Removed debathena dependencies from invirt-console
authorGreg Brockman <gdb@mit.edu>
Thu, 24 Dec 2009 07:03:25 +0000 (02:03 -0500)
committerGreg Brockman <gdb@mit.edu>
Thu, 24 Dec 2009 07:03:25 +0000 (02:03 -0500)
svn path=/package_branches/invirt-console/hvirt/; revision=2775

debian/changelog
debian/control
debian/rules
debian/transform_krb5.conf.invirt [new file with mode: 0644]
debian/transform_sshd_config.debathena.invirt [deleted file]
debian/transform_sshd_config.invirt [new file with mode: 0755]

index 94d829f..34daba9 100644 (file)
@@ -1,3 +1,9 @@
+invirt-console (0.2.12) unstable; urgency=low
+
+  * Removed dependency on debathena pkgs
+
+ -- Greg Brockman <gdb@mit.edu>  Thu, 24 Dec 2009 01:54:32 -0500
+
 invirt-console (0.2.11) unstable; urgency=low
 
   * Disable the sftp subsystem on the console server; it interacts poorly
index b93f1a5..7f347e6 100644 (file)
@@ -2,7 +2,7 @@ Source: invirt-console
 Section: servers
 Priority: extra
 Maintainer: Invirt project <invirt@mit.edu>
-Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, debathena-ssh-server-config, initscripts
+Build-Depends: cdbs (>= 0.4.23-1.1), debhelper (>= 5), config-package-dev (>= 4.5~), nscd, openssh-server, initscripts, krb5-config, krb5-user, krb5-clients
 Standards-Version: 3.7.2
 
 Package: invirt-console-server
@@ -11,9 +11,9 @@ Provides: ${diverted-files}
 Conflicts: ${diverted-files}
 Depends: invirt-base, ${shlibs:Depends}, ${misc:Depends},
  conserver-client, conserver-server, daemon,
- debathena-kerberos-config, fuse-utils, libnss-pgsql1, nscd,
+ fuse-utils, libnss-pgsql1, nscd, krb5-config, krb5-user, krb5-clients,
  openssh-server, python, python-routefs, invirt-database,
- remctl-server, debathena-ssh-server-config
+ remctl-server
 Description: Invirt serial-console proxy server
  This is the software for the serial-console proxy server.
 
index b1b8d2b..6b1ea1d 100755 (executable)
@@ -6,7 +6,7 @@ DEB_TRANSFORM_FILES_invirt-console-server += \
        /etc/nsswitch.conf.invirt \
        /etc/nscd.conf.invirt \
        /etc/pam.d/sshd.invirt \
-       /etc/ssh/sshd_config.debathena.invirt
+       /etc/ssh/sshd_config.invirt
 
 ifneq ($(wildcard /usr/share/base-files/nsswitch.conf),)
     DEB_CHECK_FILES_SOURCE_/etc/nsswitch.conf.invirt = \
@@ -15,7 +15,9 @@ endif
 
 DEB_DIVERT_FILES_invirt-console-server += \
        /etc/conserver/conserver.cf.invirt \
-       /etc/motd.invirt
+       /etc/krb5.conf \
+       /etc/motd.invirt \
+       /etc/ssh/sshd_config
 DEB_DIVERT_FILES_invirt-console-host += \
        /etc/conserver/conserver.cf.invirt \
        /etc/conserver/server.conf.invirt
diff --git a/debian/transform_krb5.conf.invirt b/debian/transform_krb5.conf.invirt
new file mode 100644 (file)
index 0000000..7ea96da
--- /dev/null
@@ -0,0 +1,25 @@
+#!/usr/bin/perl -p0
+# Debathena rules (from debathena-kerberos-config)
+s/^([ \t]*default_realm *=).*$/\1 ATHENA.MIT.EDU/m or die;
+s/(\[realms\][^[]*\n)[ \t]*NUMENOR\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tNUMENOR.MIT.EDU = {\n\t\tkdc = numenor.mit.edu\n\t\tadmin_server = numenor.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*CSAIL\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tCSAIL.MIT.EDU = {\n\t\tkdc = kerberos-1.csail.mit.edu\n\t\tkdc = kerberos-2.csail.mit.edu\n\t\tadmin_server = kerberos.csail.mit.edu\n\t\tdefault_domain = csail.mit.edu\n\t\tkrb524_server = krb524.csail.mit.edu\n\t}\n/ or die;
+s/(\[realms\][^[]*\n)[ \t]*ATHENA\.MIT\.EDU\s*=\s*\{[^}]*\}\s*\n/\1/;
+s/(\[realms\]\n)/\1\tATHENA.MIT.EDU = {\n\t\tkdc = kerberos.mit.edu:88\n\t\tkdc = kerberos-1.mit.edu:88\n\t\tkdc = kerberos-2.mit.edu:88\n\t\tadmin_server = kerberos.mit.edu\n\t\tdefault_domain = mit.edu\n\t}\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*numenor\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tnumenor.mit.edu = NUMENOR.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tcsail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.csail\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.csail.mit.edu = CSAIL.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\tmit.edu = ATHENA.MIT.EDU\n/ or die;
+s/(\[domain_realm\][^[]*\n)[ \t]*\.mit\.edu\s*=[^\n]*\n/\1/;
+s/(\[domain_realm\]\n)/\1\t.mit.edu = ATHENA.MIT.EDU\n/ or die;
+
+# Invirt rules
+
+s/(\[realms\]\n)/\1\tHCS.HARVARD.EDU = {\n\t\tkdc = krb1.hcs.harvard.edu\n\t\tadmin_server = krb1.hcs.harvard.edu\n\t}\n/ or die;
+s/(\[domain_realm\]\n)/\1\thcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;
+s/(\[domain_realm\]\n)/\1\t.hcs.harvard.edu = HCS.HARVARD.EDU\n/ or die;
diff --git a/debian/transform_sshd_config.debathena.invirt b/debian/transform_sshd_config.debathena.invirt
deleted file mode 100755 (executable)
index c63b2fd..0000000
+++ /dev/null
@@ -1,5 +0,0 @@
-#!/usr/bin/perl -0p
-s/^#?PrintLastLog .*$/PrintLastLog no/m or die;
-s/$/\nAllowTcpForwarding no/ or die;
-s/^#?X11Forwarding .*$/X11Forwarding no/m or die;
-s/^#?Subsystem sftp.*$//m or die;
diff --git a/debian/transform_sshd_config.invirt b/debian/transform_sshd_config.invirt
new file mode 100755 (executable)
index 0000000..892270d
--- /dev/null
@@ -0,0 +1,16 @@
+#!/usr/bin/perl -0p
+# Debathena rules (from debathena-ssh-server-config)
+s/^#?GSSAPIAuthentication .*$/GSSAPIAuthentication yes\nGSSAPIKeyExchange yes\nGSSAPIStrictAcceptorCheck no/m or die;
+s/^#?GSSAPICleanupCredentials .*$/GSSAPICleanupCredentials yes/m or die;
+s/^#?ChallengeResponseAuthentication .*$/ChallengeResponseAuthentication yes/m or die;
+## In Debathena, privilege separation is configurable.
+s/^#?UsePrivilegeSeparation .*$/UsePrivilegeSeparation yes/m or die;
+s/^#?PasswordAuthentication .*$/PasswordAuthentication no/m or die;
+
+# Invirt rules
+s/^#?PrintLastLog .*$/PrintLastLog no/m or die;
+s/$/\nAllowTcpForwarding no/ or die;
+s/^#?X11Forwarding .*$/X11Forwarding no/m or die;
+s/^#?Subsystem sftp.*$//m or die;
+
+