]> Raphaƫl G. Git Repositories - ihttpd/blob - SOURCES/ihttpd.module-setup
Add debug-sshd
[ihttpd] / SOURCES / ihttpd.module-setup
1 #!/bin/bash
2
3 # called by dracut
4 check() {
5 local fs
6
7 # Fix tmpfiledir
8 #XXX: fix installation of /usr/lib/tmpfileS.d/{dracut-tmpfiles,systemd}.conf
9 #XXX: should be removed when bug 18642 (mageia) or 1343230 (fedora) will be fixed in /usr/bin/dracut +1262-1282
10 [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /usr/lib/tmpfiles.d ] && tmpfilesdir=/usr/lib/tmpfiles.d
11 [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /etc/tmpfiles.d ] && tmpfilesdir=/etc/tmpfiles.d
12 [ -z "$tmpfilesdir" -o ! -d "$tmpfilesdir" -a -d /lib/tmpfiles.d ] && tmpfilesdir=/lib/tmpfiles.d
13
14 # if cryptsetup is not installed, then we cannot support encrypted devices.
15 require_binaries cryptsetup || return 1
16
17 # if hostonly or mount_needs include if required by other module
18 # if one of fs types is crypto_LUKS include it
19 [[ $hostonly ]] || [[ $mount_needs ]] && {
20 for fs in "${host_fs_types[@]}"; do
21 [[ $fs = "crypto_LUKS" ]] && return 0
22 done
23 return 255
24 }
25
26 return 0
27 }
28
29 # called by dracut
30 depends() {
31 # depend on crypt for /etc/crypttab
32 # depend on systemd-networkd for ip=dhcp and rd.neednet=1
33 # depend on dracut-systemd for appending to $tmpfilesdir/dracut-tmpfiles.conf
34 echo crypt systemd-networkd dracut-systemd
35 return 0
36 }
37
38 # called by dracut
39 cmdline() {
40 local fs
41 for fs in "${host_fs_types[@]}"; do
42 if [[ "$fs" == "crypto_LUKS" ]]; then
43 printf "%s" " ip=dhcp rd.neednet=1"
44 break
45 fi
46 done
47 }
48
49 # called by dracut
50 install() {
51 local _ihttpdconf=$(cmdline)
52 local fs
53 [[ $_ihttpdconf ]] && printf "%s\n" "$_ihttpdconf" >> "${initdir}/etc/cmdline.d/99ihttpd.conf"
54
55 # Install cert dirs
56 inst_dir /etc/pki/tls/certs
57 inst_dir /etc/pki/tls/private
58 inst_dir /etc/systemd/network
59 inst_dir /var/www/html
60 inst_dir $systemdsystemunitdir/ihttpd.service.wants
61
62 # Install favicon
63 inst_simple -o /var/www/html/favicon.ico
64
65 # Install network
66 for nc in `ls /etc/systemd/network/`; do
67 inst_simple /etc/systemd/network/$nc
68 done
69
70 # Install index.bin
71 inst_simple /usr/lib/ihttpd/index.bin /var/www/html/index.bin
72
73 # Install reboot.bin
74 inst_simple /usr/lib/ihttpd/reboot.bin /var/www/html/reboot.bin
75
76 # Install all files
77 inst_multiple \
78 /etc/hosts \
79 /etc/mime.types \
80 /etc/localtime \
81 /etc/nsswitch.conf \
82 /etc/ihttpd.conf \
83 /etc/pki/tls/certs/ihttpd.pem \
84 /etc/pki/tls/private/ihttpd.pem \
85 $tmpfilesdir/ihttpd.conf \
86 $systemdsystemunitdir/ihttpd.path \
87 $systemdsystemunitdir/ihttpd.service \
88 $systemdsystemunitdir/systemd-networkd.service \
89 $systemdsystemunitdir/systemd-tmpfiles-setup.service \
90 '/usr/bin/false' \
91 '/usr/bin/reboot' \
92 /usr/sbin/ihttpd
93
94 # Install sshd dirs
95 inst_dir \
96 /etc/pam.d \
97 /etc/profile.d \
98 /etc/security \
99 /etc/ssh \
100 /etc/sysconfig \
101 $systemdsystemunitdir/basic.target.wants \
102 $systemdsystemunitdir/emergency.target.wants \
103 $systemdsystemunitdir/rescue.target.wants \
104 $systemdsystemunitdir/sysinit.target.wants \
105 /usr/lib64/security \
106 /usr/share/terminfo/x \
107 /var/empty
108
109 # Install sshd files
110 inst_multiple \
111 /etc/bashrc \
112 /etc/environment \
113 /etc/gshadow \
114 /etc/pam.d/sshd \
115 /etc/pam.d/system-auth \
116 /etc/profile.d/*.sh \
117 /etc/security/limits.conf \
118 /etc/security/pam_env.conf \
119 /etc/shadow \
120 /etc/ssh/denyusers \
121 /etc/ssh/moduli \
122 /etc/ssh/ssh_config \
123 /etc/ssh/sshd_config \
124 /etc/ssh/ssh_host_* \
125 /root/.bash_profile \
126 /root/.bashrc \
127 /usr/bin/cat \
128 /usr/bin/id \
129 '/usr/bin/kill' \
130 /usr/bin/ps \
131 /usr/lib64/security/pam_cracklib.so \
132 /usr/lib64/security/pam_deny.so \
133 /usr/lib64/security/pam_env.so \
134 /usr/lib64/security/pam_keyinit.so \
135 /usr/lib64/security/pam_limits.so \
136 /usr/lib64/security/pam_listfile.so \
137 /usr/lib64/security/pam_nologin.so \
138 /usr/lib64/security/pam_succeed_if.so \
139 /usr/lib64/security/pam_systemd.so \
140 /usr/lib64/security/pam_tcb.so \
141 /usr/sbin/sshd \
142 /usr/share/terminfo/x/*
143
144 # Disable pam
145 #perl -pne 's%^UsePAM yes$%UsePAM no%;s%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
146 perl -pne 's%^PermitRootLogin .*$%PermitRootLogin yes%' -i "$initdir/etc/ssh/sshd_config"
147
148 # Sshd shell service
149 #XXX: KillMode=none is required to avoid sshd process getting killed in control group after parent fork
150 cat << EOF > $initdir$systemdsystemunitdir/debug-sshd.service
151 # Based on /usr/lib/systemd/system/debug-shell.service
152 [Unit]
153 Description=Early sshd shell FOR DEBUGGING ONLY
154 DefaultDependencies=no
155 AllowIsolate=no
156 IgnoreOnIsolate=yes
157
158 [Service]
159 Type=simple
160 KillMode=none
161 ExecStart=@/usr/sbin/sshd /usr/sbin/sshd -e
162
163 [Install]
164 WantedBy=sysinit.target
165 EOF
166
167 # Install in sysinit.target.wants
168 ln -fs ../debug-sshd.service $initdir$systemdsystemunitdir/sysinit.target.wants/
169
170 # Install sshd user and group
171 `grep -Eq '^sshd:' $initdir/etc/passwd` || grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
172 `grep -Eq '^sshd:' $initdir/etc/group` || grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
173
174 # Install ihttpd.path
175 ln -fs ../ihttpd.path $initdir$systemdsystemunitdir/sysinit.target.wants/
176
177 # Install resolv.conf as resolved service
178 #TODO: change this to have a content or depend on systemd-resolved
179 if [ -L /etc/resolv.conf ]; then
180
181 # Install systemd-resolved
182 if [ `readlink /etc/resolv.conf` = '/run/systemd/resolve/resolv.conf' ]; then
183
184 # Install resolv.conf as symlink
185 ln -fs '/run/systemd/resolve/resolv.conf' $initdir/etc/resolv.conf
186
187 # Install systemd-resolved
188 inst_multiple \
189 $systemdsystemunitdir/systemd-resolved.service \
190 $systemdutildir/systemd-resolved \
191 /etc/systemd/resolved.conf
192
193 # Require systemd-resolve user and group for our ihttpd process
194 `egrep -q '^systemd-resolve:' $initdir/etc/group` || egrep '^systemd-resolve:' /etc/group >> "$initdir/etc/group"
195 `egrep -q '^systemd-resolve:' $initdir/etc/passwd` || egrep '^systemd-resolve:' /etc/passwd >> "$initdir/etc/passwd"
196
197 # Install in ihttpd.service.wants
198 ln -fs ../systemd-resolved.service $initdir$systemdsystemunitdir/ihttpd.service.wants/
199
200 # Cleanup resolved.conf
201 perl -pne 'undef $_ if /^(?:#.*|Domains=|FallbackDNS=|DNS=(?:127.0.0.1|::1)$|$)/;/^DNS=/ && $_ =~ s/(?:127.0.0.1|::1)[ \t]*//g' \
202 -i "$initdir/etc/systemd/resolved.conf"
203
204 # Cleanup systemd-resolved.service
205 perl -pne 'undef $_ if /^(?:#|(?:Wants|After)=org\.freedesktop\.resolve1\.busname)/' \
206 -i "$initdir$systemdsystemunitdir/systemd-resolved.service"
207
208 # Try install the target file
209 else
210 inst_simple /etc/resolv.conf
211 fi
212
213 # Install resolv.conf as file
214 elif [ -e /etc/resolv.conf ]; then
215
216 # Install resolv.conf as file
217 inst_simple /etc/resolv.conf
218
219 # Cleanup resolv.conf
220 #XXX: strip search, localhost and ipv6
221 perl -pne 'undef $_ if /^(?:#.*|search\s+|nameserver\s+127.0.0.1|nameserver\s+[^:\s]+:[^\s]+|$)/' \
222 -i "$initdir/etc/resolv.conf"
223
224 # Touch resolv.conf file
225 else
226 # We did what we could
227 touch "$initdir/etc/resolv.conf"
228 fi
229
230 # Install ihttpd log
231 ln -fs ../../../run/ihttpd/log/{http,https,child.{askpassword,ihttpd},error}.log $initdir/var/www/html/
232
233 # Install in ihttpd.service.wants
234 ln -fs ../systemd-networkd.service $initdir$systemdsystemunitdir/ihttpd.service.wants/
235 ln -fs ../systemd-tmpfiles-setup.service $initdir$systemdsystemunitdir/ihttpd.service.wants/
236
237 # Include all ihttpd deps
238 inst_libdir_file \
239 "ld-linux-*.so.*" \
240 "libapr-1.so.*" \
241 "libaprutil-1.so.*" \
242 "libcrypto.so.*" \
243 "libcrypt.so.*" \
244 "libc.so.*" \
245 "libdb-*.so" \
246 "libdl.so.*" \
247 "libexpat.so.*" \
248 "libnsl.so.*" \
249 "libpcre.so.*" \
250 "libpthread.so.*" \
251 "libresolv.so.*" \
252 "librt.so.*" \
253 "libuuid.so.*" \
254 "libz.so.*" \
255 "libnss_files.so.*" \
256 "libnss_dns.so.*" \
257 "libnss_myhostname.so.*" \
258 {"tls/$_arch/",tls/,"$_arch/",}"libssl.so.*"
259
260 # Cleanup nsswitch.conf
261 if [ -f "$initdir/etc/nsswitch.conf" ]; then
262 perl -pne 'undef $_ if /^(?:#|$)/;s/compat/files/;s/ ?(?:nis|wins|mdns4_minimal |mdns4)( )?/\1/g' \
263 -i "$initdir/etc/nsswitch.conf"
264 fi
265
266 # Cleanup systemd-networkd.service
267 if [ -f "$initdir$systemdsystemunitdir/systemd-networkd.service" ]; then
268 perl -pne 'undef $_ if /^(?:#|(?:Wants|After)=org\.freedesktop\.network1\.busname)/;s/^After=(systemd-udevd.service )dbus.service network-pre.target systemd-sysusers.service /After=\1/' \
269 -i "$initdir$systemdsystemunitdir/systemd-networkd.service"
270 fi
271
272 # Cleanup systemd-tmpfiles-setup.service
273 if [ -f "$initdir$systemdsystemunitdir/systemd-tmpfiles-setup.service" ]; then
274 perl -pne 'undef $_ if /^#/;s/After=(.*) systemd-sysusers.service/After=\1/' \
275 -i "$initdir$systemdsystemunitdir/systemd-tmpfiles-setup.service"
276 fi
277
278 #XXX: bug: fix /usr/lib/tmpfiles.d/{systemd,dracut-tmpfiles}.conf missing user and group
279 `egrep -q '^utmp:' $initdir/etc/group` || egrep '^utmp:' /etc/group >> "$initdir/etc/group"
280 # Require root user and group for our ihttpd process
281 `egrep -q '^root:' $initdir/etc/group` || egrep '^root:' /etc/group >> "$initdir/etc/group"
282 `egrep -q '^root:' $initdir/etc/passwd` || egrep '^root:' /etc/passwd >> "$initdir/etc/passwd"
283 }