+++ /dev/null
-files/etc/lots: could benefit from config-package-dev TRANSFORM for upgradeability
+sipb-xen-console (8.0) unstable; urgency=low
+
+ * Update config files to work with Hardy
+
+ -- Evan Broder <broder@mit.edu> Sun, 05 Oct 2008 04:45:21 -0400
+
sipb-xen-console (7.8) unstable; urgency=low
* generate config files using mako
Source: sipb-xen-console
Section: servers
-Priority: important
-Maintainer: sipb-xen@mit.edu
-Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~)
+Priority: extra
+Maintainer: SIPB Xen Project <sipb-xen@mit.edu>
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, debathena-ssh-server-config, initscripts
Standards-Version: 3.7.2
Package: sipb-xen-console
Architecture: all
Provides: ${diverted-files}
Conflicts: ${diverted-files}
-Depends: sipb-xen-base, ${shlibs:Depends}, ${misc:Depends}, conserver-client, daemon, debathena-kerberos-config, fuse-utils, libnss-pgsql1, nscd, openssh-server, python-fuse, sipb-xen-chrony-config, sipb-xen-database-common, remctl-server
+Depends: sipb-xen-base, ${shlibs:Depends}, ${misc:Depends}, conserver-client, daemon, debathena-kerberos-config, fuse-utils, libnss-pgsql1, nscd, openssh-server, python, python-fuse, sipb-xen-chrony-config, sipb-xen-database-common, remctl-server
Description: SIPB Xen serial console server
This package should be installed on sipb-xen-console
It makes sure that necessary tools are available.
+++ /dev/null
-Source: sipb-xen-console
-Section: servers
-Priority: important
-Maintainer: sipb-xen@mit.edu
-Build-Depends: @cdbs@
-Standards-Version: 3.7.2
-
-Package: sipb-xen-console
-Architecture: all
-Provides: ${diverted-files}
-Conflicts: ${diverted-files}
-Depends: sipb-xen-base, ${shlibs:Depends}, ${misc:Depends}, conserver-client, daemon, debathena-kerberos-config, fuse-utils, libnss-pgsql1, nscd, openssh-server, python-fuse, sipb-xen-chrony-config, sipb-xen-database-common, remctl-server
-Description: SIPB Xen serial console server
- This package should be installed on sipb-xen-console
- It makes sure that necessary tools are available.
#!/usr/bin/make -f
-DEB_AUTO_UPDATE_DEBIAN_CONTROL = 1
DEB_DIVERT_EXTENSION = .sipb-xen
+DEB_TRANSFORM_FILES_sipb-xen-console += \
+ /etc/init.d/bootmisc.sh.sipb-xen \
+ /etc/nsswitch.conf.sipb-xen \
+ /etc/nscd.conf.sipb-xen \
+ /etc/pam.d/sshd.sipb-xen \
+ /etc/ssh/sshd_config.debathena.sipb-xen
+
+ifneq ($(wildcard /usr/share/base-files/nsswitch.conf),)
+ DEB_CHECK_FILES_SOURCE_/etc/nsswitch.conf.sipb-xen = \
+ /usr/share/base-files/nsswitch.conf
+endif
+
DEB_DIVERT_FILES_sipb-xen-console += \
- /etc/init.d/bootmisc.sh \
- /etc/conserver/conserver.cf \
- /etc/motd \
- /etc/nscd.conf \
- /etc/nsswitch.conf \
- /etc/pam.d/ssh \
- /etc/ssh/sshd_config
+ /etc/conserver/conserver.cf.sipb-xen \
+ /etc/motd.sipb-xen
include /usr/share/cdbs/1/rules/debhelper.mk
include /usr/share/cdbs/1/rules/config-package.mk
--- /dev/null
+#!/bin/bash
+patch -p0 -o /dev/fd/4 3<&0 4>&1 1>/dev/null <<EOF
+
+# Yes, I there's no context. But the lines being replaced are less
+# likely to change than the lines around them
+
+--- Ignored
++++ /dev/fd/3
+@@ -42,3 +42,2 @@
+- # Update motd
+- uname -snrvm > /var/run/motd
+- [ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd
++ # Do not update motd
++ cp /etc/motd /var/run/motd
--- /dev/null
+#!/usr/bin/perl -0p
+s/^(\s*negative-time-to-live\s*passwd\s*).*$/\13/m or die;
+s/^(\s*negative-time-to-live\s*group\s*).*$/\13/m or die;
+s/^(\s*persistent\s*passwd\s*).*$/\1no/m or die;
+s/^(\s*persistent\s*group\s*).*$/\1no/m or die;
+
--- /dev/null
+#!/usr/bin/perl -0p
+s/^(passwd: .*)$/$1 pgsql/m or die;
+s/^(group: .*)$/$1 pgsql/m or die;
--- /dev/null
+#!/bin/sh
+echo "# If they're not root, but their user exists (success),"
+echo 'auth [success=ignore ignore=ignore default=1 module_unknown=die] pam_succeed_if.so uid > 0'
+echo "# print the \"You don\'t have tickets\" error:"
+echo 'auth [success=die ignore=reset default=die module_unknown=die] pam_echo.so file=/etc/issue.net.no_tkt'
+echo "# If !(they are root),"
+echo 'auth [success=1 ignore=ignore default=ignore module_unknown=die] pam_succeed_if.so uid eq 0'
+echo "# print the \"your account doesn't exist\" error:"
+echo 'auth [success=die ignore=reset default=die module_unknown=die] pam_echo.so file=/etc/issue.net.no_user'
+echo
+exec cat
--- /dev/null
+#!/usr/bin/perl -0p
+s/^#?PrintLastLog .*$/PrintLastLog no/m or die;
+++ /dev/null
-#!/bin/sh
-### BEGIN INIT INFO
-# Provides: bootmisc
-# Required-Start: $local_fs hostname $remote_fs
-# Required-Stop: $local_fs
-# Default-Start: S
-# Default-Stop:
-# Short-Description: Miscellaneous things to be done during bootup.
-# Description:
-### END INIT INFO
-
-PATH=/sbin:/usr/sbin:/bin:/usr/bin
-[ "$DELAYLOGIN" ] || DELAYLOGIN=yes
-. /lib/init/vars.sh
-
-do_start () {
- #
- # If login delaying is enabled then create the flag file
- # which prevents logins before startup is complete
- #
- case "$DELAYLOGIN" in
- Y*|y*)
- echo "System bootup in progress - please wait" > /var/lib/initscripts/nologin
- ;;
- esac
-
- # Create /var/run/utmp so we can login.
- : > /var/run/utmp
- if grep -q ^utmp: /etc/group
- then
- chmod 664 /var/run/utmp
- chgrp utmp /var/run/utmp
- fi
-
- # Set pseudo-terminal access permissions.
- if [ ! -e /dev/.devfsd ] && [ -c /dev/ttyp0 ]
- then
- chmod -f 666 /dev/tty[p-za-e][0-9a-f]
- chown -f root:tty /dev/tty[p-za-e][0-9a-f]
- fi
-
- # Do not update motd
- #uname -snrvm > /var/run/motd
- #[ -f /etc/motd.tail ] && cat /etc/motd.tail >> /var/run/motd
- cp /etc/motd /var/run/motd
-
- # Save kernel messages in /var/log/dmesg
- if which dmesg >/dev/null 2>&1
- then
- savelog -q -p -c 5 /var/log/dmesg
- dmesg -s 524288 > /var/log/dmesg
- chgrp adm /var/log/dmesg || :
- elif [ -c /dev/klog ]
- then
- savelog -q -p -c 5 /var/log/dmesg
- dd if=/dev/klog of=/var/log/dmesg &
- sleep 1
- kill $!
- [ -f /var/log/dmesg ] && { chgrp adm /var/log/dmesg || : ; }
- fi
-
- #
- # Save udev log in /var/log/udev
- #
- if [ -e /dev/.udev.log ]
- then
- mv -f /dev/.udev.log /var/log/udev
- fi
-
- # Remove bootclean's flag files.
- # Don't run bootclean again after this!
- rm -f /tmp/.clean /var/run/.clean /var/lock/.clean
-}
-
-case "$1" in
- start|"")
- do_start
- ;;
- restart|reload|force-reload)
- echo "Error: argument '$1' not supported" >&2
- exit 3
- ;;
- stop)
- # No-op
- ;;
- *)
- echo "Usage: bootmisc.sh [start|stop]" >&2
- exit 3
- ;;
-esac
-
-:
+++ /dev/null
-#
-# /etc/nscd.conf
-#
-# An example Name Service Cache config file. This file is needed by nscd.
-#
-# Legal entries are:
-#
-# logfile <file>
-# debug-level <level>
-# threads <initial #threads to use>
-# max-threads <maximum #threads to use>
-# server-user <user to run server as instead of root>
-# server-user is ignored if nscd is started with -S parameters
-# stat-user <user who is allowed to request statistics>
-# reload-count unlimited|<number>
-# paranoia <yes|no>
-# restart-interval <time in seconds>
-#
-# enable-cache <service> <yes|no>
-# positive-time-to-live <service> <time in seconds>
-# negative-time-to-live <service> <time in seconds>
-# suggested-size <service> <prime number>
-# check-files <service> <yes|no>
-# persistent <service> <yes|no>
-# shared <service> <yes|no>
-#
-# Currently supported cache names (services): passwd, group, hosts
-#
-
-
-# logfile /var/log/nscd.log
-# threads 6
-# max-threads 128
-# server-user nobody
-# stat-user somebody
- debug-level 0
-# reload-count 5
- paranoia no
-# restart-interval 3600
-
- enable-cache passwd yes
- positive-time-to-live passwd 600
-# negative-time-to-live passwd 20
- negative-time-to-live passwd 3
- suggested-size passwd 211
- check-files passwd yes
-# persistent passwd yes
- persistent passwd no
- shared passwd yes
-
- enable-cache group yes
- positive-time-to-live group 3600
-# negative-time-to-live group 60
- negative-time-to-live group 3
- suggested-size group 211
- check-files group yes
-# persistent group yes
- persistent group no
- shared group yes
-
- enable-cache hosts yes
- positive-time-to-live hosts 3600
- negative-time-to-live hosts 20
- suggested-size hosts 211
- check-files hosts yes
- persistent hosts yes
- shared hosts yes
+++ /dev/null
-# /etc/nsswitch.conf
-#
-# Example configuration of GNU Name Service Switch functionality.
-# If you have the `glibc-doc-reference' and `info' packages installed, try:
-# `info libc "Name Service Switch"' for information about this file.
-
-passwd: compat pgsql
-group: compat pgsql
-shadow: compat
-
-hosts: files dns
-networks: files
-
-protocols: db files
-services: db files
-ethers: db files
-rpc: db files
-
-netgroup: nis
+++ /dev/null
-# PAM configuration for the Secure Shell service
-
-# If they're not root, but their user exists (success),
-auth [success=ignore ignore=ignore default=1 module_unknown=die] pam_succeed_if.so uid > 0
-# print the "You don't have tickets" error:
-auth [success=die ignore=reset default=die module_unknown=die] pam_echo.so file=/etc/issue.net.no_tkt
-# If !(they are root),
-auth [success=1 ignore=ignore default=ignore module_unknown=die] pam_succeed_if.so uid eq 0
-# print the "your account doesn't exist" error:
-auth [success=die ignore=reset default=die module_unknown=die] pam_echo.so file=/etc/issue.net.no_user
-
-# Read environment variables from /etc/environment and
-# /etc/security/pam_env.conf.
-auth required pam_env.so # [1]
-# In Debian 4.0 (etch), locale-related environment variables were moved to
-# /etc/default/locale, so read that as well.
-auth required pam_env.so envfile=/etc/default/locale
-
-# Standard Un*x authentication.
-@include common-auth
-
-# Disallow non-root logins when /etc/nologin exists.
-account required pam_nologin.so
-
-# Uncomment and edit /etc/security/access.conf if you need to set complex
-# access limits that are hard to express in sshd_config.
-# account required pam_access.so
-
-# Standard Un*x authorization.
-@include common-account
-
-# Standard Un*x session setup and teardown.
-@include common-session
-
-# Print the message of the day upon successful login.
-session optional pam_motd.so # [1]
-
-# Print the status of the user's mailbox upon successful login.
-session optional pam_mail.so standard noenv # [1]
-
-# Set up user limits from /etc/security/limits.conf.
-session required pam_limits.so
-
-# Set up SELinux capabilities (need modified pam)
-# session required pam_selinux.so multiple
-
-# Standard Un*x password updating.
-@include common-password
+++ /dev/null
-Port 22
-Protocol 2
-# HostKeys for protocol version 2
-HostKey /etc/ssh/ssh_host_rsa_key
-HostKey /etc/ssh/ssh_host_dsa_key
-#Privilege Separation is turned on for security
-UsePrivilegeSeparation yes
-
-# Lifetime and size of ephemeral version 1 server key
-KeyRegenerationInterval 3600
-ServerKeyBits 768
-
-# Logging
-SyslogFacility AUTH
-LogLevel INFO
-
-# Authentication:
-LoginGraceTime 120
-PermitRootLogin yes
-StrictModes yes
-
-RSAAuthentication yes
-PubkeyAuthentication yes
-#AuthorizedKeysFile %h/.ssh/authorized_keys
-
-# Don't read the user's ~/.rhosts and ~/.shosts files
-IgnoreRhosts yes
-# For this to work you will also need host keys in /etc/ssh_known_hosts
-RhostsRSAAuthentication no
-# similar for protocol version 2
-HostbasedAuthentication no
-# Uncomment if you don't trust ~/.ssh/known_hosts for RhostsRSAAuthentication
-#IgnoreUserKnownHosts yes
-
-# To enable empty passwords, change to yes (NOT RECOMMENDED)
-PermitEmptyPasswords no
-
-# Change to yes to enable challenge-response passwords (beware issues with
-# some PAM modules and threads)
-ChallengeResponseAuthentication yes
-
-# Change to no to disable tunnelled clear text passwords
-PasswordAuthentication no
-
-# GSSAPI options
-GSSAPIAuthentication yes
-GSSAPICleanupCredentials yes
-GSSAPIKeyExchange yes
-
-X11Forwarding yes
-X11DisplayOffset 10
-PrintMotd no
-PrintLastLog yes
-TCPKeepAlive yes
-
-# Allow client to pass locale environment variables
-AcceptEnv LANG LC_*
-
-UsePAM yes
projects / invirt/packages/invirt-console.git / commitdiff
