Rev 40 | Rev 62 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 40 | Rev 61 | ||
|---|---|---|---|
| 1 | #!/bin/sh |
1 | #!/bin/sh |
| 2 | # postinst script for lsh-server |
2 | # postinst script for lsh-server |
| 3 | # |
3 | # |
| 4 | # see: dh_installdeb(1) |
4 | # see: dh_installdeb(1) |
| 5 | 5 | ||
| 6 | set -e |
6 | set -e |
| 7 | 7 | ||
| 8 | # summary of how this script can be called: |
8 | # summary of how this script can be called: |
| 9 | # * <postinst> `configure' <most-recently-configured-version> |
9 | # * <postinst> `configure' <most-recently-configured-version> |
| 10 | # * <old-postinst> `abort-upgrade' <new version> |
10 | # * <old-postinst> `abort-upgrade' <new version> |
| 11 | # * <conflictor's-postinst> `abort-remove' `in-favour' <package> |
11 | # * <conflictor's-postinst> `abort-remove' `in-favour' <package> |
| 12 | # <new-version> |
12 | # <new-version> |
| 13 | # * <deconfigured's-postinst> `abort-deconfigure' `in-favour' |
13 | # * <deconfigured's-postinst> `abort-deconfigure' `in-favour' |
| 14 | # <failed-install-package> <version> `removing' |
14 | # <failed-install-package> <version> `removing' |
| 15 | # <conflicting-package> <version> |
15 | # <conflicting-package> <version> |
| 16 | # for details, see http://www.debian.org/doc/debian-policy/ or |
16 | # for details, see http://www.debian.org/doc/debian-policy/ or |
| 17 | # the debian-policy package |
17 | # the debian-policy package |
| 18 | # |
18 | # |
| 19 | # quoting from the policy: |
19 | # quoting from the policy: |
| 20 | # Any necessary prompting should almost always be confined to the |
20 | # Any necessary prompting should almost always be confined to the |
| 21 | # post-installation script, and should be protected with a conditional |
21 | # post-installation script, and should be protected with a conditional |
| 22 | # so that unnecessary prompting doesn't happen if a package's |
22 | # so that unnecessary prompting doesn't happen if a package's |
| 23 | # installation fails and the `postinst' is called with `abort-upgrade', |
23 | # installation fails and the `postinst' is called with `abort-upgrade', |
| 24 | # `abort-remove' or `abort-deconfigure'. |
24 | # `abort-remove' or `abort-deconfigure'. |
| 25 | 25 | ||
| - | 26 | create_seed_and_key() {
|
|
| - | 27 | RANDOM_SEED="/var/spool/lsh/yarrow-seed-file" |
|
| - | 28 | HOST_KEY="/etc/lsh_host_key" |
|
| - | 29 | OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key" |
|
| - | 30 | ||
| - | 31 | if [ ! -f "$RANDOM_SEED" ]; then |
|
| - | 32 | echo -n "Creating lsh random seed file (this may take a while) ..." |
|
| - | 33 | DIR=$(dirname "$RANDOM_SEED") |
|
| - | 34 | if install -d -m 700 "$DIR" && |
|
| - | 35 | dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null && |
|
| - | 36 | chmod 600 "$RANDOM_SEED"; then |
|
| - | 37 | echo " done." |
|
| - | 38 | else |
|
| - | 39 | echo " failed!" |
|
| - | 40 | return 1 |
|
| - | 41 | fi |
|
| - | 42 | fi |
|
| - | 43 | ||
| - | 44 | if [ ! -f "$HOST_KEY" ]; then |
|
| - | 45 | if [ -r "$OPENSSH_HOST_KEY" ]; then |
|
| - | 46 | echo -n "Converting existing OpenSSH RSA host key ... " |
|
| - | 47 | if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server && |
|
| - | 48 | [ -f "$HOST_KEY" ]; then |
|
| - | 49 | echo -n "done." |
|
| - | 50 | return 0 |
|
| - | 51 | fi |
|
| - | 52 | echo "failed. Will generate a new key instead." |
|
| - | 53 | fi |
|
| - | 54 | echo -n "Creating lsh host key ... " |
|
| - | 55 | if lsh-keygen --server | lsh-writekey --server && |
|
| - | 56 | [ -f "$HOST_KEY" ]; then |
|
| - | 57 | echo " done." |
|
| - | 58 | else |
|
| - | 59 | echo " failed!" |
|
| - | 60 | return 1 |
|
| - | 61 | fi |
|
| - | 62 | fi |
|
| - | 63 | return 0 |
|
| - | 64 | } |
|
| 26 | 65 | ||
| 27 | LSHD_DEFAULTS=/etc/default/lsh-server |
66 | LSHD_DEFAULTS=/etc/default/lsh-server |
| 28 | 67 | ||
| 29 | case "$1" in |
68 | case "$1" in |
| 30 | configure) |
69 | configure) |
| 31 | 70 | ||
| 32 | # This needs to be fixed. If we do stuff this way, strange things will |
71 | # This needs to be fixed. If we do stuff this way, strange things will |
| 33 | # happen ... the user can specify stuff to debconf and old options can |
72 | # happen ... the user can specify stuff to debconf and old options can |
| 34 | # still be written to the config file :-( |
73 | # still be written to the config file :-( |
| 35 | # First, get default options |
74 | # First, get default options |
| 36 | #[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS" |
75 | #[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS" |
| 37 | 76 | ||
| 38 | # Fall back to default options if necessary |
77 | # Fall back to default options if necessary |
| 39 | LSHD_PORT=${LSHD_PORT:-2222}
|
78 | LSHD_PORT=${LSHD_PORT:-2222}
|
| 40 | ENABLE_SFTP=${ENABLE_SFTP:-false}
|
79 | ENABLE_SFTP=${ENABLE_SFTP:-false}
|
| 41 | 80 | ||
| 42 | # Make sure ENABLE_SFTP is either "true" or "false", set up option |
81 | # Make sure ENABLE_SFTP is either "true" or "false", set up option |
| 43 | case "$ENABLE_SFTP" in |
82 | case "$ENABLE_SFTP" in |
| 44 | true|TRUE|y*|Y*) |
83 | true|TRUE|y*|Y*) |
| 45 | ENABLE_SFTP=true |
84 | ENABLE_SFTP=true |
| 46 | ;; |
85 | ;; |
| 47 | *) |
86 | *) |
| 48 | ENABLE_SFTP=false |
87 | ENABLE_SFTP=false |
| 49 | ;; |
88 | ;; |
| 50 | esac |
89 | esac |
| 51 | 90 | ||
| 52 | . /usr/share/debconf/confmodule |
91 | . /usr/share/debconf/confmodule |
| 53 | 92 | ||
| 54 | db_get "lsh-server/lshd_port"; LSHD_PORT="$RET" |
93 | db_get "lsh-server/lshd_port"; LSHD_PORT="$RET" |
| 55 | db_get "lsh-server/sftp"; ENABLE_SFTP="$RET" |
94 | db_get "lsh-server/sftp"; ENABLE_SFTP="$RET" |
| 56 | 95 | ||
| 57 | # OK, now make the config file |
96 | # OK, now make the config file |
| 58 | 97 | ||
| 59 | cat <<"EOF" >"$LSHD_DEFAULTS" |
98 | cat <<"EOF" >"$LSHD_DEFAULTS" |
| 60 | # Configuration file generated by lsh-server.postinst. |
99 | # Configuration file generated by lsh-server.postinst. |
| 61 | # You can change the lsh-server configuration either by editing |
100 | # You can change the lsh-server configuration either by editing |
| 62 | # this file, or by running dpkg-reconfigure lsh-server. |
101 | # this file, or by running dpkg-reconfigure lsh-server. |
| 63 | # |
102 | # |
| 64 | EOF |
103 | EOF |
| 65 | 104 | ||
| 66 | echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS" |
105 | echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS" |
| 67 | echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS" |
106 | echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS" |
| 68 | 107 | ||
| 69 | # Versions before 2.0.1cdbs-4 have a security issue, therefore |
108 | # Versions before 2.0.1cdbs-4 have a security issue, therefore |
| 70 | # have the random seed regenerated. |
109 | # have the random seed regenerated. |
| 71 | if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \ |
110 | if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \ |
| 72 | && dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then |
111 | && dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then |
| 73 | echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a" |
112 | echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a" |
| 74 | echo " version with a known security bug, so we can't trust the seed any more." |
113 | echo " version with a known security bug, so we can't trust the seed any more." |
| 75 | echo " It will be automatically regenerated from /dev/random." |
114 | echo " It will be automatically regenerated from /dev/random." |
| 76 | rm /var/spool/lsh/yarrow-seed-file |
115 | rm /var/spool/lsh/yarrow-seed-file |
| 77 | fi |
116 | fi |
| 78 | 117 | ||
| 79 | # Disable ssh if needed |
118 | # Disable ssh if needed |
| 80 | if [ "$LSHD_PORT" -eq 22 ] ; then |
119 | if [ "$LSHD_PORT" -eq 22 ] ; then |
| 81 | if [ ! -d /etc/ssh ] ; then |
120 | if [ ! -d /etc/ssh ] ; then |
| 82 | mkdir -p /etc/ssh |
121 | mkdir -p /etc/ssh |
| 83 | fi |
122 | fi |
| 84 | 123 | ||
| 85 | file=/etc/ssh/sshd_not_to_be_run |
124 | file=/etc/ssh/sshd_not_to_be_run |
| 86 | if [ ! -f "$file" ] ; then |
125 | if [ ! -f "$file" ] ; then |
| 87 | # stop ssh from starting at bootup |
126 | # stop ssh from starting at bootup |
| 88 | cat <<"EOF" >"$file" |
127 | cat <<"EOF" >"$file" |
| 89 | LSH_SERVER_CONFIG_GENERATED |
128 | LSH_SERVER_CONFIG_GENERATED |
| 90 | # Generated by lsh-server.postinst |
129 | # Generated by lsh-server.postinst |
| 91 | # Please don't remove this file unless you have first disabled lsh, and don't |
130 | # Please don't remove this file unless you have first disabled lsh, and don't |
| 92 | # change the first line ... otherwise lsh-server won't recognise it!!! |
131 | # change the first line ... otherwise lsh-server won't recognise it!!! |
| 93 | EOF |
132 | EOF |
| 94 | fi |
133 | fi |
| 95 | fi |
134 | fi |
| - | 135 | ||
| - | 136 | create_seed_and_key |
|
| 96 | ;; |
137 | ;; |
| 97 | 138 | ||
| 98 | abort-upgrade|abort-remove|abort-deconfigure) |
139 | abort-upgrade|abort-remove|abort-deconfigure) |
| 99 | 140 | ||
| 100 | ;; |
141 | ;; |
| 101 | 142 | ||
| 102 | *) |
143 | *) |
| 103 | echo "postinst called with unknown argument \`$1'" >&2 |
144 | echo "postinst called with unknown argument \`$1'" >&2 |
| 104 | exit 1 |
145 | exit 1 |
| 105 | ;; |
146 | ;; |
| 106 | esac |
147 | esac |
| 107 | 148 | ||
| 108 | # dh_installdeb will replace this with shell code automatically |
149 | # dh_installdeb will replace this with shell code automatically |
| 109 | # generated by other debhelper scripts |
150 | # generated by other debhelper scripts |
| 110 | 151 | ||
| 111 | #DEBHELPER# |
152 | #DEBHELPER# |
| 112 | 153 | ||
| 113 | exit 0 |
154 | exit 0 |