Le Wed, Apr 04, 2012 at 06:51:37PM +0200, Christian PERRIER a écrit :
>
> I propose you use sublevel 6.
>
> Then update the patch...then propose a patch to the D-I documentation
> (the part about preseeding as any preseedable value should be
> documented there).
Dear Christian and everybody,
here is an updated patch to network-console, to implement SSH connection via
authorized keys downloaded at run time.
I am still studying how to test the patched udeb...
I will submit a patch to the D-I documentation separately. In the meantime,
please let me know if you spot a problem with the attached patches.
Have a nice week-end,
--
Charles Plessy
Tsurumi, Kanagawa, Japan
>From a46062a72f680feebc78ff7a630ccb5765b478c1 Mon Sep 17 00:00:00 2001
From: Charles Plessy <ple...@debian.org>
Date: Sat, 21 Apr 2012 11:53:13 +0900
Subject: [PATCH 1/4] Add support for public-key authentication (Matt T.
Proud, LP: #184108).
URL: http://patches.ubuntu.com/n/network-console/network-console_1.29ubuntu1.patch
---
debian/network-console.postinst | 25 ++++++++++++++++++++++++-
debian/network-console.templates | 16 ++++++++++++++++
2 files changed, 40 insertions(+), 1 deletion(-)
diff --git a/debian/network-console.postinst b/debian/network-console.postinst
index c5c0560..cbfe825 100755
--- a/debian/network-console.postinst
+++ b/debian/network-console.postinst
@@ -26,7 +26,30 @@ case "$ARCHDETECT" in
;;
esac
-while [ -z "$PASSWORD" ]; do
+db_get $TEMPLATE_ROOT/authorized_keys_url
+
+AUTHORIZED_KEYS_URL="$RET"
+AUTHORIZED_KEYS_DIRECTORY="/.ssh"
+AUTHORIZED_KEYS_FILE="$AUTHORIZED_KEYS_DIRECTORY/authorized_keys"
+
+if [ -n "$AUTHORIZED_KEYS_URL" ]; then
+ if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
+ [ -d "$AUTHORIZED_KEYS_DIRECTORY" ] || \
+ mkdir "$AUTHORIZED_KEYS_DIRECTORY"
+ chmod 0700 "$AUTHORIZED_KEYS_DIRECTORY"
+ if ! wget -q "$AUTHORIZED_KEYS_URL" -O "$AUTHORIZED_KEYS_FILE"; then
+ db_subst $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+ LOCATION "$AUTHORIZED_KEYS_URL"
+ db_input critical $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+ || true
+ db_go
+ exit 1
+ fi
+ chmod 0644 "$AUTHORIZED_KEYS_FILE" || true
+ fi
+fi
+
+while [ ! -f "$AUTHORIZED_KEYS_FILE" ] && [ -z "$PASSWORD" ]; do
db_input critical $TEMPLATE_ROOT/password || true
COMPARE_PW=''
db_input high $TEMPLATE_ROOT/password-again && COMPARE_PW=1 || true
diff --git a/debian/network-console.templates b/debian/network-console.templates
index 4439379..58daa88 100644
--- a/debian/network-console.templates
+++ b/debian/network-console.templates
@@ -75,3 +75,19 @@ _Description: Start SSH
.
Please check this carefully against the fingerprint reported by
your SSH client.
+
+Template: network-console/authorized_keys_url
+Type: string
+Description: for internal use; can be preseeded
+ What URL contains a list of authorized SSH public keys?
+ .
+ The file at the given URL should be of the same form as a standard OpenSSH
+ authorized_keys file.
+
+Template: network-console/authorized_keys_fetch_failure
+Type: error
+# should be translated when committed upstream
+Description: Could not fetch OpenSSH authorized keys
+ An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
+ .
+ Check /var/log/syslog or see virtual console 4 for the details.
--
1.7.9.5
>From 2228ea565729b20691b2451af5743e331647d9e8 Mon Sep 17 00:00:00 2001
From: Charles Plessy <ple...@debian.org>
Date: Sat, 21 Apr 2012 12:17:31 +0900
Subject: [PATCH 2/4] Mark network-console/authorized_keys_fetch_failure for
translation.
---
debian/network-console.templates | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/debian/network-console.templates b/debian/network-console.templates
index 58daa88..db8621d 100644
--- a/debian/network-console.templates
+++ b/debian/network-console.templates
@@ -86,8 +86,8 @@ Description: for internal use; can be preseeded
Template: network-console/authorized_keys_fetch_failure
Type: error
-# should be translated when committed upstream
-Description: Could not fetch OpenSSH authorized keys
+# :sl6:
+_Description: Could not fetch OpenSSH authorized keys
An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
.
Check /var/log/syslog or see virtual console 4 for the details.
--
1.7.9.5
>From 9ff20a125fc30d8b11e6fe10aa25f1f6bb9c9582 Mon Sep 17 00:00:00 2001
From: Charles Plessy <ple...@debian.org>
Date: Sat, 21 Apr 2012 12:22:05 +0900
Subject: [PATCH 3/4] Simplification of the authorized_keys* entries.
---
debian/network-console.templates | 8 ++++----
1 file changed, 4 insertions(+), 4 deletions(-)
diff --git a/debian/network-console.templates b/debian/network-console.templates
index db8621d..26c19fa 100644
--- a/debian/network-console.templates
+++ b/debian/network-console.templates
@@ -79,15 +79,15 @@ _Description: Start SSH
Template: network-console/authorized_keys_url
Type: string
Description: for internal use; can be preseeded
- What URL contains a list of authorized SSH public keys?
+ URL to a list of authorized SSH public keys.
.
- The file at the given URL should be of the same form as a standard OpenSSH
+ The file at the given URL should be of the same form as a standard SSH
authorized_keys file.
Template: network-console/authorized_keys_fetch_failure
Type: error
# :sl6:
-_Description: Could not fetch OpenSSH authorized keys
- An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
+_Description: Could not fetch SSH authorized keys
+ An error occurred while fetching SSH authorized keys from ${LOCATION}.
.
Check /var/log/syslog or see virtual console 4 for the details.
--
1.7.9.5
>From 246fa52be67f03f111ea7c8999e0f5e26bb37996 Mon Sep 17 00:00:00 2001
From: Charles Plessy <ple...@debian.org>
Date: Sat, 21 Apr 2012 12:25:11 +0900
Subject: [PATCH 4/4] New changelog entry for 1.31, about SSH public-key
authentication.
---
debian/changelog | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/debian/changelog b/debian/changelog
index 43ac6c4..82cce35 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+network-console (1.31) UNRELEASED; urgency=low
+
+ [ Matt T. Proud ]
+ * Add support for public-key authentication (Closes:#592550, LP: #184108).
+
+ [ Charles Plessy ]
+ * Mark authorized_keys_fetch_failure for translation, sublevel 6.
+
+ -- Charles Plessy <ple...@debian.org> Sat, 21 Apr 2012 12:22:26 +0900
+
network-console (1.30) unstable; urgency=low
[ Updated translations ]
--
1.7.9.5
