Added debathena krb and ssh config stuff to invirt-base

svn path=/package_branches/invirt-base/hvirt/; revision=2776

diff --git a/debian/changelog b/debian/changelog
index 96d9ea7..17041c0 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,9 @@
+invirt-base (0.0.28) unstable; urgency=low
+
+  * Added debathena SSH and KRB5 config
+
+ -- Greg Brockman <gdb@mit.edu>  Thu, 24 Dec 2009 16:30:55 -0500
+
 invirt-base (0.0.27) unstable; urgency=low
 
   * Move invirt.authz.locker to xvm.authz.locker, in the xvm-authz-locker

diff --git a/debian/control b/debian/control
index bab7571..aedeee0 100644 (file)
--- a/debian/control
+++ b/debian/control
@@ -2,15 +2,17 @@ Source: invirt-base
 Section: base
 Priority: extra
 Maintainer: Invirt project <invirt@mit.edu>
-Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), python-all-dev, python-support, python-setuptools, python-debian, python-apt
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 4.1.0), python-all-dev, python-support, python-setuptools, python-debian, python-apt, krb5-config, krb5-user, krb5-clients, openssh-server
 Standards-Version: 3.8.0
 
 Package: invirt-base
 Architecture: all
-Depends: ${python:Depends}, ${misc:Depends},
+Depends: ${python:Depends}, ${shlibs:Depends}, ${misc:Depends},
  python-json (>= 3.4-2), python-yaml (>= 3.05), python-mako (>=
- 0.2.2), remctl-client, invirt-config
-Provides: ${python:Provides}
+ 0.2.2), remctl-client, invirt-config, krb5-config, krb5-user,
+ krb5-clients, openssh-server
+Provides: ${python:Provides}, ${diverted-files}
+Conflicts: ${diverted-files}
 XB-Python-Version: ${python:Versions}
 Description: Base configuration required for all Invirt servers
  This package includes common files for the Invirt system.

diff --git a/debian/rules b/debian/rules
index 96d7158..4ab2a9f 100755 (executable)
--- a/debian/rules
+++ b/debian/rules
@@ -1,12 +1,33 @@
 #!/usr/bin/make -f
 
 DEB_PYTHON_SYSTEM=pysupport
+DEB_DIVERT_EXTENSION = .invirt
+# Stolen from Debathena
+DEB_CHECK_FILES_SOURCE_/etc/krb5.conf.invirt = \
+        /usr/share/kerberos-configs/krb5.conf.template
+DEB_TRANSFORM_FILES_invirt-base += \
+        /etc/krb5.conf.invirt
 
 include /usr/share/cdbs/1/rules/debhelper.mk
 include /usr/share/cdbs/1/class/python-distutils.mk
+include /usr/share/cdbs/1/rules/config-package.mk
 
 binary-fixup/invirt-base::
        mv $(DEB_DESTDIR)usr/bin/invirt-reload $(DEB_DESTDIR)usr/sbin/invirt-reload
 
+# Stolen from Debathena
+debian/sshd_config.invirt-orig: /var/lib/dpkg/info/openssh-server.postinst
+       perl -0pe 's/^.*<<EOF[^\n]*\n(.*\n)EOF\n.*$$/$$1/s or die;' $< > $@
+
+# Stolen from Debathena
+debian/sshd_config.invirt: debian/sshd_config.invirt-orig
+       perl -0pe '# Debathena rules (from debathena-ssh-server-config) \
+s/^#?GSSAPIAuthentication .*$/GSSAPIAuthentication yes\nGSSAPIKeyExchange yes\nGSSAPIStrictAcceptorCheck no/m or die; \
+s/^#?GSSAPICleanupCredentials .*$/GSSAPICleanupCredentials yes/m or die; \
+s/^#?ChallengeResponseAuthentication .*$/ChallengeResponseAuthentication yes/m or die; \
+## In Debathena, privilege separation is configurable. \
+s/^#?UsePrivilegeSeparation .*$/UsePrivilegeSeparation yes/m or die; \
+s/^#?PasswordAuthentication .*$/PasswordAuthentication no/m or die;' $< > $@
+
 clean::
        rm -rf python/invirt.egg-info

diff --git a/debian/transform_krb5.conf.invirt b/debian/transform_krb5.conf.invirt
new file mode 100755 (executable)
index 0000000..7ea96da
--- /dev/null
+++ b/debian/transform_krb5.conf.invirt
@@ -0,0 +1,25 @@
+#!/usr/bin/perl -p0
+# Debathena rules (from debathena-kerberos-config)
+s/^([ \t]*default_realm *=).*$/\1 ATHENA.MIT.EDU/m or die;
+s/(\[realms\][^[]*\n)[ \t]*NUMENOR\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tNUMENOR.MIT.EDU = {\n\t\tkdc = numenor.mit.edu\n\t\tadmin_server = numenor.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*CSAIL\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tCSAIL.MIT.EDU = {\n\t\tkdc = kerberos-1.csail.mit.edu\n\t\tkdc = kerberos-2.csail.mit.edu\n\t\tadmin_server = kerberos.csail.mit.edu\n\t\tdefault_domain = csail.mit.edu\n\t\tkrb524_server = krb524.csail.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*ATHENA\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tATHENA.MIT.EDU = {\n\t\tkdc = kerberos.mit.edu:88\n\t\tkdc = kerberos-1.mit.edu:88\n\t\tkdc = kerberos-2.mit.edu:88\n\t\tadmin_server = kerberos.mit.edu\n\t\tdefault_domain = mit.edu\n\t}\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*numenor\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tnumenor.mit.edu = NUMENOR.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tcsail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.csail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tmit.edu = ATHENA.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.mit.edu = ATHENA.MIT.EDU\n/ or die;
+
+# Invirt rules
+
+s/(\[realms\]\n)/\1\tHCS.HARVARD.EDU = {\n\t\tkdc = krb1.hcs.harvard.edu\n\t\tadmin_server = krb1.hcs.harvard.edu\n\t}\n/ or die;
+s/(\[domain_realm\]\n)/\1\thcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;
+s/(\[domain_realm\]\n)/\1\t.hcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;