Rev 120 | Blame | Compare with Previous | Last modification | View Log | RSS feed
#!/bin/sh# postinst script for lsh-server## see: dh_installdeb(1)set -e# summary of how this script can be called:# * <postinst> `configure' <most-recently-configured-version># * <old-postinst> `abort-upgrade' <new version># * <conflictor's-postinst> `abort-remove' `in-favour' <package># <new-version># * <deconfigured's-postinst> `abort-deconfigure' `in-favour'# <failed-install-package> <version> `removing'# <conflicting-package> <version># for details, see http://www.debian.org/doc/debian-policy/ or# the debian-policy package## quoting from the policy:# Any necessary prompting should almost always be confined to the# post-installation script, and should be protected with a conditional# so that unnecessary prompting doesn't happen if a package's# installation fails and the `postinst' is called with `abort-upgrade',# `abort-remove' or `abort-deconfigure'.create_seed_and_key() {RANDOM_SEED="/var/spool/lsh/yarrow-seed-file"HOST_KEY="/etc/lsh_host_key"OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key"if [ ! -f "$RANDOM_SEED" ]; thenecho -n "Creating lsh random seed file (this may take a while) ..."DIR=$(dirname "$RANDOM_SEED")if install -d -m 700 "$DIR" &&dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null &&chmod 600 "$RANDOM_SEED"; thenecho " done."elseecho " failed!"return 1fifiif [ ! -f "$HOST_KEY" ]; thenif [ -r "$OPENSSH_HOST_KEY" ]; thenecho -n "Converting existing OpenSSH RSA host key ... "if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server &&[ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; thenchmod +r "$HOST_KEY.pub"echo "done."return 0firm -f "$HOST_KEY" "$HOST_KEY.pub"echo "failed. Will generate a new key instead."fiecho -n "Creating lsh host key ... "if lsh-keygen --server | lsh-writekey --server &&[ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; thenchmod +r "$HOST_KEY.pub"echo "done."elseecho "failed!"return 1fifireturn 0}LSHD_DEFAULTS=/etc/default/lsh-servercase "$1" inconfigure)# This needs to be fixed. If we do stuff this way, strange things will# happen ... the user can specify stuff to debconf and old options can# still be written to the config file :-(# First, get default options#[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS"# Fall back to default options if necessaryLSHD_PORT=${LSHD_PORT:-2222}ENABLE_SFTP=${ENABLE_SFTP:-false}# Make sure ENABLE_SFTP is either "true" or "false", set up optioncase "$ENABLE_SFTP" intrue|TRUE|y*|Y*)ENABLE_SFTP=true;;*)ENABLE_SFTP=false;;esac. /usr/share/debconf/confmoduledb_get "lsh-server/lshd_port"; LSHD_PORT="$RET"db_get "lsh-server/sftp"; ENABLE_SFTP="$RET"db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET"exec 3>&-# OK, now make the config filecat <<"EOF" >"$LSHD_DEFAULTS"# Configuration file generated by lsh-server.postinst.# You can change the lsh-server configuration either by editing# this file, or by running dpkg-reconfigure lsh-server.## If systemd is used, this file is read as an environment file and can# only contain environment variable assignments.EOFecho "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS"echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS"echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS"# Versions before 2.0.1cdbs-4 have a security issue, therefore# have the random seed regenerated.if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \&& dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; thenecho " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a"echo " version with a known security bug, so we can't trust the seed any more."echo " It will be automatically regenerated from /dev/random."rm /var/spool/lsh/yarrow-seed-filefi# Disable ssh if neededif [ "$LSHD_PORT" -eq 22 ] ; thenif [ ! -d /etc/ssh ] ; thenmkdir -p /etc/sshfifile=/etc/ssh/sshd_not_to_be_runif [ ! -f "$file" ] ; then# stop ssh from starting at bootupcat <<"EOF" >"$file"LSH_SERVER_CONFIG_GENERATED# Generated by lsh-server.postinst# Please don't remove this file unless you have first disabled lsh, and don't# change the first line ... otherwise lsh-server won't recognise it!!!EOFif [ -x "/etc/init.d/ssh" ]; theninvoke-rc.d ssh stop || truefifificreate_seed_and_key;;abort-upgrade|abort-remove|abort-deconfigure);;*)echo "postinst called with unknown argument \`$1'" >&2exit 1;;esac# dh_installdeb will replace this with shell code automatically# generated by other debhelper scripts#DEBHELPER#exit 0