Remove useless cleanup, move sshd to disabled section
[ihttpd] / SOURCES / ihttpd.module-setup
1 #!/bin/bash
2
3 # called by dracut
4 check() {
5 local fs
6
7 # Fix tmpfiledir
8 #XXX: fix installation of /usr/lib/tmpfileS.d/{dracut-tmpfiles,systemd}.conf
9 #XXX: should be removed when bug 18642 (mageia) or 1343230 (fedora) will be fixed in /usr/bin/dracut +1262-1282
10 [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /usr/lib/tmpfiles.d ] && tmpfilesdir=/usr/lib/tmpfiles.d
11 [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /etc/tmpfiles.d ] && tmpfilesdir=/etc/tmpfiles.d
12 [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /lib/tmpfiles.d ] && tmpfilesdir=/lib/tmpfiles.d
13
14 # if cryptsetup is not installed, then we cannot support encrypted devices.
15 require_binaries cryptsetup || return 1
16
17 # if hostonly or mount_needs include if required by other module
18 # if one of fs types is crypto_LUKS include it
19 [[ $hostonly ]] || [[ $mount_needs ]] && {
20 for fs in "${host_fs_types[@]}"; do
21 [[ $fs = "crypto_LUKS" ]] && return 0
22 done
23 return 255
24 }
25
26 return 0
27 }
28
29 # called by dracut
30 depends() {
31 # depend on crypt for /etc/crypttab
32 # depend on systemd-networkd for rd.neednet=1
33 # depend on dracut-systemd for appending to $tmpfilesdir/dracut-tmpfiles.conf
34 echo crypt systemd-networkd dracut-systemd
35 return 0
36 }
37
38 # called by dracut
39 cmdline() {
40 local fs
41 for fs in "${host_fs_types[@]}"; do
42 if [[ "$fs" == "crypto_LUKS" ]]; then
43 #XXX we used to include ip=dhcp as well (replaced by systemd-networkd configuration)
44 printf "%s" " rd.neednet=1"
45 break
46 fi
47 done
48 }
49
50 # called by dracut
51 install() {
52 local _ihttpdconf=$(cmdline)
53 local fs
54 #XXX: rd.neednet=1 is mandatory to have active network in initrd
55 [[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"
56
57 # Install cert dirs
58 inst_dir \
59 /etc/pki/tls/certs \
60 /etc/pki/tls/private \
61 /etc/systemd/network \
62 $systemdsystemunitdir/ihttpd.service.wants \
63 /var/www/html
64
65 # Install all files
66 inst_multiple \
67 /etc/hosts \
68 /etc/localtime \
69 /etc/mime.types \
70 /etc/nsswitch.conf \
71 /etc/pki/tls/certs/ihttpd.pem \
72 /etc/pki/tls/private/ihttpd.pem \
73 /etc/systemd/resolved.conf \
74 $systemdsystemunitdir/systemd-networkd.service \
75 $systemdsystemunitdir/systemd-resolved.service \
76 $systemdsystemunitdir/systemd-tmpfiles-setup.service \
77 $systemdutildir/systemd-resolved \
78 $tmpfilesdir/ihttpd.conf \
79 '/usr/bin/false' \
80 '/usr/bin/reboot' \
81 /usr/sbin/ihttpd
82
83 # Install favicon
84 inst_simple -o /var/www/html/favicon.ico
85
86 # Include all ihttpd deps
87 inst_libdir_file \
88 "ld-linux-*.so.*" \
89 "libapr-1.so.*" \
90 "libaprutil-1.so.*" \
91 "libcrypto.so.*" \
92 "libcrypt.so.*" \
93 "libc.so.*" \
94 "libdb-*.so" \
95 "libdl.so.*" \
96 "libexpat.so.*" \
97 "libnsl.so.*" \
98 "libpcre.so.*" \
99 "libpthread.so.*" \
100 "libresolv.so.*" \
101 "librt.so.*" \
102 "libuuid.so.*" \
103 "libz.so.*" \
104 "libnss_files.so.*" \
105 "libnss_dns.so.*" \
106 "libnss_myhostname.so.*" \
107 {"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*"
108
109 # Install ihttpd.conf index.bin reboot.bin ihttpd.service
110 for nc in /etc/ihttpd.conf /var/www/html/index.bin /var/www/html/reboot.bin $systemdsystemunitdir/ihttpd.service; do
111 inst_simple /usr/lib/ihttpd/${nc##*/} $nc
112 done
113
114 # Force load of ihttpd.service
115 ln -fs ../ihttpd.service $initdir$systemdsystemunitdir/sysinit.target.wants/
116
117 # Copy systemd-networkd config
118 for nc in `ls /etc/systemd/network/`; do
119 inst_simple /etc/systemd/network/$nc
120 done
121
122 # Install resolv.conf as symlink
123 ln -fs '/run/systemd/resolve/resolv.conf' $initdir/etc/resolv.conf
124
125 # Install in ihttpd.service.wants
126 ln -fs \
127 ../systemd-resolved.service \
128 ../systemd-networkd.service \
129 ../systemd-tmpfiles-setup.service \
130 $initdir$systemdsystemunitdir/ihttpd.service.wants/
131
132 # Cleanup resolved.conf
133 perl -pne 'undef $_ if /^(?:#.*|Domains=|FallbackDNS=|DNS=(?:127.0.0.1|::1)$|$)/;/^DNS=/ && $_ =~ s/(?:127.0.0.1|::1)[ \t]*//g' \
134 -i "$initdir/etc/systemd/resolved.conf"
135
136 # Cleanup nsswitch.conf
137 perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
138 -i "$initdir/etc/nsswitch.conf"
139
140 # Require systemd-resolve user and group for our ihttpd process
141 `egrep -q '^systemd-resolve:' $initdir/etc/group` || egrep '^systemd-resolve:' /etc/group >> "$initdir/etc/group"
142 `egrep -q '^systemd-resolve:' $initdir/etc/passwd` || egrep '^systemd-resolve:' /etc/passwd >> "$initdir/etc/passwd"
143 #XXX: bug: fix /usr/lib/tmpfiles.d/{systemd,dracut-tmpfiles}.conf missing user and group
144 `egrep -q '^utmp:' $initdir/etc/group` || egrep '^utmp:' /etc/group >> "$initdir/etc/group"
145 # Require root user and group for our ihttpd process
146 `egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group"
147 `egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd"
148
149 # For debug only
150 if false; then
151 # Install ihttpd log
152 ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/
153
154 # Install sshd dirs
155 inst_dir \
156 /etc/pam.d \
157 /etc/profile.d \
158 /etc/security \
159 /etc/ssh \
160 /etc/sysconfig \
161 $systemdsystemunitdir/basic.target.wants \
162 $systemdsystemunitdir/emergency.target.wants \
163 $systemdsystemunitdir/rescue.target.wants \
164 $systemdsystemunitdir/sysinit.target.wants \
165 /usr/lib64/security \
166 /usr/share/terminfo/x \
167 /var/empty
168
169 # Install sshd files
170 inst_multiple \
171 /etc/bashrc \
172 /etc/environment \
173 /etc/gshadow \
174 /etc/pam.d/sshd \
175 /etc/pam.d/system-auth \
176 /etc/profile.d/*.sh \
177 /etc/security/limits.conf \
178 /etc/security/pam_env.conf \
179 /etc/shadow \
180 /etc/ssh/denyusers \
181 /etc/ssh/moduli \
182 /etc/ssh/ssh_config \
183 /etc/ssh/sshd_config \
184 /etc/ssh/ssh_host_* \
185 /root/.bash_profile \
186 /root/.bashrc \
187 /usr/bin/cat \
188 /usr/bin/id \
189 '/usr/bin/kill' \
190 /usr/bin/ps \
191 /usr/lib64/security/pam_cracklib.so \
192 /usr/lib64/security/pam_deny.so \
193 /usr/lib64/security/pam_env.so \
194 /usr/lib64/security/pam_keyinit.so \
195 /usr/lib64/security/pam_limits.so \
196 /usr/lib64/security/pam_listfile.so \
197 /usr/lib64/security/pam_nologin.so \
198 /usr/lib64/security/pam_succeed_if.so \
199 /usr/lib64/security/pam_systemd.so \
200 /usr/lib64/security/pam_tcb.so \
201 /usr/sbin/sshd \
202 /usr/share/terminfo/x/*
203
204 # Disable pam
205 #perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
206 perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
207
208 # Install debug sshd service
209 inst_simple /usr/lib/ihttpd/debug-sshd.service $initdir$systemdsystemunitdir/debug-sshd.service
210
211 # Install in sysinit.target.wants
212 ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/
213
214 # Install sshd user and group
215 `grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
216 `grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
217 fi
218 }