This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch feature/openbox in repository live-build-x2go. commit d6a40aa700b7b854ba36360de6cf286e04f340b9 Author: Stefan Baur (BAUR-ITCS) <kontakt@baur-itcs.de> Date: Tue Feb 6 11:43:26 2018 +0100 moved function to top of code block where it belongs, and also fixed indentation --- .../lib/live/config/2260-getsshhostkeysfrommedia | 111 +++++++++++---------- 1 file changed, 56 insertions(+), 55 deletions(-) diff --git a/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia b/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia index 81d9af3..6cd58e0 100755 --- a/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia +++ b/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia @@ -7,6 +7,62 @@ GetSSHHostKeysFromMedia () # echo -n " getsshhostkeysfrommedia" ( + check_for_config (){ + if [ -d $1/config/sshdkeys ] ; then + echo -n "\n$(date +'%F | %T | ')'$0' Keyfile directory found at '$1/config/sshdkeys'." | tee -a /dev/tty8 + # any keyfile in the config dir will be copied over to live system + for KEYFILE in $1/config/sshdkeys/ssh_host*key* ; do + [ -e "$KEYFILE" ] && cp $KEYFILE /etc/ssh/ && KEYFLAG=1 + if echo $(basename $KEYFILE) | grep -q '\.pub$' ; then + chmod 644 /etc/ssh/$(basename $KEYFILE) + else + chmod 600 /etc/ssh/$(basename $KEYFILE) + fi + done + # no keys present (as detected by flag not being set), but directory is there? Store keys. + if [ -z "$KEYFLAG" ] ; then + echo -n "\n$(date +'%F | %T | ')'$0' No keyfiles were found in the keyfile directory '$1/config/sshdkeys'." | tee -a /dev/tty8 + ssh-keygen -A # make sure we have keyfiles for every key the server expects + echo -n "\n$(date +'%F | %T | ')'$0' Attempting to copy current keyfiles to keyfile directory '$1/config/sshdkeys'." | tee -a /dev/tty8 + if awk '$2=="'$1'" {print $4 }' /proc/mounts | tr ',' '\n' | grep -q '^ro$' ; then + echo -n "\n$(date +'%F | %T | ')'$0' Attempting to remount '$1' with flags rw and sync." | tee -a /dev/tty8 + if mount -oremount,rw,sync $1 ; then + echo -n "\n$(date +'%F | %T | ')'$0' Successfully remounted '$1'." | tee -a /dev/tty8 + REMOUNT="rws" + else + echo -n "\n$(date +'%F | %T | ')'$0' Error remounting '$1'." | tee -a /dev/tty8 + fi + fi + if ([ -z "$REMOUNT" ] || [ "$REMOUNT" = "rws" ]) && cp /etc/ssh/ssh_host*key* $1/config/sshdkeys/ ; then + echo -n "\n$(date +'%F | %T | ')'$0' Copying keyfiles succeeded." | tee -a /dev/tty8 + else + echo -n "\n$(date +'%F | %T | ')'$0' Error copying keyfiles." | tee -a /dev/tty8 + fi + if [ -n "$REMOUNT" ] && mount -oremount,ro $1 ; then + echo -n "\n$(date +'%F | %T | ')'$0' Remounted '$1' read-only." | tee -a /dev/tty8 + else + echo -n "\n$(date +'%F | %T | ')'$0' Error remounting '$1' read-only." | tee -a /dev/tty8 + fi + + else + if ps -C sshd >/dev/null 2>&1 ; then + # reload sshd config + echo -n "\n$(date +'%F | %T | ')'$0' Reloading sshd config to activate new keyfiles." | tee -a /dev/tty8 + if service ssh reload ; then + echo -n "\n$(date +'%F | %T | ')'$0' New keyfiles activated." | tee -a /dev/tty8 + else + echo -n "\n$(date +'%F | %T | ')'$0' Error activating new keyfiles." | tee -a /dev/tty8 + fi + else + echo -n "\n$(date +'%F | %T | ')'$0' sshd not running (yet), so no reloading required." | tee -a /dev/tty8 + fi + fi + return 0 + else + return 1 + fi + } + while ! [ -c /dev/tty8 ] ; do echo -n "\n$(date +'%F | %T | ')'$0' is waiting for tty8 to become available." sleep 2 @@ -29,61 +85,6 @@ GetSSHHostKeysFromMedia () # block device list, non-removable first (for security - we don't want USB media to be able to override keys on fixed disks) BLOCKDEVS="$(echo $X2GOTCELIVELABELS | awk '$3 == "0" {print $2}') $(echo $X2GOTCELIVELABELS | awk '$3 == "1" {print $2}')" - check_for_config (){ - if [ -d $1/config/sshdkeys ] ; then - echo -n "\n$(date +'%F | %T | ')'$0' Keyfile directory found at '$1/config/sshdkeys'." | tee -a /dev/tty8 - # any keyfile in the config dir will be copied over to live system - for KEYFILE in $1/config/sshdkeys/ssh_host*key* ; do - [ -e "$KEYFILE" ] && cp $KEYFILE /etc/ssh/ && KEYFLAG=1 - if echo $(basename $KEYFILE) | grep -q '\.pub$' ; then - chmod 644 /etc/ssh/$(basename $KEYFILE) - else - chmod 600 /etc/ssh/$(basename $KEYFILE) - fi - done - # no keys present (as detected by flag not being set), but directory is there? Store keys. - if [ -z "$KEYFLAG" ] ; then - echo -n "\n$(date +'%F | %T | ')'$0' No keyfiles were found in the keyfile directory '$1/config/sshdkeys'." | tee -a /dev/tty8 - ssh-keygen -A # make sure we have keyfiles for every key the server expects - echo -n "\n$(date +'%F | %T | ')'$0' Attempting to copy current keyfiles to keyfile directory '$1/config/sshdkeys'." | tee -a /dev/tty8 - if awk '$2=="'$1'" {print $4 }' /proc/mounts | tr ',' '\n' | grep -q '^ro$' ; then - echo -n "\n$(date +'%F | %T | ')'$0' Attempting to remount '$1' with flags rw and sync." | tee -a /dev/tty8 - if mount -oremount,rw,sync $1 ; then - echo -n "\n$(date +'%F | %T | ')'$0' Successfully remounted '$1'." | tee -a /dev/tty8 - REMOUNT="rws" - else - echo -n "\n$(date +'%F | %T | ')'$0' Error remounting '$1'." | tee -a /dev/tty8 - fi - fi - if ([ -z "$REMOUNT" ] || [ "$REMOUNT" = "rws" ]) && cp /etc/ssh/ssh_host*key* $1/config/sshdkeys/ ; then - echo -n "\n$(date +'%F | %T | ')'$0' Copying keyfiles succeeded." | tee -a /dev/tty8 - else - echo -n "\n$(date +'%F | %T | ')'$0' Error copying keyfiles." | tee -a /dev/tty8 - fi - if [ -n "$REMOUNT" ] && mount -oremount,ro $1 ; then - echo -n "\n$(date +'%F | %T | ')'$0' Remounted '$1' read-only." | tee -a /dev/tty8 - else - echo -n "\n$(date +'%F | %T | ')'$0' Error remounting '$1' read-only." | tee -a /dev/tty8 - fi - - else - if ps -C sshd >/dev/null 2>&1 ; then - # reload sshd config - echo -n "\n$(date +'%F | %T | ')'$0' Reloading sshd config to activate new keyfiles." | tee -a /dev/tty8 - if service ssh reload ; then - echo -n "\n$(date +'%F | %T | ')'$0' New keyfiles activated." | tee -a /dev/tty8 - else - echo -n "\n$(date +'%F | %T | ')'$0' Error activating new keyfiles." | tee -a /dev/tty8 - fi - else - echo -n "\n$(date +'%F | %T | ')'$0' sshd not running (yet), so no reloading required." | tee -a /dev/tty8 - fi - fi - return 0 - else - return 1 - fi - } # for every block device in our list, do ... for BLOCKDEV in $BLOCKDEVS; do -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/live-build-x2go.git