johnno/positiveinternet-userpackage
Template
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Initial commit.

Browse source
This commit is contained in:
Jonathan Harker 2012-09-28 02:24:04 +01:00
commit 0658661220
25 changed files with 1104 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

12
.gitignore vendored Normal file
View file

@ -0,0 +1,12 @@
.git
build
build-stamp
debian/positiveinternet-userpackage
debian/positiveinternet-userpackage.postinst
debian/positiveinternet-userpackage.postrm
debian/positiveinternet-userpackage.postrm.debhelper
debian/positiveinternet-userpackage.prerm
debian/positiveinternet-userpackage.substvars
debian/files
debian/substvars
ssh-keys/authorized_keys

12
Makefile Normal file
View file

@ -0,0 +1,12 @@
all: build
clean:
fakeroot make -f debian/rules clean
build:
dpkg-buildpackage -rfakeroot -b -tc
debug:
dpkg-buildpackage -rfakeroot -b
.PHONY: build

382
bin/clone-new-sysadmin Executable file
View file

@ -0,0 +1,382 @@
#!/usr/bin/perl -w
#
# Clone a new sysadmin package from this one.
#
use strict;
use Getopt::Long qw(:config permute); # allow mixed args.
use POSIX;
use File::Copy;
use FindBin qw($Bin);
BEGIN{ chdir("$Bin/..") }
# You may need libterm-readline-gnu-perl to be installed
use Term::ReadLine;
my $debug = 0;
my $helpmeplease = 0;
GetOptions ('debug!' => \$debug,
'help' => \$helpmeplease
);
show_usage() if ( $helpmeplease );
my $term = new Term::ReadLine 'clone-new-sysadmin';
if(not exists $INC{'Term/ReadLine/Gnu.pm'}) {
warn "You may wish to use Ctrl-C to interrupt this program and run the\n"
. "following command:\n\n\n"
. " apt-get install libterm-readline-gnu-perl\n\n";
}
my $diffs = `git diff-index HEAD 2>/dev/null`;
if ($? != 0) {
die "You need git-core installed to use this program.\n\n"
. "run:\n\n"
. " apt-get install git-core\n\n";
} elsif ($diffs) {
warn "Your checkout has uncommitted changes. These will be bundled\n"
."into the first commit of your branch.\n";
}
my ( $package_name, $organisation, $new_name, $full_name,
$user_names, $uid, $gid, $gecos, $junk, $email );
# Get the current package name
my @pwent = getpwuid($<);
$user_names = $pwent[0];
$uid = $pwent[2];
$gid = $pwent[3];
$gecos = $pwent[4];
( $full_name, $junk ) = split ",", $gecos ;
# Attempt to avoid UID/GID collisions
$uid = 2500 + int(rand(1500)) if ( $uid <= 1000 );
$gid = $uid if ( $gid <= 1000 );
my @components = split '/', POSIX::getcwd() ;
$package_name = pop @components;
$organisation = $package_name;
$organisation =~ s/-.*$// ;
$organisation = $term->readline( "Enter the name of the Organisation: ", $organisation );
$junk = $full_name;
$full_name = $term->readline( "Enter the full name of the target sysadmin: ", $full_name );
if ( $junk ne $full_name ) {
# Ok, they edited it. Let's try and invent a user name list
my @name_parts = split /\s+/, lc($full_name) ;
my $first = $name_parts[0];
my $last = $name_parts[-1];
my $initials = "";
foreach( @name_parts ) {
$initials .= substr($_, 0,1);
}
$user_names = "$first $first".substr($last,0,1)." $initials ".substr($first,0,1)."$last $first.$last ";
}
$new_name = lc( "$organisation-$full_name" );
$new_name =~ s/\s+\S+.*\s+//;
$new_name =~ s/ //g;
print <<EOT ;
The new name should be of the form "organisation-firstnamelastname"
so that people don't need to be told the name of the package, and
so we can easily see them grouped in the installed packages listing.
EOT
$new_name = $term->readline( "Enter the new name for the target package: ", $new_name );
$user_names = $term->readline( "Preferred usernames (space delimited): ", $user_names );
$uid = $term->readline( "Preferred UID: ", $uid );
$gid = $term->readline( "Preferred GID: ", $gid );
print <<EOT ;
This package can set a shell password (which in turn is used by sudo)
but requires a GPG key to encrypt to. The email address you provide
below will be used to locate a suitable public key in the current
user's keyring. It *can* also be used as the target of an encrypted
email.
The public key you specify here must be available in your default keyring
(specifically of the user executing this script).
Specify "none" to disable password generation and notification.
EOT
my $default_email = $organisation eq 'positiveinternet'
? $user_names . '@positive-internet.com'
: '';
$default_email =~ s{ (?:.* )?}{}; # remove alternate usernames
$email = $term->readline( "Email address to notify/encrypt to: ", $default_email );
$email ||= 'none';
my $suppress_email_notify = '';
if($email ne 'none') {
print <<EOT ;
Do you want an (encrypted) email notification whenever your package is
installed (if you answer 'no', an encrypted notification will still be
saved in your home directory but no email will be generated)?
EOT
my $want_email = $term->readline( "Always send password by email (y/N)? ", 'N');
if($want_email and $want_email =~ /^y/i) {
$suppress_email_notify = 'N';
}
}
printf( "Cloning from %s to %s for %s\n", $package_name, $new_name, $full_name );
print <<EOTXT ;
Attempting usernames: $user_names
Preferred UID/GID: $uid / $gid
EOTXT
my @exclude_files = (
'build',
'.git$',
'faces/',
'ssh-keys/(?!.placeholder)',
'gpg-keys/',
'preferred_fullname',
'preferred_names',
'preferred_uid',
'preferred_gid',
'notification_email',
'suppress_email_notify',
"debian\\/$package_name\\.",
'debian\\/tmp$',
'debian\\/files$',
'.*~',
);
# If we have a 'preferred_uid' file we won't copy skel
if ( -f 'preferred_uid' ) {
push @exclude_files, 'skel/';
}
############################################################
# copy_files
############################################################
my ($url) = map { m{URL: (.*)} ? ($1) : () } `git remote show origin`;
$url =~ s|http://(.*?)/|git+ssh://$1/git/private/|;
chdir '..';
system("git", "clone", "--bare", "-l", $package_name, "$new_name/.git") == 0
or die "git clone failed; rc=$?";
{
local($ENV{GIT_DIR})="$new_name/.git";
my $branch_name = "refs/heads/$new_name";
system("git", "update-ref", $branch_name, "HEAD");
system("git", "symbolic-ref", "HEAD", $branch_name);
system("git", "read-tree", "HEAD");
system("git", "config", "core.bare", 'false');
if ( $url ) {
(system("git", "remote", "add", "origin", $url) == 0)
or warn "upgrade your git to 1.5+\n";
system("git", "config", "remote.origin.fetch",
"+refs/heads/master:refs/heads/origin/master");
system("git", "config", "remote.origin.push",
"+$branch_name:$branch_name");
}
copy_files_carefully( $package_name, $new_name );
chdir $new_name;
}
############################################################
# customise_files
############################################################
my @files = ( 'changelog', 'control', 'README.debian',
'rules', 'templates', 'config',
'sysadmin.postinst', 'sysadmin.postrm',
'.gitignore'
);
foreach my $fn ( @files ) {
print "Customising $fn\n";
rename "debian/$fn", "debian/$fn.cloned";
open( OLD, "<", "debian/$fn.cloned" );
open( NEW, ">", "debian/$fn" );
while( <OLD> ) {
s/positiveinternet-userpackage/$new_name/;
s/$package_name/$new_name/;
s/__FULL_NAME__/$full_name/g;
print NEW $_;
}
close(NEW);
close(OLD);
unlink "debian/$fn.cloned";
}
############################################################
# dig out gpg key to use
############################################################
# For this, we need to run gpg and extract the public key
# then re-import it into a new keyring we put into the
# package. Hackish, but it'll do.
if ($email ne "none") {
system("gpg --export $email > notifyring.gpg");
if(-s 'notifyring.gpg' == 0) {
die "\nError: There is no key matching '$email' in yor GnuPG keyring\n"
. "Package not created.\n";
}
} else {
system("touch notifyring.gpg");
}
############################################################
# write_preferences
############################################################
write_preference( 'preferred_fullname', $full_name );
write_preference( 'preferred_names', $user_names );
write_preference( 'preferred_uid', $uid );
write_preference( 'preferred_gid', $gid );
write_preference( 'notification_email', $email );
write_preference( 'suppress_email_notify', $suppress_email_notify );
# Ensure appropriate things are marked executable
chmod 0755, 'debian/rules';
chmod 0755, 'bin/clone-new-sysadmin';
for my $dir ('ssh-keys', 'gpg-keys', 'skel') {
mkdir $dir unless -d $dir;
}
# check into git
my @rms = map { chomp; $_ }
`git diff-index --name-only --diff-filter=D HEAD`;
system("git", "add", ".");
system("git", "rm", @rms) if @rms;
system("git", "commit", "-m", "Cloned package for $full_name using $0");
############################################################
# We're done...
############################################################
my $newdir = join( '/', @components) . "/$new_name";
print <<EOTXT ;
OK, the new package framework has been created in:
$newdir
What you will need to do now, is to copy any keys into the
ssh-keys subdirectory and any gpg keys into the gpg-keys
subdirectory. After that you can make any other modifications
you would like. For a basic starting point it is probably
sufficient to:
cd $newdir
cp ~/.ssh/id*.pub ssh-keys
fakeroot ./debian/rules binary
To create a new version of the package, use "debchange -i" to
increment the revision number, and comment on what the change
is that is being made.
EOTXT
exit 0;
############################################################
# ONLY SUBROUTINES BELOW HERE
############################################################
############################################################
# customise_files - customises a set of files
# Files/lines to be changed
# debian/changelog
# debian/control
# debian/README.debian
# debian/rules
############################################################
sub write_preference {
my $filename = shift;
my $preference = shift;
open( PREF, ">", $filename );
print PREF $preference;
close(PREF);
}
############################################################
# Copy a tree of files carefully
############################################################
sub copy_files_carefully {
my $source = shift;
my $dest = shift;
return if (!defined($dest) || !defined($source) );
if ( ! -e $dest ) {
mkdir $dest;
}
print "Copying files in $source\n";
opendir( SDIR, $source ) or die("Can't open source directory: $!");
my @files = readdir(SDIR);
closedir( SDIR );
foreach my $fn ( @files ) {
next if ( $fn eq '.' || $fn eq '..' );
next if ( exclude_from_copy("$source/$fn") );
if ( -d "$source/$fn" ) {
# Recurse to copy the subdirectory
copy_files_carefully( "$source/$fn", "$dest/$fn" );
}
else {
print "Copying from $source/$fn to $dest/$fn\n" if ( $debug );
copy( "$source/$fn", "$dest/$fn" );
}
}
}
############################################################
# Decide whether this file should be exluded from the copy
############################################################
sub exclude_from_copy {
my $fn = shift;
foreach( @exclude_files ) {
if ( $fn =~ /^$package_name\/$_/ ) {
print "Excluding $fn\n" if ( $debug );
return 1;
}
}
# No match, so it must be OK then :-)
return 0;
}
############################################################
# Tell the nice user how we do things. Short and sweet.
############################################################
sub show_usage {
print <<OPTHELP;
bin/clone-new-sysadmin
There are no options - all variables are prompted for.
bin/clone-new-sysadmin will clone this package to a new sysadmin
package, prompting for important information and telling you what
to do next. It needs to be run from the base source directory
of an existing package.
OPTHELP
exit 0;
}

6
debian/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
positiveinternet-userpackage
positiveinternet-userpackage.postinst
positiveinternet-userpackage.postrm
positiveinternet-userpackage.postrm.debhelper
positiveinternet-userpackage.prerm
positiveinternet-userpackage.substvars

27
debian/README.debian vendored Normal file
View file

@ -0,0 +1,27 @@
positiveinternet-userpackage for Debian
------------------------------------------
This package installs a user on a GNU/Linux system.
To build your own user package using this one as a base,
change to the top level directory of the source package and
run:
bin/clone-new-sysadmin
This will create a new source installation for the new user.
In this new source, copy your SSH public keys into the
ssh-keys subdirectory and any PGP keys into the gpg-keys
subdirectory. After that you can make any other modifications
in the skel directory (e.g. bashrc).
Once those are there you should be able to run:
make
to create a Debian package.
To create a new version of the package, use "debchange -i" to
increment the revision number, and comment on what the change
is that is being made.
Andrew McMillan <andrew@catalyst.net.nz>, Sun, 4 Apr 2004 22:02:51 +1200

4
debian/catalyst-jonathanharker.debhelper.log vendored Normal file
View file

@ -0,0 +1,4 @@
dh_installdebconf
dh_installdeb
dh_installdebconf
dh_installdeb

6
debian/catalyst-jonathanharker.postrm.debhelper vendored Normal file
View file

@ -0,0 +1,6 @@
# Automatically added by dh_installdebconf
if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_purge
fi
# End automatically added section

1
debian/catalyst-jonathanharker.substvars vendored Normal file
View file

@ -0,0 +1 @@
misc:Depends=debconf (>= 0.5) | debconf-2.0

13
debian/changelog vendored Normal file
View file

@ -0,0 +1,13 @@
positiveinternet-userpackage (0.31) unstable; urgency=low
* Rewrite for Positive Internet.
-- Jonathan Harker <jon@jon.geek.nz> Thu, 27 Sep 2012 12:30:32 +1200
positiveinternet-userpackage (0.1) unstable; urgency=low
* Initial release.
* A package to hold my details for easy installation/removal as a new user
on a system we should be administering.
-- Andrew McMillan <andrew@catalyst.net.nz> Wed, 3 Mar 2004 10:26:11 +1300

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
4

22
debian/config vendored Normal file
View file

@ -0,0 +1,22 @@
#!/bin/sh -e
# Source debconf library.
. /usr/share/debconf/confmodule
# Decide how important it is for the user to see this message
PRIORITY=high
# File existence is a sufficient check since this runs before unpacking
[ -f /etc/sysadmins/positiveinternet-userpackage/installed_username ] && PRIORITY=low
# Quiz them about whether to take over an existing user
db_input $PRIORITY positiveinternet-userpackage/use_existing_username || true
db_go
# Should we overwrite local files, with our funky new versions?
db_input $PRIORITY positiveinternet-userpackage/overwrite_local_files || true
db_go
# When we leave, should we close the door?
db_input $PRIORITY positiveinternet-userpackage/remove_on_purge || true
db_go

22
debian/control vendored Normal file
View file

@ -0,0 +1,22 @@
Source: positiveinternet-userpackage
Section: positive
Priority: extra
Maintainer: Jonathan Harker <jon@jon.geek.nz>
Standards-Version: 3.5.9
Build-Depends: debhelper
Package: positiveinternet-userpackage
Architecture: all
Depends: debconf (>= 1.0.32), perl, nvi | vim, bash, mailx, gnupg, pwgen
Description: Positive Internet User - __FULL_NAME__
This package installs user accounts and other stuff appropriate for a
computer which is to be maintained by Positive Internet.
.
General activities performed:
- Create account (if required) using preferred UID/GID (if possible),
- Customises home directory with package things (if default),
- Adds ssh keys into authorized_keys and ensures good permissions, and
- Emails the generated password, but only if a PGP key is supplied.
.
On removal of the package all directory contents will be tar.gz into /home
prior to removal of the directories.

5
debian/copyright vendored Normal file
View file

@ -0,0 +1,5 @@
This user was started by Andrew McMillan andrew@catalyst.net.nz on
Tue, 23 Sep 2003 20:49:07 +1200.
Portions Copyright: GNU Public License version 2, or later.

6
debian/postrm.debhelper vendored Normal file
View file

@ -0,0 +1,6 @@
# Automatically added by dh_installdebconf
if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_purge
fi
# End automatically added section

65
debian/rules vendored Executable file
View file

@ -0,0 +1,65 @@
#!/usr/bin/make -f
# Made with the aid of debmake, by Christoph Lameter,
# based on the sample debian/rules file for GNU hello by Ian Jackson.
package=positiveinternet-userpackage
dt=debian/$(package)
build: debian/sysadmin.postinst debian/sysadmin.prerm debian/sysadmin.postrm debian/rules ssh-keys/authorized_keys
$(checkdir)
sed -e"s/::package::/$(package)/g" <debian/sysadmin.postinst >debian/$(package).postinst
sed -e"s/::package::/$(package)/g" <debian/sysadmin.prerm >debian/$(package).prerm
sed -e"s/::package::/$(package)/g" <debian/sysadmin.postrm >debian/$(package).postrm
touch build
clean:
$(checkdir)
rm -f build
rm -f `find . -name "*~"`
-rm -rf $(dt) debian/files* core debian/substvars
-rm -f ssh-keys/authorized_keys debian/$(package).postinst
-rm -f debian/$(package).prerm
-rm -f debian/$(package).postrm
binary-indep: checkroot build
$(checkdir)
rm -rf $(dt)
dh_clean -k
dh_installdebconf
install -d $(dt) $(dt)/DEBIAN \
$(dt)/etc $(dt)/etc/sysadmins \
$(dt)/etc/sysadmins/$(package) \
$(dt)/etc/sysadmins/$(package)/gpg
install -m 444 preferred_* $(dt)/etc/sysadmins/$(package)
install -m 444 notification_email $(dt)/etc/sysadmins/$(package)
install -m 444 suppress_email_notify $(dt)/etc/sysadmins/$(package)
install -m 444 notifyring.gpg $(dt)/etc/sysadmins/$(package)/gpg
cp -a skel $(dt)/etc/sysadmins/$(package)/skel
install -D -m 444 ssh-keys/authorized_keys $(dt)/etc/sysadmins/$(package)/skel/.ssh/authorized_keys
find $(dt) -type d -name CVS | xargs -r rm -rf
dh_installdeb
perl -ni~ -le 'print unless m{/skel/|notif} or $$seen{$$_}++' $(dt)/DEBIAN/conffiles
dpkg-gencontrol -P$(dt)
chown -R root.root $(dt)
dpkg --build $(dt) ..
binary-arch: checkroot build
$(checkdir)
# There are no architecture-dependent files to be uploaded
# generated by this package. If there were any they would be
# made here.
define checkdir
test -f debian/rules
endef
binary: binary-indep binary-arch
ssh-keys/authorized_keys:
cat ssh-keys/*.pub >ssh-keys/authorized_keys
checkroot:
$(checkdir)
test root = "`whoami`"
.PHONY: binary binary-arch binary-indep clean checkroot

261
debian/sysadmin.postinst vendored Normal file
View file

@ -0,0 +1,261 @@
#!/bin/sh
set -e
if [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_version 2.0
fi
[ -n "${DEBUG}" ] && set -o xtrace
PACKAGE=::package::
[ -n "${DEBUG}" ] && echo "PostInst Parameters: $@"
###################################################################
# Subvert an existing user, in case we are installing somewhere we
# already exist
###################################################################
subvert_existing_user() {
USERNAME="$1"
db_get ${PACKAGE}/use_existing_username
if [ "$RET" = "false" ] ; then
return 1
fi
echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
echo "$USERID" >/etc/sysadmins/${PACKAGE}/installed_userid
echo "$USERGID" >/etc/sysadmins/${PACKAGE}/installed_usergid
echo "Subverted existing user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
return 0
}
###################################################################
# Make a new user, first time up
###################################################################
make_new_user() {
PREFUID="`cat /etc/sysadmins/${PACKAGE}/preferred_uid`" || true
PREFGID="`cat /etc/sysadmins/${PACKAGE}/preferred_gid`" || true
USERFULLNAME="`cat /etc/sysadmins/${PACKAGE}/preferred_fullname`" || true
[ "${USERFULLNAME}" = "" ] && USERFULLNAME="${USERNAME}"
if [ "$PREFUID" != "" ] ; then
getent passwd $PREFUID || USERID=${PREFUID}
fi
if [ "$PREFGID" != "" ] ; then
getent group $PREFGID || USERGID=${PREFGID}
fi
HOMEDIR="/home/${USERNAME}"
ADDUSER="/usr/sbin/adduser --disabled-password --no-create-home --quiet --force-badname --shell /bin/bash"
[ "${USERID}" != "" ] && ADDUSER="${ADDUSER} --uid ${USERID}"
if [ "${USERGID}" != "" ] ; then
ADDUSER="${ADDUSER} --gid ${USERGID}"
groupadd -g ${USERGID} ${USERNAME} || true
fi
${ADDUSER} --home "${HOMEDIR}" --gecos "${USERFULLNAME}" ${USERNAME}
USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
if [ ! -e "${HOMEDIR}" ] ; then
cp -a /etc/sysadmins/${PACKAGE}/skel ${HOMEDIR}
chown -R ${USERID}:${USERGID} ${HOMEDIR}
# Make sure the user home and .ssh directories aren't globally writable
chmod og-w ${HOMEDIR} ${HOMEDIR}/.ssh
fi
echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
echo "${USERID}" >/etc/sysadmins/${PACKAGE}/installed_userid
echo "${USERGID}" >/etc/sysadmins/${PACKAGE}/installed_usergid
echo "Added user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
}
###################################################################
# Generate a password (if needed) and notify
###################################################################
generate_and_notify() {
NOTIFYADDR=`head /etc/sysadmins/${PACKAGE}/notification_email`
# if we're on woody, use --always-trust instead of --trust-model
DEBVERSION=`head /etc/debian_version`
if [ "${DEBVERSION}" = "3.0" ]; then
TRUSTOPT="--always-trust"
else
TRUSTOPT="--trust-model always"
fi
# Make sure that the gpg directory is secure
chmod 700 /etc/sysadmins/${PACKAGE}/gpg
# work out if we need it.
if [ "${NOTIFYADDR}" != "none" ]; then
GNUPG="/usr/bin/gpg --homedir /etc/sysadmins/${PACKAGE}/gpg --no-default-keyring --keyring /etc/sysadmins/${PACKAGE}/gpg/notifyring.gpg ${TRUSTOPT} --encrypt -r ${NOTIFYADDR} --armor"
EXISTINGHASH=`getent shadow $USERNAME | cut -f2 -d":"`
if [ "$EXISTINGHASH" = "*" ] ; then
# okay, we're all good, generate and store.
NEWPASS="`pwgen -N 1`" || true
DESC=`perl -MSocket -MSys::Hostname=hostname -le 'alarm 2; @x=gethostbyname hostname;print " (".inet_ntoa(scalar $x[4])."/".$x[0].")"' 2>/dev/null || true`
MESSAGE="This message was placed here by ${PACKAGE}
Your shell password for $USERNAME@`uname -n`$DESC
was set as follows:
${NEWPASS}
"
echo "${MESSAGE}" | ${GNUPG} > /home/${USERNAME}/password.txt.gpg
echo ${USERNAME}:${NEWPASS} | chpasswd
PASSMESS="Your shell password is: ${NEWPASS}"
echo "Set new password for ${USERNAME}."
else
if [ "$NEWINSTALL" = "Yes" ]; then
PASSMESS="Existing shell password was kept."
echo "Existing password kept for ${USERNAME}."
else
PASSMESS=""
fi
fi
SUPPRESSNOTIFY=`head /etc/sysadmins/${PACKAGE}/suppress_email_notify 2>/dev/null`
if [ "x$SUPPRESSNOTIFY" = "xY" ] ; then
PASSMESS=""
fi
if [ -f /etc/sysadmins/suppress_email_notify ] ; then
GLOBALSUPPRESSNOTIFY=`head /etc/sysadmins/suppress_email_notify 2>/dev/null`
if [ "x$GLOBALSUPPRESSNOTIFY" = "xY" ] ; then
PASSMESS=""
fi
fi
if [ "$PASSMESS" != "" ] ; then
# we want to send email, so build an email.
MESSAGEIP=`/sbin/ip addr | /bin/grep inet | /bin/grep eth | /usr/bin/awk '{print $2}'`
MESSAGE="Hi there!
This is the postinst script for ${PACKAGE} running
on `/bin/hostname -f`.
Your package was installed or upgraded on this machine.
This host runs `/bin/cat /etc/issue.net` and has the following IP addresses:
$MESSAGEIP
$PASSMESS
Thanks!
"
echo "${MESSAGE}" | ${GNUPG} | mail -s "New account on `hostname`" ${NOTIFYADDR}
echo "Notified ${NOTIFYADDR} of new account."
fi
else
echo "Not setting new password"
fi
}
###################################################################
# Update the user's local home directory files from the template
###################################################################
update_if_desired() {
HOMEDIR="/home/${USERNAME}"
MODFILES=""
WD="`pwd`"
SKELDIR=/etc/sysadmins/${PACKAGE}/skel
cd "${SKELDIR}"
# Remove any cruft left around by choosing to use new versions of files
find "${SKELDIR}" -name '*.dpkg-old' -o -name '.*.dpkg-old' | xargs -r rm
for F in `find . -type f ` ; do
if [ -f ${HOMEDIR}/$F ]; then
EXISTING="`md5sum ${HOMEDIR}/$F | cut -f1 -d' '`"
REVISION="`md5sum $F | cut -f1 -d' '`"
[ "${REVISION}" != "${EXISTING}" ] && MODFILES="${MODFILES} ${F}"
else
MODFILES="${MODFILES} ${F}"
fi
done
cd "${WD}"
if [ "${MODFILES}" = "" ] ; then
echo "No changes needed to existing home directory"
else
db_get ${PACKAGE}/overwrite_local_files
if [ "$RET" = "false" ] ; then
echo "Package files differ but I am not updating them - copy manually if desired"
else
echo "Updating local files from package versions"
for F in ${MODFILES} ; do
# If we are installing on a machine with NFS mounted /home
# then things _will_ fail but we just sail on anyway...
FILEDIR="`dirname \"${HOMEDIR}/${F}\"`"
if [ ! -d "${FILEDIR}" ] ; then
mkdir -p "${FILEDIR}" || continue
fi
cp -b "${SKELDIR}/${F}" "${HOMEDIR}/${F}" || continue
chown ${USERID}:${USERGID} "${HOMEDIR}/${F}" || continue
chmod og-w "${HOMEDIR}/${F}" || continue
# If this is an authorized keys file then we append a local
# keys to the authorized_keys file, if present.
if [ "${F}" = "./.ssh/authorized_keys" -a -f ${HOMEDIR}/.ssh/local_authorized_keys ]; then
echo "Appending local keys to packaged authorized_keys"
cat ${HOMEDIR}/.ssh/local_authorized_keys >> ${HOMEDIR}/${F}
fi
done
# And also be a bit anal in general to allow a re-install
# to fix SSH permissions
chmod og-w "${HOMEDIR}"
chmod og-w "${HOMEDIR}/.ssh"
fi
fi
}
###################################################################
# Have they been installed already, or not?
###################################################################
NEWINSTALL="No"
if [ -f /etc/sysadmins/${PACKAGE}/installed_username ] ; then
USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username`"
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`"
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`"
update_if_desired
else
USERNAMES="`cat /etc/sysadmins/${PACKAGE}/preferred_names`"
for N in ${USERNAMES} ; do
ENTRY="`getent passwd ${N} | cut -f1 -d: `" || true
if [ "x${ENTRY}" = "x" ] ; then
USERNAME="${N}"
make_new_user
break
else
if subvert_existing_user "${ENTRY}" ; then
update_if_desired
break
fi
fi
done
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`"
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`"
# So we notify them, regardless of whether the password is set or not.
NEWINSTALL="Yes"
fi
# Generate the password and email
generate_and_notify
case $1 in
configure)
# We need to reset the ownership / permissions if they
# have previously been installed and then removed...
if [ "`ls -ld /home/${USERNAME} | tr -s ' ' | cut -f3 -d' '`" = "root" ] ; then
passwd -u "${USERNAME}" || true
chown ${USERID}:${USERGID} /home/${USERNAME} || true
chmod 750 /home/${USERNAME} || true
fi
;;
esac
#DEBHELPER#

34
debian/sysadmin.postrm vendored Normal file
View file

@ -0,0 +1,34 @@
#!/bin/sh
set -e
if [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_version 2.0
fi
[ -n "${DEBUG}" ] && set -o xtrace
PACKAGE=::package::
USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true
[ -n "${DEBUG}" ] && echo "PostRM Parameters: $@"
[ "${USERNAME}" = "" ] && exit 0
case $1 in
purge)
db_get positiveinternet-userpackage/remove_on_purge
if [ "$RET" = "true" ] ; then
if [ -d /home/${USERNAME} ] ; then
rm -rf /home/${USERNAME} || true
fi
fi
userdel "${USERNAME}" || true
rm -f /etc/sysadmins/${PACKAGE}/installed_* || true
;;
esac
#DEBHELPER#

26
debian/sysadmin.prerm vendored Normal file
View file

@ -0,0 +1,26 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
[ -n "${DEBUG}" ] && set -o xtrace
PACKAGE=::package::
USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true
[ -n "${DEBUG}" ] && echo "PreRM Parameters: $@"
case $1 in
remove)
if [ "${USERNAME}" != "" ] ; then
passwd -l "${USERNAME}" || true
chown root:root /home/${USERNAME} || true
chmod 700 /home/${USERNAME} || true
fi
;;
esac
#DEBHELPER#

27
debian/templates vendored Normal file
View file

@ -0,0 +1,27 @@
Template: positiveinternet-userpackage/use_existing_username
Type: boolean
Default: true
Description: Use existing user account
If an account exists for one of the users in your use list, this
package can install itself to manage that account, allowing you
to upgrade (e.g.) keys, in place, at some point in the future.
Template: positiveinternet-userpackage/overwrite_local_files
Type: boolean
Default: true
Description: Overwrite local files from package
Some files are delivered with this package (.vimrc, .bashrc, ...)
and may be overwritten by updates to the package.
.
Select "No" if you don't want that to happen.
Template: positiveinternet-userpackage/remove_on_purge
Type: boolean
Default: true
Description: Remove account on purge
When this packages is de-installed, the account will be locked
with the files only accessible to "root".
.
Normally the account is completely destroyed when the package
is purged, but you can disable that by selecting "No" here.

15
skel/.bash_logout Normal file
View file

@ -0,0 +1,15 @@
# ~/.bash_logout: executed by bash(1) when login shell exits.
# Set title bar to something sensible.
case $TERM in
*xterm*)
echo -e "\033]0;xterm\007"
;;
esac
# when leaving the console clear the screen to increase privacy
case "`tty`" in
/dev/tty[0-9]) clear
esac

46
skel/.bash_profile Normal file
View file

@ -0,0 +1,46 @@
# ~/.bash_profile: executed by bash(1) for login shells.
#
# Positive Internet User Package version - note that you
# shouldn't customise this, since it will get overwritten
# with a new version from your package. If you want local
# actions on this machine put them into ~/.bash_profile_local
# which is sourced at the end, if it is present.
#
DEBVERSION="`cat /etc/debian_version`"
UTFVERSION="3.1"
versions() {
cat /etc/debian_version
echo ${UTFVERSION}
}
if [ "`versions | sort | head -n 1`" = "${UTFVERSION}" ] ; then
if locale -a | grep -q -i '^en_NZ\.UTF-*8$' ; then
LC_COLLATE=POSIX
export LC_COLLATE
LC_CTYPE=POSIX
export LC_CTYPE
LANG=en_NZ.UTF-8
export LANG
else
echo "Warning: locale 'en_NZ.UTF-8' is not available on this host" >&2
fi
fi
# set PATH so it includes user's private bin if it exists
if [ -d ~/bin ] ; then
PATH=~/bin:"${PATH}"
fi
# include .bash_profile_local if it exists
if [ -f ~/.bash_profile_local ]; then
. ~/.bash_profile_local
fi
# include .bashrc if it exists
if [ -f ~/.bashrc ]; then
. ~/.bashrc
fi

66
skel/.bashrc Normal file
View file

@ -0,0 +1,66 @@
# ~/.bashrc: executed by bash(1) for non-login shells.
#
# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
# for examples
#
# Positive Internet User Package version - note that you
# shouldn't customise this, since it will get overwritten
# with a new version from your package. If you want local
# actions on this machine put them into ~/.bashrc_local
# which is sourced at the end, if it is present.
#
# If running interactively, then:
if [ "$PS1" ]; then
# don't put duplicate lines in the history. See bash(1) for more options
export HISTCONTROL=ignoredups
# check the window size after each command and, if necessary,
# update the values of LINES and COLUMNS.
#shopt -s checkwinsize
# enable color support of ls and also add handy aliases
if [ "$TERM" != "dumb" ]; then
eval `dircolors -b`
alias ls='ls --color=auto'
#alias dir='ls --color=auto --format=vertical'
#alias vdir='ls --color=auto --format=long'
fi
# some more ls aliases
#alias ll='ls -l'
#alias la='ls -A'
#alias l='ls -CF'
# set a fancy prompt
PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
# If this is an xterm set the title to user@host:dir
case $TERM in
xterm*)
PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"'
;;
*)
;;
esac
# enable programmable completion features (you don't need to enable
# this, if it's already enabled in /etc/bash.bashrc).
#if [ -f /etc/bash_completion ]; then
# . /etc/bash_completion
#fi
# Set a colourful prompt on production machines
if [ "$ROLE" == "production" ]; then
PS1="\[\e[31;1m\]$PS1\[\e[0m\]"
fi
fi
# include .bashrc_local if it exists
if [ -f ~/.bashrc_local ]; then
. ~/.bashrc_local
fi

34
skel/.inputrc Normal file
View file

@ -0,0 +1,34 @@
# Be 8 bit clean.
set input-meta on
set output-meta on
# Allow 8-bit characters to be input because we like that
set convert-meta off
# We're only modifying the emacs mode
$if mode=emacs
"\e[1~": beginning-of-line
"\e[4~": end-of-line
# allow the use of the Delete/Insert keys
"\e[3~": delete-char
"\e[2~": quoted-insert
# alternate mappings for "page up" and "page down" to search the history
"\e[5~": history-search-backward
"\e[6~": history-search-forward
# # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
"\e[5C": forward-word
"\e[5D": backward-word
# uxterm and xterm mappings for Ctrl-left-arrow and Ctrl-right-arrow
"\e[1;5C": forward-word
"\e[1;5D": backward-word
# allow the use of the Home/End keys
"\eOH": beginning-of-line
"\eOF": end-of-line
$endif

11
skel/.vimrc Normal file
View file

@ -0,0 +1,11 @@
:set nocompatible
:set ts=2
:set sw=2
:set sta
:set sts=2
:set sr
:set et
:set si
:set gfn=Arial\ Monospaced\ 9
:set lsp=1
:set ghr=160

0
ssh-keys/.placeholder Normal file
View file