Rev 99 | Go to most recent revision | Blame | Compare with Previous | Last modification | View Log | RSS feed
#!/bin/sh
# postinst script for lsh-server
#
# see: dh_installdeb(1)
set -e
# summary of how this script can be called:
# * <postinst> `configure' <most-recently-configured-version>
# * <old-postinst> `abort-upgrade' <new version>
# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
# <new-version>
# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
# <failed-install-package> <version> `removing'
# <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
# Any necessary prompting should almost always be confined to the
# post-installation script, and should be protected with a conditional
# so that unnecessary prompting doesn't happen if a package's
# installation fails and the `postinst' is called with `abort-upgrade',
# `abort-remove' or `abort-deconfigure'.
create_seed_and_key() {
RANDOM_SEED="/var/spool/lsh/yarrow-seed-file"
HOST_KEY="/etc/lsh_host_key"
OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key"
if [ ! -f "$RANDOM_SEED" ]; then
echo -n "Creating lsh random seed file (this may take a while) ..."
DIR=$(dirname "$RANDOM_SEED")
if install -d -m 700 "$DIR" &&
dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null &&
chmod 600 "$RANDOM_SEED"; then
echo " done."
else
echo " failed!"
return 1
fi
fi
if [ ! -f "$HOST_KEY" ]; then
if [ -r "$OPENSSH_HOST_KEY" ]; then
echo -n "Converting existing OpenSSH RSA host key ... "
if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server &&
[ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
chmod +r "$HOST_KEY.pub"
echo "done."
return 0
fi
rm -f "$HOST_KEY" "$HOST_KEY.pub"
echo "failed. Will generate a new key instead."
fi
echo -n "Creating lsh host key ... "
if lsh-keygen --server | lsh-writekey --server &&
[ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
chmod +r "$HOST_KEY.pub"
echo "done."
else
echo "failed!"
return 1
fi
fi
return 0
}
LSHD_DEFAULTS=/etc/default/lsh-server
case "$1" in
configure)
# This needs to be fixed. If we do stuff this way, strange things will
# happen ... the user can specify stuff to debconf and old options can
# still be written to the config file :-(
# First, get default options
#[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS"
# Fall back to default options if necessary
LSHD_PORT=${LSHD_PORT:-2222}
ENABLE_SFTP=${ENABLE_SFTP:-false}
# Make sure ENABLE_SFTP is either "true" or "false", set up option
case "$ENABLE_SFTP" in
true|TRUE|y*|Y*)
ENABLE_SFTP=true
;;
*)
ENABLE_SFTP=false
;;
esac
. /usr/share/debconf/confmodule
db_get "lsh-server/lshd_port"; LSHD_PORT="$RET"
db_get "lsh-server/sftp"; ENABLE_SFTP="$RET"
db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET"
exec 3>&-
# OK, now make the config file
cat <<"EOF" >"$LSHD_DEFAULTS"
# Configuration file generated by lsh-server.postinst.
# You can change the lsh-server configuration either by editing
# this file, or by running dpkg-reconfigure lsh-server.
#
# If systemd is used, this file is read as an environment file and can
# only contain environment variable assignments.
EOF
echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS"
echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS"
echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS"
# Versions before 2.0.1cdbs-4 have a security issue, therefore
# have the random seed regenerated.
if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \
&& dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then
echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a"
echo " version with a known security bug, so we can't trust the seed any more."
echo " It will be automatically regenerated from /dev/random."
rm /var/spool/lsh/yarrow-seed-file
fi
# Disable ssh if needed
if [ "$LSHD_PORT" -eq 22 ] ; then
if [ ! -d /etc/ssh ] ; then
mkdir -p /etc/ssh
fi
file=/etc/ssh/sshd_not_to_be_run
if [ ! -f "$file" ] ; then
# stop ssh from starting at bootup
cat <<"EOF" >"$file"
LSH_SERVER_CONFIG_GENERATED
# Generated by lsh-server.postinst
# Please don't remove this file unless you have first disabled lsh, and don't
# change the first line ... otherwise lsh-server won't recognise it!!!
EOF
if [ -x "/etc/init.d/ssh" ]; then
if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
invoke-rc.d ssh stop || true
else
/etc/init.d/ssh stop || true
fi
fi
fi
fi
create_seed_and_key
;;
abort-upgrade|abort-remove|abort-deconfigure)
;;
*)
echo "postinst called with unknown argument \`$1'" >&2
exit 1
;;
esac
# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts
#DEBHELPER#
exit 0