From ced74ab27db05f2203dc1c3d80ee6b0cf1dbc5d4 Mon Sep 17 00:00:00 2001 From: Julien Moutinho Date: Fri, 22 Feb 2013 18:26:51 +0100 Subject: [PATCH] Modification : mk_{dir,reg} -> install . --- lib/functions.sh | 1 - lib/mk.sh | 30 ------------ vm_host | 3 +- vm_hosted | 125 +++++++++++++++++++++++++---------------------- 4 files changed, 67 insertions(+), 92 deletions(-) delete mode 100644 lib/functions.sh delete mode 100644 lib/mk.sh diff --git a/lib/functions.sh b/lib/functions.sh deleted file mode 100644 index 1a24852..0000000 --- a/lib/functions.sh +++ /dev/null @@ -1 +0,0 @@ -#!/bin/sh diff --git a/lib/mk.sh b/lib/mk.sh deleted file mode 100644 index 91ebc13..0000000 --- a/lib/mk.sh +++ /dev/null @@ -1,30 +0,0 @@ -#!/bin/sh - -mk_dir () { - local mk="dir" - info "$*" mk - local mod=${1#mod=}; shift - local own=${1#own=}; shift - sudo mkdir -p "$@" - ! [ ${mod:+set} ] || sudo chmod $mod "$@" - ! [ ${own:+set} ] || sudo chown $own "$@" - } -mk_reg () { - local mk="reg" - info "$*" mk - local mod=${1#mod=}; shift - local own=${1#own=}; shift - local append - if [ "x${1#--append}" = "x" ] - then append='-a'; shift - else append='' - fi - sudo tee ${TRACE:+/dev/stderr} >/dev/null $append "$@" - ! [ ${mod:+set} ] || sudo chmod $mod "$@" - ! [ ${own:+set} ] || sudo chown $own "$@" - } -mk_lnk () { - local mk="lnk" - info "$*" mk - sudo ln -fns "$@" - } diff --git a/vm_host b/vm_host index de458ef..7c521e4 100755 --- a/vm_host +++ b/vm_host @@ -3,7 +3,6 @@ set -e -f ${DRY_RUN:+-n} -u tool=${0%/*} . "$tool"/lib/rule.sh . "$tool"/etc/vm.sh -. "$tool"/lib/mk.sh rule_help () { # SYNTAX: [--hidden] local hidden; [ ${1:+set} ] || hidden=set @@ -46,7 +45,7 @@ rule_git_reset () { } rule_vm_configure () { - mk_reg mod=644 own=root:root /etc/xen/$vm_fqdn.cfg <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/xen/$vm_fqdn.cfg <<-EOF # -*- mode: python; -*- # DOC: http://wiki.xen.org/wiki/Xen_Linux_PV_on_HVM_drivers import os, re diff --git a/vm_hosted b/vm_hosted index dc86ddc..0f900aa 100755 --- a/vm_hosted +++ b/vm_hosted @@ -3,7 +3,6 @@ set -e -f ${DRY_RUN:+-n} -u tool=${0%/*} . "$tool"/lib/rule.sh . "$tool"/etc/vm.sh -. "$tool"/lib/mk.sh rule_help () { # SYNTAX: [--hidden] local hidden; [ ${1:+set} ] || hidden=set @@ -55,13 +54,13 @@ rule__chrooted_configure () { # NOTE: est-ce bien utile à un moment ? } rule_apt_configure () { - mk_reg mod= own= /etc/apt/sources.list <<-EOF + sudo install -m 660 -u root -g root /dev/stdin /etc/apt/sources.list <<-EOF deb http://ftp.fr.debian.org/debian $vm_lsb_name main contrib non-free EOF - mk_reg mod= own= /etc/apt/sources.list.d/$vm_lsb_name-backports.list <<-EOF + sudo install -m 660 -u root -g root /dev/stdin /etc/apt/$vm_lsb_name-backports.list <<-EOF #deb http://backports.debian.org/debian-backports $vm_lsb_name-backports main contrib non-free EOF - mk_reg mod= own= /etc/apt/preferences <<-EOF + sudo install -m 660 -u root -g root /dev/stdin /etc/apt/preferences <<-EOF Package: * Pin: release a=$vm_lsb_name Pin-Priority: 170 @@ -70,14 +69,14 @@ rule_apt_configure () { Pin: release a=$vm_lsb_name-backports Pin-Priority: 200 EOF - mk_reg mod= own= /etc/apt/sources.list.d/openerp.list <<-EOF + sudo install -m 660 -u root -g root /dev/stdin /etc/apt/sources.list.d/openerp.list <<-EOF deb http://nightly.openerp.com/trunk/nightly/deb/ ./ EOF } rule_apticron_configure () { rule apt_get_install apticron - mk_reg mod=644 own=root:root /etc/apticron/apticron.conf <<-EOF - EMAIL="admin@heureux-cyclage.org" + sudo install -m 644 -u root -g root /dev/stdin /etc/apticron/apticron.conf <<-EOF + EMAIL="admin@$vm_domainname" # DIFF_ONLY="1" # LISTCHANGES_PROFILE="apticron" # ALL_FQDNS="1" @@ -89,15 +88,15 @@ rule_apticron_configure () { # NOTIFY_NO_UPDATES="0" # CUSTOM_SUBJECT="" # CUSTOM_NO_UPDATES_SUBJECT="" - # CUSTOM_FROM="root@ateliers.heureux-cyclage.org" + # CUSTOM_FROM="root@$vm_fqdn" EOF } rule_boot_configure () { warn "attention à n'installer GRUB sur AUCUN disque proposé !" rule apt_get_install grub-pc - mk_dir mod=644 own=root:root /boot/grub + sudo install -d -m 644 -u root -g root /boot/grub rule apt_get_install linux-image-$vm_arch - mk_reg mod=644 own=root:root /etc/default/grub <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/default/grub <<-EOF GRUB_DEFAULT=0 GRUB_TIMEOUT=5 GRUB_DISTRIBUTOR=\`lsb_release -i -s 2> /dev/null || echo Debian\` @@ -106,7 +105,7 @@ rule_boot_configure () { GRUB_DISABLE_RECOVERY="true" #GRUB_PRELOAD_MODULES="lvm" EOF - mk_reg mod=644 own=root:root /boot/grub/device.map <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /boot/grub/device.map <<-EOF (hd0) /dev/xvda (hd0) /dev/mapper/domU-$(printf %s $vm_fqdn-disk | sed -e 's/-/--/g') EOF @@ -114,7 +113,7 @@ rule_boot_configure () { rule initramfs_configure } rule_etckeeper_configure () { - mk_reg mod=644 own=root:root /etc/etckeeper/etckeeper.conf <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/etckeeper/etckeeper.conf <<-EOF VCS=git GIT_COMMIT_OPTIONS="" AVOID_DAILY_AUTOCOMMITS=1 @@ -126,42 +125,43 @@ rule_etckeeper_configure () { rule apt_get_install etckeeper } rule_filesystem_configure () { - mk_reg mod=644 own=root:root /etc/fstab <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/fstab <<-EOF # LABEL=${vm_lvm_lv}_boot /boot ext2 defaults 0 0 proc /proc proc defaults 0 0 sysfs /sys sysfs defaults 0 0 tmpfs /tmp tmpfs rw,nosuid,nodev,auto,size=200m,nr_inodes=1000k,mode=1777,noatime,nodiratime 0 0 - /dev/mapper/${vm_lvm_lv}_root_deciphered / ext4 defaults,errors=remount-ro,acl,noatime 0 1 - /dev/mapper/${vm_lvm_lv}_var_deciphered /var ext4 defaults,errors=remount-ro,acl,noatime 0 1 - /dev/mapper/${vm_lvm_lv}_home_deciphered /home ext4 defaults,errors=remount-ro,acl,noatime,usrquota,grpquota 0 0 + /dev/mapper/${vm_lvm_lv}_root_deciphered / ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1 + /dev/mapper/${vm_lvm_lv}_var_deciphered /var ext4 defaults,errors=remount-ro,acl,barrier=1,noatime 0 1 + /dev/mapper/${vm_lvm_lv}_home_deciphered /home ext4 defaults,errors=remount-ro,acl,barrier=1,noatime,usrquota,grpquota 0 0 + # NOTE: barrier=1 réduit drastiquement les performances d'écriture, mais garantit la cohérence du système de fichiers. /dev/mapper/${vm_lvm_lv}_swap_deciphered swap swap sw 0 0 EOF - mk_reg mod=644 own=root:root /etc/crypttab <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/crypttab <<-EOF # ${vm_lvm_lv}_root_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_root none luks,lvm=$vm_lvm_vg ${vm_lvm_lv}_var_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_var ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_home_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_home ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived ${vm_lvm_lv}_swap_deciphered /dev/$vm_lvm_vg/${vm_lvm_lv}_swap ${vm_lvm_lv}_root_deciphered luks,lvm=$vm_lvm_vg,keyscript=/lib/cryptsetup/scripts/decrypt_derived EOF - mk_reg mod=644 own=root:root /etc/sysctl.d/local-swap.conf <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/sysctl.d/local-swap.conf <<-EOF vm.swappiness = 10 # NOTE: n'utilise le swap qu'en cas d'absolue nécessité vm.vfs_cache_pressure=50 EOF } rule_initramfs_configure () { - mk_reg mod=644 own=root:root /etc/initramfs-tools/initramfs.conf <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/initramfs-tools/initramfs.conf <<-EOF MODULES=most BUSYBOX=y KEYMAP=y COMPRESS=gzip DEVICE=eth0 EOF - mk_reg mod=644 own=root:root /etc/modprobe.d/xen-pv.conf <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/modprobe.d/xen-pv.conf <<-EOF alias eth0 xennet alias scsi_hostadapter xenblk EOF - mk_reg mod=644 own=root:root /etc/modules <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/modules <<-EOF sha1_generic sha256_generic sha512_generic @@ -170,7 +170,7 @@ rule_initramfs_configure () { # NOTE: pour Xen en mode HVM : #modprobe xen-platform-pci EOF - mk_reg mod=644 own=root:root /etc/initramfs-tools/modules <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/initramfs-tools/modules <<-EOF EOF sudo sed -e '/^configure_networking /s/ &$//' \ -i /usr/share/initramfs-tools/scripts/init-premount/dropbear @@ -187,7 +187,7 @@ rule_initramfs_configure () { /etc/initramfs-tools/etc/dropbear/dropbear_rsa_host_key } # NOTE: ne se préoccupe pas de dropbear_dss_host_key ; Debian la génère et l'utilise néamoins. - mk_dir mod=640 own=root:root \ + sudo install -d -m 640 -u root -g root \ /etc/initramfs-tools/root \ /etc/initramfs-tools/root/.ssh getent group sudo | @@ -199,7 +199,7 @@ rule_initramfs_configure () { cat "$home"/etc/ssh/authorized_keys done done | - mk_reg mod=644 own=root:root /etc/initramfs-tools/root/.ssh/authorized_keys + sudo install -m 644 -u root -g root /dev/stdin /etc/initramfs-tools/root/.ssh/authorized_keys sudo rm -f \ /etc/initramfs-tools/root/.ssh/id_rsa.dropbear \ /etc/initramfs-tools/root/.ssh/id_rsa.pub \ @@ -208,21 +208,23 @@ rule_initramfs_configure () { sudo update-initramfs -u } rule_locale_configure () { - mk_reg mod=644 own=root:root /etc/locale.gen <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/locale.gen <<-EOF fr_FR.UTF-8 UTF-8 EOF sudo update-locale } rule_login_configure () { grep -q '^hvc0$' /etc/securetty || - mk_reg mod= own= --append /etc/securetty <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/securetty <<-EOF + $(cat /etc/securetty) hvc0 EOF grep -q '^xvc0$' /etc/securetty || - mk_reg mod= own= --append /etc/securetty <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/securetty <<-EOF + $(cat /etc/securetty) xvc0 EOF - mk_reg mod=644 own=root:root /etc/inittab <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/inittab <<-EOF # /etc/inittab: init(8) configuration. # The default runlevel. @@ -265,7 +267,7 @@ rule_login_configure () { hvc:2345:respawn:/sbin/getty 38400 hvc0 #xvc:2345:respawn:/sbin/getty 38400 xvc0 EOF - mk_reg mod=644 own=root:root /etc/login.defs <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/login.defs <<-EOF MAIL_DIR /var/mail FAILLOG_ENAB yes LOG_UNKFAIL_ENAB no @@ -303,19 +305,21 @@ rule_login_configure () { ENCRYPT_METHOD SHA512 EOF grep -q '^session optional pam_umask.so\>' /etc/pam.d/common-session || - mk_reg mod= own= --append /etc/pam.d/common-session <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/pam.d/common-session <<-EOF + $(cat /etc/pam.d/common-session) session optional pam_umask.so EOF } rule_network_configure () { - mk_reg mod= own= /etc/hostname <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/hostname <<-EOF $vm EOF grep -q " $vm\$" /etc/hosts || - mk_reg mod= own= --append /etc/hosts <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/hosts <<-EOF + $(cat /etc/hosts) 127.0.0.1 $vm_fqdn $vm EOF - mk_reg mod= own= /etc/network/interfaces <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/network/interfaces <<-EOF auto lo iface lo inet loopback @@ -348,17 +352,17 @@ rule_network_configure () { EOF } rule_user_configure () { - mk_dir mod=750 own="root:adm" /etc/skel/etc - mk_dir mod=770 own="root:adm" /etc/skel/etc/apache2 - mk_dir mod=770 own="root:adm" /etc/skel/etc/ssh - mk_dir mod=700 own="root:adm" /etc/skel/var - mk_dir mod=700 own="root:adm" /etc/skel/var/log - mk_dir mod=700 own="root:adm" /etc/skel/var/cache - mk_dir mod=700 own="root:adm" /etc/skel/var/cache/ssh - mk_dir mod=700 own="root:adm" /etc/skel/tmp - mk_dir mod=700 own="root:adm" /etc/skel/tmp - mk_lnk etc/ssh /etc/skel/.ssh - mk_lnk etc/gpg /etc/skel/.gnupg + sudo install -d -m 750 -u root -g adm \ + /etc/skel/etc \ + /etc/skel/etc/ssh + sudo install -d -m 770 -u root -g adm \ + /etc/skel/etc/apache2 \ + /etc/skel/var \ + /etc/skel/var/log \ + /etc/skel/var/cache \ + /etc/skel/var/cache/ssh + sudo ln -fns etc/ssh /etc/skel/.ssh + sudo ln -fns etc/gpg /etc/skel/.gnupg ssh-keygen -F "$vm_fqdn" -f "$tool"/etc/openssh/known_hosts | ( while IFS= read -r line do case $line in (*" RSA") return 0; break;; esac @@ -370,7 +374,7 @@ rule_user_configure () { /etc/ssh/ssh_host_ecdsa_key \ /etc/ssh/ssh_host_ecdsa_key.pub # NOTE: clefs générées par Debian - mk_reg mod=664 own=root:root /etc/ssh/sshd_config <<-EOF + sudo install -m 644 -u root -g root /dev/stdin /etc/ssh/sshd_config <<-EOF Port 22 ListenAddress $vm_ipv4 #ListenAddress :: @@ -409,15 +413,15 @@ rule_user_configure () { UsePAM yes EOF sudo service ssh restart - mk_reg mod=440 own=root:root /etc/sudoers.d/passwd-init <<-EOF + sudo install -m 640 -u root -g root /dev/stdin /etc/sudoers.d/passwd-init <<-EOF %sudo ALL=(ALL) NOPASSWD: /bin/sh -e -f -u -c \\ case \$(/usr/bin/passwd --status "\$SUDO_USER") in \\ ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac EOF - mk_reg mod=440 own=root:root /etc/sudoers.d/etckeeper-unclean <<-EOF + sudo install -m 640 -u root -g root /dev/stdin /etc/sudoers.d/etckeeper-unclean <<-EOF %sudo ALL=(ALL) NOPASSWD: /usr/sbin/etckeeper unclean EOF - mk_reg mod=440 own=root:root /etc/sudoers.d/env_keep <<-EOF + sudo install -m 640 -u root -g root /dev/stdin /etc/sudoers.d/env_keep <<-EOF Defaults env_keep = " \\ EDITOR \\ GIT_AUTHOR_NAME \\ @@ -426,18 +430,20 @@ rule_user_configure () { GIT_COMMITTER_EMAIL \\ " EOF - mk_reg mod=555 own=root:root /usr/local/sbin/passwd-init <<-EOF - #!/bin/sh + sudo install -m 755 -u root -g root /dev/stdin /usr/local/sbin/passwd-init <<-EOF + #!/bin/sh -efu + # DESCRIPTION: permet à un-e utilisateurice d'initialiser ellui-même son mot-de-passe système. sudo /bin/sh -e -f -u -c \ 'case \$(/usr/bin/passwd --status "\$SUDO_USER") in ("\$SUDO_USER L "*) /usr/bin/passwd \$SUDO_USER;; esac' EOF } rule_user_root_configure () { - mk_dir mod=750 own=root:root /root/etc - mk_dir mod=750 own=root:root /root/etc/ssh - mk_dir mod=750 own=root:root /root/etc/gpg - mk_lnk etc/gpg /root/.gnupg - mk_lnk etc/ssh /root/.ssh + sudo install -d -m 750 -u root -g adm \ + /root/etc \ + /root/etc/ssh \ + /root/etc/gpg + sudo ln -fns etc/gpg /root/.gnupg + sudo ln -fns etc/ssh /root/.ssh getent group sudo | while IFS=: read -r group x x users do while test -n "$users" && IFS=, read -r user users <<-EOF @@ -447,14 +453,14 @@ rule_user_root_configure () { cat "$home"/etc/ssh/authorized_keys done done | - mk_reg mod=640 own=root:root /root/etc/ssh/authorized_keys + sudo install -m 640 -u root -g root /dev/stdin /root/etc/ssh/authorized_keys local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo gpg --import "$key" done } rule_bin_configure () { - mk_lnk "$tool"/vm_hosted /usr/local/sbin/ + sudo ln -fns "$tool"/vm_hosted /usr/local/sbin/ } rule_configure () { rule etckeeper_configure @@ -484,8 +490,9 @@ rule_user_admin_add () { # SYNTAX: $user # NOTE: le mot-de-passe doit être initialisé par l'utilisateur à l'aide de passwd-init . eval local home\; home="~$user" sudo adduser "$user" sudo - mk_reg mod=640 own=$user:$user "$home"/etc/ssh/authorized_keys \ - <"$tool"/var/pub/ssh/"$user".key + sudo install -m 640 -u root -g root \ + "$tool"/var/pub/ssh/"$user".key \ + "$home"/etc/ssh/authorized_keys local key; local -; set +f for key in "$tool"/var/pub/openpgp/*.key do sudo -u "$user" gpg --import "$key" -- 2.20.1