Honor (don't ignore) /etc/kolibri/username when installing Kolibri — putting an end to 2 contradictory KOLIBRI_USER settings

[holta]

This PR fixes the worst of several problems described on Sept 9, 2022 here:

• apt upgrading Kolibri tricks operator into changing KOLIBRI_USER (accidentally) damaging Kolibri installations #115

Thanks @jredrejo @benjaoming @radinamatic for reviewing when you have time.

Recap: This fixes the serious problem of Kolibri's Debian/Ubuntu (apt / .deb) installer ignoring /etc/kolibri/username

Which results in Kolibri's 2 permanently contradictory settings (i.e. 2 contradictory values) for KOLIBRI_USER — i.e. in these 2 places:

• /var/cache/debconf/config.dat
• /etc/kolibri/username

Not pretty! So a month or so later, typically the first time a school apt upgrades, Kolibri's new Debian package erroneously tries to force the school (and all https://internet-in-a-box.org schools, if they are online and run apt update etc) to try to change KOLIBRI_USER:

┌─────────────────────────────────────────────────────────┤ Kolibri configuration ├─────────────────────────────────────────────────────────┐
│ The default is to choose your preferred desktop user account, for instance to ensure access to importing data from external USB devices.  │
│                                                                                                                                           │
│ Entering a username that doesn't exist will create a new system user with home directory /var/<username>.                                 │
│                                                                                                                                           │
│ Which user account should own the Kolibri server?                                                                                         │
│                                                                                                                                           │
│ ubuntu   <<<< WRONG!!! (user "kolibri" is already specified at /etc/kolibri/username)   _________________________________________________ │
│                                                                                                                                           │
│                                                                  <Ok>                                                                     │
│                                                                                                                                           │
└───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘

Why does this happen every single time a school first upgrades Kolibri? One can only assume that Ansible (Linux automation, that arranges all Internet-in-a-Box installs) runs something like:

export DEBIAN_FRONTEND=noninteractive
apt install kolibri

So what happens is that Kolibri's Ubuntu/Debian package (1) Encodes the very misleading (erroneous, desktop-like) KOLIBRI_USER into /var/cache/debconf/config.dat (2) Effectively deferring its 3-to-5 debconf screens asking for things like KOLIBRI_USER until 1 or 2 months later, into the hands of the wrong person, after everything's installed in a school (3) Leading to serious confusion + conflicting KOLIBRI_USER settings down the road, that nobody wants 😖

CONCLUSION: This simple PR eliminates the conflicting settings, and at least brings us a lot closer to what the doc portrays at https://kolibri.readthedocs.io/en/latest/install/ubuntu-debian.html#id2 — pasted in here:

STRETCH GOAL FOR LATER: Eliminating all screens during apt upgrade would be far-and-away better for most schools, who are simply trying to upgrade Kolibri, and do not want to change any settings, or read long-winded technical screens 🥲 (as we all strive to help schools focus on learning, not unnecessary low-level administration!)

IN SHORT, Internet-in-a-Box can easily force far cleaner behavior during Kolibri upgrades (i.e. what schools prefer) with a hacky script like the following: (but we'd rather work with Kolibri to solve the problem properly, thoughtfully and in due course, helping everyone)

#!/bin/bash

#CONFIGFILE=/var/cache/debconf/config.dat
set -e

. /usr/share/debconf/confmodule
db_fset kolibri/user seen true
db_fset kolibri/init seen true
db_fset kolibri/init-instructions seen true

[holta]

BACKGROUND / CONTEXT: /etc/kolibri/README puts repeated and very strong emphasis on file /etc/kolibri/username which seems very positive. ✅

While @benjaoming did most of that writing more than 4 years ago of course, I can only assume it's still largely on target.

To that end, let's all hope that this still-very-useful (though at this point error-prone and stale!) top-level /etc/kolibri doc can be refined now in 2023, to fix its broken link and other small/diversionary errors 🏗️

e.g. Another small error in /etc/kolibri/README is the command it spells out to determine KOLIBRI_HOME ("this command will print it") doesn't work in most cases — with installs like Internet-in-a-Box that take security seriously — as KOLIBRI_USER has no real / runnable shell in /etc/passwd :

• iiab/iiab#3504

[benjaoming]

You can simplify this change quite a lot by adding the test to the list of tests in line 341 AFAICT

[holta]

I saw that earlier, yes.

But I chose to keep the change more localized & more legible.

i.e. to make clear this PR is basically a 2-line change wrapped in an if statement.

(@jredrejo is of course free to move things around as he sees fit!)

[jredrejo]

Despite I agree with @benjaoming comment, I'm approving this because the functionality is correct and I prefer not to delay it anymore

[holta]

I too agree with @benjaoming ✅

(PR change was kept distinct/localized to illustrate the core idea...)

[benjaoming]

Thanks for all the lovely mentions ❤️ I want to mention back that I do miss having time to work on this ❤️