Initial commit.

.gitignore

@@ -0,0 +1,12 @@
+.git
+build
+build-stamp
+debian/positiveinternet-userpackage
+debian/positiveinternet-userpackage.postinst
+debian/positiveinternet-userpackage.postrm
+debian/positiveinternet-userpackage.postrm.debhelper
+debian/positiveinternet-userpackage.prerm
+debian/positiveinternet-userpackage.substvars
+debian/files
+debian/substvars
+ssh-keys/authorized_keys

Makefile

@@ -0,0 +1,12 @@
+all: build
+
+clean:
+	fakeroot make -f debian/rules clean
+
+build:
+	dpkg-buildpackage -rfakeroot -b -tc
+
+debug:
+	dpkg-buildpackage -rfakeroot -b
+
+.PHONY: build

bin/clone-new-sysadmin

@@ -0,0 +1,382 @@
+#!/usr/bin/perl -w
+#
+# Clone a new sysadmin package from this one.
+#
+
+use strict;
+use Getopt::Long qw(:config permute);  # allow mixed args.
+use POSIX;
+use File::Copy;
+use FindBin qw($Bin);
+BEGIN{ chdir("$Bin/..") }
+
+# You may need libterm-readline-gnu-perl to be installed
+use Term::ReadLine;
+
+my $debug = 0;
+my $helpmeplease = 0;
+
+GetOptions ('debug!'       => \$debug,
+            'help'         => \$helpmeplease
+           );
+
+show_usage() if ( $helpmeplease );
+
+my $term = new Term::ReadLine 'clone-new-sysadmin';
+if(not exists $INC{'Term/ReadLine/Gnu.pm'}) {
+    warn "You may wish to use Ctrl-C to interrupt this program and run the\n"
+         . "following command:\n\n\n"
+         . "  apt-get install libterm-readline-gnu-perl\n\n";
+}
+my $diffs = `git diff-index HEAD 2>/dev/null`;
+if ($? != 0) {
+    die "You need git-core installed to use this program.\n\n"
+         . "run:\n\n"
+         . "  apt-get install git-core\n\n";
+} elsif ($diffs) {
+    warn "Your checkout has uncommitted changes.  These will be bundled\n"
+	."into the first commit of your branch.\n";
+}
+
+my ( $package_name, $organisation, $new_name, $full_name,
+     $user_names, $uid, $gid, $gecos, $junk, $email );
+
+# Get the current package name
+my @pwent = getpwuid($<);
+$user_names = $pwent[0];
+$uid = $pwent[2];
+$gid = $pwent[3];
+$gecos = $pwent[4];
+( $full_name, $junk ) = split ",", $gecos ;
+
+# Attempt to avoid UID/GID collisions
+$uid = 2500 + int(rand(1500)) if ( $uid <= 1000 );
+$gid = $uid if ( $gid <= 1000 );
+
+my @components = split '/', POSIX::getcwd() ;
+$package_name = pop @components;
+$organisation = $package_name;
+$organisation =~ s/-.*$// ;
+$organisation = $term->readline( "Enter the name of the Organisation:         ", $organisation );
+
+$junk = $full_name;
+$full_name = $term->readline( "Enter the full name of the target sysadmin: ", $full_name );
+if ( $junk ne $full_name ) {
+  # Ok, they edited it.  Let's try and invent a user name list
+  my @name_parts = split /\s+/, lc($full_name) ;
+  my $first = $name_parts[0];
+  my $last = $name_parts[-1];
+  my $initials = "";
+  foreach( @name_parts ) {
+    $initials .= substr($_, 0,1);
+  }
+  $user_names = "$first $first".substr($last,0,1)." $initials ".substr($first,0,1)."$last $first.$last ";
+}
+
+$new_name = lc( "$organisation-$full_name" );
+$new_name =~ s/\s+\S+.*\s+//;
+$new_name =~ s/ //g;
+print <<EOT ;
+
+
+The new name should be of the form "organisation-firstnamelastname"
+so that people don't need to be told the name of the package, and
+so we can easily see them grouped in the installed packages listing.
+
+EOT
+
+$new_name   = $term->readline( "Enter the new name for the target package:  ", $new_name );
+$user_names = $term->readline( "Preferred usernames (space delimited):      ", $user_names );
+$uid        = $term->readline( "Preferred UID: ", $uid );
+$gid        = $term->readline( "Preferred GID: ", $gid );
+
+print <<EOT ;
+
+This package can set a shell password (which in turn is used by sudo)
+but requires a GPG key to encrypt to. The email address you provide
+below will be used to locate a suitable public key in the current
+user's keyring.  It *can* also be used as the target of an encrypted 
+email.
+
+The public key you specify here must be available in your default keyring
+(specifically of the user executing this script).
+
+Specify "none" to disable password generation and notification.
+
+EOT
+
+my $default_email = $organisation eq 'positiveinternet'
+                    ? $user_names . '@positive-internet.com'
+                    : '';
+$default_email =~ s{ (?:.* )?}{};  # remove alternate usernames
+
+$email	    = $term->readline( "Email address to notify/encrypt to: ", $default_email );
+
+$email ||= 'none';
+
+my $suppress_email_notify = '';
+
+if($email ne 'none') {
+  print <<EOT ;
+
+Do you want an (encrypted) email notification whenever your package is 
+installed (if you answer 'no', an encrypted notification will still be
+saved in your home directory but no email will be generated)?
+
+EOT
+
+  my $want_email = $term->readline( "Always send password by email (y/N)? ", 'N');
+  if($want_email and $want_email =~ /^y/i) {
+    $suppress_email_notify = 'N';
+  }
+}
+
+printf( "Cloning from %s to %s for %s\n", $package_name, $new_name, $full_name );
+print <<EOTXT ;
+Attempting usernames: $user_names
+Preferred UID/GID:    $uid / $gid
+EOTXT
+
+
+my @exclude_files = (
+                      'build',
+                      '.git$',
+                      'faces/',
+                      'ssh-keys/(?!.placeholder)',
+                      'gpg-keys/',
+                      'preferred_fullname',
+                      'preferred_names',
+                      'preferred_uid',
+                      'preferred_gid',
+		      'notification_email',
+                      'suppress_email_notify',
+                      "debian\\/$package_name\\.",
+                      'debian\\/tmp$',
+                      'debian\\/files$',
+                      '.*~',
+                    );
+
+# If we have a 'preferred_uid' file we won't copy skel
+if ( -f 'preferred_uid' ) {
+  push @exclude_files, 'skel/';
+}
+
+############################################################
+# copy_files
+############################################################
+my ($url) = map { m{URL: (.*)} ? ($1) : () } `git remote show origin`;
+
+$url =~ s|http://(.*?)/|git+ssh://$1/git/private/|;
+
+chdir '..';
+system("git", "clone", "--bare", "-l", $package_name, "$new_name/.git") == 0
+	or die "git clone failed; rc=$?";
+{
+local($ENV{GIT_DIR})="$new_name/.git";
+my $branch_name = "refs/heads/$new_name";
+system("git", "update-ref", $branch_name, "HEAD");
+system("git", "symbolic-ref", "HEAD", $branch_name);
+system("git", "read-tree", "HEAD");
+system("git", "config", "core.bare", 'false');
+if ( $url ) {
+	(system("git", "remote", "add", "origin", $url) == 0)
+		or warn "upgrade your git to 1.5+\n";
+	system("git", "config", "remote.origin.fetch",
+	       "+refs/heads/master:refs/heads/origin/master");
+	system("git", "config", "remote.origin.push",
+	       "+$branch_name:$branch_name");
+}
+copy_files_carefully( $package_name, $new_name );
+chdir $new_name;
+}
+
+
+############################################################
+# customise_files
+############################################################
+my @files = ( 'changelog', 'control', 'README.debian',
+              'rules', 'templates', 'config',
+              'sysadmin.postinst', 'sysadmin.postrm',
+              '.gitignore'
+              );
+foreach my $fn ( @files ) {
+  print "Customising $fn\n";
+  rename "debian/$fn", "debian/$fn.cloned";
+  open( OLD, "<", "debian/$fn.cloned" );
+  open( NEW, ">", "debian/$fn" );
+  while( <OLD> ) {
+    s/positiveinternet-userpackage/$new_name/;
+    s/$package_name/$new_name/;
+    s/__FULL_NAME__/$full_name/g;
+    print NEW $_;
+  }
+  close(NEW);
+  close(OLD);
+  unlink "debian/$fn.cloned";
+}
+
+############################################################
+# dig out gpg key to use
+############################################################
+
+# For this, we need to run gpg and extract the public key
+# then re-import it into a new keyring we put into the
+# package. Hackish, but it'll do.
+
+if ($email ne "none") {
+  system("gpg --export $email > notifyring.gpg");
+  if(-s 'notifyring.gpg' == 0) {
+    die "\nError: There is no key matching '$email' in yor GnuPG keyring\n"
+      . "Package not created.\n";
+  }
+} else {
+  system("touch notifyring.gpg");
+}
+
+############################################################
+# write_preferences
+############################################################
+write_preference( 'preferred_fullname', $full_name );
+write_preference( 'preferred_names', $user_names );
+write_preference( 'preferred_uid', $uid );
+write_preference( 'preferred_gid', $gid );
+write_preference( 'notification_email', $email );
+write_preference( 'suppress_email_notify', $suppress_email_notify );
+
+# Ensure appropriate things are marked executable
+chmod 0755, 'debian/rules';
+chmod 0755, 'bin/clone-new-sysadmin';
+
+for my $dir ('ssh-keys', 'gpg-keys', 'skel') {
+  mkdir $dir unless -d $dir;
+}
+
+# check into git
+my @rms = map { chomp; $_ }
+	`git diff-index --name-only --diff-filter=D HEAD`;
+system("git", "add", ".");
+system("git", "rm",  @rms) if @rms;
+system("git", "commit", "-m", "Cloned package for $full_name using $0");
+
+############################################################
+# We're done...
+############################################################
+my $newdir = join( '/', @components) . "/$new_name";
+print <<EOTXT ;
+
+OK, the new package framework has been created in:
+
+    $newdir
+
+What you will need to do now, is to copy any keys into the
+ssh-keys subdirectory and any gpg keys into the gpg-keys
+subdirectory.  After that you can make any other modifications
+you would like.  For a basic starting point it is probably
+sufficient to:
+
+    cd $newdir
+    cp ~/.ssh/id*.pub ssh-keys
+    fakeroot ./debian/rules binary
+
+To create a new version of the package, use "debchange -i" to 
+increment the revision number, and comment on what the change
+is that is being made.
+
+EOTXT
+
+exit 0;
+
+
+############################################################
+# ONLY SUBROUTINES BELOW HERE
+############################################################
+
+
+############################################################
+# customise_files - customises a set of files
+#   Files/lines to be changed
+#    debian/changelog
+#    debian/control
+#    debian/README.debian
+#    debian/rules
+############################################################
+
+sub write_preference {
+  my $filename = shift;
+  my $preference = shift;
+
+  open( PREF, ">", $filename );
+  print PREF $preference;
+  close(PREF);
+}
+
+############################################################
+# Copy a tree of files carefully
+############################################################
+sub copy_files_carefully {
+  my $source = shift;
+  my $dest = shift;
+
+  return if (!defined($dest) || !defined($source) );
+
+  if ( ! -e $dest ) {
+    mkdir $dest;
+  }
+  print "Copying files in $source\n";
+  opendir( SDIR, $source ) or die("Can't open source directory: $!");
+  my @files = readdir(SDIR);
+  closedir( SDIR );
+
+  foreach my $fn ( @files ) {
+    next if ( $fn eq '.' || $fn eq '..' );
+    next if ( exclude_from_copy("$source/$fn") );
+    if ( -d "$source/$fn" ) {
+      # Recurse to copy the subdirectory
+      copy_files_carefully( "$source/$fn", "$dest/$fn" );
+    }
+    else {
+      print "Copying from $source/$fn to $dest/$fn\n" if ( $debug );
+      copy( "$source/$fn", "$dest/$fn" );
+    }
+  }
+
+}
+
+
+############################################################
+# Decide whether this file should be exluded from the copy
+############################################################
+sub exclude_from_copy {
+  my $fn = shift;
+
+  foreach( @exclude_files ) {
+    if ( $fn =~ /^$package_name\/$_/ ) {
+      print "Excluding $fn\n" if ( $debug );
+      return 1;
+    }
+  }
+
+  # No match, so it must be OK then :-)
+  return 0;
+}
+
+############################################################
+# Tell the nice user how we do things.  Short and sweet.
+############################################################
+sub show_usage {
+    print <<OPTHELP;
+
+bin/clone-new-sysadmin
+
+There are no options - all variables are prompted for.
+
+bin/clone-new-sysadmin will clone this package to a new sysadmin
+package, prompting for important information and telling you what
+to do next.  It needs to be run from the base source directory
+of an existing package.
+
+OPTHELP
+    exit 0;
+}
+
+

debian/.gitignore

@@ -0,0 +1,6 @@
+positiveinternet-userpackage
+positiveinternet-userpackage.postinst
+positiveinternet-userpackage.postrm
+positiveinternet-userpackage.postrm.debhelper
+positiveinternet-userpackage.prerm
+positiveinternet-userpackage.substvars

debian/README.debian

@@ -0,0 +1,27 @@
+positiveinternet-userpackage for Debian
+------------------------------------------
+
+This package installs a user on a GNU/Linux system.
+
+To build your own user package using this one as a base,
+change to the top level directory of the source package and
+run:
+
+bin/clone-new-sysadmin
+
+This will create a new source installation for the new user.
+
+In this new source, copy your SSH public keys into the
+ssh-keys subdirectory and any PGP keys into the gpg-keys
+subdirectory.  After that you can make any other modifications
+in the skel directory (e.g. bashrc).
+
+Once those are there you should be able to run:
+    make
+to create a Debian package.
+
+To create a new version of the package, use "debchange -i" to 
+increment the revision number, and comment on what the change
+is that is being made.
+
+Andrew McMillan <andrew@catalyst.net.nz>, Sun,  4 Apr 2004 22:02:51 +1200

debian/catalyst-jonathanharker.debhelper.log

@@ -0,0 +1,4 @@
+dh_installdebconf
+dh_installdeb
+dh_installdebconf
+dh_installdeb

debian/catalyst-jonathanharker.postrm.debhelper

@@ -0,0 +1,6 @@
+# Automatically added by dh_installdebconf
+if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
+	. /usr/share/debconf/confmodule
+	db_purge
+fi
+# End automatically added section

debian/catalyst-jonathanharker.substvars

@@ -0,0 +1 @@
+misc:Depends=debconf (>= 0.5) | debconf-2.0

debian/changelog

@@ -0,0 +1,13 @@
+positiveinternet-userpackage (0.31) unstable; urgency=low
+
+  * Rewrite for Positive Internet.
+
+ -- Jonathan Harker <jon@jon.geek.nz>  Thu, 27 Sep 2012 12:30:32 +1200
+
+positiveinternet-userpackage (0.1) unstable; urgency=low
+
+  * Initial release.
+  * A package to hold my details for easy installation/removal as a new user
+    on a system we should be administering.
+
+ -- Andrew McMillan <andrew@catalyst.net.nz>  Wed,  3 Mar 2004 10:26:11 +1300

debian/compat

@@ -0,0 +1 @@
+4

debian/config

@@ -0,0 +1,22 @@
+#!/bin/sh -e
+ 
+# Source debconf library.
+. /usr/share/debconf/confmodule
+ 
+# Decide how important it is for the user to see this message
+PRIORITY=high
+# File existence is a sufficient check since this runs before unpacking
+[ -f /etc/sysadmins/positiveinternet-userpackage/installed_username ] && PRIORITY=low
+ 
+# Quiz them about whether to take over an existing user
+db_input $PRIORITY positiveinternet-userpackage/use_existing_username || true
+db_go
+ 
+# Should we overwrite local files, with our funky new versions?
+db_input $PRIORITY positiveinternet-userpackage/overwrite_local_files || true
+db_go
+
+# When we leave, should we close the door?
+db_input $PRIORITY positiveinternet-userpackage/remove_on_purge || true
+db_go
+

debian/control

@@ -0,0 +1,22 @@
+Source: positiveinternet-userpackage
+Section: positive
+Priority: extra
+Maintainer: Jonathan Harker <jon@jon.geek.nz>
+Standards-Version: 3.5.9
+Build-Depends: debhelper
+
+Package: positiveinternet-userpackage
+Architecture: all
+Depends: debconf (>= 1.0.32), perl, nvi | vim, bash, mailx, gnupg, pwgen
+Description: Positive Internet User - __FULL_NAME__
+ This package installs user accounts and other stuff appropriate for a
+ computer which is to be maintained by Positive Internet.
+ .
+ General activities performed:
+  - Create account (if required) using preferred UID/GID (if possible),
+  - Customises home directory with package things (if default),
+  - Adds ssh keys into authorized_keys and ensures good permissions, and
+  - Emails the generated password, but only if a PGP key is supplied.
+ .
+ On removal of the package all directory contents will be tar.gz into /home
+ prior to removal of the directories.

debian/copyright

@@ -0,0 +1,5 @@
+This user was started by Andrew McMillan andrew@catalyst.net.nz on
+Tue, 23 Sep 2003 20:49:07 +1200.
+
+Portions Copyright: GNU Public License version 2, or later.
+

debian/postrm.debhelper

@@ -0,0 +1,6 @@
+# Automatically added by dh_installdebconf
+if [ "$1" = purge ] && [ -e /usr/share/debconf/confmodule ]; then
+	. /usr/share/debconf/confmodule
+	db_purge
+fi
+# End automatically added section

debian/rules

@@ -0,0 +1,65 @@
+#!/usr/bin/make -f
+# Made with the aid of debmake, by Christoph Lameter,
+# based on the sample debian/rules file for GNU hello by Ian Jackson.
+
+package=positiveinternet-userpackage
+dt=debian/$(package)
+
+build: debian/sysadmin.postinst debian/sysadmin.prerm debian/sysadmin.postrm debian/rules ssh-keys/authorized_keys
+	$(checkdir)
+	sed -e"s/::package::/$(package)/g" <debian/sysadmin.postinst >debian/$(package).postinst
+	sed -e"s/::package::/$(package)/g" <debian/sysadmin.prerm >debian/$(package).prerm
+	sed -e"s/::package::/$(package)/g" <debian/sysadmin.postrm >debian/$(package).postrm
+	touch build
+
+clean:
+	$(checkdir)
+	rm -f build
+	rm -f `find . -name "*~"`
+	-rm -rf $(dt) debian/files* core debian/substvars
+	-rm -f ssh-keys/authorized_keys debian/$(package).postinst
+	-rm -f debian/$(package).prerm
+	-rm -f debian/$(package).postrm
+
+binary-indep: checkroot build
+	$(checkdir)
+	rm -rf $(dt)
+	dh_clean -k
+	dh_installdebconf
+	install -d $(dt) $(dt)/DEBIAN \
+	          $(dt)/etc $(dt)/etc/sysadmins \
+		  $(dt)/etc/sysadmins/$(package) \
+		  $(dt)/etc/sysadmins/$(package)/gpg
+	install -m 444 preferred_* $(dt)/etc/sysadmins/$(package)
+	install -m 444 notification_email $(dt)/etc/sysadmins/$(package)
+	install -m 444 suppress_email_notify $(dt)/etc/sysadmins/$(package)
+	install -m 444 notifyring.gpg $(dt)/etc/sysadmins/$(package)/gpg
+	cp -a skel $(dt)/etc/sysadmins/$(package)/skel
+	install -D -m 444 ssh-keys/authorized_keys $(dt)/etc/sysadmins/$(package)/skel/.ssh/authorized_keys
+	find $(dt) -type d -name CVS | xargs -r rm -rf
+	dh_installdeb
+	perl -ni~ -le 'print unless m{/skel/|notif} or $$seen{$$_}++' $(dt)/DEBIAN/conffiles
+	dpkg-gencontrol -P$(dt)
+	chown -R root.root $(dt)
+	dpkg --build $(dt) ..
+
+binary-arch: checkroot build
+	$(checkdir)
+# There are no architecture-dependent files to be uploaded
+# generated by this package.  If there were any they would be
+# made here.
+
+define checkdir
+	test -f debian/rules
+endef
+
+binary: binary-indep binary-arch
+
+ssh-keys/authorized_keys:
+	cat ssh-keys/*.pub >ssh-keys/authorized_keys
+
+checkroot:
+	$(checkdir)
+	test root = "`whoami`"
+
+.PHONY: binary binary-arch binary-indep clean checkroot

debian/sysadmin.postinst

@@ -0,0 +1,261 @@
+#!/bin/sh 
+
+set -e
+
+if [ -e /usr/share/debconf/confmodule ]; then
+  . /usr/share/debconf/confmodule
+  db_version 2.0
+fi
+ 
+
+[ -n "${DEBUG}" ] && set -o xtrace
+PACKAGE=::package::
+[ -n "${DEBUG}" ] && echo "PostInst Parameters: $@"
+
+
+###################################################################
+# Subvert an existing user, in case we are installing somewhere we
+# already exist
+###################################################################
+subvert_existing_user() {
+  USERNAME="$1"
+  db_get ${PACKAGE}/use_existing_username
+  if [ "$RET" = "false" ] ; then
+    return 1
+  fi
+  echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
+  USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
+  USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
+  echo "$USERID"   >/etc/sysadmins/${PACKAGE}/installed_userid
+  echo "$USERGID"  >/etc/sysadmins/${PACKAGE}/installed_usergid
+
+  echo "Subverted existing user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
+  return 0
+}
+
+###################################################################
+# Make a new user, first time up
+###################################################################
+make_new_user() {
+  PREFUID="`cat /etc/sysadmins/${PACKAGE}/preferred_uid`" || true
+  PREFGID="`cat /etc/sysadmins/${PACKAGE}/preferred_gid`" || true
+  USERFULLNAME="`cat /etc/sysadmins/${PACKAGE}/preferred_fullname`" || true
+  [ "${USERFULLNAME}" = "" ] && USERFULLNAME="${USERNAME}"
+  if [ "$PREFUID" != "" ] ; then
+    getent passwd $PREFUID || USERID=${PREFUID}
+  fi
+  if [ "$PREFGID" != "" ] ; then
+    getent group $PREFGID || USERGID=${PREFGID}
+  fi
+  HOMEDIR="/home/${USERNAME}"
+  ADDUSER="/usr/sbin/adduser --disabled-password --no-create-home --quiet --force-badname --shell /bin/bash"
+  [ "${USERID}"  != "" ] && ADDUSER="${ADDUSER} --uid ${USERID}"
+  if [ "${USERGID}" != "" ] ; then
+    ADDUSER="${ADDUSER} --gid ${USERGID}"
+    groupadd -g ${USERGID} ${USERNAME} || true
+  fi
+  ${ADDUSER} --home "${HOMEDIR}" --gecos "${USERFULLNAME}" ${USERNAME}
+  USERID="`getent passwd ${USERNAME} | cut -f3 -d:`"
+  USERGID="`getent passwd ${USERNAME} | cut -f4 -d:`"
+  if [ ! -e "${HOMEDIR}" ] ; then
+    cp -a /etc/sysadmins/${PACKAGE}/skel ${HOMEDIR}
+    chown -R ${USERID}:${USERGID} ${HOMEDIR}
+    # Make sure the user home and .ssh directories aren't globally writable
+    chmod og-w ${HOMEDIR} ${HOMEDIR}/.ssh
+  fi
+  echo "${USERNAME}" >/etc/sysadmins/${PACKAGE}/installed_username
+  echo "${USERID}"   >/etc/sysadmins/${PACKAGE}/installed_userid
+  echo "${USERGID}"  >/etc/sysadmins/${PACKAGE}/installed_usergid
+
+  echo "Added user ${USERNAME} with UID ${USERID} and GID ${USERGID}"
+}
+
+###################################################################
+# Generate a password (if needed) and notify
+###################################################################
+generate_and_notify() {
+  NOTIFYADDR=`head /etc/sysadmins/${PACKAGE}/notification_email`
+
+  # if we're on woody, use --always-trust instead of --trust-model
+  DEBVERSION=`head /etc/debian_version`
+  if [ "${DEBVERSION}" = "3.0" ]; then
+   TRUSTOPT="--always-trust"
+  else
+   TRUSTOPT="--trust-model always"
+  fi
+
+  # Make sure that the gpg directory is secure
+  chmod 700 /etc/sysadmins/${PACKAGE}/gpg
+
+  # work out if we need it.
+  if [ "${NOTIFYADDR}" != "none" ]; then
+    GNUPG="/usr/bin/gpg --homedir /etc/sysadmins/${PACKAGE}/gpg --no-default-keyring --keyring /etc/sysadmins/${PACKAGE}/gpg/notifyring.gpg ${TRUSTOPT} --encrypt -r ${NOTIFYADDR} --armor"
+    EXISTINGHASH=`getent shadow $USERNAME | cut -f2 -d":"`
+    if [ "$EXISTINGHASH" = "*" ] ; then
+     # okay, we're all good, generate and store.
+     NEWPASS="`pwgen -N 1`" || true
+     DESC=`perl -MSocket -MSys::Hostname=hostname -le 'alarm 2; @x=gethostbyname hostname;print " (".inet_ntoa(scalar $x[4])."/".$x[0].")"' 2>/dev/null || true`
+     MESSAGE="This message was placed here by ${PACKAGE}
+
+Your shell password for $USERNAME@`uname -n`$DESC
+was set as follows:
+
+${NEWPASS}
+"
+     echo "${MESSAGE}" | ${GNUPG} > /home/${USERNAME}/password.txt.gpg
+     echo ${USERNAME}:${NEWPASS} | chpasswd
+     PASSMESS="Your shell password is: ${NEWPASS}"
+     echo "Set new password for ${USERNAME}."
+    else
+      if [ "$NEWINSTALL" = "Yes" ]; then
+        PASSMESS="Existing shell password was kept."
+        echo "Existing password kept for ${USERNAME}."
+      else
+        PASSMESS=""
+      fi
+    fi
+
+    SUPPRESSNOTIFY=`head /etc/sysadmins/${PACKAGE}/suppress_email_notify 2>/dev/null`
+    if [ "x$SUPPRESSNOTIFY" = "xY" ] ; then
+      PASSMESS=""
+    fi
+
+    if [ -f /etc/sysadmins/suppress_email_notify ] ; then
+      GLOBALSUPPRESSNOTIFY=`head /etc/sysadmins/suppress_email_notify 2>/dev/null`
+      if [ "x$GLOBALSUPPRESSNOTIFY" = "xY" ] ; then
+        PASSMESS=""
+      fi
+    fi
+
+    if [ "$PASSMESS" != "" ] ; then
+      # we want to send email, so build an email.
+
+      MESSAGEIP=`/sbin/ip addr | /bin/grep inet | /bin/grep eth | /usr/bin/awk '{print $2}'`
+      MESSAGE="Hi there!
+
+This is the postinst script for ${PACKAGE} running
+on `/bin/hostname -f`.
+
+Your package was installed or upgraded on this machine.
+
+This host runs `/bin/cat /etc/issue.net` and has the following IP addresses:
+
+$MESSAGEIP
+
+$PASSMESS
+
+Thanks!
+"
+      echo "${MESSAGE}" | ${GNUPG} | mail -s "New account on `hostname`" ${NOTIFYADDR}
+      echo "Notified ${NOTIFYADDR} of new account."
+    fi
+  else
+    echo "Not setting new password"
+  fi
+}
+
+###################################################################
+# Update the user's local home directory files from the template
+###################################################################
+update_if_desired() {
+  HOMEDIR="/home/${USERNAME}"
+  MODFILES=""
+  WD="`pwd`"
+  SKELDIR=/etc/sysadmins/${PACKAGE}/skel
+  cd "${SKELDIR}"
+  # Remove any cruft left around by choosing to use new versions of files
+  find "${SKELDIR}" -name '*.dpkg-old' -o -name '.*.dpkg-old' | xargs -r rm 
+  for F in `find . -type f ` ; do
+    if [ -f ${HOMEDIR}/$F ]; then
+      EXISTING="`md5sum ${HOMEDIR}/$F | cut -f1 -d' '`"
+      REVISION="`md5sum $F | cut -f1 -d' '`"
+      [ "${REVISION}" != "${EXISTING}" ] && MODFILES="${MODFILES} ${F}"
+    else
+      MODFILES="${MODFILES} ${F}"
+    fi
+  done
+  cd "${WD}"
+
+  if [ "${MODFILES}" = "" ] ; then
+    echo "No changes needed to existing home directory"
+  else
+    db_get ${PACKAGE}/overwrite_local_files
+    if [ "$RET" = "false" ] ; then
+      echo "Package files differ but I am not updating them - copy manually if desired"
+    else
+      echo "Updating local files from package versions"
+      for F in ${MODFILES} ; do
+        # If we are installing on a machine with NFS mounted /home
+        # then things _will_ fail but we just sail on anyway...
+        FILEDIR="`dirname \"${HOMEDIR}/${F}\"`"
+        if [ ! -d "${FILEDIR}" ] ; then
+          mkdir -p "${FILEDIR}" || continue
+        fi
+        cp -b "${SKELDIR}/${F}" "${HOMEDIR}/${F}" || continue
+        chown ${USERID}:${USERGID} "${HOMEDIR}/${F}" || continue
+        chmod og-w "${HOMEDIR}/${F}" || continue
+        # If this is an authorized keys file then we append a local
+        # keys to the authorized_keys file, if present.
+        if [ "${F}" = "./.ssh/authorized_keys" -a -f ${HOMEDIR}/.ssh/local_authorized_keys ]; then
+          echo "Appending local keys to packaged authorized_keys"
+          cat ${HOMEDIR}/.ssh/local_authorized_keys >> ${HOMEDIR}/${F}
+        fi
+      done
+      # And also be a bit anal in general to allow a re-install
+      # to fix SSH permissions
+      chmod og-w "${HOMEDIR}"
+      chmod og-w "${HOMEDIR}/.ssh"
+    fi
+  fi
+        
+}
+
+
+###################################################################
+# Have they been installed already, or not?
+###################################################################
+NEWINSTALL="No"
+if [ -f /etc/sysadmins/${PACKAGE}/installed_username ] ; then
+  USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username`" 
+  USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" 
+  USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" 
+  update_if_desired
+else
+  USERNAMES="`cat /etc/sysadmins/${PACKAGE}/preferred_names`"
+  for N in ${USERNAMES} ; do
+    ENTRY="`getent passwd ${N} | cut -f1 -d: `" || true
+    if [ "x${ENTRY}" = "x" ] ; then
+      USERNAME="${N}"
+      make_new_user
+      break
+    else
+      if subvert_existing_user "${ENTRY}" ; then
+        update_if_desired
+        break
+      fi
+    fi
+  done
+  USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid`" 
+  USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid`" 
+
+  # So we notify them, regardless of whether the password is set or not.
+  NEWINSTALL="Yes"
+fi
+
+# Generate the password and email
+generate_and_notify
+
+
+case $1 in
+  configure)
+      # We need to reset the ownership / permissions if they
+      # have previously been installed and then removed...
+      if [ "`ls -ld /home/${USERNAME} | tr -s ' ' | cut -f3 -d' '`" = "root" ] ; then
+        passwd -u "${USERNAME}" || true
+        chown ${USERID}:${USERGID} /home/${USERNAME} || true
+        chmod 750 /home/${USERNAME} || true
+      fi
+    ;;
+esac
+
+#DEBHELPER#

debian/sysadmin.postrm

@@ -0,0 +1,34 @@
+#!/bin/sh
+
+set -e
+
+if [ -e /usr/share/debconf/confmodule ]; then
+  . /usr/share/debconf/confmodule
+  db_version 2.0
+fi
+ 
+[ -n "${DEBUG}" ] && set -o xtrace
+PACKAGE=::package::
+
+USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true
+USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true
+USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true
+
+[ -n "${DEBUG}" ] && echo "PostRM Parameters: $@"
+
+[ "${USERNAME}" = "" ] && exit 0
+
+case $1 in
+  purge)
+      db_get positiveinternet-userpackage/remove_on_purge
+      if [ "$RET" = "true" ] ; then
+        if [ -d /home/${USERNAME} ] ; then
+          rm -rf /home/${USERNAME} || true
+        fi
+      fi
+      userdel "${USERNAME}" || true
+      rm -f /etc/sysadmins/${PACKAGE}/installed_* || true
+    ;;
+esac
+
+#DEBHELPER#

debian/sysadmin.prerm

@@ -0,0 +1,26 @@
+#!/bin/sh
+
+set -e
+
+. /usr/share/debconf/confmodule
+
+[ -n "${DEBUG}" ] && set -o xtrace
+PACKAGE=::package::
+
+USERNAME="`cat /etc/sysadmins/${PACKAGE}/installed_username 2>/dev/null`" || true
+USERID="`cat /etc/sysadmins/${PACKAGE}/installed_userid 2>/dev/null`" || true
+USERGID="`cat /etc/sysadmins/${PACKAGE}/installed_usergid 2>/dev/null`" || true
+
+[ -n "${DEBUG}" ] && echo "PreRM Parameters: $@"
+
+case $1 in
+  remove)
+      if [ "${USERNAME}" != "" ] ; then
+        passwd -l "${USERNAME}" || true
+        chown root:root /home/${USERNAME} || true
+        chmod 700 /home/${USERNAME} || true
+      fi
+    ;;
+esac
+
+#DEBHELPER#

debian/templates

@@ -0,0 +1,27 @@
+Template: positiveinternet-userpackage/use_existing_username
+Type: boolean
+Default: true
+Description: Use existing user account
+ If an account exists for one of the users in your use list, this
+ package can install itself to manage that account, allowing you
+ to upgrade (e.g.) keys, in place, at some point in the future.
+
+Template: positiveinternet-userpackage/overwrite_local_files
+Type: boolean
+Default: true
+Description: Overwrite local files from package
+ Some files are delivered with this package (.vimrc, .bashrc, ...)
+ and may be overwritten by updates to the package.
+ .
+ Select "No" if you don't want that to happen.
+
+Template: positiveinternet-userpackage/remove_on_purge
+Type: boolean
+Default: true
+Description: Remove account on purge
+ When this packages is de-installed, the account will be locked
+ with the files only accessible to "root".
+ .
+ Normally the account is completely destroyed when the package
+ is purged, but you can disable that by selecting "No" here.
+

skel/.bash_logout

@@ -0,0 +1,15 @@
+# ~/.bash_logout: executed by bash(1) when login shell exits.
+
+# Set title bar to something sensible.
+case $TERM in
+        *xterm*)
+                echo -e "\033]0;xterm\007"
+        ;;
+esac
+
+# when leaving the console clear the screen to increase privacy
+
+case "`tty`" in
+    /dev/tty[0-9]) clear
+esac
+

skel/.bash_profile

@@ -0,0 +1,46 @@
+# ~/.bash_profile: executed by bash(1) for login shells.
+#
+# Positive Internet User Package version - note that you
+# shouldn't customise this, since it will get overwritten
+# with a new version from your package.  If you want local
+# actions on this machine put them into ~/.bash_profile_local
+# which is sourced at the end, if it is present.
+#
+
+DEBVERSION="`cat /etc/debian_version`"
+UTFVERSION="3.1"
+versions() {
+  cat /etc/debian_version
+  echo ${UTFVERSION}
+}
+
+if [ "`versions | sort | head -n 1`" = "${UTFVERSION}" ] ; then
+  if locale -a | grep -q -i '^en_NZ\.UTF-*8$' ; then
+    LC_COLLATE=POSIX
+    export LC_COLLATE
+
+    LC_CTYPE=POSIX
+    export LC_CTYPE
+
+    LANG=en_NZ.UTF-8
+    export LANG
+  else
+    echo "Warning: locale 'en_NZ.UTF-8' is not available on this host" >&2
+  fi
+fi
+
+# set PATH so it includes user's private bin if it exists
+if [ -d ~/bin ] ; then
+    PATH=~/bin:"${PATH}"
+fi
+
+# include .bash_profile_local if it exists
+if [ -f ~/.bash_profile_local ]; then
+    . ~/.bash_profile_local
+fi
+
+# include .bashrc if it exists
+if [ -f ~/.bashrc ]; then
+    . ~/.bashrc
+fi
+

skel/.bashrc

@@ -0,0 +1,66 @@
+# ~/.bashrc: executed by bash(1) for non-login shells.
+#
+# see /usr/share/doc/bash/examples/startup-files (in the package bash-doc)
+# for examples
+#
+# Positive Internet User Package version - note that you
+# shouldn't customise this, since it will get overwritten
+# with a new version from your package.  If you want local
+# actions on this machine put them into ~/.bashrc_local
+# which is sourced at the end, if it is present.
+#
+
+
+# If running interactively, then:
+if [ "$PS1" ]; then
+
+    # don't put duplicate lines in the history. See bash(1) for more options
+    export HISTCONTROL=ignoredups
+
+    # check the window size after each command and, if necessary,
+    # update the values of LINES and COLUMNS.
+    #shopt -s checkwinsize
+
+    # enable color support of ls and also add handy aliases
+    if [ "$TERM" != "dumb" ]; then
+        eval `dircolors -b`
+        alias ls='ls --color=auto'
+        #alias dir='ls --color=auto --format=vertical'
+        #alias vdir='ls --color=auto --format=long'
+    fi
+
+    # some more ls aliases
+    #alias ll='ls -l'
+    #alias la='ls -A'
+    #alias l='ls -CF'
+
+    # set a fancy prompt
+    PS1='${debian_chroot:+($debian_chroot)}\u@\h:\w\$ '
+
+    # If this is an xterm set the title to user@host:dir
+    case $TERM in
+    xterm*)
+        PROMPT_COMMAND='echo -ne "\033]0;${USER}@${HOSTNAME}: ${PWD}\007"'
+        ;;
+    *)
+        ;;
+    esac
+
+    # enable programmable completion features (you don't need to enable
+    # this, if it's already enabled in /etc/bash.bashrc).
+    #if [ -f /etc/bash_completion ]; then
+    #  . /etc/bash_completion
+    #fi
+
+    # Set a colourful prompt on production machines
+    if [ "$ROLE" == "production" ]; then
+        PS1="\[\e[31;1m\]$PS1\[\e[0m\]"
+    fi
+
+fi
+
+# include .bashrc_local if it exists
+if [ -f ~/.bashrc_local ]; then
+    . ~/.bashrc_local
+fi
+

skel/.inputrc

@@ -0,0 +1,34 @@
+# Be 8 bit clean.
+set input-meta on
+set output-meta on
+
+# Allow 8-bit characters to be input because we like that
+set convert-meta off
+
+# We're only modifying the emacs mode
+$if mode=emacs
+
+"\e[1~": beginning-of-line
+"\e[4~": end-of-line
+
+# allow the use of the Delete/Insert keys
+"\e[3~": delete-char
+"\e[2~": quoted-insert
+
+# alternate mappings for "page up" and "page down" to search the history
+"\e[5~": history-search-backward
+"\e[6~": history-search-forward
+
+# # mappings for Ctrl-left-arrow and Ctrl-right-arrow for word moving
+"\e[5C": forward-word
+"\e[5D": backward-word
+
+# uxterm and xterm mappings for Ctrl-left-arrow and Ctrl-right-arrow
+"\e[1;5C": forward-word
+"\e[1;5D": backward-word
+
+# allow the use of the Home/End keys
+"\eOH": beginning-of-line
+"\eOF": end-of-line
+
+$endif

skel/.vimrc

@@ -0,0 +1,11 @@
+:set nocompatible
+:set ts=2
+:set sw=2
+:set sta
+:set sts=2
+:set sr
+:set et
+:set si
+:set gfn=Arial\ Monospaced\ 9
+:set lsp=1
+:set ghr=160