Subversion Repositories

?revision_form?Rev ?revision_input??revision_submit??revision_endform?

Rev 99 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed

#!/bin/sh
# postinst script for lsh-server
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

create_seed_and_key() {
    RANDOM_SEED="/var/spool/lsh/yarrow-seed-file"
    HOST_KEY="/etc/lsh_host_key"
    OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key"

    if [ ! -f "$RANDOM_SEED" ]; then
        echo -n "Creating lsh random seed file (this may take a while) ..."
        DIR=$(dirname "$RANDOM_SEED")
        if install -d -m 700 "$DIR" &&
            dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null &&
            chmod 600 "$RANDOM_SEED"; then
            echo " done."
        else
            echo " failed!"
            return 1
        fi
    fi

    if [ ! -f "$HOST_KEY" ]; then
        if [ -r "$OPENSSH_HOST_KEY" ]; then
            echo -n "Converting existing OpenSSH RSA host key ... "
            if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server &&
                [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
                chmod +r "$HOST_KEY.pub"
                echo "done."
                return 0
            fi
            rm -f "$HOST_KEY" "$HOST_KEY.pub"
            echo "failed. Will generate a new key instead."
        fi
        echo -n "Creating lsh host key ... "
        if lsh-keygen --server | lsh-writekey --server &&
            [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
            chmod +r "$HOST_KEY.pub"
            echo "done."
        else
            echo "failed!"
            return 1
        fi
    fi
    return 0
}

LSHD_DEFAULTS=/etc/default/lsh-server

case "$1" in
    configure)

        # This needs to be fixed. If we do stuff this way, strange things will
        # happen ... the user can specify stuff to debconf and old options can
        # still be written to the config file :-(
        # First, get default options
        #[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS"

        # Fall back to default options if necessary
        LSHD_PORT=${LSHD_PORT:-2222}
        ENABLE_SFTP=${ENABLE_SFTP:-false}

        # Make sure ENABLE_SFTP is either "true" or "false", set up option
        case "$ENABLE_SFTP" in
            true|TRUE|y*|Y*)
                ENABLE_SFTP=true
                ;;
            *)
                ENABLE_SFTP=false
                ;;
        esac
        
        . /usr/share/debconf/confmodule
   
        db_get "lsh-server/lshd_port"; LSHD_PORT="$RET"
        db_get "lsh-server/sftp"; ENABLE_SFTP="$RET"
        db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET"
        exec 3>&-

        # OK, now make the config file

        cat <<"EOF" >"$LSHD_DEFAULTS"
# Configuration file generated by lsh-server.postinst.
# You can change the lsh-server configuration either by editing
# this file, or by running dpkg-reconfigure lsh-server.
#
# If systemd is used, this file is read as an environment file and can
# only contain environment variable assignments.
EOF

        echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS"
        echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS"
        echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS"

        # Versions before 2.0.1cdbs-4 have a security issue, therefore
        # have the random seed regenerated.
        if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \
                && dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then
                echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a"
                echo " version with a known security bug, so we can't trust the seed any more."
                echo " It will be automatically regenerated from /dev/random."
                rm /var/spool/lsh/yarrow-seed-file
        fi

        # Disable ssh if needed
        if [ "$LSHD_PORT" -eq 22 ] ; then
            if [ ! -d /etc/ssh ] ; then
                mkdir -p /etc/ssh
            fi

            file=/etc/ssh/sshd_not_to_be_run
            if [ ! -f "$file" ] ; then
# stop ssh from starting at bootup
                cat  <<"EOF" >"$file"
LSH_SERVER_CONFIG_GENERATED
# Generated by lsh-server.postinst
# Please don't remove this file unless you have first disabled lsh, and don't
# change the first line ... otherwise lsh-server won't recognise it!!!
EOF

                if [ -x "/etc/init.d/ssh" ]; then
                    if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
                        invoke-rc.d ssh stop || true
                    else
                        /etc/init.d/ssh stop || true
                    fi
                fi
            fi
        fi

        create_seed_and_key
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)

    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts

#DEBHELPER#

exit 0