From a1496350b891d9c6526abaf6034acf32d2492131 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Thu, 28 May 2020 14:07:31 -0400 Subject: New makefile target 'install-dyndns-server' This isn't fully implemented: * doesn't create the dyndns user * doesn't install or configure pdns. --- Makefile | 27 ++++++++++++++++++++++++++- src/samizdat-ssh-command | 6 ++++++ 2 files changed, 32 insertions(+), 1 deletion(-) diff --git a/Makefile b/Makefile index b60f052..e4109f0 100644 --- a/Makefile +++ b/Makefile @@ -46,7 +46,7 @@ src_bin_programs = xorriso-usb.sh btrfs-functions.sh btrfs-receive-root.sh btrfs-send-root.sh var.sh grub-efi.sh keygen.sh initrd.sh qemu.sh \ dnsmasq-dhcp-script.sh samizdat-password-agent samizdat-gpg-agent publish-ip.sh \ selfstrap samizdat-daily-snapshot-root samizdat-diff-root kiki-export-stdout \ -kiki-import-stdin store-child-permanently $(dyndns_progs) +kiki-import-stdin store-child-permanently samizdat-ssh-uid $(dyndns_progs) bin_programs=$(addprefix src/, $(src_bin_programs)) samizdat-paths.sh ${cc_files} ${btrfs_utils} @@ -65,6 +65,31 @@ samizdat-paths.sh: src/samizdat-paths.in @sed -e "s?PREFIX?$(prefix)?g" $< > $@ include samizdat-paths.sh +DD_USER = dyndns +DD_GROUP = dyndns + +install-dyndns-server: +ifneq ($(shell id -u),0) + $(SUDO_MAKE) $@ +else + : apt install pdns + : adduser $(DD_USER) + chown root:$(DD_GROUP) /etc/powerdns + chown pdns:$(DD_GROUP) /etc/powerdns/powerdns.sqlite3 + chmod g+rwx /etc/powerdns + chmod g+rw /etc/powerdns/powerdns.sqlite3 + $(MAKE) ~$(DD_USER)/.ssh/authorized_keys + install src/samizdat-ssh-command /usr/local/bin/ + install src/dyndns-command.sh ~$(DD_USER)/samizdat-default-command +endif + +define dyndns_authorized_keys_contents +command="/usr/local/bin/samizdat-ssh-command /etc/powerdns/dyndns-command.sh",no-port-forwarding * Samizdat - YES WE CAN +endef + +~$(DD_USER)/.ssh/authorized_keys: + : writing file $@ $(file >$@,$(dyndns_authorized_keys_contents)) + install-nested-kvm: conf/kvm.conf install -m0644 conf/kvm.conf ${instdir}/etc/modprobe.d/ modprobe -r kvm-intel kvm-amd kvm; modprobe kvm; modprobe kvm-intel; modprobe kvm-amd; true diff --git a/src/samizdat-ssh-command b/src/samizdat-ssh-command index 79053fd..a03b554 100755 --- a/src/samizdat-ssh-command +++ b/src/samizdat-ssh-command @@ -222,6 +222,12 @@ fi eval "$(samizdat-ssh-uid)" || die eval +if [ $# -gt 0 ] +then + exec "$@" + exit +fi + # TODO: call password_authentication on all authorization failures #echo "SSH_ORIGINAL_COMMAND=$SSH_ORIGINAL_COMMAND" >&2 -- cgit v1.2.3