[Debian-live-changes] r2292 - in configs: . matth-www matth-www/root matth-www/root/scripts

matth-guest at alioth.debian.org matth-guest at alioth.debian.org
Sat Jun 30 01:01:30 UTC 2007 

Author: matth-guest
Date: 2007-06-30 01:01:30 +0000 (Sat, 30 Jun 2007)
New Revision: 2292

Added:
   configs/matth-www/
   configs/matth-www/README
   configs/matth-www/lh_build-profile.sh
   configs/matth-www/root/
   configs/matth-www/root/README
   configs/matth-www/root/live_startup.sh
   configs/matth-www/root/scripts/
   configs/matth-www/root/scripts/live_ad.conf
   configs/matth-www/root/scripts/live_ad.sh
   configs/matth-www/root/scripts/live_timezone.sh
Log:
initial import of http sysvinit hook (www server side)


Added: configs/matth-www/README
===================================================================
--- configs/matth-www/README	                        (rev 0)
+++ configs/matth-www/README	2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,22 @@
+About testing that http sysvinit hook
+
+1) Generate a gpg archive suited to your live system by :
+   * creating/editing the scripts in ${rootpath}/scripts/*.sh
+   * running lh_build-profile.sh ${live_hostname} ${rootpath}
+
+2) Provide that file in a HTTP server so that it is accessible via an
+  url like http://yourserver/path/to/debian-live-sysvinit.tar.gz.gpg
+  (apache or so configuration not covered here)
+
+3) build a live system with --bootappend="liveprofile=http://yourserver/path/to"
+   and a modified live-sysvinit .deb in chroot_local-packages/
+   (or just add it ad boot time via grub/syslinux)
+
+I provide live_ad.sh/live_ad.conf that is a script enabling windows
+authentication via a domain on a linux machine as a proof of concept.
+
+live_timezone.sh is the interactive version of the early timezone=
+bootappend option.
+
+-- 
+Mathieu GELI <mathieu.geli at gmail.com>

Added: configs/matth-www/lh_build-profile.sh
===================================================================
--- configs/matth-www/lh_build-profile.sh	                        (rev 0)
+++ configs/matth-www/lh_build-profile.sh	2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,34 @@
+#!/bin/bash
+#
+# Builds a GPG archive symmetrically ciphered
+# with the rootdir given in argument
+#
+# -- Mathieu GELI <mathieu.geli at gmail.com>
+
+usage() {
+    cat <<EOF
+$0 livehostname rootdir
+
+Example: $0 debian-live root
+
+With that example, you need to check that : 
+* your gpg file is named debian-live-sysvinit.tar.gz.gpg
+* is accessible from http://yourserver/path/to/debian-live-sysvinit.tar.gz.gpg
+* you build/boot the live with a kernel append line containing "liveprofile=http://yourserver/path/to"
+
+EOF
+    exit 1   
+}
+
+if [ -z "$1" ] || [ -z "$2" ]; then
+    usage
+fi
+
+PROFILE=$1"-sysvinit.tar.gz"
+ROOT="$2"
+
+cd "${ROOT}"
+tar zcvf ../${PROFILE} *
+cd ..
+gpg --symmetric ${PROFILE}
+unlink ${PROFILE}
\ No newline at end of file


Property changes on: configs/matth-www/lh_build-profile.sh
___________________________________________________________________
Name: svn:executable
   + *

Added: configs/matth-www/root/README
===================================================================
--- configs/matth-www/root/README	                        (rev 0)
+++ configs/matth-www/root/README	2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,3 @@
+The files contained in the script directory will be executed at
+boot time by live_startup.sh via the init script live-profile.sh.
+The last should be part of live-sysvinit package as an entry point.

Added: configs/matth-www/root/live_startup.sh
===================================================================
--- configs/matth-www/root/live_startup.sh	                        (rev 0)
+++ configs/matth-www/root/live_startup.sh	2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,8 @@
+#!/bin/sh
+#
+# Bootstrap live init code
+
+cd scripts
+for SCRIPT in *.sh; do
+    sh $SCRIPT
+done


Property changes on: configs/matth-www/root/live_startup.sh
___________________________________________________________________
Name: svn:executable
   + *

Added: configs/matth-www/root/scripts/live_ad.conf
===================================================================
--- configs/matth-www/root/scripts/live_ad.conf	                        (rev 0)
+++ configs/matth-www/root/scripts/live_ad.conf	2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,4 @@
+REALM="GELI.MDS"
+PRE2K_REALM="JUPITER"
+KERBEROS_SERVER="192.168.0.8"
+ADMIN="Administrateur"

Added: configs/matth-www/root/scripts/live_ad.sh
===================================================================
--- configs/matth-www/root/scripts/live_ad.sh	                        (rev 0)
+++ configs/matth-www/root/scripts/live_ad.sh	2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,57 @@
+#!/bin/sh
+#
+# Enable the live to be part of 
+# an Active Directory domain with NT auth
+#
+# Require : samba, winbind, (for now) host to be 
+# already registered in the domain
+#
+# -- Mathieu GELI <mathieu.geli at gmail.com>
+
+# source conf
+. live_ad.conf
+
+# krb5 preseed
+echo "Live: Configiring kerberos..."
+debconf-communicate -fnoninteractive live-sysvinit > /dev/null <<EOF
+set krb5-config/default_realm ${REALM}
+set krb5-config/kerberos_servers ${KERBEROS_SERVER}
+EOF
+DEBIAN_FRONTEND="noninteractive" dpkg-reconfigure krb5-config
+
+# nsswitch
+echo "Live: Configiring Name Service Switch..."
+sed -i -r -e "s/passwd:(.*)$/passwd:\1 winbind/" \
+    -e "s/group:(.*)$/group:\1 winbind/" \
+    -e "s/shadow:(.*)$/shadow:\1 winbind/" \
+    -e "s/protocol:(.*)$/protocol:\1 winbind/" \
+    -e "s/services:(.*)$/services:\1 winbind/" \
+    /etc/nsswitch.conf
+
+# samba
+echo "Live: Configiring samba..."
+sed -i -r -e "s/\s+workgroup =.*$/  workgroup = $PRE2K_REALM/" \
+    -e "s/;   security = user/;   security = user\n   security = ADS\n   realm = $REALM\n   password server = $KERBEROS_SERVER\n   winbind enum users = yes\n   winbind enum groups = yes\n    client use spnego = yes\n   idmap uid = 16777216-33554431\n   idmap gid = 16777216-33554431\n   template shell = \/bin\/bash\n   template homedir = \/home\/%D\/%U\n   winbind use default domain = yes/" /etc/samba/smb.conf
+
+# PAM
+echo "Live: Configuring PAM..."
+sed -i -r -e "s/account\s+required\s+pam_unix.so/auth\trequisite\tpam_nologin.so\naccount\tsufficient\tpam_winbind.so\naccount\trequired\tpam_unix.so/" \
+    /etc/pam.d/common-account
+
+sed -i -r -e "s/auth\s+required\s+pam_unix.so nullok_secure/auth\trequisite\tpam_nologin.so\nauth\tsufficient\tpam_unix.so nullok_secure\nauth\tsufficient\tpam_winbind.so use_first_pass/" \
+    /etc/pam.d/common-auth
+
+sed -i -r -e "s/session\s+required\s+pam_unix.so/session\trequired\tpam_unix.so\nsession\trequired\tpam_mkhomedir.so umask=0022 skel=\/etc\/skel/" \
+    /etc/pam.d/common-session
+
+echo "Live: Building domain home..."
+mkdir -m a+rxw /home/$PRE2K_REALM
+
+echo "Joining domain $DOMAIN with $ADMIN credentials..."
+
+maxtry=3
+while [ $maxtry -gt 0 ]; do
+    maxtry=$((maxtry-1))
+    net rpc join -U $ADMIN && break
+
+done


Property changes on: configs/matth-www/root/scripts/live_ad.sh
___________________________________________________________________
Name: svn:executable
   + *

Added: configs/matth-www/root/scripts/live_timezone.sh
===================================================================
--- configs/matth-www/root/scripts/live_timezone.sh	                        (rev 0)
+++ configs/matth-www/root/scripts/live_timezone.sh	2007-06-30 01:01:30 UTC (rev 2292)
@@ -0,0 +1,5 @@
+#!/bin/sh
+
+dpkg-reconfigure locales
+dpkg-reconfigure tzdata
+


Property changes on: configs/matth-www/root/scripts/live_timezone.sh
___________________________________________________________________
Name: svn:executable
   + *

More information about the Debian-live-changes mailing list