずです。

このマニュアルのさあ始めようの章を必ず読んでください。初めてのログインについて説明しています。

Debian Stretch リリースについてさらなる情報がインストールマニュアルにあります。

For those without a fast Internet connection, we can offer a CD or DVD sent for the cost of the CD or DVD and shipping. Just send an email to cd@skolelinux.no and we will discuss the payment details (for shipping and media) CD や DVD の送り先を忘れずにメールに含めるようにしてください。

Debian Edu のインストールを行う際に、選択できることがいくつかあります。それほど多くはありませんので安心してください。穿いてますよ。Debian インストールやその裏の複雑な部分の隠蔽に私たちは成功したのです。それでも Debian Edu は Debian であり、望むなら 42,000 超のパッケージから選択できます。その設定オプションの組み合わせとなれば選択は億を超えることになります。大多数のユーザにとってはデフォルトが有効なはずです。

deb http://ftp.debian.org/debian/ stretch main 
deb http://security.debian.org/ stretch/updates main 
deb http://ftp.skolelinux.org/skolelinux stretch local

d-i    pkgsel/include string 追加したいパッケージ(群)

テキストモードとグラフィカルモードのインストールは機能的には同等です - 異なるのは見た目だけです。グラフィカルモードではマウスを使う機会があり、当然見た目もはるかに良くずっと現代的になります。ハードウェアに問題があってグラフィカルモードを使えないということでもなければこちらを使わない理由はありません。

以下は中心サーバ + ワークステーション + シンクライアントサーバをグラフィカルモードでインストールした場合と、tjener の最初のブート、ワークステーションネットワーク及びシンクライアントネットワークでの PXE ブートのスクリーンショットです:

{{attachment:01-Installer_boot_menu.png}}

{{attachment:02-select_a_language.png}}

{{attachment:03-select_your_location.png}}

{{attachment:04-Configure_the_keyboard.png}}

{{attachment:05-Detect_and_mount_CD-ROM.png}}

{{attachment:06-Load_installer_components_from_CD.png}}

{{attachment:07-Detect_network_hardware.png}}

{{attachment:08-Choose_Debian_Edu_profile.png}}

{{attachment:09-Really_use_the_automatic_partitioning_tool.png}}

{{attachment:10-Really_use_the_automatic_partitioning_tool-Yes.png}}

{{attachment:11-Participate_in_the_package_usage_survey.png}}

{{attachment:12-Set_up_users_and_passwords.png}}

{{attachment:12a-Set_up_users_and_passwords.png}}

{{attachment:12b-Set_up_users_and_passwords.png}}

{{attachment:12c-Set_up_users_and_passwords.png}}

{{attachment:12d-Setting-up-the-partitioner.png}}

{{attachment:12e-creating_ext4.png}}

{{attachment:13-Install the base system.png}}

{{attachment:14-Select_and_install_software.png}}

{{attachment:17-Select_and_install_software.png}}

{{attachment:18-Build LTSP chroot.png}}

{{attachment:19-Install_the_GRUB_boot_loader_on_a_hard_disk.png}}

{{attachment:20-Finish_the_Installation.png}}

{{attachment:21-Finish_the_Installation-Installation_complete.png}}

{{attachment:22-Tjener_GRUB_boot_menu.png}}

{{attachment:23-Tjener-KDM_Login.png}}

{{attachment:24-Tjener-KDE_Start.png}}

{{attachment:26-Tjener-KDE_Desktop_Browser.png}}

{{attachment:27-Tjener-KDE_Desktop.png}}

{{attachment:28-Diskless-WS-GRUB_Boot_menu-PXE.png}}

{{attachment:29-Diskless-WS-LDM_Login.png}}

{{attachment:31-ThinClient-KDE_Desktop.png}}

中心サーバのインストール時に最初のユーザアカウントが作成されます。以下の文ではこのアカウントを「最初のユーザ」と言及します。このアカウントは特別で、Samba アカウントは作成されず (GOsa² を経由して作成できます)、ホームディレクトリ権限は 700 にセットされ (そのため個人のウェブページにアクセスできるようにするには chmod o+x ~ が必要)、そして最初のユーザは sudo を使って root になれます。

インストール後に最初のユーザとしてまずやらないといけないこと:

ユーザやワークステーションの追加については以下で詳細に説明しています。この章全体を読んでください。最小限の手順を正しく行う方法や恐らく誰にとっても必要となる他の事項についても触れています。

このマニュアルには他にも利用できる追加の情報があります: 前のリリースについてよく理解している人はStretch の新機能の章を読んでおくべきでしょう。また、前のリリースからアップグレードする人はアップグレードの章を必ず読んでおくべきです。

通常のDNS通信が遮断されているネットワークであるためインターネットホスト参照に特定のDNSサーバを利用する必要がある場合、そのDNSサーバにこのサーバが「転送サーバ (フォワーダ)」だということを教えてやる必要があります。/etc/bind/named.conf.options を更新して利用するDNSサーバのIPアドレスを指定します。

HowTo の章ではさらなるコツや小技、それによく聞かれる疑問もいくらか扱っています。

{{attachment:27-Tjener-KDE_Desktop.png}}

GOsa² はウェブベースの管理ツールで Debian Edu の重要な部分の管理を支援します。GOsa² により主に以下を管理 (追加、変更、削除) できます:

GOsa² へのアクセスには Skolelinux の中心サーバとウェブブラウザがインストールされた (クライアント) システムが必要です。後者については複合サーバ (中心サーバ + シンクライアントサーバ + ワークステーション) としてインストールしていれば中心サーバ自体を使えます。前述のどれも利用できない場合は 中心サーバで GOsa² を利用するためのグラフィカル環境のインストールを見てください。

GOsa² へのアクセスにはウェブブラウザからURL https://www/gosa にアクセスし、最初のユーザとしてログインします。

GOsa² 一般の情報については https://oss.gonicus.de/labs/gosa/wiki/documentation を見てください。

まず、左側のナビゲーションメニューにある「Users」をクリックします。画面右側は「学生」や「教員」の部門フォルダーの表と GOsa² の Super-Administrator (最初に作成したユーザ) のアカウントの表示に変わります。この表の上に Base というフィールドが表示されてツリー構造を追って (マウスをこの領域に移動するとドロップダウンメニューが表示されます) 意図した操作 (例えば新しいユーザの追加) の基底フォルダーを選択できるようになります。

{{attachment:create_group.png}}

{{attachment:list_groups.png}}

グループ管理はユーザ管理とかなり似ています。

グループごとに名前と説明を入力できます。新しいグループを作成する際、LDAP ツリーの正しいレベルを選択していることを確認してください。

適切な Samba グループはデフォルトでは作成されません。グループ作成時に Samba グループのオプションにチェックを入れ忘れた場合は後からグループを編集できます。

新しく作成したグループにユーザを追加するには、ユーザ一覧に戻ります。ほぼ確実に「filter」枠を使ってユーザを探すのが良いでしょう。ここでも LDAP ツリーのレベルを確認してください。

グループ管理で入力したグループは通常の unix グループでもあります。そのため、ファイルの権限管理にも利用できます。

# 既存のグループについて UNIX と Windows のグループのマッピングを表示
net groupmap list

# 新しいまたは足りないグループを追加
net groupmap add unixgroup=NEW_GROUP type=domain ntgroup="NEW_GROUP"\
                 comment="DESCRIPTION OF NEW GROUP"

マシン管理では基本的に、Debian Edu ネットワークに接続されている全ての機器を管理できます。GOsa² を利用して LDAP ディレクトリに追加したマシンには全てにホスト名、IPアドレス、MACアドレス、ドメイン名 (通常「intern」) が付加されます。Debian Edu 構成の全面的な説明についてはこのマニュアルの構成の章を参照してください。

ディスクレスワークステーションやシンクライアントは中心ネットワークに接続すればそのままで利用できます。GOsa² を利用して LDAP に追加しないといけないのはディスクを備えたワークステーションだけですが、どれも可能です。

マシンを追加するには、GOsa² メインメニュー、システム、追加と進みます。事前設定済みのアドレス空間 10.0.0.0/8 にあるIPアドレス/ホスト名を利用できます。現在事前定義されている固定アドレスは 10.0.2.2 (tjener) と 10.0.0.1 (ゲートウェイ) の2つだけです。10.0.16.20 から 10.0.31.254 までのアドレス (ほぼ 10.0.16.0/20 あるいは4000ホスト) は DHCP 向けに予約済みで動的に割り当てられます。

GOsa² で MACアドレス 52:54:00:12:34:10 のホストに固定IPアドレスを割り当てるには、MACアドレス、ホスト名、IPアドレスを入力しないといけません。代わりにPropose ip ボタンをクリックすると 10.0.0.0/8 の範囲内の最初の固定空きアドレスを表示します。この方法で初めてマシンを追加した場合はほぼ確実に 10.0.0.2 のようなアドレスになるでしょう。まずネットワーク構成について考えておくのが良いでしょう: 例えば 10.0.0.x で x が10-50はサーバ用、100以上はワークステーション用など。追加したシステムの有効化を忘れないように。そうすると中心サーバを例外として、他の全システムにお揃いのアイコンが表示されます。

マシンがシンクライアント/ディスクレスワークステーションとしてブートされた、あるいはネットワークを利用するプロファイルを使ってインストールされた場合、sitesummary2ldapdhcp スクリプトを利用するとマシンを GOsa² に自動的に追加できます。sitesummary2ldapdhcp -h で使い方に関する情報を表示します。sitesummary2ldapdhcp の使用後に表示されるIPアドレスは動的に割り当てる範囲のアドレスであることに注意してください。そうなっても、システムは後でネットワークに合わせて変更できます: 新しい各システムの名前を変更し、DHCP とDNSを有効化、必要に応じてネットグループに追加してからシステムを再起動します。実際の表示は以下のスクリーンショットのようになります:

root@tjener:~# sitesummary2ldapdhcp -a -i ether-00:04:76:d3:28:b7 -t workstations
info: Create GOsa machine for auto-mac-00-04-76-d3-28-b7.intern [10.0.16.21] id ether-00:04:76:d3:28:b7.

Enter password if you want to activate these changes, and ^c to abort.

Connecting to LDAP as cn=admin,ou=ldap-access,dc=skole,dc=skolelinux,dc=no
enter password: 

{{attachment:gosa_systems_list.png}}

{{attachment:gosa_systems_host_details.png}}

{{attachment:gosa_systems_edit_host.png}}

{{attachment:gosa_systems_add_netgroup.png}}

DNSを更新する cron ジョブは毎時動作します。su -c ldap2bind を使うと手作業で更新させることもできます。

この節では apt-get upgrade の使い方を説明します。

apt-get の使い方は実に単純です。システムを更新するのに必要なのは root でコマンドラインからコマンドを2つ apt-get update (利用可能パッケージ一覧を更新) と apt-get upgrade (アップグレードが利用できるようになったパッケージをアップグレード) 実行するだけです。

Debian Edu では libpam-tmpdir を利用してユーザごとの一時ディレクトリを設定するため、LTSP chroot では TMP 及び TMPDIR 変数のセットされない状態で apt-get を実行するのが良い方法です。また、ロケールに C を使ってアップグレードするのも良い方法です。そうすることで出力や並びの順が一定になります。それでも違いが出ればそれはパッケージのバグということになります。

LC_ALL=C apt-get update ; LC_ALL=C TMP= TMPDIR= ltsp-chroot apt-get update
LC_ALL=C apt-get upgrade -y
LC_ALL=C TMP= TMPDIR= ltsp-chroot -p apt-get upgrade -y
ltsp-update-kernels # 新しいカーネルがインストールされた場合

LTSP chroot に新しいカーネルがインストールされた場合は ltsp-update-kernels を実行してカーネルとカーネルモジュールの同期を保つことが重要です。カーネルはマシンが PXE ブートしたときに TFTP 経由で配布され、カーネルモジュールは LTSP chroot から取得されます。

cron-apt と apt-listchanges をインストールして自分が読んでいるアドレスにメールを送るように設定するのも良い方法です。

cron-apt は一日一度、アップグレードできるパッケージについてメールで通知します。アップグレードをインストールはしませんが (通常夜間に) ダウンロードするため、apt-get upgrade 実行時にダウンロードを待つ必要がなくなります。

望むなら更新を自動でインストールさせることも簡単にできます。必要なのは unattended-upgrades パッケージをインストールして wiki.debian.org/UnattendedUpgrades で説明されているように設定するだけです。

apt-listchanges は新しい変更履歴をメールで送ることもできます。また、aptitude や apt-get を実行した時にターミナルに表示します。

バックアップを管理するにはブラウザで https://www/slbackup-php にアクセスします。このサイトへのアクセスにはSSLを経由する必要があることに注意してください。root パスワードを入力する必要があるためです。SSLを使わずにこのサイトにアクセスしても失敗に終わります。注意: このサイトが機能するのはバックアップサーバ (デフォルトで中心サーバ tjener) への ssh root ログインを一時的に許可した場合だけです。

デフォルトで中心サーバ tjener は /skole/tjener/home0、 /etc/、 /root/.svk、LDAP を LVM にある /skole/backup にバックアップします。(削除してしまった場合等の) 予備として複製を持っておきたいだけであればこの設定で良いでしょう。

このバックアップ方法ではハードドライブの故障に対する防護にはならないことに留意してください。

データを外部サーバやテープ機器、別のハードドライブにバックアップしたい場合には既存の設定を多少変更する必要があります。

フォルダー全体を復旧させたい場合はコマンドラインを利用するのが最善の選択となります:

$ sudo rdiff-backup -r <date>  \
   /skole/backup/tjener/skole/tjener/home0/user \
   /skole/tjener/home0/user_<date>

This will leave the content from /skole/tjener/home0/user for <date> in the folder /skole/tjener/home0/user_<date>

復旧させたいのがファイル1つだけならウェブインターフェイスからファイル (とバージョン) を選択してそのファイルだけをダウンロードできるはずです。

古いバックアップを消してしまいたい場合はバックアップページのメニューから「Maintenance」を選択して残しておく最古のスナップショットを選択します:

{{attachment:slbackup-php_maintenance.png}}

More information about Debian Edu customisations useful for system administrators can be found in the Administration Howto chapter and in the Advanced administration Howto chapter

Upgrading Debian from one distribution to the next is generally rather easy. For Debian Edu this is unfortunately not yet true as we modify configuration files in ways we shouldn't. (See Debian bug 311188 for more information.) Upgrading is still possible but may require some work.

In general, upgrading the servers is more difficult than the workstations and the main-server is the most difficult to upgrade. The diskless machines are easy, as their chroot environment can be deleted and recreated, if you haven't modified it. If you have, the chroot is basically a workstation chroot anyway, so rather easy to upgrade.

If you want to be sure that after the upgrade everything works as before, you should test the upgrade on a test system or systems configured the same way as your production machines. There you can test the upgrade without risk and see if everything works as it should.

Debian 安定版リリースについてさらなる情報がインストールマニュアルにあります。

It may also be wise to wait a bit and keep running Oldstable for a few weeks longer, so that others can test the upgrade and document any problems they experience. The Oldstable release of Debian Edu will receive continued support for some time after the next Stable release, but when Debian ceases support for Oldstable, Debian Edu will necessarily do the same.

Be prepared: make sure you have tested the upgrade from Jessie in a test environment or have backups ready to be able to go back.

Please note that the following recipe applies to a default Debian Edu main server installation (desktop=kde, profiles Main-Server, Workstation, Thin-Client-Server). (For a general overview concerning jessie to stretch upgrade, see: https://www.debian.org/releases/stretch/releasenotes)

Don't use X, use a virtual console, log in as root. Read all debconf information carefully, choose 'keep the local version currently installed'; in most cases hitting return will be fine. Press 'q' to quit the apt-listchanges pager once you've read the information.

apt-get update
apt-get -y upgrade

sed -i 's/jessie/stretch/g' /etc/apt/sources.list
apt-get update
apt-get -y dist-upgrade

sed -i '/stretch/ s/deb/#deb/g' /opt/ltsp/i386/etc/apt/sources.list
ltsp-chroot -m -a i386 apt-get update
ltsp-chroot -m -a i386 apt-get -y upgrade
sed -i 's/jessie/stretch/g' /opt/ltsp/i386/etc/apt/sources.list
ltsp-chroot -m -a i386 apt-get update
ltsp-chroot -m -a i386 apt-get -y dist-upgrade
ltsp-chroot -m -a i386 apt-get -f install
ltsp-chroot -m -a i386 apt-get -y dist-upgrade

ltsp-chroot -m -a i386 apt-get --purge autoremove

ltsp-update-kernels
ltsp-update-sshkeys

To upgrade from any older release, you will need to upgrade to the Jessie based Debian Edu release first, before you can follow the instructions provided above. Instructions are given in the Manual for Debian Edu Jessie about how to upgrade to Jessie from the previous release, Wheezy. Likewise the Wheezy manual describes how to upgrade from Squeeze and the Squeeze manual covers the one before that! (Lenny was it's name and before that there was even another one, based on what was called Etch.)

With the introduction of etckeeper in Debian Edu Squeeze (previous versions used etcinsvk which was removed from Debian), all files in /etc/ are tracked using git as a version control system.

This makes it possible to see when a file is added, changed and removed, as well as what was changed if the file is a text file. The git repository is stored in /etc/.git/.

Every hour, any changes are automatically recorded, allowing configuration history to be extracted and reviewed.

To look at the history, the command etckeeper vcs log is used. To check the differences between two points in time, a command like etckeeper vcs diff can be used.

さらなる情報については man etckeeper の出力を見てください。

List of useful commands:

etckeeper vcs log
etckeeper vcs status
etckeeper vcs diff
etckeeper vcs add .
etckeeper vcs commit -a
man etckeeper

etckeeper vcs log

etckeeper vcs status

etckeeper vcs commit -a /etc/resolv.conf

In Debian Edu, all partitions other than the /boot/ partition are on logical LVM volumes. With Linux kernels since version 2.6.10, it is possible to extend partitions while they are mounted. Shrinking partitions still needs to happen while the partition is unmounted.

It is a good idea to avoid creating very large partitions (over, say, 20GiB), because of the time it takes to run fsck on them or to restore them from backup if the need arises. It is better, if possible, to create several smaller partitions than one very large one.

The helper script debian-edu-fsautoresize is provided to make it easier to extend full partitions. When invoked, it reads the configuration from /usr/share/debian-edu-config/fsautoresizetab, /site/etc/fsautoresizetab and /etc/fsautoresizetab. It then proposes to extend partitions with too little free space, according to the rules provided in these files. If run with no arguments, it will only show the commands needed to extend the file system. The argument -n is needed to actually execute these commands to extend the file systems.

The script is executed automatically every hour on every client listed in the fsautoresize-hosts netgroup.

When the partition used by the Squid proxy is resized, the value for cache size in etc/squid/squid.conf needs to be updated as well. The helper script /usr/share/debian-edu-config/tools/squid-update-cachedir is provided to do this automatically, checking the current partition size of /var/spool/squid/ and configuring Squid to use 80% of this as its cache size.

lvextend -L30G /dev/vg_system/skole+tjener+home0
resize2fs /dev/vg_system/skole+tjener+home0

If you (probably accidentally) installed a pure main-server profile and don't have a client with a web-browser handy, it's easy to install a minimal desktop on the main server using this command sequence in a (non-graphical) shell as the user you created during the main server's installation (first user):

  $ sudo apt-get update
  $ sudo apt-get install gnome-session gnome-terminal firefox xorg
  # after installation, start a graphical session for the first user 
  $ startx

ldapvi is a tool to edit the LDAP database with a normal text editor on the commandline.

The following needs to be executed:

ldapvi --ldap-conf -ZD '(cn=admin)'

Note: ldapvi will use whatever is the default editor. By executing export EDITOR=vim in the shell prompt one can configure the environment to get a vi clone as editor.

To add an LDAP object using ldapvi, use object sequence number with the string add in front of the new LDAP object.

Warning: ldapvi is a very powerful tool. Be careful and don't mess up the LDAP database, same warning applies for JXplorer.

If you prefer a GUI to work with the LDAP database, check out the jxplorer package, which is installed by default. To get write access connect like this:

host: ldap.intern
port:636
Base dn:dc=skole,dc=skolelinux,dc=no 
Security level: ssl + user + password
User dn: cn=admin,ou=ldap-access

Click "This session only" if asked for the certificate.

ldap-createuser-krb is a small command line tool to create LDAP users and set their passwords in Kerberos. It's mostly useful for testing, though.

Since the Squeeze release in 2011, Debian has included packages formerly maintained in volatile.debian.org in the stable-updates suite.

While you can use stable-updates directly, you don't have to: stable-updates are pushed into the stable suite regularily when stable point releases are done, which roughly happens every two months.

You are running Debian Edu because you prefer the stability of Debian Edu. It runs great; there is just one problem: sometimes software is a little bit more outdated than you like. This is where backports.debian.org steps in.

Backports are recompiled packages from Debian testing (mostly) and Debian unstable (in a few cases only, e.g. security updates), so they will run without new libraries (wherever this is possible) on a stable Debian distribution like Debian Edu. We recommend you to pick out individual backports which fit your needs, and not to use all backports available there.

Using backports is simple:

echo "deb http://ftp.debian.org/debian/ stretch-backports main" >> /etc/apt sources.list
apt-get update

After which one can install backported packages easily, the following command will install a backported version of tuxtype:

apt-get install -t stretch-backports tuxtype

Backports are automatically updated (if available) just like other packages. (Previously, extra configuration was needed to achieve this, but since 2011 this [[http://backports.debian.org/news/squeeze-backports_and_lenny-backports-sloppy_started/|is not needed anymore].

Like the normal archive, backports has three sections: main, contrib and non-free.

If you want to upgrade from one version to another (for example from Stretch 9.1+edu0 to 9.3+edu1) but you do not have Internet connectivity, only physical media, follow these steps:

Insert the CD / DVD / Blu-ray disc / USB flash drive, mount it and use the apt-cdrom command:

mount /media/cdrom
apt-cdrom add -m

To quote the apt-cdrom(8) man page:

Then run these two commands to upgrade the system:

apt-get update
apt-get upgrade

killer is is a perl script that gets rid of background jobs. Background jobs are defined as processes that belong to users who are not currently logged into the machine. It's run by cron job once an hour.

To install it run the following command as root:

 apt-get install killer

unattended-upgrades is a Debian package which will install security (and other) updates automatically. If you plan to use it, you should have some means to monitor your systems, such as installing the apt-listchanges package and configuring it to send you emails about updates. And there is always /var/log/dpkg.log.

To install these packages run the following command as root:

 apt-get install unattended-upgrades apt-listchanges

It is possible to save energy and money by automatically turning client machines off at night and back on in the morning. The package will try to turn off the machine every hour on the hour from 16:00 in the afternoon, but will not turn it off if it seems to have users. It will try to tell the BIOS to turn on the machine around 07:00 in the morning, and the main-server will try to turn on machines from 06:30 by sending wake-on-lan packets. These times can be changed in the crontabs of individual machines.

Some considerations should be kept in mind when setting this up:

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  sitesummary-nodes -w

  #!/bin/sh
  PATH=/usr/sbin:$PATH
  export PATH
  netgroup -h shutdown-at-night-hosts

To access machines behind a firewall from the Internet, consider installing the package autossh. It can be used to set up an SSH tunnel to a machine on the Internet that you have access to. From that machine, you can access the server behind the firewall via the SSH tunnel.

In the default installation, all services are running on the main-server, tjener. To simplify moving some to another machine, there is a minimal installation profile available. Installing with this profile will lead to a machine, which is part of the Debian Edu network, but which doesn't have any services running (yet).

These are the required steps to setup a machine dedicated to some services:

FIXME: The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.)

Take these steps to set up a dedicated storage server for user home directories and possibly other data.

Now users should be able to access the files on 'nas-server.intern' directly by just visiting the '/tjener/nas-server/storage/' directory using any application on any workstation, LTSP client or LTSP server.

There are several ways to restrict ssh login, some are listed here.

+ : alice jane bob john : ALL
+ : ALL : 10.0.0.0/8 192.168.0.0/24 192.168.1.0/24
- : ALL : ALL
#

Customisations to the KDM login screen are made by adding a file in /etc/default/kdm.d/ specifying variables to override the default.

desktop-base パッケージでテーマを有効にする例です:

USETHEME="true"
THEME="/usr/share/apps/kdm/themes/debian-moreblue"

上記の変数の使い方に関するさらなる情報については /etc/init.d/kdm のコードを見てください。

To install other desktop environments after installation, simply use apt-get:

 apt-get install gnome lxde xfce4 mate-desktop

Users will then be able to choose any of the five desktop environment via the login manager before logging in. Of course, you can also choose to give less choices.

The usage of LXDE as default on thin clients can be forced; see networked clients for details.

If you don't want to do installations with the default desktop KDE "Plasma", you can also install with one of the four alternative desktops, GNOME, LXDE, Xfce or MATE directly.

While the free software flash-player gnash is not installed by default anymore, as it has been removed from Jessie, installing a non-free flash player is still an option. Please note that upgrading is special in this case.

To install the (non-free) Adobe Flash Player web browser plugin, install the flashplugin-nonfree Debian package from contrib. This requires contrib enabled in /etc/apt/sources.list. Use update-flashplugin-nonfree --status to check for a newer version and update-flashplugin-nonfree --install to install it.

The solution for Chromium is similar, it needs the package pepperflashplugin-nonfree (also from contrib) to be installed, which will install the (non-free) Adobe Flash Player web browser plugin. Use update-pepperflashplugin-nonfree --status to check for a newer version and update-pepperflashplugin-nonfree --install to install it.

Please note that the pepperflashplugin-nonfree package implements a more recent version of the Flash specification than does the flashplugin-nonfree, however.

FIXME: this has changed in 2016… there is the libdvd-pkg package in contrib now (also in jessie-backports) which can be used to build libdvdcss and which makes adding the debian multimedia apt repository moot. Someone should describe here how to use it…

libdvdcss is needed for playing most commercial DVDs. For legal reasons it's not included in Debian (Edu). If you are legally allowed to use it, you can use the packages from deb-multimedia.org. Add the multimedia repository (as described in the following section) and install the required libraries:

apt-get install libdvdcss2 w32codecs

To use www.deb-multimedia.org do the following:

# install the debian-keyring securely:
apt-get install debian-keyring
# fetch the deb-multimedia key insecurely:
gpg --keyserver pgpkeys.pca.dfn.de --recv-keys 1F41B907
# check securely if the key is correct and add it to the keyring used by APT if it is:
gpg --keyring /usr/share/keyrings/debian-keyring.gpg --check-sigs 1F41B907 && gpg --export 1F41B907 | apt-key add -
# add repository to sources.list - please check the homepages for mirrors!
echo "deb http://deb-multimedia.org jessie main" >> /etc/apt/sources.list
# update the list of available packages:
apt-get update

The package fonts-linex (which is installed by default) installs the font "Abecedario" which is a nice handwriting font for kids. The font has several forms to be used with kids: dotted, and with lines.

One generic term for both thin clients and diskless workstations is LTSP client. LTSP is the Linux Terminal Server Project.

シンクライアント

シンクライアントの設定で普通のPCをソフトウェアは全て LTSP サーバ上で動作する(X-)端末として機能させることもできます。つまり、マシンはローカルクライアントのハードドライブを利用せず、ディスケット、あるいはネットワーク PROM (または PXE) を使ってサーバから直接ブートします。

ディスクレスワークステーション

A diskless workstation runs all software locally. The client machines boot directly from the LTSP server without a local hard drive. Software is administered and maintained on the LTSP server (inside of the LTSP chroot), but it runs on the diskless workstation. Home directories and system settings are stored on the server too. Diskless workstations are an excellent way of reusing older (but powerful) hardware with the same low maintenance cost as with thin clients.

LTSP defines 320MB as the default minimum amount of RAM for diskless workstations. If the amount of RAM is less, the machine will boot as thin client. The related LTSP parameter is FAT_RAM_THRESHOLD with the default value 300. So if (for example) the clients should only boot as diskless workstations if they have 1 GB RAM add FAT_RAM_THRESHOLD=1000 to lts.conf (or set this in LDAP). Unlike workstations, diskless workstations run without any need to add them with GOsa², cause LDM is used to login and connect to the LTSP server. The home directory is by default mounted using sshfs, and not automount and NFS. This causes shared directories available via NFS to not be available on diskless workstations.

The following steps can be used to get back the behaviour from Debian Edu Squeeze, using automount, NFS and a display manager other than ldm:

LTSP client firmware

LTSP client boot will fail if the client's network card requires a non-free firmware. A PXE installation can be used for troubleshooting problems with netbooting a machine; if the Debian Installer complains about a missing XXX.bin file then non-free firmware has to be added to the initrd used by LTSP clients.

In this case execute the following commands on an LTSP server.

# First get information about firmware packages
apt-get update && apt-cache search ^firmware-

# Decide which package has to be installed for the network card(s). 
# Most probably this will be firmware-linux-nonfree.
# Things have to take effect in the LTSP chroot for architecture i386.
ltsp-chroot -a i386 apt-get update
ltsp-chroot -d -a i386 apt-get -y -q install <package name>

# copy the new initrd to the server's tftpboot directory
ltsp-update-kernels

As a shorter alternative -- installing all available firmware and updating the tftpboot directory -- you could execute:

/usr/share/debian-edu-config/tools/ltsp-addfirmware

LTSP client kernel

In order to support older hardware the package linux-image-586 is installed by default. If all LTSP client machines support the 686 processor architecture the linux-image-686 package could be installed in the chroot. Make sure to execute ltsp-update-kernels after installation.

(1)Open the file /opt/ltsp/i386/etc/ltsp/update-kernels.conf with an editor
and replace the line
CMDLINE_LINUX_DEFAULT="init=/sbin/init-ltsp quiet"
with
CMDLINE_LINUX_DEFAULT="init=/sbin/init-ltsp LTSP_FATCLIENT=False quiet"
(2)Execute 'ltsp-chroot -a i386 /usr/share/ltsp/update-kernels'
(3)Execute 'ltsp-update-kernels'

The PXE configuration is generated using the script debian-edu-pxeinstall. It allows some settings to be overridden by adding a file /etc/debian-edu/pxeinstall.conf with replacement values.

MENU PASSWD $4$NDk0OTUzNTQ1NTQ5$7d6KvAlVCJKRKcijtVSPfveuWPM$

#add the skole projects local repository
d-i     apt-setup/local1/repository string      http://example.org/debian stable main contrib non-free
d-i     apt-setup/local1/comment string         Example Software Repository
d-i     apt-setup/local1/source boolean         true
d-i     apt-setup/local1/key    string          http://example.org/key.asc

ln -s /var/lib/tftpboot/debian-edu/default-diskless.cfg /var/lib/tftpboot/pxelinux.cfg/default

ln -s /var/lib/tftpboot/debian-edu/default-thin.cfg /var/lib/tftpboot/pxelinux.cfg/default

 DEFAULT ltsp/i386/vmlinuz initrd=ltsp/i386/initrd.img nfsroot=10.0.2.10:/opt/ltsp/i386 init=/sbin/init-ltsp boot=nfs ro quiet ipappend 2

The debian-edu-config package comes with a tool which helps in changing the network from 10.0.0.0/8 to something else. Have a look at /usr/share/debian-edu-config/tools/subnet-change. It is intended for use just after installation on the main server, to update LDAP and other files that need to be edited to change the subnet.

Note that changing to one of the subnets already used elsewhere in Debian Edu will not work. 192.168.0.0/24 and 192.168.1.0/24 are already set up as LTSP client networks. Changing to these subnets will require manual editing of configuration files to remove duplicate entries.

There is no easy way to change the DNS domain name. Changing it would require changes to both the LDAP structure and several files in the main server file system. There is also no easy way to change the host and DNS name of the main server (tjener.intern). To do so would also require changes to LDAP and files in the main-server and client file system. In both cases the Kerberos setup would have to be changed, too.

Since version 3.0 Skolelinux has been running LDM as its login manager, which uses a secure SSH tunnel to log in. Switching to KDM also requires a switch to XDMCP, which uses lower CPU resources on the clients and on the server.

Warning: XDMCP does not use encryption. Passwords will travel in cleartext over the network, as well as anything else.

Note: local devices with ltspfs will stop working without LDM.

To check if XDMCP is running, run this command from a workstation:

 X -query ltspserverXX

If you are on the thin client network, run this command:

 X -query 192.168.0.254

The goal is to let your "real" thin client contact the xdmcp-server on 192.168.0.254 (given a standard Skolelinux configuration).

If XDMCP is not accessible on your server which runs KDM, add the following to /etc/kde4/kdm/Xaccess:

 * # any host can get a login window

The star before the comment '#' is important; the rest is a comment, of course

Then turn on XDMCP in KDM with the command:

 sudo update-ini-file /etc/kde4/kdm/kdmrc Xdmcp Enable true

Finally, restart KDM by running:

 sudo service kdm restart

The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors (see the history of those pages to find them) if they are fine with moving the howto and putting it under the GPL.)

This documentation presumes that you have installed the Debian Edu main server and maybe also a Debian Edu workstation to verify that working under Debian Edu/Skolelinux works for you. We presume that you have already created some users that can flawlessly use the Debian Edu workstation. We also presume that you have a Windows XP/Vista/7 workstation at hand, so you can test access to the Debian Edu main server from a Windows machine.

After installation of the Debian Edu main server the Samba host \\TJENER should be visible in your Windows Network Neighbourhood. Debian Edu's Windows domain is SKOLELINUX. Use a Windows machine (or a Linux system with smbclient) to browse your Windows/Samba network environment.

To use Samba on TJENER as a domain controller, your network's Windows workstations have to join the SKOLELINUX domain provided by the Debian Edu main server.

The first thing you have to do is to enable the SKOLELINUX\Administrator account. This account is not intended for day-to-day usage; its current main purpose is to add Windows machines to the SKOLELINUX domain. To enable this account log on to TJENER as the first user (created during main server installation) and run this command:

The password of SKOLELINUX\Administrator has been preconfigured during the main server's installation. Please use the system's root account when authenticating as SKOLELINUX\Administrator.

Once you are done with your administrative work make sure to disable the SKOLELINUX\Administrator account again:

Debian Edu ships some logon scripts that pre-configure the Windows user profile on first logon. When logging on to a Windows workstation that has joined the SKOLELINUX domain for the first time the following tasks are run:

Other tasks are run on every logon. For further information on this, please refer to the /etc/samba/netlogon folder on your Debian Edu main server.

Moodle is a free, Open Source course management system - software designed using sound pedagogical principles to help educators create effective online learning communities. You can download and use it on any computer (including webhosts), yet it can scale from a single-teacher site to a University with 200,000 students. Some schools in France use Moodle to keep track of students' facilities and credit points.

There are moodle sites all over the world, mostly concentrated in Europe and North America. Check the site of an institution near you to get an idea about it. More information is available at the moodle project page, including documentation and support.

SWI-Prolog is an open source implementation of the programming language Prolog, commonly used for teaching and semantic web applications.

Some schools use control tools like Controlaula or iTALC to supervise their students. See also the iTALC Wiki (and the documentation in bug 511387).

Warning: make sure you know the status of the laws about monitoring and restricting computer users' activities in your jurisdiction.

Some schools use Squidguard or Dansguardian to restrict Internet access.

Some schools use the products of Smarttech for their teaching. You need a workstation with drivers and software for this, Smarttech has published some working non-free Software in a Debian Repository as a download. A local copy of this repository needs to be put inside the school network, so that the smartboard software could be installed on our machines. So teachers and pupils can prepare for class on every computer:

# move the tar.gz file to a repository directory on the school network's webroot (by default located on tjener):
root@tjener:~# 
mkdir /etc/debian-edu/www/debian
mv smartnotebook10_2sp1debianrepository.tar.gz /etc/debian-edu/www/debian
# change into the new directory
root@tjener:~# cd /etc/debian-edu/www/debian
# extract the file
root@tjener:~# tar xzvf smartnotebook10_2sp1debianrepository.tar.gz

d-i apt-setup/local1/repository string http://www/debian/ stable non-free
d-i apt-setup/local1/comment string SMART Repo
d-i apt-setup/local1/key string http://www/debian/swbuild.asc
d-i pkgsel/include string smart-activation,smart-common,smart-gallerysetup,smart-hwr,smart-languagesetup,smart-notebook,smart-notifier,smart-product-drivers

/usr/sbin/debian-edu-pxeinstall

### SMART Repo
deb http://www/debian/ stable non-free

ltsp-chroot -a i386 editor /etc/apt/sources.list

ltsp-chroot -a i386 wget http://www/debian/swbuild.asc
ltsp-chroot -a i386 apt-key add swbuild.asc
ltsp-chroot -a i386 rm swbuild.asc
# update the dpkg database and install the wanted packages
ltsp-chroot -a i386 aptitude update
ltsp-chroot -a i386 aptitude install smart-activation,smart-common,smart-gallerysetup,smart-hwr,smart-languagesetup,smart-notebook,smart-notifier,smart-product-drivers

The HowTos from http://wiki.debian.org/DebianEdu/HowTo/ are either user- or developer-specific. Let's move the user-specific HowTos over here (and delete them over there)! (But first ask the authors if they are happy with moving them and putting them under the GPL - see the page histories to find them.)

Every user should change her or his password by using GOsa². To do so, just use a browser and go to https://www/gosa/.

Using GOsa² to change the password ensures that Kerberos (krbPrincipalKey), LDAP (userPassword) and Samba (sambaNTPassword and sambaLMPassword) passwords are the same.

Changing passwords using PAM is working (ie at the KDM/GDM login prompt), but this will only update the Kerberos password, and not the Samba and GOsa² (LDAP) password. So after you changed your password at the login prompt, you really should also change it using GOsa².

All users can send and receive mails within the internal network. To allow mail outside the internal network, the adminstrator needs to configure the mailserver exim4 to suit the local situation, starting with dpkg-reconfigure exim4-config.

Every user who wants to use KMail (or Icedove, not installed by default) needs to configure it as follows. For a user with username jdoe the internal email address is jdoe@postoffice.intern.

On thin clients, pavucontrol or alsamixer (but not kmix) can be used to change audio volume.

On other machines (workstations, LTSP servers, and diskless workstations), kmix or alsamixer can be used.

There are Debian Edu users all over the world. A very easy form of contribution is to let us know you exist and use Debian Edu - this motivates us very much and therefore is already a valuable contribution.

The Debian Edu projects provide a database of schools and users of the system to help the users find each other, and also to have an idea about where the users of the distribution are located. Please let us know about your installation, by registering in this database. To register your school, use this web form.

Currently there are local teams in Norway, Germany, the region of Extremadura in Spain, Taiwan and France. "Isolated" contributors and users exist in Greece, the Netherlands, Japan and elsewhere.

The support chapter has explanations and links to localised resources, as contribute and support are two sides of the same coin.

Internationally we are organised into various teams working on different subjects.

Most of the time, the developer mailing list is our main medium for communication, though we have monthly IRC meetings on #debian-edu on irc.debian.org and even, less frequently, real gatherings, where we meet each other in person. New contributors should read our http://wiki.debian.org/DebianEdu/ArchivePolicy.

A good way to learn what is happening in the development of Debian Edu is to subscribe to the commit mailinglist.

This document needs your help! First and foremost, it is not finished yet: if you read it, you will notice various FIXMEs within the text. If you happen to know (a bit of) what needs to be explained there, please consider sharing your knowledge with us.

The source of the text is a wiki and can be edited with a simple webbrowser. Just go to http://wiki.debian.org/DebianEdu/Documentation/Stretch/ and you can contribute easily. Note: a user account is needed to edit the pages; you need to create a wiki user first.

Another very good way to contribute and to help users is by translating software and documentation. Information on how to translate this document can be found in the translations chapter of this book. Please consider helping the translation effort of this book!

Lists of companies providing professional support are available from http://wiki.debian.org/DebianEdu/Help/ProfessionalHelp.

This is a very early ALPHA release of Debian Edu 9+edu0. Please report feedback to debian-edu@lists.debian.org!

As in many free software projects, translations of this document are kept in PO files. More information about the process can be found in /usr/share/doc/debian-edu-doc/README.debian-edu-jessie-manual-translations. The Git repository (see below) contains this file too. Take a look there and at the language specific conventions if you want to help translating this document.

To commit your translations you need to be a member of the Alioth project debian-edu. If your Alioth username differs from your local one, create or edit ~/.ssh/config. There should be an entry like:

Host git.debian.org
User <your-alioth-username>

Then check out the debian-edu-doc source using ssh access: git clone git+ssh://git.debian.org/git/debian-edu/debian-edu-doc.git

If you only want to translate, you just need to check out some files from Git (which can be done anonymously) and create patches. Please file a bug against the debian-edu-doc package and attach the PO file to the bugreport. You can find some instructions on how to submit bugs here.

You can check out the debian-edu-doc source anonymously with the following command (you need to have the git package installed for this to work):

Then edit the file documentation/debian-edu-jessie/debian-edu-jessie-manual.$CC.po (replacing $CC with your language code). There are many tools for translating available; we suggest using lokalize.

Then you either commit the file directly to Git (if you have the rights to do so) or send the file to the bugreport.

To update your local copy of the repository use the following command inside the debian-edu-doc directory:

Read /usr/share/doc/debian-edu-doc/README.debian-edu-jessie-manual-translations to find information how to create a new PO file for your language if there isn't one yet, and how to update translations.

Please keep in mind that this manual is still under development, so don't translate any string which contains " FIXME".

Basic information about Alioth (the host where our Git repository is located) and Git is available at http://wiki.debian.org/Alioth/Git.

If you are new to Git, look at the Pro Git book; it has a chapter on the recording changes to the repository. Also you might want to look at the gitk package that provides a GUI for Git.

Please report any problems.

Copyright (C) 2007-2016 Holger Levsen < holger@layer-acht.org > and others, see the Copyright chapter for the full list of copyright owners.

This program is free software; you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation; either version 2 of the License, or (at your option) any later version.

This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details.

You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.

Version 2, June 1991

Copyright (C) 1989, 1991 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed.

0. This License applies to any program or other work which contains a notice placed by the copyright holder saying it may be distributed under the terms of this General Public License. The "Program", below, refers to any such program or work, and a "work based on the Program" means either the Program or any derivative work under copyright law: that is to say, a work containing the Program or a portion of it, either verbatim or with modifications and/or translated into another language. (Hereinafter, translation is included without limitation in the term "modification".) Each licensee is addressed as "you".

Activities other than copying, distribution and modification are not covered by this License; they are outside its scope. The act of running the Program is not restricted, and the output from the Program is covered only if its contents constitute a work based on the Program (independent of having been made by running the Program). Whether that is true depends on what the Program does.

1. You may copy and distribute verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty; keep intact all the notices that refer to this License and to the absence of any warranty; and give any other recipients of the Program a copy of this License along with the Program.

You may charge a fee for the physical act of transferring a copy, and you may at your option offer warranty protection in exchange for a fee.

2. You may modify your copy or copies of the Program or any portion of it, thus forming a work based on the Program, and copy and distribute such modifications or work under the terms of Section 1 above, provided that you also meet all of these conditions:

These requirements apply to the modified work as a whole. If identifiable sections of that work are not derived from the Program, and can be reasonably considered independent and separate works in themselves, then this License, and its terms, do not apply to those sections when you distribute them as separate works. But when you distribute the same sections as part of a whole which is a work based on the Program, the distribution of the whole must be on the terms of this License, whose permissions for other licensees extend to the entire whole, and thus to each and every part regardless of who wrote it.

Thus, it is not the intent of this section to claim rights or contest your rights to work written entirely by you; rather, the intent is to exercise the right to control the distribution of derivative or collective works based on the Program.

In addition, mere aggregation of another work not based on the Program with the Program (or with a work based on the Program) on a volume of a storage or distribution medium does not bring the other work under the scope of this License.

3. You may copy and distribute the Program (or a work based on it, under Section 2) in object code or executable form under the terms of Sections 1 and 2 above provided that you also do one of the following:

The source code for a work means the preferred form of the work for making modifications to it. For an executable work, complete source code means all the source code for all modules it contains, plus any associated interface definition files, plus the scripts used to control compilation and installation of the executable. However, as a special exception, the source code distributed need not include anything that is normally distributed (in either source or binary form) with the major components (compiler, kernel, and so on) of the operating system on which the executable runs, unless that component itself accompanies the executable.

If distribution of executable or object code is made by offering access to copy from a designated place, then offering equivalent access to copy the source code from the same place counts as distribution of the source code, even though third parties are not compelled to copy the source along with the object code.

4. You may not copy, modify, sublicense, or distribute the Program except as expressly provided under this License. Any attempt otherwise to copy, modify, sublicense or distribute the Program is void, and will automatically terminate your rights under this License. However, parties who have received copies, or rights, from you under this License will not have their licenses terminated so long as such parties remain in full compliance.

5. You are not required to accept this License, since you have not signed it. However, nothing else grants you permission to modify or distribute the Program or its derivative works. These actions are prohibited by law if you do not accept this License. Therefore, by modifying or distributing the Program (or any work based on the Program), you indicate your acceptance of this License to do so, and all its terms and conditions for copying, distributing or modifying the Program or works based on it.

6. Each time you redistribute the Program (or any work based on the Program), the recipient automatically receives a license from the original licensor to copy, distribute or modify the Program subject to these terms and conditions. You may not impose any further restrictions on the recipients' exercise of the rights granted herein. You are not responsible for enforcing compliance by third parties to this License.

7. If, as a consequence of a court judgment or allegation of patent infringement or for any other reason (not limited to patent issues), conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not distribute the Program at all. For example, if a patent license would not permit royalty-free redistribution of the Program by all those who receive copies directly or indirectly through you, then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Program.

If any portion of this section is held invalid or unenforceable under any particular circumstance, the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances.

It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims; this section has the sole purpose of protecting the integrity of the free software distribution system, which is implemented by public license practices. Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system; it is up to the author/donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice.

This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License.

8. If the distribution and/or use of the Program is restricted in certain countries either by patents or by copyrighted interfaces, the original copyright holder who places the Program under this License may add an explicit geographical distribution limitation excluding those countries, so that distribution is permitted only in or among countries not thus excluded. In such case, this License incorporates the limitation as if written in the body of this License.

9. The Free Software Foundation may publish revised and/or new versions of the General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns.

Each version is given a distinguishing version number. If the Program specifies a version number of this License which applies to it and "any later version", you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of this License, you may choose any version ever published by the Free Software Foundation.

10. If you wish to incorporate parts of the Program into other free programs whose distribution conditions are different, write to the author to ask for permission. For software which is copyrighted by the Free Software Foundation, write to the Free Software Foundation; we sometimes make exceptions for this. Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally.

NO WARRANTY

11. BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION.

12. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

END OF TERMS AND CONDITIONS

To activate a specific translation, boot using locale=ll_CC.UTF-8 as a boot option, where ll_CC.UTF-8 is the locale name you want. To activate a given keyboard layout, use the keyb=KB option where KB is the desired keyboard layout. Here is a list of commonly used locale codes:

A complete list of locale codes is available in /usr/share/i18n/SUPPORTED, but only the UTF-8 locales are supported by the live images. Not all locales have translations installed, though. The keyboard layout names can be found in /usr/share/keymaps/i386/.

The image would be (but currently isn't) available via FTP, HTTP or rsync from ftp.skolelinux.org under cd-stretch-live/.

More information on even older releases can be found at http://developer.skolelinux.no/info/cdbygging/news.html.