File: lsh-server.postinst

package info (click to toggle)
lsh-utils 2.1-12
  • links: PTS
  • area: main
  • in suites: bullseye, buster, sid
  • size: 12,884 kB
  • sloc: ansic: 51,017; sh: 5,683; lisp: 657; makefile: 381; perl: 63
file content (166 lines) | stat: -rw-r--r-- 4,843 bytes parent folder | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
#!/bin/sh
# postinst script for lsh-server
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

create_seed_and_key() {
    RANDOM_SEED="/var/spool/lsh/yarrow-seed-file"
    HOST_KEY="/etc/lsh_host_key"
    OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key"

    if [ ! -f "$RANDOM_SEED" ]; then
	echo -n "Creating lsh random seed file (this may take a while) ..."
	DIR=$(dirname "$RANDOM_SEED")
	if install -d -m 700 "$DIR" &&
	    dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null &&
	    chmod 600 "$RANDOM_SEED"; then
	    echo " done."
	else
	    echo " failed!"
	    return 1
	fi
    fi

    if [ ! -f "$HOST_KEY" ]; then
	if [ -r "$OPENSSH_HOST_KEY" ]; then
	    echo -n "Converting existing OpenSSH RSA host key ... "
	    if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server &&
		[ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
		chmod +r "$HOST_KEY.pub"
		echo "done."
		return 0
	    fi
	    rm -f "$HOST_KEY" "$HOST_KEY.pub"
	    echo "failed. Will generate a new key instead."
	fi
	echo -n "Creating lsh host key ... "
	if lsh-keygen --server | lsh-writekey --server &&
	    [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
	    chmod +r "$HOST_KEY.pub"
	    echo "done."
	else
	    echo "failed!"
	    return 1
	fi
    fi
    return 0
}

LSHD_DEFAULTS=/etc/default/lsh-server

case "$1" in
    configure)

	# This needs to be fixed. If we do stuff this way, strange things will
	# happen ... the user can specify stuff to debconf and old options can
	# still be written to the config file :-(
	# First, get default options
	#[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS"

	# Fall back to default options if necessary
	LSHD_PORT=${LSHD_PORT:-2222}
	ENABLE_SFTP=${ENABLE_SFTP:-false}

	# Make sure ENABLE_SFTP is either "true" or "false", set up option
	case "$ENABLE_SFTP" in
	    true|TRUE|y*|Y*)
		ENABLE_SFTP=true
		;;
	    *)
		ENABLE_SFTP=false
		;;
	esac
	
	. /usr/share/debconf/confmodule
   
	db_get "lsh-server/lshd_port"; LSHD_PORT="$RET"
	db_get "lsh-server/sftp"; ENABLE_SFTP="$RET"
	db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET"
	exec 3>&-

	# OK, now make the config file

	cat <<"EOF" >"$LSHD_DEFAULTS"
# Configuration file generated by lsh-server.postinst.
# You can change the lsh-server configuration either by editing
# this file, or by running dpkg-reconfigure lsh-server.
#
# If systemd is used, this file is read as an environment file and can
# only contain environment variable assignments.
EOF

	echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS"
	echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS"
	echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS"

	# Versions before 2.0.1cdbs-4 have a security issue, therefore
	# have the random seed regenerated.
	if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \
		&& dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then
		echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a"
		echo " version with a known security bug, so we can't trust the seed any more."
		echo " It will be automatically regenerated from /dev/random."
		rm /var/spool/lsh/yarrow-seed-file
	fi

	# Disable ssh if needed
	if [ "$LSHD_PORT" -eq 22 ] ; then
	    if [ ! -d /etc/ssh ] ; then
		mkdir -p /etc/ssh
	    fi

	    file=/etc/ssh/sshd_not_to_be_run
	    if [ ! -f "$file" ] ; then
# stop ssh from starting at bootup
		cat  <<"EOF" >"$file"
LSH_SERVER_CONFIG_GENERATED
# Generated by lsh-server.postinst
# Please don't remove this file unless you have first disabled lsh, and don't
# change the first line ... otherwise lsh-server won't recognise it!!!
EOF

		if [ -x "/etc/init.d/ssh" ]; then
		    invoke-rc.d ssh stop || true
		fi
	    fi
	fi

	create_seed_and_key
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)

    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts

#DEBHELPER#

exit 0