From 0658661220657802805f8b5d576bd2ad91f72320 Mon Sep 17 00:00:00 2001 From: Jonathan Harker Date: Fri, 28 Sep 2012 02:24:04 +0100 Subject: [PATCH] Initial commit. --- .gitignore | 12 + Makefile | 12 + bin/clone-new-sysadmin | 382 ++++++++++++++++++ debian/.gitignore | 6 + debian/README.debian | 27 ++ debian/catalyst-jonathanharker.debhelper.log | 4 + .../catalyst-jonathanharker.postrm.debhelper | 6 + debian/catalyst-jonathanharker.substvars | 1 + debian/changelog | 13 + debian/compat | 1 + debian/config | 22 + debian/control | 22 + debian/copyright | 5 + debian/postrm.debhelper | 6 + debian/rules | 65 +++ debian/sysadmin.postinst | 261 ++++++++++++ debian/sysadmin.postrm | 34 ++ debian/sysadmin.prerm | 26 ++ debian/templates | 27 ++ skel/.bash_logout | 15 + skel/.bash_profile | 46 +++ skel/.bashrc | 66 +++ skel/.inputrc | 34 ++ skel/.vimrc | 11 + ssh-keys/.placeholder | 0 25 files changed, 1104 insertions(+) create mode 100644 .gitignore create mode 100644 Makefile create mode 100755 bin/clone-new-sysadmin create mode 100644 debian/.gitignore create mode 100644 debian/README.debian create mode 100644 debian/catalyst-jonathanharker.debhelper.log create mode 100644 debian/catalyst-jonathanharker.postrm.debhelper create mode 100644 debian/catalyst-jonathanharker.substvars create mode 100644 debian/changelog create mode 100644 debian/compat create mode 100644 debian/config create mode 100644 debian/control create mode 100644 debian/copyright create mode 100644 debian/postrm.debhelper create mode 100755 debian/rules create mode 100644 debian/sysadmin.postinst create mode 100644 debian/sysadmin.postrm create mode 100644 debian/sysadmin.prerm create mode 100644 debian/templates create mode 100644 skel/.bash_logout create mode 100644 skel/.bash_profile create mode 100644 skel/.bashrc create mode 100644 skel/.inputrc create mode 100644 skel/.vimrc create mode 100644 ssh-keys/.placeholder diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..97698b0 --- /dev/null +++ b/.gitignore @@ -0,0 +1,12 @@ +.git +build +build-stamp +debian/positiveinternet-userpackage +debian/positiveinternet-userpackage.postinst +debian/positiveinternet-userpackage.postrm +debian/positiveinternet-userpackage.postrm.debhelper +debian/positiveinternet-userpackage.prerm +debian/positiveinternet-userpackage.substvars +debian/files +debian/substvars +ssh-keys/authorized_keys diff --git a/Makefile b/Makefile new file mode 100644 index 0000000..fcc659a --- /dev/null +++ b/Makefile @@ -0,0 +1,12 @@ +all: build + +clean: + fakeroot make -f debian/rules clean + +build: + dpkg-buildpackage -rfakeroot -b -tc + +debug: + dpkg-buildpackage -rfakeroot -b + +.PHONY: build diff --git a/bin/clone-new-sysadmin b/bin/clone-new-sysadmin new file mode 100755 index 0000000..9297c0a --- /dev/null +++ b/bin/clone-new-sysadmin @@ -0,0 +1,382 @@ +#!/usr/bin/perl -w +# +# Clone a new sysadmin package from this one. +# + +use strict; +use Getopt::Long qw(:config permute); # allow mixed args. +use POSIX; +use File::Copy; +use FindBin qw($Bin); +BEGIN{ chdir("$Bin/..") } + +# You may need libterm-readline-gnu-perl to be installed +use Term::ReadLine; + +my $debug = 0; +my $helpmeplease = 0; + +GetOptions ('debug!' => \$debug, + 'help' => \$helpmeplease + ); + +show_usage() if ( $helpmeplease ); + +my $term = new Term::ReadLine 'clone-new-sysadmin'; +if(not exists $INC{'Term/ReadLine/Gnu.pm'}) { + warn "You may wish to use Ctrl-C to interrupt this program and run the\n" + . "following command:\n\n\n" + . " apt-get install libterm-readline-gnu-perl\n\n"; +} +my $diffs = `git diff-index HEAD 2>/dev/null`; +if ($? != 0) { + die "You need git-core installed to use this program.\n\n" + . "run:\n\n" + . " apt-get install git-core\n\n"; +} elsif ($diffs) { + warn "Your checkout has uncommitted changes. These will be bundled\n" + ."into the first commit of your branch.\n"; +} + +my ( $package_name, $organisation, $new_name, $full_name, + $user_names, $uid, $gid, $gecos, $junk, $email ); + +# Get the current package name +my @pwent = getpwuid($<); +$user_names = $pwent[0]; +$uid = $pwent[2]; +$gid = $pwent[3]; +$gecos = $pwent[4]; +( $full_name, $junk ) = split ",", $gecos ; + +# Attempt to avoid UID/GID collisions +$uid = 2500 + int(rand(1500)) if ( $uid <= 1000 ); +$gid = $uid if ( $gid <= 1000 ); + +my @components = split '/', POSIX::getcwd() ; +$package_name = pop @components; +$organisation = $package_name; +$organisation =~ s/-.*$// ; +$organisation = $term->readline( "Enter the name of the Organisation: ", $organisation ); + +$junk = $full_name; +$full_name = $term->readline( "Enter the full name of the target sysadmin: ", $full_name ); +if ( $junk ne $full_name ) { + # Ok, they edited it. Let's try and invent a user name list + my @name_parts = split /\s+/, lc($full_name) ; + my $first = $name_parts[0]; + my $last = $name_parts[-1]; + my $initials = ""; + foreach( @name_parts ) { + $initials .= substr($_, 0,1); + } + $user_names = "$first $first".substr($last,0,1)." $initials ".substr($first,0,1)."$last $first.$last "; +} + +$new_name = lc( "$organisation-$full_name" ); +$new_name =~ s/\s+\S+.*\s+//; +$new_name =~ s/ //g; +print <readline( "Enter the new name for the target package: ", $new_name ); +$user_names = $term->readline( "Preferred usernames (space delimited): ", $user_names ); +$uid = $term->readline( "Preferred UID: ", $uid ); +$gid = $term->readline( "Preferred GID: ", $gid ); + +print <readline( "Email address to notify/encrypt to: ", $default_email ); + +$email ||= 'none'; + +my $suppress_email_notify = ''; + +if($email ne 'none') { + print <readline( "Always send password by email (y/N)? ", 'N'); + if($want_email and $want_email =~ /^y/i) { + $suppress_email_notify = 'N'; + } +} + +printf( "Cloning from %s to %s for %s\n", $package_name, $new_name, $full_name ); +print <", "debian/$fn" ); + while( ) { + s/positiveinternet-userpackage/$new_name/; + s/$package_name/$new_name/; + s/__FULL_NAME__/$full_name/g; + print NEW $_; + } + close(NEW); + close(OLD); + unlink "debian/$fn.cloned"; +} + +############################################################ +# dig out gpg key to use +############################################################ + +# For this, we need to run gpg and extract the public key +# then re-import it into a new keyring we put into the +# package. Hackish, but it'll do. + +if ($email ne "none") { + system("gpg --export $email > notifyring.gpg"); + if(-s 'notifyring.gpg' == 0) { + die "\nError: There is no key matching '$email' in yor GnuPG keyring\n" + . "Package not created.\n"; + } +} else { + system("touch notifyring.gpg"); +} + +############################################################ +# write_preferences +############################################################ +write_preference( 'preferred_fullname', $full_name ); +write_preference( 'preferred_names', $user_names ); +write_preference( 'preferred_uid', $uid ); +write_preference( 'preferred_gid', $gid ); +write_preference( 'notification_email', $email ); +write_preference( 'suppress_email_notify', $suppress_email_notify ); + +# Ensure appropriate things are marked executable +chmod 0755, 'debian/rules'; +chmod 0755, 'bin/clone-new-sysadmin'; + +for my $dir ('ssh-keys', 'gpg-keys', 'skel') { + mkdir $dir unless -d $dir; +} + +# check into git +my @rms = map { chomp; $_ } + `git diff-index --name-only --diff-filter=D HEAD`; +system("git", "add", "."); +system("git", "rm", @rms) if @rms; +system("git", "commit", "-m", "Cloned package for $full_name using $0"); + +############################################################ +# We're done... +############################################################ +my $newdir = join( '/', @components) . "/$new_name"; +print <", $filename ); + print PREF $preference; + close(PREF); +} + +############################################################ +# Copy a tree of files carefully +############################################################ +sub copy_files_carefully { + my $source = shift; + my $dest = shift; + + return if (!defined($dest) || !defined($source) ); + + if ( ! -e $dest ) { + mkdir $dest; + } + print "Copying files in $source\n"; + opendir( SDIR, $source ) or die("Can't open source directory: $!"); + my @files = readdir(SDIR); + closedir( SDIR ); + + foreach my $fn ( @files ) { + next if ( $fn eq '.' || $fn eq '..' ); + next if ( exclude_from_copy("$source/$fn") ); + if ( -d "$source/$fn" ) { + # Recurse to copy the subdirectory + copy_files_carefully( "$source/$fn", "$dest/$fn" ); + } + else { + print "Copying from $source/$fn to $dest/$fn\n" if ( $debug ); + copy( "$source/$fn", "$dest/$fn" ); + } + } + +} + + +############################################################ +# Decide whether this file should be exluded from the copy +############################################################ +sub exclude_from_copy { + my $fn = shift; + + foreach( @exclude_files ) { + if ( $fn =~ /^$package_name\/$_/ ) { + print "Excluding $fn\n" if ( $debug ); + return 1; + } + } + + # No match, so it must be OK then :-) + return 0; +} + +############################################################ +# Tell the nice user how we do things. Short and sweet. +############################################################ +sub show_usage { + print <, Sun, 4 Apr 2004 22:02:51 +1200 diff --git a/debian/catalyst-jonathanharker.debhelper.log b/debian/catalyst-jonathanharker.debhelper.log new file mode 100644 index 0000000..24344f8 --- /dev/null +++ b/debian/catalyst-jonathanharker.debhelper.log @@ -0,0 +1,4 @@ +dh_installdebconf +dh_installdeb +dh_installdebconf +dh_installdeb diff --git a/debian/catalyst-jonathanharker.postrm.debhelper b/debian/catalyst-jonathanharker.postrm.debhelper new file mode 100644 index 0000000..bc035b9 --- /dev/null +++ b/debian/catalyst-jonathanharker.postrm.debhelper @@ -0,0 +1,6 @@ +# Automatically added by dh_installdebconf +if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge +fi +# End automatically added section diff --git a/debian/catalyst-jonathanharker.substvars b/debian/catalyst-jonathanharker.substvars new file mode 100644 index 0000000..a8fe3cf --- /dev/null +++ b/debian/catalyst-jonathanharker.substvars @@ -0,0 +1 @@ +misc:Depends=debconf (>= 0.5) | debconf-2.0 diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..34ead48 --- /dev/null +++ b/debian/changelog @@ -0,0 +1,13 @@ +positiveinternet-userpackage (0.31) unstable; urgency=low + + * Rewrite for Positive Internet. + + -- Jonathan Harker Thu, 27 Sep 2012 12:30:32 +1200 + +positiveinternet-userpackage (0.1) unstable; urgency=low + + * Initial release. + * A package to hold my details for easy installation/removal as a new user + on a system we should be administering. + + -- Andrew McMillan Wed, 3 Mar 2004 10:26:11 +1300 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..b8626c4 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +4 diff --git a/debian/config b/debian/config new file mode 100644 index 0000000..21c7228 --- /dev/null +++ b/debian/config @@ -0,0 +1,22 @@ +#!/bin/sh -e + +# Source debconf library. +. /usr/share/debconf/confmodule + +# Decide how important it is for the user to see this message +PRIORITY=high +# File existence is a sufficient check since this runs before unpacking +[ -f /etc/sysadmins/positiveinternet-userpackage/installed_username ] && PRIORITY=low + +# Quiz them about whether to take over an existing user +db_input $PRIORITY positiveinternet-userpackage/use_existing_username || true +db_go + +# Should we overwrite local files, with our funky new versions? +db_input $PRIORITY positiveinternet-userpackage/overwrite_local_files || true +db_go + +# When we leave, should we close the door? +db_input $PRIORITY positiveinternet-userpackage/remove_on_purge || true +db_go + diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..aae993d --- /dev/null +++ b/debian/control @@ -0,0 +1,22 @@ +Source: positiveinternet-userpackage +Section: positive +Priority: extra +Maintainer: Jonathan Harker +Standards-Version: 3.5.9 +Build-Depends: debhelper + +Package: positiveinternet-userpackage +Architecture: all +Depends: debconf (>= 1.0.32), perl, nvi | vim, bash, mailx, gnupg, pwgen +Description: Positive Internet User - __FULL_NAME__ + This package installs user accounts and other stuff appropriate for a + computer which is to be maintained by Positive Internet. + . + General activities performed: + - Create account (if required) using preferred UID/GID (if possible), + - Customises home directory with package things (if default), + - Adds ssh keys into authorized_keys and ensures good permissions, and + - Emails the generated password, but only if a PGP key is supplied. + . + On removal of the package all directory contents will be tar.gz into /home + prior to removal of the directories. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..9f6782b --- /dev/null +++ b/debian/copyright @@ -0,0 +1,5 @@ +This user was started by Andrew McMillan andrew@catalyst.net.nz on +Tue, 23 Sep 2003 20:49:07 +1200. + +Portions Copyright: GNU Public License version 2, or later. + diff --git a/debian/postrm.debhelper b/debian/postrm.debhelper new file mode 100644 index 0000000..bc035b9 --- /dev/null +++ b/debian/postrm.debhelper @@ -0,0 +1,6 @@ +# Automatically added by dh_installdebconf +if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_purge +fi +# End automatically added section diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..9b59e13 --- /dev/null +++ b/debian/rules @@ -0,0 +1,65 @@ +#!/usr/bin/make -f +# Made with the aid of debmake, by Christoph Lameter, +# based on the sample debian/rules file for GNU hello by Ian Jackson. + +package=positiveinternet-userpackage +dt=debian/$(package) + +build: debian/sysadmin.postinst debian/sysadmin.prerm debian/sysadmin.postrm debian/rules ssh-keys/authorized_keys + $(checkdir) + sed -e"s/::package::/$(package)/g" debian/$(package).postinst + sed -e"s/::package::/$(package)/g" debian/$(package).prerm + sed -e"s/::package::/$(package)/g" debian/$(package).postrm + touch build + +clean: + $(checkdir) + rm -f build + rm -f `find . -name "*~"` + -rm -rf $(dt) debian/files* core debian/substvars + -rm -f ssh-keys/authorized_keys debian/$(package).postinst + -rm -f debian/$(package).prerm + -rm -f debian/$(package).postrm + +binary-indep: checkroot build + $(checkdir) + rm -rf $(dt) + dh_clean -k + dh_installdebconf + install -d $(dt) $(dt)/DEBIAN \ + $(dt)/etc $(dt)/etc/sysadmins \ + $(dt)/etc/sysadmins/$(package) \ + $(dt)/etc/sysadmins/$(package)/gpg + install -m 444 preferred_* $(dt)/etc/sysadmins/$(package) + install -m 444 notification_email $(dt)/etc/sysadmins/$(package) + install -m 444 suppress_email_notify $(dt)/etc/sysadmins/$(package) + install -m 444 notifyring.gpg $(dt)/etc/sysadmins/$(package)/gpg + cp -a skel $(dt)/etc/sysadmins/$(package)/skel + install -D -m 444 ssh-keys/authorized_keys $(dt)/etc/sysadmins/$(package)/skel/.ssh/authorized_keys + find $(dt) -type d -name CVS | xargs -r rm -rf + dh_installdeb + perl -ni~ -le 'print unless m{/skel/|notif} or $$seen{$$_}++' $(dt)/DEBIAN/conffiles + dpkg-gencontrol -P$(dt) + chown -R root.root $(dt) + dpkg --build $(dt) .. + +binary-arch: checkroot build + $(checkdir) +# There are no architecture-dependent files to be uploaded +# generated by this package. If there were any they would be +# made here. + +define checkdir + test -f debian/rules +endef + +binary: binary-indep binary-arch + +ssh-keys/authorized_keys: + cat ssh-keys/*.pub >ssh-keys/authorized_keys + +checkroot: + $(checkdir) + test root = "`whoami`" + +.PHONY: binary binary-arch binary-indep clean checkroot diff --git a/debian/sysadmin.postinst b/debian/sysadmin.postinst new file mode 100644 index 0000000..f355249 --- /dev/null +++ b/debian/sysadmin.postinst @@ -0,0 +1,261 @@ +#!/bin/sh + +set -e + +if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_version 2.0 +fi + + +[ -n "${DEBUG}" ] && set -o xtrace +PACKAGE=::package:: +[ -n "${DEBUG}" ] && echo "PostInst Parameters: $@" + + +################################################################### +# Subvert an existing user, in case we are installing somewhere we +# already exist +################################################################### +subvert_existing_user() { + USERNAME="$1" + db_get ${PACKAGE}/use_existing_username + if [ "$RET" = "false" ] ; then + return 1 + fi + echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username + USERID="`getent passwd ${USERNAME} | cut -f3 -d:`" + USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`" + echo "$USERID" >/etc/sysadmins/${PACKAGE}/installed_userid + echo "$USERGID" >/etc/sysadmins/${PACKAGE}/installed_usergid + + echo "Subverted existing user ${USERNAME} with UID ${USERID} and GID ${USERGID}" + return 0 +} + +################################################################### +# Make a new user, first time up +################################################################### +make_new_user() { + PREFUID="`cat /etc/sysadmins/${PACKAGE}/preferred_uid`" || true + PREFGID="`cat /etc/sysadmins/${PACKAGE}/preferred_gid`" || true + USERFULLNAME="`cat /etc/sysadmins/${PACKAGE}/preferred_fullname`" || true + [ "${USERFULLNAME}" = "" ] && USERFULLNAME="${USERNAME}" + if [ "$PREFUID" != "" ] ; then + getent passwd $PREFUID || USERID=${PREFUID} + fi + if [ "$PREFGID" != "" ] ; then + getent group $PREFGID || USERGID=${PREFGID} + fi + HOMEDIR="/home/${USERNAME}" + ADDUSER="/usr/sbin/adduser --disabled-password --no-create-home --quiet --force-badname --shell /bin/bash" + [ "${USERID}" != "" ] && ADDUSER="${ADDUSER} --uid ${USERID}" + if [ "${USERGID}" != "" ] ; then + ADDUSER="${ADDUSER} --gid ${USERGID}" + groupadd -g ${USERGID} ${USERNAME} || true + fi + ${ADDUSER} --home "${HOMEDIR}" --gecos "${USERFULLNAME}" ${USERNAME} + USERID="`getent passwd ${USERNAME} | cut -f3 -d:`" + USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`" + if [ ! -e "${HOMEDIR}" ] ; then + cp -a /etc/sysadmins/${PACKAGE}/skel ${HOMEDIR} + chown -R ${USERID}:${USERGID} ${HOMEDIR} + # Make sure the user home and .ssh directories aren't globally writable + chmod og-w ${HOMEDIR} ${HOMEDIR}/.ssh + fi + echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username + echo "${USERID}" >/etc/sysadmins/${PACKAGE}/installed_userid + echo "${USERGID}" >/etc/sysadmins/${PACKAGE}/installed_usergid + + echo "Added user ${USERNAME} with UID ${USERID} and GID ${USERGID}" +} + +################################################################### +# Generate a password (if needed) and notify +################################################################### +generate_and_notify() { + NOTIFYADDR=`head /etc/sysadmins/${PACKAGE}/notification_email` + + # if we're on woody, use --always-trust instead of --trust-model + DEBVERSION=`head /etc/debian_version` + if [ "${DEBVERSION}" = "3.0" ]; then + TRUSTOPT="--always-trust" + else + TRUSTOPT="--trust-model always" + fi + + # Make sure that the gpg directory is secure + chmod 700 /etc/sysadmins/${PACKAGE}/gpg + + # work out if we need it. + if [ "${NOTIFYADDR}" != "none" ]; then + GNUPG="/usr/bin/gpg --homedir /etc/sysadmins/${PACKAGE}/gpg --no-default-keyring --keyring /etc/sysadmins/${PACKAGE}/gpg/notifyring.gpg ${TRUSTOPT} --encrypt -r ${NOTIFYADDR} --armor" + EXISTINGHASH=`getent shadow $USERNAME | cut -f2 -d":"` + if [ "$EXISTINGHASH" = "*" ] ; then + # okay, we're all good, generate and store. + NEWPASS="`pwgen -N 1`" || true + DESC=`perl -MSocket -MSys::Hostname=hostname -le 'alarm 2; @x=gethostbyname hostname;print " (".inet_ntoa(scalar $x[4])."/".$x[0].")"' 2>/dev/null || true` + MESSAGE="This message was placed here by ${PACKAGE} + +Your shell password for $USERNAME@`uname -n`$DESC +was set as follows: + +${NEWPASS} +" + echo "${MESSAGE}" | ${GNUPG} > /home/${USERNAME}/password.txt.gpg + echo ${USERNAME}:${NEWPASS} | chpasswd + PASSMESS="Your shell password is: ${NEWPASS}" + echo "Set new password for ${USERNAME}." + else + if [ "$NEWINSTALL" = "Yes" ]; then + PASSMESS="Existing shell password was kept." + echo "Existing password kept for ${USERNAME}." + else + PASSMESS="" + fi + fi + + SUPPRESSNOTIFY=`head /etc/sysadmins/${PACKAGE}/suppress_email_notify 2>/dev/null` + if [ "x$SUPPRESSNOTIFY" = "xY" ] ; then + PASSMESS="" + fi + + if [ -f /etc/sysadmins/suppress_email_notify ] ; then + GLOBALSUPPRESSNOTIFY=`head /etc/sysadmins/suppress_email_notify 2>/dev/null` + if [ "x$GLOBALSUPPRESSNOTIFY" = "xY" ] ; then + PASSMESS="" + fi + fi + + if [ "$PASSMESS" != "" ] ; then + # we want to send email, so build an email. + + MESSAGEIP=`/sbin/ip addr | /bin/grep inet | /bin/grep eth | /usr/bin/awk '{print $2}'` + MESSAGE="Hi there! + +This is the postinst script for ${PACKAGE} running +on `/bin/hostname -f`. + +Your package was installed or upgraded on this machine. + +This host runs `/bin/cat /etc/issue.net` and has the following IP addresses: + +$MESSAGEIP + +$PASSMESS + +Thanks! +" + echo "${MESSAGE}" | ${GNUPG} | mail -s "New account on `hostname`" ${NOTIFYADDR} + echo "Notified ${NOTIFYADDR} of new account." + fi + else + echo "Not setting new password" + fi +} + +################################################################### +# Update the user's local home directory files from the template +################################################################### +update_if_desired() { + HOMEDIR="/home/${USERNAME}" + MODFILES="" + WD="`pwd`" + SKELDIR=/etc/sysadmins/${PACKAGE}/skel + cd "${SKELDIR}" + # Remove any cruft left around by choosing to use new versions of files + find "${SKELDIR}" -name '*.dpkg-old' -o -name '.*.dpkg-old' | xargs -r rm + for F in `find . -type f ` ; do + if [ -f ${HOMEDIR}/$F ]; then + EXISTING="`md5sum ${HOMEDIR}/$F | cut -f1 -d' '`" + REVISION="`md5sum $F | cut -f1 -d' '`" + [ "${REVISION}" != "${EXISTING}" ] && MODFILES="${MODFILES} ${F}" + else + MODFILES="${MODFILES} ${F}" + fi + done + cd "${WD}" + + if [ "${MODFILES}" = "" ] ; then + echo "No changes needed to existing home directory" + else + db_get ${PACKAGE}/overwrite_local_files + if [ "$RET" = "false" ] ; then + echo "Package files differ but I am not updating them - copy manually if desired" + else + echo "Updating local files from package versions" + for F in ${MODFILES} ; do + # If we are installing on a machine with NFS mounted /home + # then things _will_ fail but we just sail on anyway... + FILEDIR="`dirname \"${HOMEDIR}/${F}\"`" + if [ ! -d "${FILEDIR}" ] ; then + mkdir -p "${FILEDIR}" || continue + fi + cp -b "${SKELDIR}/${F}" "${HOMEDIR}/${F}" || continue + chown ${USERID}:${USERGID} "${HOMEDIR}/${F}" || continue + chmod og-w "${HOMEDIR}/${F}" || continue + # If this is an authorized keys file then we append a local + # keys to the authorized_keys file, if present. + if [ "${F}" = "./.ssh/authorized_keys" -a -f ${HOMEDIR}/.ssh/local_authorized_keys ]; then + echo "Appending local keys to packaged authorized_keys" + cat ${HOMEDIR}/.ssh/local_authorized_keys >> ${HOMEDIR}/${F} + fi + done + # And also be a bit anal in general to allow a re-install + # to fix SSH permissions + chmod og-w "${HOMEDIR}" + chmod og-w "${HOMEDIR}/.ssh" + fi + fi + +} + + +################################################################### +# Have they been installed already, or not? +################################################################### +NEWINSTALL="No" +if [ -f /etc/sysadmins/${PACKAGE}/installed_username ] ; then + USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username`" + USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" + USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" + update_if_desired +else + USERNAMES="`cat /etc/sysadmins/${PACKAGE}/preferred_names`" + for N in ${USERNAMES} ; do + ENTRY="`getent passwd ${N} | cut -f1 -d: `" || true + if [ "x${ENTRY}" = "x" ] ; then + USERNAME="${N}" + make_new_user + break + else + if subvert_existing_user "${ENTRY}" ; then + update_if_desired + break + fi + fi + done + USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" + USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" + + # So we notify them, regardless of whether the password is set or not. + NEWINSTALL="Yes" +fi + +# Generate the password and email +generate_and_notify + + +case $1 in + configure) + # We need to reset the ownership / permissions if they + # have previously been installed and then removed... + if [ "`ls -ld /home/${USERNAME} | tr -s ' ' | cut -f3 -d' '`" = "root" ] ; then + passwd -u "${USERNAME}" || true + chown ${USERID}:${USERGID} /home/${USERNAME} || true + chmod 750 /home/${USERNAME} || true + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/sysadmin.postrm b/debian/sysadmin.postrm new file mode 100644 index 0000000..bc5b31f --- /dev/null +++ b/debian/sysadmin.postrm @@ -0,0 +1,34 @@ +#!/bin/sh + +set -e + +if [ -e /usr/share/debconf/confmodule ]; then + . /usr/share/debconf/confmodule + db_version 2.0 +fi + +[ -n "${DEBUG}" ] && set -o xtrace +PACKAGE=::package:: + +USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true +USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true +USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true + +[ -n "${DEBUG}" ] && echo "PostRM Parameters: $@" + +[ "${USERNAME}" = "" ] && exit 0 + +case $1 in + purge) + db_get positiveinternet-userpackage/remove_on_purge + if [ "$RET" = "true" ] ; then + if [ -d /home/${USERNAME} ] ; then + rm -rf /home/${USERNAME} || true + fi + fi + userdel "${USERNAME}" || true + rm -f /etc/sysadmins/${PACKAGE}/installed_* || true + ;; +esac + +#DEBHELPER# diff --git a/debian/sysadmin.prerm b/debian/sysadmin.prerm new file mode 100644 index 0000000..f9afebc --- /dev/null +++ b/debian/sysadmin.prerm @@ -0,0 +1,26 @@ +#!/bin/sh + +set -e + +. /usr/share/debconf/confmodule + +[ -n "${DEBUG}" ] && set -o xtrace +PACKAGE=::package:: + +USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true +USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true +USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true + +[ -n "${DEBUG}" ] && echo "PreRM Parameters: $@" + +case $1 in + remove) + if [ "${USERNAME}" != "" ] ; then + passwd -l "${USERNAME}" || true + chown root:root /home/${USERNAME} || true + chmod 700 /home/${USERNAME} || true + fi + ;; +esac + +#DEBHELPER# diff --git a/debian/templates b/debian/templates new file mode 100644 index 0000000..343b1d5 --- /dev/null +++ b/debian/templates @@ -0,0 +1,27 @@ +Template: positiveinternet-userpackage/use_existing_username +Type: boolean +Default: true +Description: Use existing user account + If an account exists for one of the users in your use list, this + package can install itself to manage that account, allowing you + to upgrade (e.g.) keys, in place, at some point in the future. + +Template: positiveinternet-userpackage/overwrite_local_files +Type: boolean +Default: true +Description: Overwrite local files from package + Some files are delivered with this package (.vimrc, .bashrc, ...) + and may be overwritten by updates to the package. + . + Select "No" if you don't want that to happen. + +Template: positiveinternet-userpackage/remove_on_purge +Type: boolean +Default: true +Description: Remove account on purge + When this packages is de-installed, the account will be locked + with the files only accessible to "root". + . + Normally the account is completely destroyed when the package + is purged, but you can disable that by selecting "No" here. + diff --git a/skel/.bash_logout b/skel/.bash_logout new file mode 100644 index 0000000..392e953 --- /dev/null +++ b/skel/.bash_logout @@ -0,0 +1,15 @@ +# ~/.bash_logout: executed by bash(1) when login shell exits. + +# Set title bar to something sensible. +case $TERM in + *xterm*) + echo -e "\033]0;xterm\007" + ;; +esac + +# when leaving the console clear the screen to increase privacy + +case "`tty`" in + /dev/tty[0-9]) clear +esac + diff --git a/skel/.bash_profile b/skel/.bash_profile new file mode 100644 index 0000000..4022f87 --- /dev/null +++ b/skel/.bash_profile @@ -0,0 +1,46 @@ +# ~/.bash_profile: executed by bash(1) for login shells. +# +# Positive Internet User Package version - note that you +# shouldn't customise this, since it will get overwritten +# with a new version from your package. If you want local +# actions on this machine put them into ~/.bash_profile_local +# which is sourced at the end, if it is present. +# + +DEBVERSION="`cat /etc/debian_version`" +UTFVERSION="3.1" +versions() { + cat /etc/debian_version + echo ${UTFVERSION} +} + +if [ "`versions | sort | head -n 1`" = "${UTFVERSION}" ] ; then + if locale -a | grep -q -i '^en_NZ\.UTF-*8$' ; then + LC_COLLATE=POSIX + export LC_COLLATE + + LC_CTYPE=POSIX + export LC_CTYPE + + LANG=en_NZ.UTF-8 + export LANG + else + echo "Warning: locale 'en_NZ.UTF-8' is not available on this host" >&2 + fi +fi + +# set PATH so it includes user's private bin if it exists +if [ -d ~/bin ] ; then + PATH=~/bin:"${PATH}" +fi + +# include .bash_profile_local if it exists +if [ -f ~/.bash_profile_local ]; then + . ~/.bash_profile_local +fi + +# include .bashrc if it exists +if [ -f ~/.bashrc ]; then + . ~/.bashrc +fi + diff --git a/skel/.bashrc b/skel/.bashrc new file mode 100644 index 0000000..4db11d0 --- /dev/null +++ b/skel/.bashrc @@ -0,0 +1,66 @@ +# ~/.bashrc: executed by bash(1) for non-login shells. +# +# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc) +# for examples +# +# Positive Internet User Package version - note that you +# shouldn't customise this, since it will get overwritten +# with a new version from your package. If you want local +# actions on this machine put them into ~/.bashrc_local +# which is sourced at the end, if it is present. +# + + +# If running interactively, then: +if [ "$PS1" ]; then + + # don't put duplicate lines in the history. See bash(1) for more options + export HISTCONTROL=ignoredups + + # check the window size after each command and, if necessary, + # update the values of LINES and COLUMNS. + #shopt -s checkwinsize + + # enable color support of ls and also add handy aliases + if [ "$TERM" != "dumb" ]; then + eval `dircolors -b` + alias ls='ls --color=auto' + #alias dir='ls --color=auto --format=vertical' + #alias vdir='ls --color=auto --format=long' + fi + + # some more ls aliases + #alias ll='ls -l' + #alias la='ls -A' + #alias l='ls -CF' + + # set a fancy prompt + PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ ' + + # If this is an xterm set the title to user@host:dir + case $TERM in + xterm*) + PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"' + ;; + *) + ;; + esac + + # enable programmable completion features (you don't need to enable + # this, if it's already enabled in /etc/bash.bashrc). + #if [ -f /etc/bash_completion ]; then + # . /etc/bash_completion + #fi + + # Set a colourful prompt on production machines + if [ "$ROLE" == "production" ]; then + PS1="\[\e[31;1m\]$PS1\[\e[0m\]" + fi + +fi + +# include .bashrc_local if it exists +if [ -f ~/.bashrc_local ]; then + . ~/.bashrc_local +fi + diff --git a/skel/.inputrc b/skel/.inputrc new file mode 100644 index 0000000..c347eb1 --- /dev/null +++ b/skel/.inputrc @@ -0,0 +1,34 @@ +# Be 8 bit clean. +set input-meta on +set output-meta on + +# Allow 8-bit characters to be input because we like that +set convert-meta off + +# We're only modifying the emacs mode +$if mode=emacs + +"\e[1~": beginning-of-line +"\e[4~": end-of-line + +# allow the use of the Delete/Insert keys +"\e[3~": delete-char +"\e[2~": quoted-insert + +# alternate mappings for "page up" and "page down" to search the history +"\e[5~": history-search-backward +"\e[6~": history-search-forward + +# # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving +"\e[5C": forward-word +"\e[5D": backward-word + +# uxterm and xterm mappings for Ctrl-left-arrow and Ctrl-right-arrow +"\e[1;5C": forward-word +"\e[1;5D": backward-word + +# allow the use of the Home/End keys +"\eOH": beginning-of-line +"\eOF": end-of-line + +$endif diff --git a/skel/.vimrc b/skel/.vimrc new file mode 100644 index 0000000..02955e7 --- /dev/null +++ b/skel/.vimrc @@ -0,0 +1,11 @@ +:set nocompatible +:set ts=2 +:set sw=2 +:set sta +:set sts=2 +:set sr +:set et +:set si +:set gfn=Arial\ Monospaced\ 9 +:set lsp=1 +:set ghr=160 diff --git a/ssh-keys/.placeholder b/ssh-keys/.placeholder new file mode 100644 index 0000000..e69de29