diff options
-rw-r--r-- | debian/README | 22 | ||||
-rw-r--r-- | debian/changelog | 5 | ||||
-rw-r--r-- | debian/compat | 1 | ||||
-rw-r--r-- | debian/control | 17 | ||||
-rw-r--r-- | debian/copyright | 26 | ||||
-rw-r--r-- | debian/openssh-known-hosts.cron.d | 4 | ||||
-rw-r--r-- | debian/openssh-known-hosts.dirs | 4 | ||||
-rw-r--r-- | debian/openssh-known-hosts.docs | 2 | ||||
-rw-r--r-- | debian/openssh-known-hosts.install | 2 | ||||
-rw-r--r-- | debian/openssh-known-hosts.postinst | 50 | ||||
-rw-r--r-- | debian/openssh-known-hosts.prerm | 45 | ||||
-rwxr-xr-x | debian/rules | 98 | ||||
-rwxr-xr-x | plugins/curl | 13 | ||||
-rwxr-xr-x | plugins/psql | 25 | ||||
-rwxr-xr-x | plugins/rsync | 14 | ||||
-rwxr-xr-x | plugins/symlink | 14 | ||||
-rwxr-xr-x | update-known-hosts | 74 |
17 files changed, 416 insertions, 0 deletions
diff --git a/debian/README b/debian/README new file mode 100644 index 0000000..8a521a8 --- /dev/null +++ b/debian/README @@ -0,0 +1,22 @@ +Writing a source definition: +============================ + +Place a file in /etc/openssh-known-hosts/sources/. Its name must follow +run-parts' conventions. + +Basic variables: + * PLUGIN: name of the plugin to use + * EXIT_IGNORE: space-seperated list of exitcodes which should be ignored, no + update is performed for this source then (optional) + + +Writing a plugin: +================= + +Place an executeable in /usr/local/share/openssh-known-hosts/plugins. Your +plugin gets the variables set in the source definition in its environment. The +working directory will be set to the source's cache directory. All your plugin +has to do is to create a file named "new". "current" must not be touched but +can be used as a hint to skip downloading the same file again. stdout and +stderr will be connected to "log", which will be output on error. + diff --git a/debian/changelog b/debian/changelog new file mode 100644 index 0000000..bfc242e --- /dev/null +++ b/debian/changelog @@ -0,0 +1,5 @@ +openssh-known-hosts (0.1) fsmi-lenny; urgency=low + + * Initial Release. + + -- Timo Weingärtner <timo@tiwe.de> Wed, 24 Jun 2009 19:19:10 +0200 diff --git a/debian/compat b/debian/compat new file mode 100644 index 0000000..7f8f011 --- /dev/null +++ b/debian/compat @@ -0,0 +1 @@ +7 diff --git a/debian/control b/debian/control new file mode 100644 index 0000000..6f86622 --- /dev/null +++ b/debian/control @@ -0,0 +1,17 @@ +Source: openssh-known-hosts +Section: net +Priority: extra +Maintainer: Timo Weingärtner <timo@tiwe.de> +Build-Depends: debhelper (>= 7) +Standards-Version: 3.8.1 +#Homepage: <insert the upstream URL, if relevant> + +Package: openssh-known-hosts +Architecture: all +Depends: dash, lockfile-progs, ${shlibs:Depends}, ${misc:Depends} +Recommends: openssh-client +Suggests: postgresql-client, rsync, curl +Description: known_hosts downloader for OpenSSH + This package allows you to download public hostkeys from various sources and + merge them together into one file for use by OpenSSH. Plugins for some types + of sources are included, new plugins can easily be written. diff --git a/debian/copyright b/debian/copyright new file mode 100644 index 0000000..a60558a --- /dev/null +++ b/debian/copyright @@ -0,0 +1,26 @@ +Copyright: + + <Copyright (C) 2009 Timo Weingärtner> + +License: + + This package is free software; you can redistribute it and/or modify + it under the terms of the GNU General Public License as published by + the Free Software Foundation; either version 2 of the License, or + (at your option) any later version. + + This package is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU General Public License for more details. + + You should have received a copy of the GNU General Public License + along with this package; if not, write to the Free Software + Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA + +On Debian systems, the complete text of the GNU General +Public License can be found in `/usr/share/common-licenses/GPL'. + +The Debian packaging is (C) 2009, Timo Weingärtner <timo@tiwe.de> and +is licensed under the GPL, see above. + diff --git a/debian/openssh-known-hosts.cron.d b/debian/openssh-known-hosts.cron.d new file mode 100644 index 0000000..d1fef7b --- /dev/null +++ b/debian/openssh-known-hosts.cron.d @@ -0,0 +1,4 @@ +# +# Regular cron jobs for the openssh-known-hosts package +# +0 * * * * root [ -x /usr/share/openssh-known-hosts/update-known-hosts ] && /usr/share/openssh-known-hosts/update-known-hosts diff --git a/debian/openssh-known-hosts.dirs b/debian/openssh-known-hosts.dirs new file mode 100644 index 0000000..d89f29b --- /dev/null +++ b/debian/openssh-known-hosts.dirs @@ -0,0 +1,4 @@ +var/lib/openssh-known-hosts +var/cache/openssh-known-hosts +etc/openssh-known-hosts/sources +etc/ssh diff --git a/debian/openssh-known-hosts.docs b/debian/openssh-known-hosts.docs new file mode 100644 index 0000000..2c0d173 --- /dev/null +++ b/debian/openssh-known-hosts.docs @@ -0,0 +1,2 @@ +debian/README + diff --git a/debian/openssh-known-hosts.install b/debian/openssh-known-hosts.install new file mode 100644 index 0000000..8e9375a --- /dev/null +++ b/debian/openssh-known-hosts.install @@ -0,0 +1,2 @@ +update-known-hosts usr/share/openssh-known-hosts/ +plugins usr/share/openssh-known-hosts/ diff --git a/debian/openssh-known-hosts.postinst b/debian/openssh-known-hosts.postinst new file mode 100644 index 0000000..5284c01 --- /dev/null +++ b/debian/openssh-known-hosts.postinst @@ -0,0 +1,50 @@ +#!/bin/sh +# postinst script for openssh-known-hosts +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <postinst> `configure' <most-recently-configured-version> +# * <old-postinst> `abort-upgrade' <new version> +# * <conflictor's-postinst> `abort-remove' `in-favour' <package> +# <new-version> +# * <postinst> `abort-remove' +# * <deconfigured's-postinst> `abort-deconfigure' `in-favour' +# <failed-install-package> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + configure) + ;; + + abort-upgrade|abort-remove|abort-deconfigure) + ;; + + *) + echo "postinst called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + + +mkdir -p /usr/local/share/openssh-known-hosts/plugins + +[ -e /etc/ssh/ssh_known_hosts ] || ln -s /var/lib/openssh-known-hosts/ssh_known_hosts /etc/ssh/ssh_known_hosts +if [ "`readlink /etc/ssh/ssh_known_hosts`" != /var/lib/openssh-known-hosts/ssh_known_hosts ]; then + echo "/etc/ssh/ssh_known_hosts already exists, please set up the link to" + echo "/var/lib/openssh-known-hosts/ssh_known_hosts yourself." +fi + +exit 0 + + diff --git a/debian/openssh-known-hosts.prerm b/debian/openssh-known-hosts.prerm new file mode 100644 index 0000000..0a34eba --- /dev/null +++ b/debian/openssh-known-hosts.prerm @@ -0,0 +1,45 @@ +#!/bin/sh +# prerm script for openssh-known-hosts +# +# see: dh_installdeb(1) + +set -e + +# summary of how this script can be called: +# * <prerm> `remove' +# * <old-prerm> `upgrade' <new-version> +# * <new-prerm> `failed-upgrade' <old-version> +# * <conflictor's-prerm> `remove' `in-favour' <package> <new-version> +# * <deconfigured's-prerm> `deconfigure' `in-favour' +# <package-being-installed> <version> `removing' +# <conflicting-package> <version> +# for details, see http://www.debian.org/doc/debian-policy/ or +# the debian-policy package + + +case "$1" in + remove|upgrade|deconfigure) + ;; + + failed-upgrade) + ;; + + *) + echo "prerm called with unknown argument \`$1'" >&2 + exit 1 + ;; +esac + +# dh_installdeb will replace this with shell code automatically +# generated by other debhelper scripts. + +#DEBHELPER# + +if [ -L /etc/ssh/ssh_known_hosts ] && \ + [ "`readlink /etc/ssh/ssh_known_hosts`" = /var/lib/openssh-known-hosts/ssh_known_hosts ]; then + rm /etc/ssh/ssh_known_hosts +fi + +exit 0 + + diff --git a/debian/rules b/debian/rules new file mode 100755 index 0000000..bf240d0 --- /dev/null +++ b/debian/rules @@ -0,0 +1,98 @@ +#!/usr/bin/make -f +# -*- makefile -*- +# Sample debian/rules that uses debhelper. +# +# This file was originally written by Joey Hess and Craig Small. +# As a special exception, when this file is copied by dh-make into a +# dh-make output file, you may use that output file without restriction. +# This special exception was added by Craig Small in version 0.37 of dh-make. +# +# Modified to make a template file for a multi-binary package with separated +# build-arch and build-indep targets by Bill Allombert 2001 + +# Uncomment this to turn on verbose mode. +#export DH_VERBOSE=1 + +# This has to be exported to make some magic below work. +export DH_OPTIONS + + + + + + +configure: configure-stamp +configure-stamp: + dh_testdir + + touch configure-stamp + + +#Architecture +build: build-arch build-indep + +build-arch: build-arch-stamp +build-arch-stamp: configure-stamp + + touch $@ + +build-indep: build-indep-stamp +build-indep-stamp: configure-stamp + + touch $@ + +clean: + dh_testdir + dh_testroot + rm -f build-arch-stamp build-indep-stamp configure-stamp + + dh_clean + +install: install-indep install-arch +install-indep: + dh_testdir + dh_testroot + dh_prep -i + dh_installdirs -i + + dh_install -i + +install-arch: + dh_testdir + dh_testroot + dh_prep -s + dh_installdirs -s + + dh_install -s +# Must not depend on anything. This is to be called by +# binary-arch/binary-indep +# in another 'make' thread. +binary-common: + dh_testdir + dh_testroot + dh_installchangelogs + dh_installdocs + dh_installexamples +# dh_installmime + dh_installcron + dh_installman + dh_link + dh_strip + dh_compress + dh_fixperms + dh_makeshlibs + dh_installdeb + dh_shlibdeps + dh_gencontrol + dh_md5sums + dh_builddeb +# Build architecture independant packages using the common target. +binary-indep: build-indep install-indep + $(MAKE) -f debian/rules DH_OPTIONS=-i binary-common + +# Build architecture dependant packages using the common target. +#binary-arch: build-arch install-arch +# $(MAKE) -f debian/rules DH_OPTIONS=-s binary-common + +binary: binary-indep +.PHONY: build clean binary-indep binary-arch binary install install-indep install-arch configure diff --git a/plugins/curl b/plugins/curl new file mode 100755 index 0000000..8e658cc --- /dev/null +++ b/plugins/curl @@ -0,0 +1,13 @@ +#!/bin/dash + +# curl plugin +# +# ENVIRONMENT VARIABLES: +# URL URL to download known_hosts file from +# + +set -e + +curl -Rz "./current" -m 300 -o new "${URL}" + +# vim:set ft=sh: diff --git a/plugins/psql b/plugins/psql new file mode 100755 index 0000000..d1009ef --- /dev/null +++ b/plugins/psql @@ -0,0 +1,25 @@ +#!/bin/dash + +# psql plugin +# +# uses psql to download a table (or view) of the form: +# CREATE TABLE known_hosts ( +# namelist text, # comma seperated +# type text, +# key text +# ); +# +# ENVIRONMENT VARIABLES: +# TABLE table to download +# used by psql: +# PGCLUSTER see pg_wrapper(1) +# PGDATABASE see psql(1) +# PGUSER .. +# PGPASSFILE .. +# + +set -e + +psql -F ' ' -Atc "SELECT * FROM ${TABLE}" > new + +# vim:set ft=sh: diff --git a/plugins/rsync b/plugins/rsync new file mode 100755 index 0000000..17a1e54 --- /dev/null +++ b/plugins/rsync @@ -0,0 +1,14 @@ +#!/bin/dash + +# rsync plugin +# +# ENVIRONMENT VARIABLES: +# URL URL to download known_hosts file from +# + +set -e + +ln -f current new || true +rsync -vt --timeout=300 "${URL}" new + +# vim:set ft=sh: diff --git a/plugins/symlink b/plugins/symlink new file mode 100755 index 0000000..159e0e7 --- /dev/null +++ b/plugins/symlink @@ -0,0 +1,14 @@ +#!/bin/dash + +# symlink plugin +# +# ENVIRONMENT VARIABLES: +# LINKDEST known_hosts file to link to +# + +set -e + +[ -f "${LINKDEST}" ] && [ -r "${LINKDEST}" ] +ln -sf "${LINKDEST}" new + +# vim:set ft=sh: diff --git a/update-known-hosts b/update-known-hosts new file mode 100755 index 0000000..14f873f --- /dev/null +++ b/update-known-hosts @@ -0,0 +1,74 @@ +#!/bin/dash + +set -euC + +CONFDIR=/etc/openssh-known-hosts +PLUGIN_PATH=/usr/share/openssh-known-hosts/plugins:/usr/local/share/openssh-known-hosts/plugins +CACHEDIR=/var/cache/openssh-known-hosts +LOCK=/var/lock/openssh-known-hosts +OUTFILE=/var/lib/openssh-known-hosts/ssh_known_hosts + +path_search () { + if [ "${1}" != "${1#*/}" ]; then + echo $1 + else + echo "$2" | tr ':' '\n' | while read -r path; do + if [ -f "${path}/${1}" ]; then + echo "${path}/${1}" + break + fi + done + fi +} + +lockfile-create "${LOCK}" +lockfile-touch "${LOCK}" & +LOCKPID="$!" + +cd "${CACHEDIR}" + +find -mindepth 2 -maxdepth 2 -type f -name new -delete + +run-parts --list "${CONFDIR}/sources/" | while read source; do + source=`basename ${source}` + mkdir -p ${source} + ( + set -a + cd ${source} + . "${CONFDIR}/sources/${source}" + `path_search "$PLUGIN" "$PLUGIN_PATH"` >| log 2>&1 || { + exitcode=$? + rm -f new + ignore='' + for e in ${EXIT_IGNORE:-0}; do + if [ "$e" = "$exitcode" ]; then + ignore=1 + break + fi + done + if [ ! "$ignore" ]; then + echo "${source} exited with code ${exitcode}, log follows:" + cat log + echo + fi + } + ) + if [ -e ${source}/new ]; then + mv ${source}/new ${source}/current + fi + if [ -e ${source}/current ]; then + cat ${source}/current >&3 + fi +done 3>| "${OUTFILE}.new" + +mv "${OUTFILE}.new" "${OUTFILE}" + +for d in *; do + [ -d $d ] || continue + [ -e "${CONFDIR}/sources/$d" ] || rm -fr $d +done + +kill "${LOCKPID}" +lockfile-remove "${LOCK}" + +# vim:set ft=sh: |