New makefile target 'install-dyndns-server'

This isn't fully implemented: * doesn't create the dyndns user * doesn't install or configure pdns.
author: Andrew Cady <d@jerkface.net> 2020-05-28 14:07:31 -0400
committer: Andrew Cady <d@jerkface.net> 2020-05-28 14:07:31 -0400
commit: a1496350b891d9c6526abaf6034acf32d2492131 (patch)
tree: 44642b1c41c47cc097ba4beede0ddad7110ef58d
parent: f1cb71db11b0b83dc38b98d9117a284e6f3f5e47 (diff)
2 files changed, 32 insertions, 1 deletions
diff --git a/Makefile b/Makefile
index b60f052..e4109f0 100644
--- a/Makefile
+++ b/Makefile
@@ -46,7 +46,7 @@ src_bin_programs = xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh
 btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh               \
 dnsmasq-dhcp-script.sh samizdat-password-agent samizdat-gpg-agent publish-ip.sh \
 selfstrap samizdat-daily-snapshot-root samizdat-diff-root kiki-export-stdout    \
-kiki-import-stdin store-child-permanently $(dyndns_progs)
+kiki-import-stdin store-child-permanently samizdat-ssh-uid $(dyndns_progs)
 bin_programs=$(addprefix src/, $(src_bin_programs)) samizdat-paths.sh ${cc_files} ${btrfs_utils}
@@ -65,6 +65,31 @@ samizdat-paths.sh: src/samizdat-paths.in
        @sed -e "s?PREFIX?$(prefix)?g" $< > $@
 include samizdat-paths.sh
+DD_USER = dyndns
+DD_GROUP = dyndns
+install-dyndns-server:
+ifneq ($(shell id -u),0)
+        $(SUDO_MAKE) $@
+else
+        : apt install pdns
+        : adduser $(DD_USER)
+        chown root:$(DD_GROUP) /etc/powerdns
+        chown pdns:$(DD_GROUP) /etc/powerdns/powerdns.sqlite3
+        chmod g+rwx /etc/powerdns
+        chmod g+rw /etc/powerdns/powerdns.sqlite3
+        $(MAKE) ~$(DD_USER)/.ssh/authorized_keys
+        install src/samizdat-ssh-command /usr/local/bin/
+        install src/dyndns-command.sh ~$(DD_USER)/samizdat-default-command
+endif
+define dyndns_authorized_keys_contents
+command="/usr/local/bin/samizdat-ssh-command /etc/powerdns/dyndns-command.sh",no-port-forwarding * Samizdat - YES WE CAN
+endef
+~$(DD_USER)/.ssh/authorized_keys:
+        : writing file $@  $(file >$@,$(dyndns_authorized_keys_contents))
 install-nested-kvm: conf/kvm.conf
        install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/
        modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true
diff --git a/src/samizdat-ssh-command b/src/samizdat-ssh-command
index 79053fd..a03b554 100755
--- a/src/samizdat-ssh-command
+++ b/src/samizdat-ssh-command
@@ -222,6 +222,12 @@ fi
 eval "$(samizdat-ssh-uid)" || die eval
+if [ $# -gt 0 ]
+then
+  exec "$@"
+  exit
+fi
 # TODO: call password_authentication on all authorization failures
 #echo "SSH_ORIGINAL_COMMAND=$SSH_ORIGINAL_COMMAND" >&2
author	Andrew Cady <d@jerkface.net>	2020-05-28 14:07:31 -0400
committer	Andrew Cady <d@jerkface.net>	2020-05-28 14:07:31 -0400
commit	a1496350b891d9c6526abaf6034acf32d2492131 (patch)
tree	44642b1c41c47cc097ba4beede0ddad7110ef58d
parent	f1cb71db11b0b83dc38b98d9117a284e6f3f5e47 (diff)

diff --git a/Makefile b/Makefile index b60f052..e4109f0 100644 --- a/Makefile +++ b/Makefile
@@ -46,7 +46,7 @@ src_bin_programs = xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh
46	btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh \	46	btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh \
47	dnsmasq-dhcp-script.sh samizdat-password-agent samizdat-gpg-agent publish-ip.sh \	47	dnsmasq-dhcp-script.sh samizdat-password-agent samizdat-gpg-agent publish-ip.sh \
48	selfstrap samizdat-daily-snapshot-root samizdat-diff-root kiki-export-stdout \	48	selfstrap samizdat-daily-snapshot-root samizdat-diff-root kiki-export-stdout \
49	kiki-import-stdin store-child-permanently $(dyndns_progs)	49	kiki-import-stdin store-child-permanently samizdat-ssh-uid $(dyndns_progs)
50		50
51	bin_programs=$(addprefix src/, $(src_bin_programs)) samizdat-paths.sh ${cc_files} ${btrfs_utils}	51	bin_programs=$(addprefix src/, $(src_bin_programs)) samizdat-paths.sh ${cc_files} ${btrfs_utils}
52		52
@@ -65,6 +65,31 @@ samizdat-paths.sh: src/samizdat-paths.in
65	@sed -e "s?PREFIX?$(prefix)?g" $< > $@	65	@sed -e "s?PREFIX?$(prefix)?g" $< > $@
66	include samizdat-paths.sh	66	include samizdat-paths.sh
67		67
		68	DD_USER = dyndns
		69	DD_GROUP = dyndns
		70
		71	install-dyndns-server:
		72	ifneq ($(shell id -u),0)
		73	$(SUDO_MAKE) $@
		74	else
		75	: apt install pdns
		76	: adduser $(DD_USER)
		77	chown root:$(DD_GROUP) /etc/powerdns
		78	chown pdns:$(DD_GROUP) /etc/powerdns/powerdns.sqlite3
		79	chmod g+rwx /etc/powerdns
		80	chmod g+rw /etc/powerdns/powerdns.sqlite3
		81	$(MAKE) ~$(DD_USER)/.ssh/authorized_keys
		82	install src/samizdat-ssh-command /usr/local/bin/
		83	install src/dyndns-command.sh ~$(DD_USER)/samizdat-default-command
		84	endif
		85
		86	define dyndns_authorized_keys_contents
		87	command="/usr/local/bin/samizdat-ssh-command /etc/powerdns/dyndns-command.sh",no-port-forwarding * Samizdat - YES WE CAN
		88	endef
		89
		90	~$(DD_USER)/.ssh/authorized_keys:
		91	: writing file $@ $(file >$@,$(dyndns_authorized_keys_contents))
		92
68	install-nested-kvm: conf/kvm.conf	93	install-nested-kvm: conf/kvm.conf
69	install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/	94	install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/
70	modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true	95	modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true


diff --git a/src/samizdat-ssh-command b/src/samizdat-ssh-command index 79053fd..a03b554 100755 --- a/src/samizdat-ssh-command +++ b/src/samizdat-ssh-command
@@ -222,6 +222,12 @@ fi
222		222
223	eval "$(samizdat-ssh-uid)" \|\| die eval	223	eval "$(samizdat-ssh-uid)" \|\| die eval
224		224
		225	if [ $# -gt 0 ]
		226	then
		227	exec "$@"
		228	exit
		229	fi
		230
225	# TODO: call password_authentication on all authorization failures	231	# TODO: call password_authentication on all authorization failures
226		232
227	#echo "SSH_ORIGINAL_COMMAND=$SSH_ORIGINAL_COMMAND" >&2	233	#echo "SSH_ORIGINAL_COMMAND=$SSH_ORIGINAL_COMMAND" >&2