X-Git-Url: https://git.cyclocoop.org/?a=blobdiff_plain;f=vm_hosted;h=9121320e638d3564d374e2a7c48593617ccf4654;hb=b29eee4bccda9713ca66f55f8ac382e688d5078c;hp=a92477ccbd04940a818eab76aafe7082cb67eb39;hpb=a0db32961c20b1a9a404d28a8ba4932808f386af;p=lhc%2Fateliers.git diff --git a/vm_hosted b/vm_hosted index a92477c..9121320 100755 --- a/vm_hosted +++ b/vm_hosted @@ -37,6 +37,16 @@ rule_git_reset () { ) } +rule_apt_get_install () { # SYNTAX: $package + case $(dpkg -s "$1" | grep '^Status: ') in + ("Status: install ok installed");; + (*) + test ! -x /usr/bin/etckeeper || + assert 'sudo etckeeper unclean' + sudo apt-get "$@";; + esac + } + rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ? export LANG=C export LC_CTYPE=C @@ -64,7 +74,7 @@ rule_apt_configure () { EOF } rule_apticron_configure () { - sudo apt-get install --reinstall apticron + rule apt_get_install apticron mk_reg mod=644 own=root:root /etc/apticron/apticron.conf <<-EOF EMAIL="admin@heureux-cyclage.org" # DIFF_ONLY="1" @@ -83,9 +93,10 @@ rule_apticron_configure () { sudo service apticron restart } rule_boot_configure () { - sudo apt-get install --reinstall grub-pc # XXX: attention à n'installer GRUB sur AUCUN disque proposé ! + warn "attention à n'installer GRUB sur AUCUN disque proposé !" + rule apt_get_install grub-pc mk_dir mod=644 own=root:root /boot/grub - sudo apt-get install --reinstall linux-image-$vm_arch + rule apt_get_install linux-image-$vm_arch mk_reg mod=644 own=root:root /etc/default/grub <<-EOF GRUB_DEFAULT=0 GRUB_TIMEOUT=5 @@ -112,6 +123,7 @@ rule_etckeeper_configure () { HIGHLEVEL_PACKAGE_MANAGER=apt LOWLEVEL_PACKAGE_MANAGER=dpkg EOF + rule apt_get_install etckeeper } rule_filesystem_configure () { mk_reg mod=644 own=root:root /etc/fstab <<-EOF @@ -163,23 +175,18 @@ rule_initramfs_configure () { sudo sed -e '/^configure_networking /s/ &$//' \ -i /usr/share/initramfs-tools/scripts/init-premount/dropbear # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré.. - sudo rm -f \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \ - /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \ - /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | ( while IFS= read -r line do case $line in (*" RSA") return 0; break;; esac done; return 1 ) || + { + sudo rm -f \ + /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \ + /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub sudo dropbearkey -t rsa -s 4096 -f \ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key - ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | - ( while IFS= read -r line - do case $line in (*" DSA") return 0; break;; esac - done; return 1 ) || - sudo dropbearkey -t dss -s 1024 -f \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key + } + # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins. mk_dir mod=640 own=root:root \ /etc/initramfs-tools/root \ /etc/initramfs-tools/root/.ssh @@ -425,7 +432,7 @@ rule_user_root_configure () { done done | mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys - local key + local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo gpg --import "$key" done @@ -449,6 +456,10 @@ rule_disk_key_change () { sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root } +rule_user_admin_configure () { + rule initramfs_configure + rule user_root_configure + } rule_user_admin_add () { # SYNTAX: $user local user=$1 id "$user" >/dev/null || @@ -458,12 +469,11 @@ rule_user_admin_add () { # SYNTAX: $user sudo adduser "$user" sudo mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \ <"$tool"/var/pub/ssh/"$user".key - rule initramfs_configure - rule user_root_configure local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo -u "$user" gpg --import "$key" done + rule user_admin_configure } rule_user_mail_format () { mk_dir mod=770 own=root:adm /etc/skel/etc/procmail