This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch feature/openbox in repository live-build-x2go. commit a9f3c9e11a7ffa705459e94ce27e5b4acb288a39 Author: Stefan Baur <kontakt@baur-itcs.de> Date: Tue Nov 7 23:34:41 2017 +0100 added check so key copy routine only runs when "copysecring" boot parameter is set --- .../lib/live/config/2270-getsshclientkeysfrommedia | 190 +++++++++++---------- 1 file changed, 96 insertions(+), 94 deletions(-) diff --git a/config/includes.chroot/lib/live/config/2270-getsshclientkeysfrommedia b/config/includes.chroot/lib/live/config/2270-getsshclientkeysfrommedia index 19ebfbe..3bbf516 100755 --- a/config/includes.chroot/lib/live/config/2270-getsshclientkeysfrommedia +++ b/config/includes.chroot/lib/live/config/2270-getsshclientkeysfrommedia @@ -6,110 +6,112 @@ GetSSHClientKeysFromMedia () # Output startup message # echo -n " getsshclientkeysfrommedia" - ( - - # This script is for using the iso-hybrid image along with the "second partition" patch - # or other suitable storage media. When used with the iso-hybrid image for X2Go in portable mode, - # it allows you to share ssh secret keys between X2GoClient for Windows in portable - # mode and the X2Go-ThinClientEnvironment on the same USB media using different partitions. - # It also allows you to use USB media with your key on it together with a net-booted Debian Live, for example. - - while ! [ -c /dev/tty8 ] ; do - echo -n "\n$(date +'%F | %T | ')'$0' is waiting for tty8 to become available." - sleep 2 - done - - while ! [ -e /var/lib/live/config/opensshkeys ] ; do - echo -n "\n$(date +'%F | %T | ')'$0' is waiting for getsshhostkeysfrommedia to finish." - sleep 2 - done - - # Homedir of user account - # - USERHOME=$(getent passwd 1000 | awk -F':' '{ print $6 }') - - # nudge automounter, in case device was already plugged in at power-up - if udevadm trigger --action=add ; then - echo -n "\n$(date +'%F | %T | ')'$0' Successfully nudged udev-automounter." | tee -a /dev/tty8 - else - echo -n "\n$(date +'%F | %T | ')'$0' Error while nudging udev-automounter." | tee -a /dev/tty8 - fi - - # list devices (and mountpoints, if present) - X2GOTCELIVELABELS=$(lsblk -oLABEL,NAME,MOUNTPOINT -l | awk '$3~/^[^\/]/ && $3="" ; $1=="X2GO-TCE-LIVE" { print $2 " " $3}') - - # support for legacy label value - PORTABLEAPPLABELS=$(lsblk -oLABEL,NAME,MOUNTPOINT -l | awk '$3~/^[^\/]/ && $3="" ; $1=="PORTABLEAPP" { print $2 " " $3}') - - # block device list, removable first (we want USB media to be able to override keys on fixed disks) - BLOCKDEVS=$(grep -H '' /sys/block/*/removable | awk -F':' '{ print $2 ":" $1}' | sort -r | awk -F'/' '{print $4}') - - check_for_config (){ - if [ -d $1/config/ssh ] || [ -d $1/ssh ] || [ -d $1/.ssh ]; then - echo -n "\n$(date +'%F | %T | ')'$0' Keyfile directory found at '$1/config/ssh', '$1//ssh', or '$1/./ssh'." | tee -a /dev/tty8 - # create .ssh-Directory in case it doesn't exist - # - mkdir -p $(readlink -m "$USERHOME/.ssh/") - - # any keyfile in the config dir will be copied over to live system - # - for KEYFILE in $1/config/ssh/* $1/ssh/* $1/.ssh/* ; do - ([ -f "$KEYFILE" ] && [ -s "$KEYFILE" ]) || continue - egrep -q "BEGIN .*(PRIVATE|PUBLIC) KEY" "$KEYFILE" || continue - echo -n "\n$(date +'%F | %T | ')'$0' Keyfile '$KEYFILE' found, copying and adjusting ownership and permissions on destination." | tee -a /dev/tty8 - KEYDESTPATH="$USERHOME/.ssh/$(basename "$KEYFILE")" - touch "$KEYDESTPATH" - chown user:user \ - $KEYDESTPATH - chmod 600 $KEYDESTPATH - cat $(readlink -m "$KEYFILE")>$KEYDESTPATH + if grep -q "\W*copysecring\W*" /proc/cmdline ; then + ( + + # This script is for using the iso-hybrid image along with the "second partition" patch + # or other suitable storage media. When used with the iso-hybrid image for X2Go in portable mode, + # it allows you to share ssh secret keys between X2GoClient for Windows in portable + # mode and the X2Go-ThinClientEnvironment on the same USB media using different partitions. + # It also allows you to use USB media with your key on it together with a net-booted Debian Live, for example. + + while ! [ -c /dev/tty8 ] ; do + echo -n "\n$(date +'%F | %T | ')'$0' is waiting for tty8 to become available." + sleep 2 + done + while ! [ -e /var/lib/live/config/opensshkeys ] ; do + echo -n "\n$(date +'%F | %T | ')'$0' is waiting for getsshhostkeysfrommedia to finish." + sleep 2 done - # this is so the path name in the sessions file matches again - # (cannot use .ssh on FAT, for example) + # Homedir of user account # - ln -s $USERHOME/.ssh $USERHOME/ssh - - return 0 - else - return 1 - fi - } - - for BLOCKDEV in $BLOCKDEVS; do - NEXTDEVICE=$(echo "$X2GOTCELIVELABELS\n$PORTABLEAPPLABELS" | grep "$BLOCKDEV") - if [ -n "$NEXTDEVICE" ] ; then - MNTPT=$(echo $NEXTDEVICE | awk '{print $2}') - NEXTDEVICE=$(echo $NEXTDEVICE | awk '{print $1}') - - if [ -n "$MNTPT" ] ; then - echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is mounted at: '$MNTPT'" | tee -a /dev/tty8 - if check_for_config $MNTPT ; then - touch /var/lib/live/config/opensshclientkeys - exit 0 - fi - else - echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is not mounted." | tee -a /dev/tty8 - if grep -q "^0$" /sys/block/*/removable ; then - echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is a fixed disk, mounting ..." | tee -a /dev/tty8 - mkdir -p /media/fixeddisks/$NEXTDEVICE - mount -o ro /dev/$NEXTDEVICE /media/fixeddisks/$NEXTDEVICE - if check_for_config /media/fixeddisks/$NEXTDEVICE ; then - umount /media/fixeddisks/$NEXTDEVICE + USERHOME=$(getent passwd 1000 | awk -F':' '{ print $6 }') + + # nudge automounter, in case device was already plugged in at power-up + if udevadm trigger --action=add ; then + echo -n "\n$(date +'%F | %T | ')'$0' Successfully nudged udev-automounter." | tee -a /dev/tty8 + else + echo -n "\n$(date +'%F | %T | ')'$0' Error while nudging udev-automounter." | tee -a /dev/tty8 + fi + + # list devices (and mountpoints, if present) + X2GOTCELIVELABELS=$(lsblk -oLABEL,NAME,MOUNTPOINT -l | awk '$3~/^[^\/]/ && $3="" ; $1=="X2GO-TCE-LIVE" { print $2 " " $3}') + + # support for legacy label value + PORTABLEAPPLABELS=$(lsblk -oLABEL,NAME,MOUNTPOINT -l | awk '$3~/^[^\/]/ && $3="" ; $1=="PORTABLEAPP" { print $2 " " $3}') + + # block device list, removable first (we want USB media to be able to override keys on fixed disks) + BLOCKDEVS=$(grep -H '' /sys/block/*/removable | awk -F':' '{ print $2 ":" $1}' | sort -r | awk -F'/' '{print $4}') + + check_for_config (){ + if [ -d $1/config/ssh ] || [ -d $1/ssh ] || [ -d $1/.ssh ]; then + echo -n "\n$(date +'%F | %T | ')'$0' Keyfile directory found at '$1/config/ssh', '$1//ssh', or '$1/./ssh'." | tee -a /dev/tty8 + # create .ssh-Directory in case it doesn't exist + # + mkdir -p $(readlink -m "$USERHOME/.ssh/") + + # any keyfile in the config dir will be copied over to live system + # + for KEYFILE in $1/config/ssh/* $1/ssh/* $1/.ssh/* ; do + ([ -f "$KEYFILE" ] && [ -s "$KEYFILE" ]) || continue + egrep -q "BEGIN .*(PRIVATE|PUBLIC) KEY" "$KEYFILE" || continue + echo -n "\n$(date +'%F | %T | ')'$0' Keyfile '$KEYFILE' found, copying and adjusting ownership and permissions on destination." | tee -a /dev/tty8 + KEYDESTPATH="$USERHOME/.ssh/$(basename "$KEYFILE")" + touch "$KEYDESTPATH" + chown user:user \ + $KEYDESTPATH + chmod 600 $KEYDESTPATH + cat $(readlink -m "$KEYFILE")>$KEYDESTPATH + + done + + # this is so the path name in the sessions file matches again + # (cannot use .ssh on FAT, for example) + # + ln -s $USERHOME/.ssh $USERHOME/ssh + + return 0 + else + return 1 + fi + } + + for BLOCKDEV in $BLOCKDEVS; do + NEXTDEVICE=$(echo "$X2GOTCELIVELABELS\n$PORTABLEAPPLABELS" | grep "$BLOCKDEV") + if [ -n "$NEXTDEVICE" ] ; then + MNTPT=$(echo $NEXTDEVICE | awk '{print $2}') + NEXTDEVICE=$(echo $NEXTDEVICE | awk '{print $1}') + + if [ -n "$MNTPT" ] ; then + echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is mounted at: '$MNTPT'" | tee -a /dev/tty8 + if check_for_config $MNTPT ; then touch /var/lib/live/config/opensshclientkeys exit 0 fi - umount /media/fixeddisks/$NEXTDEVICE else - echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is a removable disk, not mounted by automounter, skipping." | tee -a /dev/tty8 - : + echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is not mounted." | tee -a /dev/tty8 + if grep -q "^0$" /sys/block/*/removable ; then + echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is a fixed disk, mounting ..." | tee -a /dev/tty8 + mkdir -p /media/fixeddisks/$NEXTDEVICE + mount -o ro /dev/$NEXTDEVICE /media/fixeddisks/$NEXTDEVICE + if check_for_config /media/fixeddisks/$NEXTDEVICE ; then + umount /media/fixeddisks/$NEXTDEVICE + touch /var/lib/live/config/opensshclientkeys + exit 0 + fi + umount /media/fixeddisks/$NEXTDEVICE + else + echo -n "\n$(date +'%F | %T | ')'$0' Device '$NEXTDEVICE' is a removable disk, not mounted by automounter, skipping." | tee -a /dev/tty8 + : + fi fi fi - fi - done - touch /var/lib/live/config/opensshclientkeys - ) & + done + touch /var/lib/live/config/opensshclientkeys + ) & + fi } GetSSHClientKeysFromMedia -- Alioth's /srv/git/code.x2go.org/live-build-x2go.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/live-build-x2go.git