[Debian-live-changes] r2292 - in configs: . matth-www matth-www/root matth-www/root/scripts
matth-guest at alioth.debian.org
matth-guest at alioth.debian.org
Sat Jun 30 01:01:30 UTC 2007
Author: matth-guest
Date: 2007-06-30 01:01:30 +0000 (Sat, 30 Jun 2007)
New Revision: 2292
Added:
configs/matth-www/
configs/matth-www/README
configs/matth-www/lh_build-profile.sh
configs/matth-www/root/
configs/matth-www/root/README
configs/matth-www/root/live_startup.sh
configs/matth-www/root/scripts/
configs/matth-www/root/scripts/live_ad.conf
configs/matth-www/root/scripts/live_ad.sh
configs/matth-www/root/scripts/live_timezone.sh
Log:
initial import of http sysvinit hook (www server side)
Added: configs/matth-www/README
===================================================================
--- configs/matth-www/README (rev 0)
+++ configs/matth-www/README 2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,22 @@
+About testing that http sysvinit hook
+
+1) Generate a gpg archive suited to your live system by :
+ * creating/editing the scripts in ${rootpath}/scripts/*.sh
+ * running lh_build-profile.sh ${live_hostname} ${rootpath}
+
+2) Provide that file in a HTTP server so that it is accessible via an
+ url like http://yourserver/path/to/debian-live-sysvinit.tar.gz.gpg
+ (apache or so configuration not covered here)
+
+3) build a live system with --bootappend="liveprofile=http://yourserver/path/to"
+ and a modified live-sysvinit .deb in chroot_local-packages/
+ (or just add it ad boot time via grub/syslinux)
+
+I provide live_ad.sh/live_ad.conf that is a script enabling windows
+authentication via a domain on a linux machine as a proof of concept.
+
+live_timezone.sh is the interactive version of the early timezone=
+bootappend option.
+
+--
+Mathieu GELI <mathieu.geli at gmail.com>
Added: configs/matth-www/lh_build-profile.sh
===================================================================
--- configs/matth-www/lh_build-profile.sh (rev 0)
+++ configs/matth-www/lh_build-profile.sh 2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# Builds a GPG archive symmetrically ciphered
+# with the rootdir given in argument
+#
+# -- Mathieu GELI <mathieu.geli at gmail.com>
+
+usage() {
+ cat <<EOF
+$0 livehostname rootdir
+
+Example: $0 debian-live root
+
+With that example, you need to check that :
+* your gpg file is named debian-live-sysvinit.tar.gz.gpg
+* is accessible from http://yourserver/path/to/debian-live-sysvinit.tar.gz.gpg
+* you build/boot the live with a kernel append line containing "liveprofile=http://yourserver/path/to"
+
+EOF
+ exit 1
+}
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+ usage
+fi
+
+PROFILE=$1"-sysvinit.tar.gz"
+ROOT="$2"
+
+cd "${ROOT}"
+tar zcvf ../${PROFILE} *
+cd ..
+gpg --symmetric ${PROFILE}
+unlink ${PROFILE}
\ No newline at end of file
Property changes on: configs/matth-www/lh_build-profile.sh
___________________________________________________________________
Name: svn:executable
+ *
Added: configs/matth-www/root/README
===================================================================
--- configs/matth-www/root/README (rev 0)
+++ configs/matth-www/root/README 2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,3 @@
+The files contained in the script directory will be executed at
+boot time by live_startup.sh via the init script live-profile.sh.
+The last should be part of live-sysvinit package as an entry point.
Added: configs/matth-www/root/live_startup.sh
===================================================================
--- configs/matth-www/root/live_startup.sh (rev 0)
+++ configs/matth-www/root/live_startup.sh 2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# Bootstrap live init code
+
+cd scripts
+for SCRIPT in *.sh; do
+ sh $SCRIPT
+done
Property changes on: configs/matth-www/root/live_startup.sh
___________________________________________________________________
Name: svn:executable
+ *
Added: configs/matth-www/root/scripts/live_ad.conf
===================================================================
--- configs/matth-www/root/scripts/live_ad.conf (rev 0)
+++ configs/matth-www/root/scripts/live_ad.conf 2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,4 @@
+REALM="GELI.MDS"
+PRE2K_REALM="JUPITER"
+KERBEROS_SERVER="192.168.0.8"
+ADMIN="Administrateur"
Added: configs/matth-www/root/scripts/live_ad.sh
===================================================================
--- configs/matth-www/root/scripts/live_ad.sh (rev 0)
+++ configs/matth-www/root/scripts/live_ad.sh 2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# Enable the live to be part of
+# an Active Directory domain with NT auth
+#
+# Require : samba, winbind, (for now) host to be
+# already registered in the domain
+#
+# -- Mathieu GELI <mathieu.geli at gmail.com>
+
+# source conf
+. live_ad.conf
+
+# krb5 preseed
+echo "Live: Configiring kerberos..."
+debconf-communicate -fnoninteractive live-sysvinit > /dev/null <<EOF
+set krb5-config/default_realm ${REALM}
+set krb5-config/kerberos_servers ${KERBEROS_SERVER}
+EOF
+DEBIAN_FRONTEND="noninteractive" dpkg-reconfigure krb5-config
+
+# nsswitch
+echo "Live: Configiring Name Service Switch..."
+sed -i -r -e "s/passwd:(.*)$/passwd:\1 winbind/" \
+ -e "s/group:(.*)$/group:\1 winbind/" \
+ -e "s/shadow:(.*)$/shadow:\1 winbind/" \
+ -e "s/protocol:(.*)$/protocol:\1 winbind/" \
+ -e "s/services:(.*)$/services:\1 winbind/" \
+ /etc/nsswitch.conf
+
+# samba
+echo "Live: Configiring samba..."
+sed -i -r -e "s/\s+workgroup =.*$/ workgroup = $PRE2K_REALM/" \
+ -e "s/; security = user/; security = user\n security = ADS\n realm = $REALM\n password server = $KERBEROS_SERVER\n winbind enum users = yes\n winbind enum groups = yes\n client use spnego = yes\n idmap uid = 16777216-33554431\n idmap gid = 16777216-33554431\n template shell = \/bin\/bash\n template homedir = \/home\/%D\/%U\n winbind use default domain = yes/" /etc/samba/smb.conf
+
+# PAM
+echo "Live: Configuring PAM..."
+sed -i -r -e "s/account\s+required\s+pam_unix.so/auth\trequisite\tpam_nologin.so\naccount\tsufficient\tpam_winbind.so\naccount\trequired\tpam_unix.so/" \
+ /etc/pam.d/common-account
+
+sed -i -r -e "s/auth\s+required\s+pam_unix.so nullok_secure/auth\trequisite\tpam_nologin.so\nauth\tsufficient\tpam_unix.so nullok_secure\nauth\tsufficient\tpam_winbind.so use_first_pass/" \
+ /etc/pam.d/common-auth
+
+sed -i -r -e "s/session\s+required\s+pam_unix.so/session\trequired\tpam_unix.so\nsession\trequired\tpam_mkhomedir.so umask=0022 skel=\/etc\/skel/" \
+ /etc/pam.d/common-session
+
+echo "Live: Building domain home..."
+mkdir -m a+rxw /home/$PRE2K_REALM
+
+echo "Joining domain $DOMAIN with $ADMIN credentials..."
+
+maxtry=3
+while [ $maxtry -gt 0 ]; do
+ maxtry=$((maxtry-1))
+ net rpc join -U $ADMIN && break
+
+done
Property changes on: configs/matth-www/root/scripts/live_ad.sh
___________________________________________________________________
Name: svn:executable
+ *
Added: configs/matth-www/root/scripts/live_timezone.sh
===================================================================
--- configs/matth-www/root/scripts/live_timezone.sh (rev 0)
+++ configs/matth-www/root/scripts/live_timezone.sh 2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+dpkg-reconfigure locales
+dpkg-reconfigure tzdata
+
Property changes on: configs/matth-www/root/scripts/live_timezone.sh
___________________________________________________________________
Name: svn:executable
+ *
More information about the Debian-live-changes
mailing list