Rev 99 | Go to most recent revision | Only display areas with differences | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed
| Rev 99 | Rev 120 | ||
|---|---|---|---|
| 1 | #!/bin/sh |
1 | #!/bin/sh |
| 2 | # postinst script for lsh-server |
2 | # postinst script for lsh-server |
| 3 | # |
3 | # |
| 4 | # see: dh_installdeb(1) |
4 | # see: dh_installdeb(1) |
| 5 | 5 | ||
| 6 | set -e |
6 | set -e |
| 7 | 7 | ||
| 8 | # summary of how this script can be called: |
8 | # summary of how this script can be called: |
| 9 | # * <postinst> `configure' <most-recently-configured-version> |
9 | # * <postinst> `configure' <most-recently-configured-version> |
| 10 | # * <old-postinst> `abort-upgrade' <new version> |
10 | # * <old-postinst> `abort-upgrade' <new version> |
| 11 | # * <conflictor's-postinst> `abort-remove' `in-favour' <package> |
11 | # * <conflictor's-postinst> `abort-remove' `in-favour' <package> |
| 12 | # <new-version> |
12 | # <new-version> |
| 13 | # * <deconfigured's-postinst> `abort-deconfigure' `in-favour' |
13 | # * <deconfigured's-postinst> `abort-deconfigure' `in-favour' |
| 14 | # <failed-install-package> <version> `removing' |
14 | # <failed-install-package> <version> `removing' |
| 15 | # <conflicting-package> <version> |
15 | # <conflicting-package> <version> |
| 16 | # for details, see http://www.debian.org/doc/debian-policy/ or |
16 | # for details, see http://www.debian.org/doc/debian-policy/ or |
| 17 | # the debian-policy package |
17 | # the debian-policy package |
| 18 | # |
18 | # |
| 19 | # quoting from the policy: |
19 | # quoting from the policy: |
| 20 | # Any necessary prompting should almost always be confined to the |
20 | # Any necessary prompting should almost always be confined to the |
| 21 | # post-installation script, and should be protected with a conditional |
21 | # post-installation script, and should be protected with a conditional |
| 22 | # so that unnecessary prompting doesn't happen if a package's |
22 | # so that unnecessary prompting doesn't happen if a package's |
| 23 | # installation fails and the `postinst' is called with `abort-upgrade', |
23 | # installation fails and the `postinst' is called with `abort-upgrade', |
| 24 | # `abort-remove' or `abort-deconfigure'. |
24 | # `abort-remove' or `abort-deconfigure'. |
| 25 | 25 | ||
| 26 | create_seed_and_key() {
|
26 | create_seed_and_key() {
|
| 27 | RANDOM_SEED="/var/spool/lsh/yarrow-seed-file" |
27 | RANDOM_SEED="/var/spool/lsh/yarrow-seed-file" |
| 28 | HOST_KEY="/etc/lsh_host_key" |
28 | HOST_KEY="/etc/lsh_host_key" |
| 29 | OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key" |
29 | OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key" |
| 30 | 30 | ||
| 31 | if [ ! -f "$RANDOM_SEED" ]; then |
31 | if [ ! -f "$RANDOM_SEED" ]; then |
| 32 | echo -n "Creating lsh random seed file (this may take a while) ..." |
32 | echo -n "Creating lsh random seed file (this may take a while) ..." |
| 33 | DIR=$(dirname "$RANDOM_SEED") |
33 | DIR=$(dirname "$RANDOM_SEED") |
| 34 | if install -d -m 700 "$DIR" && |
34 | if install -d -m 700 "$DIR" && |
| 35 | dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null && |
35 | dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null && |
| 36 | chmod 600 "$RANDOM_SEED"; then |
36 | chmod 600 "$RANDOM_SEED"; then |
| 37 | echo " done." |
37 | echo " done." |
| 38 | else |
38 | else |
| 39 | echo " failed!" |
39 | echo " failed!" |
| 40 | return 1 |
40 | return 1 |
| 41 | fi |
41 | fi |
| 42 | fi |
42 | fi |
| 43 | 43 | ||
| 44 | if [ ! -f "$HOST_KEY" ]; then |
44 | if [ ! -f "$HOST_KEY" ]; then |
| 45 | if [ -r "$OPENSSH_HOST_KEY" ]; then |
45 | if [ -r "$OPENSSH_HOST_KEY" ]; then |
| 46 | echo -n "Converting existing OpenSSH RSA host key ... " |
46 | echo -n "Converting existing OpenSSH RSA host key ... " |
| 47 | if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server && |
47 | if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server && |
| 48 | [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then |
48 | [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then |
| 49 | chmod +r "$HOST_KEY.pub" |
49 | chmod +r "$HOST_KEY.pub" |
| 50 | echo "done." |
50 | echo "done." |
| 51 | return 0 |
51 | return 0 |
| 52 | fi |
52 | fi |
| 53 | rm -f "$HOST_KEY" "$HOST_KEY.pub" |
53 | rm -f "$HOST_KEY" "$HOST_KEY.pub" |
| 54 | echo "failed. Will generate a new key instead." |
54 | echo "failed. Will generate a new key instead." |
| 55 | fi |
55 | fi |
| 56 | echo -n "Creating lsh host key ... " |
56 | echo -n "Creating lsh host key ... " |
| 57 | if lsh-keygen --server | lsh-writekey --server && |
57 | if lsh-keygen --server | lsh-writekey --server && |
| 58 | [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then |
58 | [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then |
| 59 | chmod +r "$HOST_KEY.pub" |
59 | chmod +r "$HOST_KEY.pub" |
| 60 | echo "done." |
60 | echo "done." |
| 61 | else |
61 | else |
| 62 | echo "failed!" |
62 | echo "failed!" |
| 63 | return 1 |
63 | return 1 |
| 64 | fi |
64 | fi |
| 65 | fi |
65 | fi |
| 66 | return 0 |
66 | return 0 |
| 67 | } |
67 | } |
| 68 | 68 | ||
| 69 | LSHD_DEFAULTS=/etc/default/lsh-server |
69 | LSHD_DEFAULTS=/etc/default/lsh-server |
| 70 | 70 | ||
| 71 | case "$1" in |
71 | case "$1" in |
| 72 | configure) |
72 | configure) |
| 73 | 73 | ||
| 74 | # This needs to be fixed. If we do stuff this way, strange things will |
74 | # This needs to be fixed. If we do stuff this way, strange things will |
| 75 | # happen ... the user can specify stuff to debconf and old options can |
75 | # happen ... the user can specify stuff to debconf and old options can |
| 76 | # still be written to the config file :-( |
76 | # still be written to the config file :-( |
| 77 | # First, get default options |
77 | # First, get default options |
| 78 | #[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS" |
78 | #[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS" |
| 79 | 79 | ||
| 80 | # Fall back to default options if necessary |
80 | # Fall back to default options if necessary |
| 81 | LSHD_PORT=${LSHD_PORT:-2222}
|
81 | LSHD_PORT=${LSHD_PORT:-2222}
|
| 82 | ENABLE_SFTP=${ENABLE_SFTP:-false}
|
82 | ENABLE_SFTP=${ENABLE_SFTP:-false}
|
| 83 | 83 | ||
| 84 | # Make sure ENABLE_SFTP is either "true" or "false", set up option |
84 | # Make sure ENABLE_SFTP is either "true" or "false", set up option |
| 85 | case "$ENABLE_SFTP" in |
85 | case "$ENABLE_SFTP" in |
| 86 | true|TRUE|y*|Y*) |
86 | true|TRUE|y*|Y*) |
| 87 | ENABLE_SFTP=true |
87 | ENABLE_SFTP=true |
| 88 | ;; |
88 | ;; |
| 89 | *) |
89 | *) |
| 90 | ENABLE_SFTP=false |
90 | ENABLE_SFTP=false |
| 91 | ;; |
91 | ;; |
| 92 | esac |
92 | esac |
| 93 | 93 | ||
| 94 | . /usr/share/debconf/confmodule |
94 | . /usr/share/debconf/confmodule |
| 95 | 95 | ||
| 96 | db_get "lsh-server/lshd_port"; LSHD_PORT="$RET" |
96 | db_get "lsh-server/lshd_port"; LSHD_PORT="$RET" |
| 97 | db_get "lsh-server/sftp"; ENABLE_SFTP="$RET" |
97 | db_get "lsh-server/sftp"; ENABLE_SFTP="$RET" |
| 98 | db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET" |
98 | db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET" |
| 99 | exec 3>&- |
99 | exec 3>&- |
| 100 | 100 | ||
| 101 | # OK, now make the config file |
101 | # OK, now make the config file |
| 102 | 102 | ||
| 103 | cat <<"EOF" >"$LSHD_DEFAULTS" |
103 | cat <<"EOF" >"$LSHD_DEFAULTS" |
| 104 | # Configuration file generated by lsh-server.postinst. |
104 | # Configuration file generated by lsh-server.postinst. |
| 105 | # You can change the lsh-server configuration either by editing |
105 | # You can change the lsh-server configuration either by editing |
| 106 | # this file, or by running dpkg-reconfigure lsh-server. |
106 | # this file, or by running dpkg-reconfigure lsh-server. |
| 107 | # |
107 | # |
| - | 108 | # If systemd is used, this file is read as an environment file and can |
|
| - | 109 | # only contain environment variable assignments. |
|
| 108 | EOF |
110 | EOF |
| 109 | 111 | ||
| 110 | echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS" |
112 | echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS" |
| 111 | echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS" |
113 | echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS" |
| 112 | echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS" |
114 | echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS" |
| 113 | 115 | ||
| 114 | # Versions before 2.0.1cdbs-4 have a security issue, therefore |
116 | # Versions before 2.0.1cdbs-4 have a security issue, therefore |
| 115 | # have the random seed regenerated. |
117 | # have the random seed regenerated. |
| 116 | if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \ |
118 | if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \ |
| 117 | && dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then |
119 | && dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then |
| 118 | echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a" |
120 | echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a" |
| 119 | echo " version with a known security bug, so we can't trust the seed any more." |
121 | echo " version with a known security bug, so we can't trust the seed any more." |
| 120 | echo " It will be automatically regenerated from /dev/random." |
122 | echo " It will be automatically regenerated from /dev/random." |
| 121 | rm /var/spool/lsh/yarrow-seed-file |
123 | rm /var/spool/lsh/yarrow-seed-file |
| 122 | fi |
124 | fi |
| 123 | 125 | ||
| 124 | # Disable ssh if needed |
126 | # Disable ssh if needed |
| 125 | if [ "$LSHD_PORT" -eq 22 ] ; then |
127 | if [ "$LSHD_PORT" -eq 22 ] ; then |
| 126 | if [ ! -d /etc/ssh ] ; then |
128 | if [ ! -d /etc/ssh ] ; then |
| 127 | mkdir -p /etc/ssh |
129 | mkdir -p /etc/ssh |
| 128 | fi |
130 | fi |
| 129 | 131 | ||
| 130 | file=/etc/ssh/sshd_not_to_be_run |
132 | file=/etc/ssh/sshd_not_to_be_run |
| 131 | if [ ! -f "$file" ] ; then |
133 | if [ ! -f "$file" ] ; then |
| 132 | # stop ssh from starting at bootup |
134 | # stop ssh from starting at bootup |
| 133 | cat <<"EOF" >"$file" |
135 | cat <<"EOF" >"$file" |
| 134 | LSH_SERVER_CONFIG_GENERATED |
136 | LSH_SERVER_CONFIG_GENERATED |
| 135 | # Generated by lsh-server.postinst |
137 | # Generated by lsh-server.postinst |
| 136 | # Please don't remove this file unless you have first disabled lsh, and don't |
138 | # Please don't remove this file unless you have first disabled lsh, and don't |
| 137 | # change the first line ... otherwise lsh-server won't recognise it!!! |
139 | # change the first line ... otherwise lsh-server won't recognise it!!! |
| 138 | EOF |
140 | EOF |
| 139 | 141 | ||
| 140 | if [ -x "/etc/init.d/ssh" ]; then |
142 | if [ -x "/etc/init.d/ssh" ]; then |
| 141 | if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then |
143 | if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then |
| 142 | invoke-rc.d ssh stop || true |
144 | invoke-rc.d ssh stop || true |
| 143 | else |
145 | else |
| 144 | /etc/init.d/ssh stop || true |
146 | /etc/init.d/ssh stop || true |
| 145 | fi |
147 | fi |
| 146 | fi |
148 | fi |
| 147 | fi |
149 | fi |
| 148 | fi |
150 | fi |
| 149 | 151 | ||
| 150 | create_seed_and_key |
152 | create_seed_and_key |
| 151 | ;; |
153 | ;; |
| 152 | 154 | ||
| 153 | abort-upgrade|abort-remove|abort-deconfigure) |
155 | abort-upgrade|abort-remove|abort-deconfigure) |
| 154 | 156 | ||
| 155 | ;; |
157 | ;; |
| 156 | 158 | ||
| 157 | *) |
159 | *) |
| 158 | echo "postinst called with unknown argument \`$1'" >&2 |
160 | echo "postinst called with unknown argument \`$1'" >&2 |
| 159 | exit 1 |
161 | exit 1 |
| 160 | ;; |
162 | ;; |
| 161 | esac |
163 | esac |
| 162 | 164 | ||
| 163 | # dh_installdeb will replace this with shell code automatically |
165 | # dh_installdeb will replace this with shell code automatically |
| 164 | # generated by other debhelper scripts |
166 | # generated by other debhelper scripts |
| 165 | 167 | ||
| 166 | #DEBHELPER# |
168 | #DEBHELPER# |
| 167 | 169 | ||
| 168 | exit 0 |
170 | exit 0 |