Initial commit.

2012-09-28 02:24:04 +01:00 · 2012-09-28 02:24:04 +01:00 · 0658661220
commit 0658661220
25 changed files with 1104 additions and 0 deletions
--- a/debian/sysadmin.postinst
+++ b/debian/sysadmin.postinst
@ -0,0 +1,261 @@
+#!/bin/sh 
+
+set -e
+
+if [ -e /usr/share/debconf/confmodule ]; then
+  . /usr/share/debconf/confmodule
+  db_version 2.0
+fi
+ 
+
+[ -n "${DEBUG}" ] && set -o xtrace
+PACKAGE=::package::
+[ -n "${DEBUG}" ] && echo "PostInst Parameters: $@"
+
+
+###################################################################
+# Subvert an existing user, in case we are installing somewhere we
+# already exist
+###################################################################
+subvert_existing_user() {
+  USERNAME="$1"
+  db_get ${PACKAGE}/use_existing_username
+  if [ "$RET" = "false" ] ; then
+    return 1
+  fi
+  echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
+  USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
+  USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
+  echo "$USERID"   >/etc/sysadmins/${PACKAGE}/installed_userid
+  echo "$USERGID"  >/etc/sysadmins/${PACKAGE}/installed_usergid
+
+  echo "Subverted existing user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
+  return 0
+}
+
+###################################################################
+# Make a new user, first time up
+###################################################################
+make_new_user() {
+  PREFUID="`cat /etc/sysadmins/${PACKAGE}/preferred_uid`" || true
+  PREFGID="`cat /etc/sysadmins/${PACKAGE}/preferred_gid`" || true
+  USERFULLNAME="`cat /etc/sysadmins/${PACKAGE}/preferred_fullname`" || true
+  [ "${USERFULLNAME}" = "" ] && USERFULLNAME="${USERNAME}"
+  if [ "$PREFUID" != "" ] ; then
+    getent passwd $PREFUID || USERID=${PREFUID}
+  fi
+  if [ "$PREFGID" != "" ] ; then
+    getent group $PREFGID || USERGID=${PREFGID}
+  fi
+  HOMEDIR="/home/${USERNAME}"
+  ADDUSER="/usr/sbin/adduser --disabled-password --no-create-home --quiet --force-badname --shell /bin/bash"
+  [ "${USERID}"  != "" ] && ADDUSER="${ADDUSER} --uid ${USERID}"
+  if [ "${USERGID}" != "" ] ; then
+    ADDUSER="${ADDUSER} --gid ${USERGID}"
+    groupadd -g ${USERGID} ${USERNAME} || true
+  fi
+  ${ADDUSER} --home "${HOMEDIR}" --gecos "${USERFULLNAME}" ${USERNAME}
+  USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
+  USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
+  if [ ! -e "${HOMEDIR}" ] ; then
+    cp -a /etc/sysadmins/${PACKAGE}/skel ${HOMEDIR}
+    chown -R ${USERID}:${USERGID} ${HOMEDIR}
+    # Make sure the user home and .ssh directories aren't globally writable
+    chmod og-w ${HOMEDIR} ${HOMEDIR}/.ssh
+  fi
+  echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
+  echo "${USERID}"   >/etc/sysadmins/${PACKAGE}/installed_userid
+  echo "${USERGID}"  >/etc/sysadmins/${PACKAGE}/installed_usergid
+
+  echo "Added user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
+}
+
+###################################################################
+# Generate a password (if needed) and notify
+###################################################################
+generate_and_notify() {
+  NOTIFYADDR=`head /etc/sysadmins/${PACKAGE}/notification_email`
+
+  # if we're on woody, use --always-trust instead of --trust-model
+  DEBVERSION=`head /etc/debian_version`
+  if [ "${DEBVERSION}" = "3.0" ]; then
+   TRUSTOPT="--always-trust"
+  else
+   TRUSTOPT="--trust-model always"
+  fi
+
+  # Make sure that the gpg directory is secure
+  chmod 700 /etc/sysadmins/${PACKAGE}/gpg
+
+  # work out if we need it.
+  if [ "${NOTIFYADDR}" != "none" ]; then
+    GNUPG="/usr/bin/gpg --homedir /etc/sysadmins/${PACKAGE}/gpg --no-default-keyring --keyring /etc/sysadmins/${PACKAGE}/gpg/notifyring.gpg ${TRUSTOPT} --encrypt -r ${NOTIFYADDR} --armor"
+    EXISTINGHASH=`getent shadow $USERNAME | cut -f2 -d":"`
+    if [ "$EXISTINGHASH" = "*" ] ; then
+     # okay, we're all good, generate and store.
+     NEWPASS="`pwgen -N 1`" || true
+     DESC=`perl -MSocket -MSys::Hostname=hostname -le 'alarm 2; @x=gethostbyname hostname;print " (".inet_ntoa(scalar $x[4])."/".$x[0].")"' 2>/dev/null || true`
+     MESSAGE="This message was placed here by ${PACKAGE}
+
+Your shell password for $USERNAME@`uname -n`$DESC
+was set as follows:
+
+${NEWPASS}
+"
+     echo "${MESSAGE}" | ${GNUPG} > /home/${USERNAME}/password.txt.gpg
+     echo ${USERNAME}:${NEWPASS} | chpasswd
+     PASSMESS="Your shell password is: ${NEWPASS}"
+     echo "Set new password for ${USERNAME}."
+    else
+      if [ "$NEWINSTALL" = "Yes" ]; then
+        PASSMESS="Existing shell password was kept."
+        echo "Existing password kept for ${USERNAME}."
+      else
+        PASSMESS=""
+      fi
+    fi
+
+    SUPPRESSNOTIFY=`head /etc/sysadmins/${PACKAGE}/suppress_email_notify 2>/dev/null`
+    if [ "x$SUPPRESSNOTIFY" = "xY" ] ; then
+      PASSMESS=""
+    fi
+
+    if [ -f /etc/sysadmins/suppress_email_notify ] ; then
+      GLOBALSUPPRESSNOTIFY=`head /etc/sysadmins/suppress_email_notify 2>/dev/null`
+      if [ "x$GLOBALSUPPRESSNOTIFY" = "xY" ] ; then
+        PASSMESS=""
+      fi
+    fi
+
+    if [ "$PASSMESS" != "" ] ; then
+      # we want to send email, so build an email.
+
+      MESSAGEIP=`/sbin/ip addr | /bin/grep inet | /bin/grep eth | /usr/bin/awk '{print $2}'`
+      MESSAGE="Hi there!
+
+This is the postinst script for ${PACKAGE} running
+on `/bin/hostname -f`.
+
+Your package was installed or upgraded on this machine.
+
+This host runs `/bin/cat /etc/issue.net` and has the following IP addresses:
+
+$MESSAGEIP
+
+$PASSMESS
+
+Thanks!
+"
+      echo "${MESSAGE}" | ${GNUPG} | mail -s "New account on `hostname`" ${NOTIFYADDR}
+      echo "Notified ${NOTIFYADDR} of new account."
+    fi
+  else
+    echo "Not setting new password"
+  fi
+}
+
+###################################################################
+# Update the user's local home directory files from the template
+###################################################################
+update_if_desired() {
+  HOMEDIR="/home/${USERNAME}"
+  MODFILES=""
+  WD="`pwd`"
+  SKELDIR=/etc/sysadmins/${PACKAGE}/skel
+  cd "${SKELDIR}"
+  # Remove any cruft left around by choosing to use new versions of files
+  find "${SKELDIR}" -name '*.dpkg-old' -o -name '.*.dpkg-old' | xargs -r rm 
+  for F in `find . -type f ` ; do
+    if [ -f ${HOMEDIR}/$F ]; then
+      EXISTING="`md5sum ${HOMEDIR}/$F | cut -f1 -d' '`"
+      REVISION="`md5sum $F | cut -f1 -d' '`"
+      [ "${REVISION}" != "${EXISTING}" ] && MODFILES="${MODFILES} ${F}"
+    else
+      MODFILES="${MODFILES} ${F}"
+    fi
+  done
+  cd "${WD}"
+
+  if [ "${MODFILES}" = "" ] ; then
+    echo "No changes needed to existing home directory"
+  else
+    db_get ${PACKAGE}/overwrite_local_files
+    if [ "$RET" = "false" ] ; then
+      echo "Package files differ but I am not updating them - copy manually if desired"
+    else
+      echo "Updating local files from package versions"
+      for F in ${MODFILES} ; do
+        # If we are installing on a machine with NFS mounted /home
+        # then things _will_ fail but we just sail on anyway...
+        FILEDIR="`dirname \"${HOMEDIR}/${F}\"`"
+        if [ ! -d "${FILEDIR}" ] ; then
+          mkdir -p "${FILEDIR}" || continue
+        fi
+        cp -b "${SKELDIR}/${F}" "${HOMEDIR}/${F}" || continue
+        chown ${USERID}:${USERGID} "${HOMEDIR}/${F}" || continue
+        chmod og-w "${HOMEDIR}/${F}" || continue
+        # If this is an authorized keys file then we append a local
+        # keys to the authorized_keys file, if present.
+        if [ "${F}" = "./.ssh/authorized_keys" -a -f ${HOMEDIR}/.ssh/local_authorized_keys ]; then
+          echo "Appending local keys to packaged authorized_keys"
+          cat ${HOMEDIR}/.ssh/local_authorized_keys >> ${HOMEDIR}/${F}
+        fi
+      done
+      # And also be a bit anal in general to allow a re-install
+      # to fix SSH permissions
+      chmod og-w "${HOMEDIR}"
+      chmod og-w "${HOMEDIR}/.ssh"
+    fi
+  fi
+        
+}
+
+
+###################################################################
+# Have they been installed already, or not?
+###################################################################
+NEWINSTALL="No"
+if [ -f /etc/sysadmins/${PACKAGE}/installed_username ] ; then
+  USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username`" 
+  USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" 
+  USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" 
+  update_if_desired
+else
+  USERNAMES="`cat /etc/sysadmins/${PACKAGE}/preferred_names`"
+  for N in ${USERNAMES} ; do
+    ENTRY="`getent passwd ${N} | cut -f1 -d: `" || true
+    if [ "x${ENTRY}" = "x" ] ; then
+      USERNAME="${N}"
+      make_new_user
+      break
+    else
+      if subvert_existing_user "${ENTRY}" ; then
+        update_if_desired
+        break
+      fi
+    fi
+  done
+  USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" 
+  USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" 
+
+  # So we notify them, regardless of whether the password is set or not.
+  NEWINSTALL="Yes"
+fi
+
+# Generate the password and email
+generate_and_notify
+
+
+case $1 in
+  configure)
+      # We need to reset the ownership / permissions if they
+      # have previously been installed and then removed...
+      if [ "`ls -ld /home/${USERNAME} | tr -s ' ' | cut -f3 -d' '`" = "root" ] ; then
+        passwd -u "${USERNAME}" || true
+        chown ${USERID}:${USERGID} /home/${USERNAME} || true
+        chmod 750 /home/${USERNAME} || true
+      fi
+    ;;
+esac
+
+#DEBHELPER#