#!/bin/sh # postinst script for lsh-server # # see: dh_installdeb(1) set -e # summary of how this script can be called: # * `configure' # * `abort-upgrade' # * `abort-remove' `in-favour' # # * `abort-deconfigure' `in-favour' # `removing' # # for details, see http://www.debian.org/doc/debian-policy/ or # the debian-policy package # # quoting from the policy: # Any necessary prompting should almost always be confined to the # post-installation script, and should be protected with a conditional # so that unnecessary prompting doesn't happen if a package's # installation fails and the `postinst' is called with `abort-upgrade', # `abort-remove' or `abort-deconfigure'. create_seed_and_key() { RANDOM_SEED="/var/spool/lsh/yarrow-seed-file" HOST_KEY="/etc/lsh_host_key" OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key" if [ ! -f "$RANDOM_SEED" ]; then echo -n "Creating lsh random seed file (this may take a while) ..." DIR=$(dirname "$RANDOM_SEED") if install -d -m 700 "$DIR" && dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null && chmod 600 "$RANDOM_SEED"; then echo " done." else echo " failed!" return 1 fi fi if [ ! -f "$HOST_KEY" ]; then if [ -r "$OPENSSH_HOST_KEY" ]; then echo -n "Converting existing OpenSSH RSA host key ... " if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server && [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then chmod +r "$HOST_KEY.pub" echo "done." return 0 fi rm -f "$HOST_KEY" "$HOST_KEY.pub" echo "failed. Will generate a new key instead." fi echo -n "Creating lsh host key ... " if lsh-keygen --server | lsh-writekey --server && [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then chmod +r "$HOST_KEY.pub" echo "done." else echo "failed!" return 1 fi fi return 0 } LSHD_DEFAULTS=/etc/default/lsh-server case "$1" in configure) # This needs to be fixed. If we do stuff this way, strange things will # happen ... the user can specify stuff to debconf and old options can # still be written to the config file :-( # First, get default options #[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS" # Fall back to default options if necessary LSHD_PORT=${LSHD_PORT:-2222} ENABLE_SFTP=${ENABLE_SFTP:-false} # Make sure ENABLE_SFTP is either "true" or "false", set up option case "$ENABLE_SFTP" in true|TRUE|y*|Y*) ENABLE_SFTP=true ;; *) ENABLE_SFTP=false ;; esac . /usr/share/debconf/confmodule db_get "lsh-server/lshd_port"; LSHD_PORT="$RET" db_get "lsh-server/sftp"; ENABLE_SFTP="$RET" db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET" exec 3>&- # OK, now make the config file cat <<"EOF" >"$LSHD_DEFAULTS" # Configuration file generated by lsh-server.postinst. # You can change the lsh-server configuration either by editing # this file, or by running dpkg-reconfigure lsh-server. # # If systemd is used, this file is read as an environment file and can # only contain environment variable assignments. EOF echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS" echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS" echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS" # Versions before 2.0.1cdbs-4 have a security issue, therefore # have the random seed regenerated. if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \ && dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a" echo " version with a known security bug, so we can't trust the seed any more." echo " It will be automatically regenerated from /dev/random." rm /var/spool/lsh/yarrow-seed-file fi # Disable ssh if needed if [ "$LSHD_PORT" -eq 22 ] ; then if [ ! -d /etc/ssh ] ; then mkdir -p /etc/ssh fi file=/etc/ssh/sshd_not_to_be_run if [ ! -f "$file" ] ; then # stop ssh from starting at bootup cat <<"EOF" >"$file" LSH_SERVER_CONFIG_GENERATED # Generated by lsh-server.postinst # Please don't remove this file unless you have first disabled lsh, and don't # change the first line ... otherwise lsh-server won't recognise it!!! EOF if [ -x "/etc/init.d/ssh" ]; then invoke-rc.d ssh stop || true fi fi fi create_seed_and_key ;; abort-upgrade|abort-remove|abort-deconfigure) ;; *) echo "postinst called with unknown argument \`$1'" >&2 exit 1 ;; esac # dh_installdeb will replace this with shell code automatically # generated by other debhelper scripts # Automatically added by dh_systemd_enable/13.14.1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then # The following line should be removed in trixie or trixie+1 deb-systemd-helper unmask 'lsh-server.service' >/dev/null || true # was-enabled defaults to true, so new installations run enable. if deb-systemd-helper --quiet was-enabled 'lsh-server.service'; then # Enables the unit on first installation, creates new # symlinks on upgrades if the unit file has changed. deb-systemd-helper enable 'lsh-server.service' >/dev/null || true else # Update the statefile to add new symlinks (if any), which need to be # cleaned up on purge. Also remove old symlinks. deb-systemd-helper update-state 'lsh-server.service' >/dev/null || true fi fi # End automatically added section # Automatically added by dh_installinit/13.14.1 if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ] || [ "$1" = "abort-deconfigure" ] || [ "$1" = "abort-remove" ] ; then if [ -z "${DPKG_ROOT:-}" ] && [ -x "/etc/init.d/lsh-server" ]; then update-rc.d lsh-server defaults >/dev/null if [ -n "$2" ]; then _dh_action=restart else _dh_action=start fi invoke-rc.d lsh-server $_dh_action || exit 1 fi fi # End automatically added section exit 0