diff options
author | ponce <matteo.bernardini@sns.it> | 2010-12-09 10:29:01 -0600 |
---|---|---|
committer | Robby Workman <rworkman@slackbuilds.org> | 2010-12-09 10:29:01 -0600 |
commit | c8cbc6a05cd2c057761c473574aefff409751c4c (patch) | |
tree | 7d7e44b78e7c3d27d22f5e9eb5dd70de34583bd3 /network/freenx/doinst.sh | |
parent | 8cb50d13eaa0a31273698f99bd5f668cb75edd66 (diff) |
network/freenx: Added (Free implementation of the NX Server)
Thanks to Eric Hameleers (alienBOB) for the original script
on which this one is based.
Signed-off-by: Robby Workman <rworkman@slackbuilds.org>
Diffstat (limited to 'network/freenx/doinst.sh')
-rw-r--r-- | network/freenx/doinst.sh | 111 |
1 files changed, 111 insertions, 0 deletions
diff --git a/network/freenx/doinst.sh b/network/freenx/doinst.sh new file mode 100644 index 0000000000000..440c22901fb21 --- /dev/null +++ b/network/freenx/doinst.sh @@ -0,0 +1,111 @@ +config() { + for infile in $1; do + NEW="$infile" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ ! -r $OLD ]; then + mv $NEW $OLD + elif [ "$(cat $OLD | md5sum)" = "$(cat $NEW | md5sum)" ]; then + rm $NEW + fi + done +} +preserve_perms() { + NEW="$1" + OLD="$(dirname $NEW)/$(basename $NEW .new)" + if [ -e $OLD ]; then + cp -a $OLD ${NEW}.incoming + cat $NEW > ${NEW}.incoming + mv ${NEW}.incoming $NEW + fi + config $NEW +} + +config etc/nxserver/node.conf.new +config etc/logrotate.d/freenx-server.new +preserve_perms etc/rc.d/rc.freenx.new + +chroot . <<EOCR 2>/dev/null +export \$(grep ^NX_DIR usr/bin/nxloadconfig) +export \$(grep ^NX_HOME_DIR usr/bin/nxloadconfig) +export \$(grep ^NX_SESS_DIR usr/bin/nxloadconfig) +export \$(grep ^NX_ETC_DIR usr/bin/nxloadconfig) +export \$(grep ^NX_LOGFILE usr/bin/nxloadconfig) +export \$(grep ^SSH_AUTHORIZED_KEYS usr/bin/nxloadconfig) + +touch \${NX_ETC_DIR}/passwords \${NX_ETC_DIR}/passwords.orig \${NX_LOGFILE} +chmod 600 \${NX_ETC_DIR}/pass* \${NX_LOGFILE} + +if [ ! -e \${NX_ETC_DIR}/users.id_dsa ]; then + ssh-keygen -f \${NX_ETC_DIR}/users.id_dsa -t dsa -N "" > /dev/null 2>&1 +fi + +if [ -e \${NX_HOME_DIR}/.ssh/client.id_dsa.key ] && \ + [ -e \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key ]; then + # There is a pre-existing NX installation. We use the ~nx/.ssh files. + echo "Copying existing nx ssh keys to \${NX_ETC_DIR} ." + cp -af \${NX_HOME_DIR}/.ssh/client.id_dsa.key \ + \${NX_ETC_DIR}/client.id_dsa.key + cp -af \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key \ + \${NX_ETC_DIR}/server.id_dsa.pub.key +fi + +if [ ! -e \${NX_ETC_DIR}/client.id_dsa.key ] || \ + [ ! -e \${NX_ETC_DIR}/server.id_dsa.pub.key ]; then + # We are going to create a new SSH key for the FreeNX server. + # The NX client must import this key into it's configuration to be able to + # connect to the FreeNX server. + # If you're security minded, use this key exclusively, and remove the + # NoMachine key from ${NX_HOME_DIR}/.ssh/authorized_keys. + echo "Creating a new SSH key for the FreeNX server." + rm -f \${NX_ETC_DIR}/client.id_dsa.key + rm -f \${NX_ETC_DIR}/server.id_dsa.pub.key + ssh-keygen -q -t dsa -N '' -f \${NX_ETC_DIR}/local.id_dsa + mv \${NX_ETC_DIR}/local.id_dsa \${NX_ETC_DIR}/client.id_dsa.key + mv \${NX_ETC_DIR}/local.id_dsa.pub \${NX_ETC_DIR}/server.id_dsa.pub.key + + # Put our fresh key files in place. + cp -f \${NX_ETC_DIR}/client.id_dsa.key \ + \${NX_HOME_DIR}/.ssh/client.id_dsa.key + cp -f \${NX_ETC_DIR}/server.id_dsa.pub.key \ + \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key + chmod 600 \ + \${NX_ETC_DIR}/client.id_dsa.key \ + \${NX_ETC_DIR}/server.id_dsa.pub.key \ + \${NX_HOME_DIR}/.ssh/client.id_dsa.key \ + \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key + echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=\"/usr/bin/nxserver\" "\ + > \${NX_HOME_DIR}/.ssh/authorized_keys + cat \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key \ + >> \${NX_HOME_DIR}/.ssh/authorized_keys + chmod 640 \${NX_HOME_DIR}/.ssh/authorized_keys + echo -n "127.0.0.1 " > \${NX_HOME_DIR}/.ssh/known_hosts + cat etc/ssh/ssh_host_rsa_key.pub >> \${NX_HOME_DIR}/.ssh/known_hosts + + # Add the Nomachine pubkey to ${NX_HOME_DIR}/.ssh/authorized_keys + # This way, any NX client can connect to our FreeNX server without + # having to import our own FreeNX private key. + # If you want an "out-of-the-box" experience, leave the NoMachine key in + # ${NX_HOME_DIR}/.ssh/authorized_keys. If you're paranoid, remove + # this pubkey and accept only clients who have our custom FreeNX key. + cat <<_EOT_ >> \${NX_HOME_DIR}/.ssh/authorized_keys +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@nettuno +_EOT_ +fi # end "no pre-existing NX ssh keys" + +if [ -e var/lib/nxserver/running ]; then + mv var/lib/nxserver/running/* \${NX_SESS_DIR}/running + mv var/lib/nxserver/closed/* \${NX_SESS_DIR}/closed + mv var/lib/nxserver/failed/* \${NX_SESS_DIR}/failed + rm -rf var/lib/nxserver/running + rm -rf var/lib/nxserver/closed + rm -rf var/lib/nxserver/failed +fi + +chown -R nx:root var/lib/nxserver +chown -R nx:root \${NX_SESS_DIR} +chown -R nx:root \${NX_ETC_DIR} +chown -R nx:root \${NX_HOME_DIR} +chown nx:root \${NX_LOGFILE} + +EOCR + |