X-Git-Url: https://git.cyclocoop.org/?p=lhc%2Fateliers.git;a=blobdiff_plain;f=vm_hosted;h=81dec85202729227e12b8211d8b3212819ddbf81;hp=a92477ccbd04940a818eab76aafe7082cb67eb39;hb=fb16412c2b5c7d0264df73c117399ff244a4abee;hpb=a0db32961c20b1a9a404d28a8ba4932808f386af diff --git a/vm_hosted b/vm_hosted index a92477c..81dec85 100755 --- a/vm_hosted +++ b/vm_hosted @@ -163,23 +163,18 @@ rule_initramfs_configure () { sudo sed -e '/^configure_networking /s/ &$//' \ -i /usr/share/initramfs-tools/scripts/init-premount/dropbear # NOTE: corrige une vermine : dropbear doit attendre que le réseau soit configuré.. - sudo rm -f \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key.pub \ - /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \ - /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | ( while IFS= read -r line do case $line in (*" RSA") return 0; break;; esac done; return 1 ) || + { + sudo rm -f \ + /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key \ + /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key.pub sudo dropbearkey -t rsa -s 4096 -f \ /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key - ssh-keygen -F "init.$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | - ( while IFS= read -r line - do case $line in (*" DSA") return 0; break;; esac - done; return 1 ) || - sudo dropbearkey -t dss -s 1024 -f \ - /etc/initramfs-tools/etc/dropbear/dropbear_dss_host_key + } + # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins. mk_dir mod=640 own=root:root \ /etc/initramfs-tools/root \ /etc/initramfs-tools/root/.ssh @@ -425,7 +420,7 @@ rule_user_root_configure () { done done | mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys - local key + local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo gpg --import "$key" done @@ -449,6 +444,10 @@ rule_disk_key_change () { sudo cryptsetup luksChangeKey /dev/$vm_lvm_vg/${vm_lvm_lv}_root } +rule_user_admin_configure () { + rule initramfs_configure + rule user_root_configure + } rule_user_admin_add () { # SYNTAX: $user local user=$1 id "$user" >/dev/null || @@ -458,12 +457,11 @@ rule_user_admin_add () { # SYNTAX: $user sudo adduser "$user" sudo mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \ <"$tool"/var/pub/ssh/"$user".key - rule initramfs_configure - rule user_root_configure local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo -u "$user" gpg --import "$key" done + rule user_admin_configure } rule_user_mail_format () { mk_dir mod=770 own=root:adm /etc/skel/etc/procmail