postinst

#!/bin/sh
# postinst script for lsh-server
#
# see: dh_installdeb(1)

set -e

# summary of how this script can be called:
#        * <postinst> `configure' <most-recently-configured-version>
#        * <old-postinst> `abort-upgrade' <new version>
#        * <conflictor's-postinst> `abort-remove' `in-favour' <package>
#          <new-version>
#        * <deconfigured's-postinst> `abort-deconfigure' `in-favour'
#          <failed-install-package> <version> `removing'
#          <conflicting-package> <version>
# for details, see http://www.debian.org/doc/debian-policy/ or
# the debian-policy package
#
# quoting from the policy:
#     Any necessary prompting should almost always be confined to the
#     post-installation script, and should be protected with a conditional
#     so that unnecessary prompting doesn't happen if a package's
#     installation fails and the `postinst' is called with `abort-upgrade',
#     `abort-remove' or `abort-deconfigure'.

create_seed_and_key() {
    RANDOM_SEED="/var/spool/lsh/yarrow-seed-file"
    HOST_KEY="/etc/lsh_host_key"
    OPENSSH_HOST_KEY="/etc/ssh/ssh_host_rsa_key"

    if [ ! -f "$RANDOM_SEED" ]; then
	echo -n "Creating lsh random seed file (this may take a while) ..."
	DIR=$(dirname "$RANDOM_SEED")
	if install -d -m 700 "$DIR" &&
	    dd if=/dev/random "of=$RANDOM_SEED" bs=1 count=32 2>/dev/null &&
	    chmod 600 "$RANDOM_SEED"; then
	    echo " done."
	else
	    echo " failed!"
	    return 1
	fi
    fi

    if [ ! -f "$HOST_KEY" ]; then
	if [ -r "$OPENSSH_HOST_KEY" ]; then
	    echo -n "Converting existing OpenSSH RSA host key ... "
	    if pkcs1-conv < "$OPENSSH_HOST_KEY" | lsh-writekey --server &&
		[ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
		chmod +r "$HOST_KEY.pub"
		echo "done."
		return 0
	    fi
	    rm -f "$HOST_KEY" "$HOST_KEY.pub"
	    echo "failed. Will generate a new key instead."
	fi
	echo -n "Creating lsh host key ... "
	if lsh-keygen --server | lsh-writekey --server &&
	    [ -f "$HOST_KEY" -a -f "$HOST_KEY.pub" ]; then
	    chmod +r "$HOST_KEY.pub"
	    echo "done."
	else
	    echo "failed!"
	    return 1
	fi
    fi
    return 0
}

LSHD_DEFAULTS=/etc/default/lsh-server

case "$1" in
    configure)

	# This needs to be fixed. If we do stuff this way, strange things will
	# happen ... the user can specify stuff to debconf and old options can
	# still be written to the config file :-(
	# First, get default options
	#[ -e "$LSHD_DEFAULTS" ] && . "$LSHD_DEFAULTS"

	# Fall back to default options if necessary
	LSHD_PORT=${LSHD_PORT:-2222}
	ENABLE_SFTP=${ENABLE_SFTP:-false}

	# Make sure ENABLE_SFTP is either "true" or "false", set up option
	case "$ENABLE_SFTP" in
	    true|TRUE|y*|Y*)
		ENABLE_SFTP=true
		;;
	    *)
		ENABLE_SFTP=false
		;;
	esac
	
	. /usr/share/debconf/confmodule
   
	db_get "lsh-server/lshd_port"; LSHD_PORT="$RET"
	db_get "lsh-server/sftp"; ENABLE_SFTP="$RET"
	db_get "lsh-server/extra_args"; EXTRA_ARGS="$RET"
	exec 3>&-

	# OK, now make the config file

	cat <<"EOF" >"$LSHD_DEFAULTS"
# Configuration file generated by lsh-server.postinst.
# You can change the lsh-server configuration either by editing
# this file, or by running dpkg-reconfigure lsh-server.
#
# If systemd is used, this file is read as an environment file and can
# only contain environment variable assignments.
EOF

	echo "LSHD_PORT=\"$LSHD_PORT\"" >>"$LSHD_DEFAULTS"
	echo "ENABLE_SFTP=\"$ENABLE_SFTP\"" >> "$LSHD_DEFAULTS"
	echo "EXTRA_ARGS=\"$EXTRA_ARGS\"" >> "$LSHD_DEFAULTS"

	# Versions before 2.0.1cdbs-4 have a security issue, therefore
	# have the random seed regenerated.
	if [ "$2" ] && [ -e "/var/spool/lsh/yarrow-seed-file" ] \
		&& dpkg --compare-versions "$2" lt "2.0.1cdbs-4"; then
		echo " Removing /var/spool/lsh/yarrow-seed-file, because of you are upgrading from a"
		echo " version with a known security bug, so we can't trust the seed any more."
		echo " It will be automatically regenerated from /dev/random."
		rm /var/spool/lsh/yarrow-seed-file
	fi

	# Disable ssh if needed
	if [ "$LSHD_PORT" -eq 22 ] ; then
	    if [ ! -d /etc/ssh ] ; then
		mkdir -p /etc/ssh
	    fi

	    file=/etc/ssh/sshd_not_to_be_run
	    if [ ! -f "$file" ] ; then
# stop ssh from starting at bootup
		cat  <<"EOF" >"$file"
LSH_SERVER_CONFIG_GENERATED
# Generated by lsh-server.postinst
# Please don't remove this file unless you have first disabled lsh, and don't
# change the first line ... otherwise lsh-server won't recognise it!!!
EOF

		if [ -x "/etc/init.d/ssh" ]; then
		    if [ -x "`which invoke-rc.d 2>/dev/null`" ]; then
			invoke-rc.d ssh stop || true
		    else
			/etc/init.d/ssh stop || true
		    fi
		fi
	    fi
	fi

	create_seed_and_key
    ;;

    abort-upgrade|abort-remove|abort-deconfigure)

    ;;

    *)
        echo "postinst called with unknown argument \`$1'" >&2
        exit 1
    ;;
esac

# dh_installdeb will replace this with shell code automatically
# generated by other debhelper scripts

# Automatically added by dh_systemd_enable
# This will only remove masks created by d-s-h on package removal.
deb-systemd-helper unmask lsh-server.service >/dev/null || true

# was-enabled defaults to true, so new installations run enable.
if deb-systemd-helper --quiet was-enabled lsh-server.service; then
	# Enables the unit on first installation, creates new
	# symlinks on upgrades if the unit file has changed.
	deb-systemd-helper enable lsh-server.service >/dev/null || true
else
	# Update the statefile to add new symlinks (if any), which need to be
	# cleaned up on purge. Also remove old symlinks.
	deb-systemd-helper update-state lsh-server.service >/dev/null || true
fi
# End automatically added section
# Automatically added by dh_installinit
if [ "$1" = "configure" ] || [ "$1" = "abort-upgrade" ]; then
	if [ -x "/etc/init.d/lsh-server" ]; then
		update-rc.d lsh-server defaults >/dev/null
	fi
	if [ -x "/etc/init.d/lsh-server" ] || [ -e "/etc/init/lsh-server.conf" ]; then
		invoke-rc.d lsh-server start || exit $?
	fi
fi
# End automatically added section


exit 0
lsh-server 2.1-8 / postinst
