johnno/positiveinternet-userpackage
Template
1
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

Initial commit.

Browse source
This commit is contained in:
Jonathan Harker 2012-09-28 02:24:04 +01:00
commit 0658661220
25 changed files with 1104 additions and 0 deletions
Download patch file Download diff file Expand all files Collapse all files

6
debian/.gitignore vendored Normal file
View file

@ -0,0 +1,6 @@
positiveinternet-userpackage
positiveinternet-userpackage.postinst
positiveinternet-userpackage.postrm
positiveinternet-userpackage.postrm.debhelper
positiveinternet-userpackage.prerm
positiveinternet-userpackage.substvars

27
debian/README.debian vendored Normal file
View file

@ -0,0 +1,27 @@
positiveinternet-userpackage for Debian
------------------------------------------
This package installs a user on a GNU/Linux system.
To build your own user package using this one as a base,
change to the top level directory of the source package and
run:
bin/clone-new-sysadmin
This will create a new source installation for the new user.
In this new source, copy your SSH public keys into the
ssh-keys subdirectory and any PGP keys into the gpg-keys
subdirectory. After that you can make any other modifications
in the skel directory (e.g. bashrc).
Once those are there you should be able to run:
make
to create a Debian package.
To create a new version of the package, use "debchange -i" to
increment the revision number, and comment on what the change
is that is being made.
Andrew McMillan <andrew@catalyst.net.nz>, Sun, 4 Apr 2004 22:02:51 +1200

4
debian/catalyst-jonathanharker.debhelper.log vendored Normal file
View file

@ -0,0 +1,4 @@
dh_installdebconf
dh_installdeb
dh_installdebconf
dh_installdeb

6
debian/catalyst-jonathanharker.postrm.debhelper vendored Normal file
View file

@ -0,0 +1,6 @@
# Automatically added by dh_installdebconf
if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_purge
fi
# End automatically added section

1
debian/catalyst-jonathanharker.substvars vendored Normal file
View file

@ -0,0 +1 @@
misc:Depends=debconf (>= 0.5) | debconf-2.0

13
debian/changelog vendored Normal file
View file

@ -0,0 +1,13 @@
positiveinternet-userpackage (0.31) unstable; urgency=low
* Rewrite for Positive Internet.
-- Jonathan Harker <jon@jon.geek.nz> Thu, 27 Sep 2012 12:30:32 +1200
positiveinternet-userpackage (0.1) unstable; urgency=low
* Initial release.
* A package to hold my details for easy installation/removal as a new user
on a system we should be administering.
-- Andrew McMillan <andrew@catalyst.net.nz> Wed, 3 Mar 2004 10:26:11 +1300

1
debian/compat vendored Normal file
View file

@ -0,0 +1 @@
4

22
debian/config vendored Normal file
View file

@ -0,0 +1,22 @@
#!/bin/sh -e
# Source debconf library.
. /usr/share/debconf/confmodule
# Decide how important it is for the user to see this message
PRIORITY=high
# File existence is a sufficient check since this runs before unpacking
[ -f /etc/sysadmins/positiveinternet-userpackage/installed_username ] && PRIORITY=low
# Quiz them about whether to take over an existing user
db_input $PRIORITY positiveinternet-userpackage/use_existing_username || true
db_go
# Should we overwrite local files, with our funky new versions?
db_input $PRIORITY positiveinternet-userpackage/overwrite_local_files || true
db_go
# When we leave, should we close the door?
db_input $PRIORITY positiveinternet-userpackage/remove_on_purge || true
db_go

22
debian/control vendored Normal file
View file

@ -0,0 +1,22 @@
Source: positiveinternet-userpackage
Section: positive
Priority: extra
Maintainer: Jonathan Harker <jon@jon.geek.nz>
Standards-Version: 3.5.9
Build-Depends: debhelper
Package: positiveinternet-userpackage
Architecture: all
Depends: debconf (>= 1.0.32), perl, nvi | vim, bash, mailx, gnupg, pwgen
Description: Positive Internet User - __FULL_NAME__
This package installs user accounts and other stuff appropriate for a
computer which is to be maintained by Positive Internet.
.
General activities performed:
- Create account (if required) using preferred UID/GID (if possible),
- Customises home directory with package things (if default),
- Adds ssh keys into authorized_keys and ensures good permissions, and
- Emails the generated password, but only if a PGP key is supplied.
.
On removal of the package all directory contents will be tar.gz into /home
prior to removal of the directories.

5
debian/copyright vendored Normal file
View file

@ -0,0 +1,5 @@
This user was started by Andrew McMillan andrew@catalyst.net.nz on
Tue, 23 Sep 2003 20:49:07 +1200.
Portions Copyright: GNU Public License version 2, or later.

6
debian/postrm.debhelper vendored Normal file
View file

@ -0,0 +1,6 @@
# Automatically added by dh_installdebconf
if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_purge
fi
# End automatically added section

65
debian/rules vendored Executable file
View file

@ -0,0 +1,65 @@
#!/usr/bin/make -f
# Made with the aid of debmake, by Christoph Lameter,
# based on the sample debian/rules file for GNU hello by Ian Jackson.
package=positiveinternet-userpackage
dt=debian/$(package)
build: debian/sysadmin.postinst debian/sysadmin.prerm debian/sysadmin.postrm debian/rules ssh-keys/authorized_keys
$(checkdir)
sed -e"s/::package::/$(package)/g" <debian/sysadmin.postinst >debian/$(package).postinst
sed -e"s/::package::/$(package)/g" <debian/sysadmin.prerm >debian/$(package).prerm
sed -e"s/::package::/$(package)/g" <debian/sysadmin.postrm >debian/$(package).postrm
touch build
clean:
$(checkdir)
rm -f build
rm -f `find . -name "*~"`
-rm -rf $(dt) debian/files* core debian/substvars
-rm -f ssh-keys/authorized_keys debian/$(package).postinst
-rm -f debian/$(package).prerm
-rm -f debian/$(package).postrm
binary-indep: checkroot build
$(checkdir)
rm -rf $(dt)
dh_clean -k
dh_installdebconf
install -d $(dt) $(dt)/DEBIAN \
$(dt)/etc $(dt)/etc/sysadmins \
$(dt)/etc/sysadmins/$(package) \
$(dt)/etc/sysadmins/$(package)/gpg
install -m 444 preferred_* $(dt)/etc/sysadmins/$(package)
install -m 444 notification_email $(dt)/etc/sysadmins/$(package)
install -m 444 suppress_email_notify $(dt)/etc/sysadmins/$(package)
install -m 444 notifyring.gpg $(dt)/etc/sysadmins/$(package)/gpg
cp -a skel $(dt)/etc/sysadmins/$(package)/skel
install -D -m 444 ssh-keys/authorized_keys $(dt)/etc/sysadmins/$(package)/skel/.ssh/authorized_keys
find $(dt) -type d -name CVS | xargs -r rm -rf
dh_installdeb
perl -ni~ -le 'print unless m{/skel/|notif} or $$seen{$$_}++' $(dt)/DEBIAN/conffiles
dpkg-gencontrol -P$(dt)
chown -R root.root $(dt)
dpkg --build $(dt) ..
binary-arch: checkroot build
$(checkdir)
# There are no architecture-dependent files to be uploaded
# generated by this package. If there were any they would be
# made here.
define checkdir
test -f debian/rules
endef
binary: binary-indep binary-arch
ssh-keys/authorized_keys:
cat ssh-keys/*.pub >ssh-keys/authorized_keys
checkroot:
$(checkdir)
test root = "`whoami`"
.PHONY: binary binary-arch binary-indep clean checkroot

261
debian/sysadmin.postinst vendored Normal file
View file

@ -0,0 +1,261 @@
#!/bin/sh
set -e
if [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_version 2.0
fi
[ -n "${DEBUG}" ] && set -o xtrace
PACKAGE=::package::
[ -n "${DEBUG}" ] && echo "PostInst Parameters: $@"
###################################################################
# Subvert an existing user, in case we are installing somewhere we
# already exist
###################################################################
subvert_existing_user() {
USERNAME="$1"
db_get ${PACKAGE}/use_existing_username
if [ "$RET" = "false" ] ; then
return 1
fi
echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
echo "$USERID" >/etc/sysadmins/${PACKAGE}/installed_userid
echo "$USERGID" >/etc/sysadmins/${PACKAGE}/installed_usergid
echo "Subverted existing user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
return 0
}
###################################################################
# Make a new user, first time up
###################################################################
make_new_user() {
PREFUID="`cat /etc/sysadmins/${PACKAGE}/preferred_uid`" || true
PREFGID="`cat /etc/sysadmins/${PACKAGE}/preferred_gid`" || true
USERFULLNAME="`cat /etc/sysadmins/${PACKAGE}/preferred_fullname`" || true
[ "${USERFULLNAME}" = "" ] && USERFULLNAME="${USERNAME}"
if [ "$PREFUID" != "" ] ; then
getent passwd $PREFUID || USERID=${PREFUID}
fi
if [ "$PREFGID" != "" ] ; then
getent group $PREFGID || USERGID=${PREFGID}
fi
HOMEDIR="/home/${USERNAME}"
ADDUSER="/usr/sbin/adduser --disabled-password --no-create-home --quiet --force-badname --shell /bin/bash"
[ "${USERID}" != "" ] && ADDUSER="${ADDUSER} --uid ${USERID}"
if [ "${USERGID}" != "" ] ; then
ADDUSER="${ADDUSER} --gid ${USERGID}"
groupadd -g ${USERGID} ${USERNAME} || true
fi
${ADDUSER} --home "${HOMEDIR}" --gecos "${USERFULLNAME}" ${USERNAME}
USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
if [ ! -e "${HOMEDIR}" ] ; then
cp -a /etc/sysadmins/${PACKAGE}/skel ${HOMEDIR}
chown -R ${USERID}:${USERGID} ${HOMEDIR}
# Make sure the user home and .ssh directories aren't globally writable
chmod og-w ${HOMEDIR} ${HOMEDIR}/.ssh
fi
echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
echo "${USERID}" >/etc/sysadmins/${PACKAGE}/installed_userid
echo "${USERGID}" >/etc/sysadmins/${PACKAGE}/installed_usergid
echo "Added user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
}
###################################################################
# Generate a password (if needed) and notify
###################################################################
generate_and_notify() {
NOTIFYADDR=`head /etc/sysadmins/${PACKAGE}/notification_email`
# if we're on woody, use --always-trust instead of --trust-model
DEBVERSION=`head /etc/debian_version`
if [ "${DEBVERSION}" = "3.0" ]; then
TRUSTOPT="--always-trust"
else
TRUSTOPT="--trust-model always"
fi
# Make sure that the gpg directory is secure
chmod 700 /etc/sysadmins/${PACKAGE}/gpg
# work out if we need it.
if [ "${NOTIFYADDR}" != "none" ]; then
GNUPG="/usr/bin/gpg --homedir /etc/sysadmins/${PACKAGE}/gpg --no-default-keyring --keyring /etc/sysadmins/${PACKAGE}/gpg/notifyring.gpg ${TRUSTOPT} --encrypt -r ${NOTIFYADDR} --armor"
EXISTINGHASH=`getent shadow $USERNAME | cut -f2 -d":"`
if [ "$EXISTINGHASH" = "*" ] ; then
# okay, we're all good, generate and store.
NEWPASS="`pwgen -N 1`" || true
DESC=`perl -MSocket -MSys::Hostname=hostname -le 'alarm 2; @x=gethostbyname hostname;print " (".inet_ntoa(scalar $x[4])."/".$x[0].")"' 2>/dev/null || true`
MESSAGE="This message was placed here by ${PACKAGE}
Your shell password for $USERNAME@`uname -n`$DESC
was set as follows:
${NEWPASS}
"
echo "${MESSAGE}" | ${GNUPG} > /home/${USERNAME}/password.txt.gpg
echo ${USERNAME}:${NEWPASS} | chpasswd
PASSMESS="Your shell password is: ${NEWPASS}"
echo "Set new password for ${USERNAME}."
else
if [ "$NEWINSTALL" = "Yes" ]; then
PASSMESS="Existing shell password was kept."
echo "Existing password kept for ${USERNAME}."
else
PASSMESS=""
fi
fi
SUPPRESSNOTIFY=`head /etc/sysadmins/${PACKAGE}/suppress_email_notify 2>/dev/null`
if [ "x$SUPPRESSNOTIFY" = "xY" ] ; then
PASSMESS=""
fi
if [ -f /etc/sysadmins/suppress_email_notify ] ; then
GLOBALSUPPRESSNOTIFY=`head /etc/sysadmins/suppress_email_notify 2>/dev/null`
if [ "x$GLOBALSUPPRESSNOTIFY" = "xY" ] ; then
PASSMESS=""
fi
fi
if [ "$PASSMESS" != "" ] ; then
# we want to send email, so build an email.
MESSAGEIP=`/sbin/ip addr | /bin/grep inet | /bin/grep eth | /usr/bin/awk '{print $2}'`
MESSAGE="Hi there!
This is the postinst script for ${PACKAGE} running
on `/bin/hostname -f`.
Your package was installed or upgraded on this machine.
This host runs `/bin/cat /etc/issue.net` and has the following IP addresses:
$MESSAGEIP
$PASSMESS
Thanks!
"
echo "${MESSAGE}" | ${GNUPG} | mail -s "New account on `hostname`" ${NOTIFYADDR}
echo "Notified ${NOTIFYADDR} of new account."
fi
else
echo "Not setting new password"
fi
}
###################################################################
# Update the user's local home directory files from the template
###################################################################
update_if_desired() {
HOMEDIR="/home/${USERNAME}"
MODFILES=""
WD="`pwd`"
SKELDIR=/etc/sysadmins/${PACKAGE}/skel
cd "${SKELDIR}"
# Remove any cruft left around by choosing to use new versions of files
find "${SKELDIR}" -name '*.dpkg-old' -o -name '.*.dpkg-old' | xargs -r rm
for F in `find . -type f ` ; do
if [ -f ${HOMEDIR}/$F ]; then
EXISTING="`md5sum ${HOMEDIR}/$F | cut -f1 -d' '`"
REVISION="`md5sum $F | cut -f1 -d' '`"
[ "${REVISION}" != "${EXISTING}" ] && MODFILES="${MODFILES} ${F}"
else
MODFILES="${MODFILES} ${F}"
fi
done
cd "${WD}"
if [ "${MODFILES}" = "" ] ; then
echo "No changes needed to existing home directory"
else
db_get ${PACKAGE}/overwrite_local_files
if [ "$RET" = "false" ] ; then
echo "Package files differ but I am not updating them - copy manually if desired"
else
echo "Updating local files from package versions"
for F in ${MODFILES} ; do
# If we are installing on a machine with NFS mounted /home
# then things _will_ fail but we just sail on anyway...
FILEDIR="`dirname \"${HOMEDIR}/${F}\"`"
if [ ! -d "${FILEDIR}" ] ; then
mkdir -p "${FILEDIR}" || continue
fi
cp -b "${SKELDIR}/${F}" "${HOMEDIR}/${F}" || continue
chown ${USERID}:${USERGID} "${HOMEDIR}/${F}" || continue
chmod og-w "${HOMEDIR}/${F}" || continue
# If this is an authorized keys file then we append a local
# keys to the authorized_keys file, if present.
if [ "${F}" = "./.ssh/authorized_keys" -a -f ${HOMEDIR}/.ssh/local_authorized_keys ]; then
echo "Appending local keys to packaged authorized_keys"
cat ${HOMEDIR}/.ssh/local_authorized_keys >> ${HOMEDIR}/${F}
fi
done
# And also be a bit anal in general to allow a re-install
# to fix SSH permissions
chmod og-w "${HOMEDIR}"
chmod og-w "${HOMEDIR}/.ssh"
fi
fi
}
###################################################################
# Have they been installed already, or not?
###################################################################
NEWINSTALL="No"
if [ -f /etc/sysadmins/${PACKAGE}/installed_username ] ; then
USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username`"
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`"
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`"
update_if_desired
else
USERNAMES="`cat /etc/sysadmins/${PACKAGE}/preferred_names`"
for N in ${USERNAMES} ; do
ENTRY="`getent passwd ${N} | cut -f1 -d: `" || true
if [ "x${ENTRY}" = "x" ] ; then
USERNAME="${N}"
make_new_user
break
else
if subvert_existing_user "${ENTRY}" ; then
update_if_desired
break
fi
fi
done
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`"
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`"
# So we notify them, regardless of whether the password is set or not.
NEWINSTALL="Yes"
fi
# Generate the password and email
generate_and_notify
case $1 in
configure)
# We need to reset the ownership / permissions if they
# have previously been installed and then removed...
if [ "`ls -ld /home/${USERNAME} | tr -s ' ' | cut -f3 -d' '`" = "root" ] ; then
passwd -u "${USERNAME}" || true
chown ${USERID}:${USERGID} /home/${USERNAME} || true
chmod 750 /home/${USERNAME} || true
fi
;;
esac
#DEBHELPER#

34
debian/sysadmin.postrm vendored Normal file
View file

@ -0,0 +1,34 @@
#!/bin/sh
set -e
if [ -e /usr/share/debconf/confmodule ]; then
. /usr/share/debconf/confmodule
db_version 2.0
fi
[ -n "${DEBUG}" ] && set -o xtrace
PACKAGE=::package::
USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true
[ -n "${DEBUG}" ] && echo "PostRM Parameters: $@"
[ "${USERNAME}" = "" ] && exit 0
case $1 in
purge)
db_get positiveinternet-userpackage/remove_on_purge
if [ "$RET" = "true" ] ; then
if [ -d /home/${USERNAME} ] ; then
rm -rf /home/${USERNAME} || true
fi
fi
userdel "${USERNAME}" || true
rm -f /etc/sysadmins/${PACKAGE}/installed_* || true
;;
esac
#DEBHELPER#

26
debian/sysadmin.prerm vendored Normal file
View file

@ -0,0 +1,26 @@
#!/bin/sh
set -e
. /usr/share/debconf/confmodule
[ -n "${DEBUG}" ] && set -o xtrace
PACKAGE=::package::
USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true
USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true
USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true
[ -n "${DEBUG}" ] && echo "PreRM Parameters: $@"
case $1 in
remove)
if [ "${USERNAME}" != "" ] ; then
passwd -l "${USERNAME}" || true
chown root:root /home/${USERNAME} || true
chmod 700 /home/${USERNAME} || true
fi
;;
esac
#DEBHELPER#

27
debian/templates vendored Normal file
View file

@ -0,0 +1,27 @@
Template: positiveinternet-userpackage/use_existing_username
Type: boolean
Default: true
Description: Use existing user account
If an account exists for one of the users in your use list, this
package can install itself to manage that account, allowing you
to upgrade (e.g.) keys, in place, at some point in the future.
Template: positiveinternet-userpackage/overwrite_local_files
Type: boolean
Default: true
Description: Overwrite local files from package
Some files are delivered with this package (.vimrc, .bashrc, ...)
and may be overwritten by updates to the package.
.
Select "No" if you don't want that to happen.
Template: positiveinternet-userpackage/remove_on_purge
Type: boolean
Default: true
Description: Remove account on purge
When this packages is de-installed, the account will be locked
with the files only accessible to "root".
.
Normally the account is completely destroyed when the package
is purged, but you can disable that by selecting "No" here.