This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch feature/openbox in repository live-build-x2go. commit c5ed5f68a47dd4c5416cdf9808ab8d621b342e1d Author: Stefan Baur <kontakt@baur-itcs.de> Date: Tue Nov 7 19:10:17 2017 +0100 backgrounded entire task, added error checks and log output --- .../lib/live/config/2260-getsshhostkeysfrommedia | 127 +++++++++++++-------- 1 file changed, 82 insertions(+), 45 deletions(-) diff --git a/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia b/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia index 78e4dd5..81bdf99 100755 --- a/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia +++ b/config/includes.chroot/lib/live/config/2260-getsshhostkeysfrommedia @@ -6,64 +6,101 @@ GetSSHHostKeysFromMedia () # Output startup message # echo -n " getsshhostkeysfrommedia" + ( + while ! [ -c /dev/tty8 ] ; do + echo -n "\n\$(date +'%F | %T | ')'\$0' is waiting for tty8 to become available." + sleep 2 + done - # nudge automounter, in case device was already plugged in at power-up - udevadm trigger --action=add + # nudge automounter, in case device was already plugged in at power-up + if udevadm trigger --action=add ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Successfully nudged udev-automounter." | tee -a /dev/tty8 + else + echo -n "\n\$(date +'%F | %T | ')'\$0' Error while nudging udev-automounter." | tee -a /dev/tty8 + fi - # list devices (and mountpoints, if present) - X2GOTCELIVELABELS=$(lsblk -oLABEL,NAME,MOUNTPOINT -l | awk '$3~/^[^\/]/ && $3="" ; $1=="X2GO-TCE-LIVE" { print $2 " " $3}') + # list devices (and mountpoints, if present) + X2GOTCELIVELABELS=$(lsblk -oLABEL,NAME,MOUNTPOINT -l | awk '$3~/^[^\/]/ && $3="" ; $1=="X2GO-TCE-LIVE" { print $2 " " $3}') - # block device list, non-removable first (for security - we don't want USB media to be able to override keys on fixed disks) - BLOCKDEVS=$(grep -H '' /sys/block/*/removable | awk -F':' '{ print $2 ":" $1}' | sort | awk -F'/' '{print $4}') + # block device list, non-removable first (for security - we don't want USB media to be able to override keys on fixed disks) + BLOCKDEVS=$(grep -H '' /sys/block/*/removable | awk -F':' '{ print $2 ":" $1}' | sort | awk -F'/' '{print $4}') - check_for_config (){ - if [ -d $1/config/sshdkeys ] ; then - # any keyfile in the config dir will be copied over to live system - for KEYFILE in $1/config/sshdkeys/ssh_host*key* ; do - [ -e "$KEYFILE" ] && cp $KEYFILE /etc/ssh/ && KEYFLAG=1 - if echo $(basename $KEYFILE) | grep -q '\.pub$' ; then - chmod 644 /etc/ssh/$(basename $KEYFILE) + check_for_config (){ + if [ -d $1/config/sshdkeys ] ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Keyfile directory found at '$1/config/sshdkeys'." | tee -a /dev/tty8 + # any keyfile in the config dir will be copied over to live system + for KEYFILE in $1/config/sshdkeys/ssh_host*key* ; do + [ -e "$KEYFILE" ] && cp $KEYFILE /etc/ssh/ && KEYFLAG=1 + if echo $(basename $KEYFILE) | grep -q '\.pub$' ; then + chmod 644 /etc/ssh/$(basename $KEYFILE) + else + chmod 600 /etc/ssh/$(basename $KEYFILE) + fi + done + # no keys present (as detected by flag not being set), but directory is there? Store keys. + if [ -z "$KEYFLAG" ] ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' No keyfiles were found in the keyfile directory '$1/config/sshdkeys'." | tee -a /dev/tty8 + ssh-keygen -A # make sure we have keyfiles for every key the server expects + echo -n "\n\$(date +'%F | %T | ')'\$0' Attempting to copy current keyfiles to keyfile directory '$1/config/sshdkeys'." | tee -a /dev/tty8 + if awk '$2=="'$1'" {print $4 }' /proc/mounts | tr ',' '\n' | grep -q '^ro$' ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Attempting to remount '$1' with flags rw and sync." | tee -a /dev/tty8 + if mount -oremount,rw,sync $1 ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Successfully remounted '$1'." | tee -a /dev/tty8 + REMOUNT="rws" + else + echo -n "\n\$(date +'%F | %T | ')'\$0' Error remounting '$1'." | tee -a /dev/tty8 + fi + fi + if ([ -z "$REMOUNT" ] || [ "$REMOUNT" = "rws" ]) && cp /etc/ssh/ssh_host*key* $1/config/sshdkeys/ ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Copying keyfiles succeeded." | tee -a /dev/tty8 + else + echo -n "\n\$(date +'%F | %T | ')'\$0' Error copying keyfiles." | tee -a /dev/tty8 + fi + if [ -n "$REMOUNT" ] && mount -oremount,ro $1 ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Remounted '$1' read-only." | tee -a /dev/tty8 + else + echo -n "\n\$(date +'%F | %T | ')'\$0' Error remounting '$1' read-only." | tee -a /dev/tty8 + fi + else - chmod 600 /etc/ssh/$(basename $KEYFILE) + # reload sshd config + echo -n "\n\$(date +'%F | %T | ')'\$0' Reloading sshd config to activate new keyfiles." | tee -a /dev/tty8 + if service ssh reload ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' New keyfiles activated." | tee -a /dev/tty8 + else + echo -n "\n\$(date +'%F | %T | ')'\$0' Error activating new keyfiles." | tee -a /dev/tty8 + fi fi - done - # no keys present (as detected by flag not being set), but directory is there? Store keys. - if [ -z "$KEYFLAG" ] ; then - ssh-keygen -A # make sure we have keyfiles for every key the server expects - mount -oremount,rw $1 && cp /etc/ssh/ssh_host*key* $1/config/sshdkeys/ + return 0 else - # reload sshd config - service ssh reload + return 1 fi - return 0 - else - return 1 - fi - } + } - for BLOCKDEV in $BLOCKDEVS; do - NEXTDEVICE=$(echo "$X2GOTCELIVELABELS" | grep "$BLOCKDEV") - if [ -n "$NEXTDEVICE" ] ; then - MNTPT=$(echo $NEXTDEVICE | awk '{print $2}') - NEXTDEVICE=$(echo $NEXTDEVICE | awk '{print $1}') + for BLOCKDEV in $BLOCKDEVS; do + NEXTDEVICE=$(echo "$X2GOTCELIVELABELS" | grep "$BLOCKDEV") + if [ -n "$NEXTDEVICE" ] ; then + MNTPT=$(echo $NEXTDEVICE | awk '{print $2}') + NEXTDEVICE=$(echo $NEXTDEVICE | awk '{print $1}') - if [ -n "$MNTPT" ] ; then - # echo "$NEXTDEVICE is mounted at: $MNTPT" - check_for_config $MNTPT && exit 0 - else - # echo "$NEXTDEVICE is not mounted" - if grep -q "^0$" /sys/block/*/removable ; then - # echo "Is fixed disk, mounting" - mkdir -p /media/fixeddisks/$NEXTDEVICE - mount /dev/$NEXTDEVICE /media/fixeddisks/$NEXTDEVICE - check_for_config /media/fixeddisks/$NEXTDEVICE && exit 0 + if [ -n "$MNTPT" ] ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Device '$NEXTDEVICE' is mounted at: '$MNTPT'" | tee -a /dev/tty8 + check_for_config $MNTPT && exit 0 else - # echo "Is removable disk, not mounted by automounter -> don't touch" - : + echo -n "\n\$(date +'%F | %T | ')'\$0' Device '$NEXTDEVICE' is not mounted." | tee -a /dev/tty8 + if grep -q "^0$" /sys/block/*/removable ; then + echo -n "\n\$(date +'%F | %T | ')'\$0' Device '$NEXTDEVICE' is a fixed disk, mounting ..." | tee -a /dev/tty8 + mkdir -p /media/fixeddisks/$NEXTDEVICE + mount -o ro /dev/$NEXTDEVICE /media/fixeddisks/$NEXTDEVICE + check_for_config /media/fixeddisks/$NEXTDEVICE && exit 0 + else + echo -n "\n\$(date +'%F | %T | ')'\$0' Device '$NEXTDEVICE' is a removable disk, not mounted by automounter, skipping." | tee -a /dev/tty8 + : + fi fi fi - fi - done + done + ) & } GetSSHHostKeysFromMedia -- Alioth's /srv/git/code.x2go.org/live-build-x2go.git//..//_hooks_/post-receive-email on /srv/git/code.x2go.org/live-build-x2go.git