--- /dev/null
+PACKAGE := pl_sshd
+
+include rpm.mk
elif [ -r "/vservers/$1/home/$1/$KEYFILE" ]; then
OUT=/vservers/$1/home/$1/.ssh
else
- echo $1 not found in /vservers or /home >/tmp/auto.pl_sshd.log
+ echo $1 not found in /vservers or /home >&2
exit 1
fi
# source function library
. /etc/rc.d/init.d/functions
-#
+
# pull in sysconfig settings
[ -f /etc/sysconfig/pl_sshd ] && . /etc/sysconfig/pl_sshd
-# add the PlanetLab-specific options
-KEYDIR=/var/pl_sshd/keys
-OPTIONS="-p 806 -o 'AuthorizedKeysFile $KEYDIR/%u/authorized_keys'"
-AUTOMOUNT=/usr/sbin/automount
-AUTOMAP=/etc/auto.pl_sshd
-AUTOPID=
-
RETVAL=0
prog="pl_sshd"
# Some functions to make the below more readable
-SSHD=/usr/sbin/sshd
-RSA1_KEY=/var/local/etc/ssh_host_key
-RSA_KEY=/var/local/etc/ssh_host_rsa_key
-DSA_KEY=/var/local/etc/ssh_host_dsa_key
+SSHD=/usr/local/sbin/pl_sshd.sh
PID_FILE=/var/run/pl_sshd.pid
do_restart_sanity_check()
fi
}
-check_automount()
-{
- # get pid for our automount process
- AUTOPID=`mount | \
- sed -ne "s%^automount(pid\([0-9]*\)) on $KEYDIR type autofs.*%\1%p"`
-
- # check if that process is still alive
- { [ -n "$AUTOPID" ] && ps -p $AUTOPID >/dev/null 2>&1; } || return 1
-
- # check if we can actually mount a user dir in the automount dir
- [ -d "$KEYDIR/root" ] || return 1
-}
-
start()
{
- # make sure the key dir exists and automount is working on it
- [ -d "$KEYDIR" ] || mkdir -p $KEYDIR
- [ -x "$AUTOMAP" ] ||
- { echo "$AUTOMAP not executable"; return 1; }
- check_automount || $AUTOMOUNT $KEYDIR program $AUTOMAP
-
echo -n $"Starting $prog:"
initlog -c "$SSHD $OPTIONS" && success || failure
RETVAL=$?
stop()
{
- check_automount && kill -USR2 $AUTOPID
-
- #echo -n $"Stopping $prog:"
- #killproc $SSHD -TERM
- echo 'you need to kill the port 806 sshd(s) manually'
- echo 'make sure not to kill the port 22 sshd...'
+ echo -n $"Stopping $prog:"
+ killproc $prog -TERM
RETVAL=$?
[ "$RETVAL" = 0 ] && rm -f /var/lock/subsys/pl_sshd
- #echo
+ echo
}
reload()
{
echo -n $"Reloading $prog:"
- killproc $SSHD -HUP
+ killproc $prog -HUP
RETVAL=$?
echo
}
fi
;;
status)
- check_automount && echo automount running ||
- echo automount not functioning
status pl_sshd
RETVAL=$?
;;
#!/bin/sh
+#
+# this wrapper runs sshd on an alternate port with a different argv[0]
+# and PID file (rather annoyingly, the latter has to be specified
+# explicitly even if argv[0] is changed).
+#
+# the alternate port is necessary so we can have two instances of sshd
+# running, the different name and PID file are required so that stopping
+# the standard sshd won't affect this one.
+#
+# we use port 806 unless there is a '-p' argument specifying a different
+# port. we also have to specify a different PID file so that one sshd
+# doesn't clobber the other's PID file.
+#
+# XXX - unfortunately the standard init.d/sshd script is fairly brutal
+# when stopping sshd processes - it will stop anything that looks
+# remotely like sshd. the measures taken here still don't prevent that
+# but i have decided that restarting/stopping sshd should be sufficiently
+# rare that it's not worth worrying about to any greater extent.
+#
+name=pl_sshd
+echo "$@" | grep -q -- '-p[ 0-9]' || port='-p 806'
-exec -a pl_sshd /usr/sbin/sshd "$@"
+exec -a $name /usr/sbin/sshd -o "PidFile /var/run/$name.pid" $port "$@"
Summary: SSH server config for PlanetLab
Name: pl_sshd
-Version: 0.1
+Version: 1.0
Release: 1
-Requires: automount, sshd
+Requires: autofs, openssh-server
Copyright: GPL
URL: http://www.planet-lab.org
Group: System Environment/Base
directory as source for authorized_keys files and points sshd to that
directory.
-Created from $Header$.
+$Header: /cvs/pl_sshd/pl_sshd.spec,v 1.2 2003/12/01 14:56:00 sjm-pl_sshd Exp $.
%prep
%setup
%install
-install -m 0755 -o root -g root pl_sshd.sh $RPM_BUILD_ROOT/usr/local/sbin
-install -m 0755 -o root -g root pl_sshd $RPM_BUILD_ROOT/etc/init.d
-install -m 0755 -o root -g root auto.pl_sshd $RPM_BUILD_ROOT/etc
-echo "OPTIONS='-p 806'" >$RPM_BUILD_ROOT/etc/sysconfig/sshd
+mkdir -p $RPM_BUILD_ROOT/usr/local/sbin
+mkdir -p $RPM_BUILD_ROOT/etc/{sysconfig,init.d}
+mkdir -p $RPM_BUILD_ROOT/var/pl_sshd/keys
+install -m 0755 pl_sshd.sh $RPM_BUILD_ROOT/usr/local/sbin
+install -m 0755 pl_sshd $RPM_BUILD_ROOT/etc/init.d
+install -m 0755 auto.pl_sshd $RPM_BUILD_ROOT/etc
%clean
rm -rf $RPM_BUILD_ROOT
RUNLEVEL=`/sbin/runlevel`
if [ "$1" -ge 1 ]; then
+ # create the magic directory for automount
+ keydir=/var/pl_sshd/keys
+ [ -d $keydir ] || mkdir -p $keydir
+
+ # add appropriate entry to auto.master
+ auto_master=/etc/auto.master
+ auto_master_entry="$keydir /etc/auto.pl_sshd"
+ grep -qF "$auto_master_entry" $auto_master || \
+ echo $auto_master_entry >>$auto_master
+
+ #
+ # use the sysconfig file to tell our system sshd to look in the
+ # magic location for authorized_keys files
+ #
+ sysconfig_sshd=/etc/sysconfig/sshd
+ [ -r $sysconfig_sshd ] && \
+ mv $sysconfig_sshd $sysconfig_sshd.pl_sshd
+ echo "OPTIONS='-o \"AuthorizedKeysFile $keydir/%u/authorized_keys\"'" \
+ >$sysconfig_sshd
+
+ # link sshd pam config to pl_sshd so that we can actually login
+ pam_pl_sshd=/etc/pam.d/pl_sshd
+ [ -r $pam_pl_sshd ] || ln -s sshd $pam_pl_sshd
+
chkconfig --add pl_sshd
if [[ "$RUNLEVEL" != "unknown" ]]; then
- /etc/init.d/pl_sshd restart
+ /etc/init.d/autofs restart
+ /etc/init.d/sshd restart
+ /etc/init.d/pl_sshd start
fi
fi
%preun
+RUNLEVEL=`/sbin/runlevel`
+
if [ "$1" = 0 ]; then
+ #
+ # stop pl_sshd, remove it from rcX.d init dirs, remove link
+ # to sshd's pam config
+ #
+ [ "$RUNLEVEL" != "unknown" ] && /etc/init.d/pl_sshd stop
chkconfig --del pl_sshd
+ rm -f /etc/pam.d/pl_sshd
+
+ #
+ # remove funky config options for sshd (so that when we restart
+ # things will operate normally i.e., without automount magic),
+ # then restart
+ #
+ rm /etc/sysconfig/sshd
+ [ "$RUNLEVEL" != "unknown" ] && /etc/init.d/sshd restart
+
+ #
+ # stop automounter, remove entry from auto.master, restart if
+ # necessary
+ #
+ [ "$RUNLEVEL" != "unknown" ] && /etc/init.d/autofs stop
+ auto_master=/etc/auto.master
+ mv $auto_master $auto_master.pl_sshd.preun
+ sed -e '\,^/var/pl_sshd/keys,d' $auto_master.pl_sshd.preun \
+ >$auto_master
+
+ [ "$RUNLEVEL" != "unknown" ] && /etc/init.d/autofs start
fi
%changelog
-* Tue Nov 25 2003 Steve Muir <smuir@cs.princeton.edu>
-- fixed a couple of Node Manager bugs:
- - bootstrapping pl_conf state when boot server unreachable
- - canonical hostnames should be all lower-case
-- fixup UID and GID of users within vservers to match real world
-- enable access to dynamic slices through port 806 sshd
-
-* Sun Oct 26 2003 Aaron Klingaman <Aaron.L.Klingaman@intel.com>
-- readded start/stop only when runlevel is known, for install purposes
-
-* Thu Oct 16 2003 Jeff Sedayao <Jeff.Sedayao@intel.com>
-- Fixed bug in pl_conf - it was getting negative wait times. Also added
- duke4 as a trusted user.
-
-* Tue Oct 8 2003 Jeff Sedayao <Jeff.Sedayao@intel.com>
-- Removed special fetch login from init function, updated release
-
-* Tue Oct 7 2003 Jeff Sedayao <Jeff.Sedayao@intel.com>
-- Moved special fetch login into main loop, fix account deletion
- problem
-
-* Tue Oct 7 2003 Aaron Klingaman <Aaron.L.Klingaman@intel.com>
-- Commented out code to start pl_* upon install
-
-* Wed Aug 26 2003 Tammo Spalink <tammo.spalink@intel.com>
-- Initial build.
+* Mon Dec 1 2003 Steve Muir <smuir@cs.princeton.edu>
+- initial creation from files in sidewinder repository
--- /dev/null
+SPECFILE := $(PACKAGE).spec
+SPECFILE_FILELIST := /^%files/,/^%pre/s,^%attr.*/\([^/]*\),\1,p
+FILES := $(shell sed -ne '$(SPECFILE_FILELIST)' $(SPECFILE))
+VERSION := $(shell sed -ne 's/^Version: \(.*\)/\1/p' $(SPECFILE))
+RELEASE := $(shell sed -ne 's/^Release: \(.*\)/\1/p' $(SPECFILE))
+NAME := $(PACKAGE)-$(VERSION)
+FULLNAME := $(NAME)-$(RELEASE)
+TARBALL := $(FULLNAME).tar.gz
+RPM_BUILDDIR := .rpmbuild
+CWD := $(shell pwd)
+
+#
+# we have to jump through hoops to make RPM work nicely
+#
+RPM_RC_SYS := /usr/lib/rpm/rpmrc:$(wildcard /usr/lib/rpm/redhat/rpmrc)
+RPM_RC_USER := $(wildcard $(HOME)/.rpmrc)
+RPM_RC_LOCAL := .rpmrc
+RPM_RCFILES := $(subst ::,:,$(RPM_RC_SYS):$(RPM_RC_LOCAL):$(RPM_RC_USER))
+
+# ask RPM what architecture it will build for
+ARCH := $(shell rpm --showrc | sed -ne 's/^build arch.*: *\(.*\)/\1/p')
+
+# find out what the standard list of macro files is
+RPM_MACROS_SYS := $(shell rpm --showrc | \
+ sed -ne 's,^macrofiles[^:]*: \(.*\):~.*,\1,p')
+RPM_MACROS_LOCAL := .rpmmacros
+RPM_MACROS_USER := $(wildcard $(HOME)/.rpmmacros)
+RPM_MACROFILES := $(RPM_MACROS_SYS):$(RPM_MACROS_LOCAL):$(RPM_MACROS_USER)
+
+LOCALFILES := $(RPM_RC_LOCAL) $(RPM_MACROS_LOCAL) $(RPM_BUILDDIR)
+
+RPMFILE := $(FULLNAME).$(ARCH).rpm
+
+tarball: $(TARBALL)
+
+#
+# the idiosyncracies of RPM building require that the tarball has files
+# located in directory $(NAME), not $(FULLNAME)
+#
+$(TARBALL): $(FILES)
+ @echo creating $@...
+ @[ -d $(NAME) ] || ln -s . $(NAME)
+ @tar czvf $(TARBALL) $(addprefix $(NAME)/,$^)
+ @rm $(NAME)
+
+rpm: $(RPMFILE)
+
+$(RPMFILE): $(TARBALL) $(SPECFILE) $(LOCALFILES)
+ rpmbuild --buildroot=$(CWD)/$(RPM_BUILDDIR)/tmp \
+ --rcfile $(RPM_RCFILES) -bb $(SPECFILE)
+
+$(RPM_RC_LOCAL):
+ @echo 'macrofiles: $(RPM_MACROFILES)' >$@
+ @echo created $@
+
+$(RPM_MACROS_LOCAL):
+ @exec >$@; \
+ echo "%distribution PlanetLab"; \
+ echo "%_fullname %{name}-%{version}-%{release}"; \
+ echo "%_topdir $(CWD)"; \
+ echo "%_sourcedir %{_topdir}"; \
+ echo "%_builddir %{_topdir}/$(RPM_BUILDDIR)"; \
+ echo "%_rpmdir %{_builddir}"
+ @echo created $@
+
+$(RPM_BUILDDIR):
+ mkdir -p $(RPM_BUILDDIR)/tmp
+ ln -s .. $(RPM_BUILDDIR)/$(ARCH)
+
+rpm-config: $(LOCALFILES)
+ @echo RPM_RCFILES=$(RPM_RCFILES)
+ @echo RPM_MACROFILES=$(RPM_MACROFILES)
+ @echo RPM_ARCH=$(ARCH)
+
+rpm-clean:
+ rm -f $(NAME) $(RPMFILE) $(TARBALL)
+ rm -rf $(LOCALFILES)