summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
-rw-r--r--debian/README22
-rw-r--r--debian/changelog5
-rw-r--r--debian/compat1
-rw-r--r--debian/control17
-rw-r--r--debian/copyright26
-rw-r--r--debian/openssh-known-hosts.cron.d4
-rw-r--r--debian/openssh-known-hosts.dirs4
-rw-r--r--debian/openssh-known-hosts.docs2
-rw-r--r--debian/openssh-known-hosts.install2
-rw-r--r--debian/openssh-known-hosts.postinst50
-rw-r--r--debian/openssh-known-hosts.prerm45
-rwxr-xr-xdebian/rules98
-rwxr-xr-xplugins/curl13
-rwxr-xr-xplugins/psql25
-rwxr-xr-xplugins/rsync14
-rwxr-xr-xplugins/symlink14
-rwxr-xr-xupdate-known-hosts74
17 files changed, 416 insertions, 0 deletions
diff --git a/debian/README b/debian/README
new file mode 100644
index 0000000..8a521a8
--- /dev/null
+++ b/debian/README
@@ -0,0 +1,22 @@
+Writing a source definition:
+============================
+
+Place a file in /etc/openssh-known-hosts/sources/. Its name must follow
+run-parts' conventions.
+
+Basic variables:
+ * PLUGIN: name of the plugin to use
+ * EXIT_IGNORE: space-seperated list of exitcodes which should be ignored, no
+ update is performed for this source then (optional)
+
+
+Writing a plugin:
+=================
+
+Place an executeable in /usr/local/share/openssh-known-hosts/plugins. Your
+plugin gets the variables set in the source definition in its environment. The
+working directory will be set to the source's cache directory. All your plugin
+has to do is to create a file named "new". "current" must not be touched but
+can be used as a hint to skip downloading the same file again. stdout and
+stderr will be connected to "log", which will be output on error.
+
diff --git a/debian/changelog b/debian/changelog
new file mode 100644
index 0000000..bfc242e
--- /dev/null
+++ b/debian/changelog
@@ -0,0 +1,5 @@
+openssh-known-hosts (0.1) fsmi-lenny; urgency=low
+
+ * Initial Release.
+
+ -- Timo Weingärtner <timo@tiwe.de> Wed, 24 Jun 2009 19:19:10 +0200
diff --git a/debian/compat b/debian/compat
new file mode 100644
index 0000000..7f8f011
--- /dev/null
+++ b/debian/compat
@@ -0,0 +1 @@
+7
diff --git a/debian/control b/debian/control
new file mode 100644
index 0000000..6f86622
--- /dev/null
+++ b/debian/control
@@ -0,0 +1,17 @@
+Source: openssh-known-hosts
+Section: net
+Priority: extra
+Maintainer: Timo Weingärtner <timo@tiwe.de>
+Build-Depends: debhelper (>= 7)
+Standards-Version: 3.8.1
+#Homepage: <insert the upstream URL, if relevant>
+
+Package: openssh-known-hosts
+Architecture: all
+Depends: dash, lockfile-progs, ${shlibs:Depends}, ${misc:Depends}
+Recommends: openssh-client
+Suggests: postgresql-client, rsync, curl
+Description: known_hosts downloader for OpenSSH
+ This package allows you to download public hostkeys from various sources and
+ merge them together into one file for use by OpenSSH. Plugins for some types
+ of sources are included, new plugins can easily be written.
diff --git a/debian/copyright b/debian/copyright
new file mode 100644
index 0000000..a60558a
--- /dev/null
+++ b/debian/copyright
@@ -0,0 +1,26 @@
+Copyright:
+
+ <Copyright (C) 2009 Timo Weingärtner>
+
+License:
+
+ This package is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This package is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this package; if not, write to the Free Software
+ Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+
+On Debian systems, the complete text of the GNU General
+Public License can be found in `/usr/share/common-licenses/GPL'.
+
+The Debian packaging is (C) 2009, Timo Weingärtner <timo@tiwe.de> and
+is licensed under the GPL, see above.
+
diff --git a/debian/openssh-known-hosts.cron.d b/debian/openssh-known-hosts.cron.d
new file mode 100644
index 0000000..d1fef7b
--- /dev/null
+++ b/debian/openssh-known-hosts.cron.d
@@ -0,0 +1,4 @@
+#
+# Regular cron jobs for the openssh-known-hosts package
+#
+0 * * * * root [ -x /usr/share/openssh-known-hosts/update-known-hosts ] && /usr/share/openssh-known-hosts/update-known-hosts
diff --git a/debian/openssh-known-hosts.dirs b/debian/openssh-known-hosts.dirs
new file mode 100644
index 0000000..d89f29b
--- /dev/null
+++ b/debian/openssh-known-hosts.dirs
@@ -0,0 +1,4 @@
+var/lib/openssh-known-hosts
+var/cache/openssh-known-hosts
+etc/openssh-known-hosts/sources
+etc/ssh
diff --git a/debian/openssh-known-hosts.docs b/debian/openssh-known-hosts.docs
new file mode 100644
index 0000000..2c0d173
--- /dev/null
+++ b/debian/openssh-known-hosts.docs
@@ -0,0 +1,2 @@
+debian/README
+
diff --git a/debian/openssh-known-hosts.install b/debian/openssh-known-hosts.install
new file mode 100644
index 0000000..8e9375a
--- /dev/null
+++ b/debian/openssh-known-hosts.install
@@ -0,0 +1,2 @@
+update-known-hosts usr/share/openssh-known-hosts/
+plugins usr/share/openssh-known-hosts/
diff --git a/debian/openssh-known-hosts.postinst b/debian/openssh-known-hosts.postinst
new file mode 100644
index 0000000..5284c01
--- /dev/null
+++ b/debian/openssh-known-hosts.postinst
@@ -0,0 +1,50 @@
+#!/bin/sh
+# postinst script for openssh-known-hosts
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <postinst> `configure' <most-recently-configured-version>
+# * <old-postinst> `abort-upgrade' <new version>
+# * <conflictor's-postinst> `abort-remove' `in-favour' <package>
+# <new-version>
+# * <postinst> `abort-remove'
+# * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
+# <failed-install-package> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ configure)
+ ;;
+
+ abort-upgrade|abort-remove|abort-deconfigure)
+ ;;
+
+ *)
+ echo "postinst called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+
+mkdir -p /usr/local/share/openssh-known-hosts/plugins
+
+[ -e /etc/ssh/ssh_known_hosts ] || ln -s /var/lib/openssh-known-hosts/ssh_known_hosts /etc/ssh/ssh_known_hosts
+if [ "`readlink /etc/ssh/ssh_known_hosts`" != /var/lib/openssh-known-hosts/ssh_known_hosts ]; then
+ echo "/etc/ssh/ssh_known_hosts already exists, please set up the link to"
+ echo "/var/lib/openssh-known-hosts/ssh_known_hosts yourself."
+fi
+
+exit 0
+
+
diff --git a/debian/openssh-known-hosts.prerm b/debian/openssh-known-hosts.prerm
new file mode 100644
index 0000000..0a34eba
--- /dev/null
+++ b/debian/openssh-known-hosts.prerm
@@ -0,0 +1,45 @@
+#!/bin/sh
+# prerm script for openssh-known-hosts
+#
+# see: dh_installdeb(1)
+
+set -e
+
+# summary of how this script can be called:
+# * <prerm> `remove'
+# * <old-prerm> `upgrade' <new-version>
+# * <new-prerm> `failed-upgrade' <old-version>
+# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version>
+# * <deconfigured's-prerm> `deconfigure' `in-favour'
+# <package-being-installed> <version> `removing'
+# <conflicting-package> <version>
+# for details, see http://www.debian.org/doc/debian-policy/ or
+# the debian-policy package
+
+
+case "$1" in
+ remove|upgrade|deconfigure)
+ ;;
+
+ failed-upgrade)
+ ;;
+
+ *)
+ echo "prerm called with unknown argument \`$1'" >&2
+ exit 1
+ ;;
+esac
+
+# dh_installdeb will replace this with shell code automatically
+# generated by other debhelper scripts.
+
+#DEBHELPER#
+
+if [ -L /etc/ssh/ssh_known_hosts ] && \
+ [ "`readlink /etc/ssh/ssh_known_hosts`" = /var/lib/openssh-known-hosts/ssh_known_hosts ]; then
+ rm /etc/ssh/ssh_known_hosts
+fi
+
+exit 0
+
+
diff --git a/debian/rules b/debian/rules
new file mode 100755
index 0000000..bf240d0
--- /dev/null
+++ b/debian/rules
@@ -0,0 +1,98 @@
+#!/usr/bin/make -f
+# -*- makefile -*-
+# Sample debian/rules that uses debhelper.
+#
+# This file was originally written by Joey Hess and Craig Small.
+# As a special exception, when this file is copied by dh-make into a
+# dh-make output file, you may use that output file without restriction.
+# This special exception was added by Craig Small in version 0.37 of dh-make.
+#
+# Modified to make a template file for a multi-binary package with separated
+# build-arch and build-indep targets by Bill Allombert 2001
+
+# Uncomment this to turn on verbose mode.
+#export DH_VERBOSE=1
+
+# This has to be exported to make some magic below work.
+export DH_OPTIONS
+
+
+
+
+
+
+configure: configure-stamp
+configure-stamp:
+ dh_testdir
+
+ touch configure-stamp
+
+
+#Architecture
+build: build-arch build-indep
+
+build-arch: build-arch-stamp
+build-arch-stamp: configure-stamp
+
+ touch $@
+
+build-indep: build-indep-stamp
+build-indep-stamp: configure-stamp
+
+ touch $@
+
+clean:
+ dh_testdir
+ dh_testroot
+ rm -f build-arch-stamp build-indep-stamp configure-stamp
+
+ dh_clean
+
+install: install-indep install-arch
+install-indep:
+ dh_testdir
+ dh_testroot
+ dh_prep -i
+ dh_installdirs -i
+
+ dh_install -i
+
+install-arch:
+ dh_testdir
+ dh_testroot
+ dh_prep -s
+ dh_installdirs -s
+
+ dh_install -s
+# Must not depend on anything. This is to be called by
+# binary-arch/binary-indep
+# in another 'make' thread.
+binary-common:
+ dh_testdir
+ dh_testroot
+ dh_installchangelogs
+ dh_installdocs
+ dh_installexamples
+# dh_installmime
+ dh_installcron
+ dh_installman
+ dh_link
+ dh_strip
+ dh_compress
+ dh_fixperms
+ dh_makeshlibs
+ dh_installdeb
+ dh_shlibdeps
+ dh_gencontrol
+ dh_md5sums
+ dh_builddeb
+# Build architecture independant packages using the common target.
+binary-indep: build-indep install-indep
+ $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common
+
+# Build architecture dependant packages using the common target.
+#binary-arch: build-arch install-arch
+# $(MAKE) -f debian/rules DH_OPTIONS=-s binary-common
+
+binary: binary-indep
+.PHONY: build clean binary-indep binary-arch binary install install-indep install-arch configure
diff --git a/plugins/curl b/plugins/curl
new file mode 100755
index 0000000..8e658cc
--- /dev/null
+++ b/plugins/curl
@@ -0,0 +1,13 @@
+#!/bin/dash
+
+# curl plugin
+#
+# ENVIRONMENT VARIABLES:
+# URL URL to download known_hosts file from
+#
+
+set -e
+
+curl -Rz "./current" -m 300 -o new "${URL}"
+
+# vim:set ft=sh:
diff --git a/plugins/psql b/plugins/psql
new file mode 100755
index 0000000..d1009ef
--- /dev/null
+++ b/plugins/psql
@@ -0,0 +1,25 @@
+#!/bin/dash
+
+# psql plugin
+#
+# uses psql to download a table (or view) of the form:
+# CREATE TABLE known_hosts (
+# namelist text, # comma seperated
+# type text,
+# key text
+# );
+#
+# ENVIRONMENT VARIABLES:
+# TABLE table to download
+# used by psql:
+# PGCLUSTER see pg_wrapper(1)
+# PGDATABASE see psql(1)
+# PGUSER ..
+# PGPASSFILE ..
+#
+
+set -e
+
+psql -F ' ' -Atc "SELECT * FROM ${TABLE}" > new
+
+# vim:set ft=sh:
diff --git a/plugins/rsync b/plugins/rsync
new file mode 100755
index 0000000..17a1e54
--- /dev/null
+++ b/plugins/rsync
@@ -0,0 +1,14 @@
+#!/bin/dash
+
+# rsync plugin
+#
+# ENVIRONMENT VARIABLES:
+# URL URL to download known_hosts file from
+#
+
+set -e
+
+ln -f current new || true
+rsync -vt --timeout=300 "${URL}" new
+
+# vim:set ft=sh:
diff --git a/plugins/symlink b/plugins/symlink
new file mode 100755
index 0000000..159e0e7
--- /dev/null
+++ b/plugins/symlink
@@ -0,0 +1,14 @@
+#!/bin/dash
+
+# symlink plugin
+#
+# ENVIRONMENT VARIABLES:
+# LINKDEST known_hosts file to link to
+#
+
+set -e
+
+[ -f "${LINKDEST}" ] && [ -r "${LINKDEST}" ]
+ln -sf "${LINKDEST}" new
+
+# vim:set ft=sh:
diff --git a/update-known-hosts b/update-known-hosts
new file mode 100755
index 0000000..14f873f
--- /dev/null
+++ b/update-known-hosts
@@ -0,0 +1,74 @@
+#!/bin/dash
+
+set -euC
+
+CONFDIR=/etc/openssh-known-hosts
+PLUGIN_PATH=/usr/share/openssh-known-hosts/plugins:/usr/local/share/openssh-known-hosts/plugins
+CACHEDIR=/var/cache/openssh-known-hosts
+LOCK=/var/lock/openssh-known-hosts
+OUTFILE=/var/lib/openssh-known-hosts/ssh_known_hosts
+
+path_search () {
+ if [ "${1}" != "${1#*/}" ]; then
+ echo $1
+ else
+ echo "$2" | tr ':' '\n' | while read -r path; do
+ if [ -f "${path}/${1}" ]; then
+ echo "${path}/${1}"
+ break
+ fi
+ done
+ fi
+}
+
+lockfile-create "${LOCK}"
+lockfile-touch "${LOCK}" &
+LOCKPID="$!"
+
+cd "${CACHEDIR}"
+
+find -mindepth 2 -maxdepth 2 -type f -name new -delete
+
+run-parts --list "${CONFDIR}/sources/" | while read source; do
+ source=`basename ${source}`
+ mkdir -p ${source}
+ (
+ set -a
+ cd ${source}
+ . "${CONFDIR}/sources/${source}"
+ `path_search "$PLUGIN" "$PLUGIN_PATH"` >| log 2>&1 || {
+ exitcode=$?
+ rm -f new
+ ignore=''
+ for e in ${EXIT_IGNORE:-0}; do
+ if [ "$e" = "$exitcode" ]; then
+ ignore=1
+ break
+ fi
+ done
+ if [ ! "$ignore" ]; then
+ echo "${source} exited with code ${exitcode}, log follows:"
+ cat log
+ echo
+ fi
+ }
+ )
+ if [ -e ${source}/new ]; then
+ mv ${source}/new ${source}/current
+ fi
+ if [ -e ${source}/current ]; then
+ cat ${source}/current >&3
+ fi
+done 3>| "${OUTFILE}.new"
+
+mv "${OUTFILE}.new" "${OUTFILE}"
+
+for d in *; do
+ [ -d $d ] || continue
+ [ -e "${CONFDIR}/sources/$d" ] || rm -fr $d
+done
+
+kill "${LOCKPID}"
+lockfile-remove "${LOCK}"
+
+# vim:set ft=sh: