Re: [PATCH] modules.d: introduce ssh-server module to provide service

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On 12.06.2017 07:47, Liu ping fan wrote:
> Hi Harald, what is your opinion of such functionality?

yeah, nice, but some issues:

1) "inst" should be used instead of "inst_simple" for executables and *.so
2) That is a long hardcoded list of dependencies. Are they all needed?
3) The module should probably be renamed to rhel-7-ssh-server or a similar name
   to reflect, that it is most likely only working on this distribution variant
4) Does it have to be shipped in upstream dracut? Looks like this can live totally
   fine in a project, which lives outside of dracut.

> 
> Thanks and regards,
> Pingfan
> 
> On Wed, May 24, 2017 at 10:39 AM, Pingfan Liu <piliu@xxxxxxxxxx> wrote:
>> When debugging a remote system, sometimes we may experience disk
>> failure. In this case, it makes debugging very unconformable if
>> there is no console server to forward the dmesg.
>> This new module install the sshd-required material in initramfs,
>> so later, sshd service can be started and let debugger login.
>>
>> Signed-off-by: Pingfan Liu <piliu@xxxxxxxxxx>
>> ---
>>  95ssh-server/module-setup.sh | 156 +++++++++++++++++++++++++++++++++++++++++++
>>  1 file changed, 156 insertions(+)
>>  create mode 100755 95ssh-server/module-setup.sh
>>
>> diff --git a/95ssh-server/module-setup.sh b/95ssh-server/module-setup.sh
>> new file mode 100755
>> index 0000000..65e1453
>> --- /dev/null
>> +++ b/95ssh-server/module-setup.sh
>> @@ -0,0 +1,156 @@
>> +#!/bin/bash
>> +# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
>> +# ex: ts=8 sw=4 sts=4 et filetype=sh
>> +
>> +# fixme: assume user is root
>> +
>> +check() {
>> +
>> +    # If our prerequisites are not met, fail.
>> +    require_binaries sshd || return 1
>> +}
>> +
>> +depends() {
>> +    # We depend on network modules being loaded
>> +    echo network
>> +}
>> +
>> +
>> +copy_pam_conf()
>> +{
>> +    inst_simple /etc/pam.d/login
>> +    inst_simple /etc/pam.d/passwd
>> +    inst_simple /etc/pam.d/password-auth
>> +    inst_simple /etc/pam.d/password-auth-ac
>> +    inst_simple /etc/pam.d/sshd
>> +    inst_simple /etc/pam.d/sssd-shadowutils
>> +    inst_simple /etc/pam.d/system-auth
>> +    inst_simple /etc/pam.d/system-auth-ac
>> +    inst_simple /etc/pam.d/systemd-user
>> +    inst_simple /etc/pam.d/postlogin
>> +    inst_simple /etc/pam.d/postlogin-ac
>> +    inst_simple /etc/pam.d/remote
>> +    inst_simple /etc/pam.d/setup
>> +
>> +    inst_simple /etc/security/access.conf
>> +    inst_simple /etc/security/chroot.conf
>> +    inst_simple /etc/security/console.apps
>> +    inst_simple /etc/security/console.handlers
>> +    inst_simple /etc/security/console.perms
>> +    inst_simple /etc/security/console.perms.d
>> +    inst_simple /etc/security/group.conf
>> +    inst_simple /etc/security/limits.conf
>> +    inst_simple /etc/security/limits.d
>> +    inst_simple /etc/security/namespace.conf
>> +    inst_simple /etc/security/namespace.d
>> +    inst_simple /etc/security/namespace.init
>> +    inst_simple /etc/security/opasswd
>> +    inst_simple /etc/security/pam_env.conf
>> +    inst_simple /etc/security/sepermit.conf
>> +    inst_simple /etc/security/time.conf
>> +}
>> +
>> +copy_pam_binary()
>> +{
>> +    inst_simple /usr/lib64/security/pam_access.so
>> +    inst_simple /usr/lib64/security/pam_chroot.so
>> +    inst_simple /usr/lib64/security/pam_console.so
>> +    inst_simple /usr/lib64/security/pam_cracklib.so
>> +    inst_simple /usr/lib64/security/pam_debug.so
>> +    inst_simple /usr/lib64/security/pam_deny.so
>> +    inst_simple /usr/lib64/security/pam_echo.so
>> +    inst_simple /usr/lib64/security/pam_env.so
>> +    inst_simple /usr/lib64/security/pam_exec.so
>> +    inst_simple /usr/lib64/security/pam_faildelay.so
>> +    inst_simple /usr/lib64/security/pam_faillock.so
>> +    inst_simple /usr/lib64/security/pam_filter
>> +    inst_simple /usr/lib64/security/pam_filter.so
>> +    inst_simple /usr/lib64/security/pam_filter/upperLOWER
>> +    inst_simple /usr/lib64/security/pam_ftp.so
>> +    inst_simple /usr/lib64/security/pam_group.so
>> +    inst_simple /usr/lib64/security/pam_issue.so
>> +    inst_simple /usr/lib64/security/pam_keyinit.so
>> +    inst_simple /usr/lib64/security/pam_lastlog.so
>> +    inst_simple /usr/lib64/security/pam_limits.so
>> +    inst_simple /usr/lib64/security/pam_listfile.so
>> +    inst_simple /usr/lib64/security/pam_localuser.so
>> +    inst_simple /usr/lib64/security/pam_loginuid.so
>> +    inst_simple /usr/lib64/security/pam_mail.so
>> +    inst_simple /usr/lib64/security/pam_mkhomedir.so
>> +    inst_simple /usr/lib64/security/pam_motd.so
>> +    inst_simple /usr/lib64/security/pam_namespace.so
>> +    inst_simple /usr/lib64/security/pam_nologin.so
>> +    inst_simple /usr/lib64/security/pam_permit.so
>> +    inst_simple /usr/lib64/security/pam_postgresok.so
>> +    inst_simple /usr/lib64/security/pam_pwhistory.so
>> +    inst_simple /usr/lib64/security/pam_rhosts.so
>> +    inst_simple /usr/lib64/security/pam_rootok.so
>> +    inst_simple /usr/lib64/security/pam_securetty.so
>> +    inst_simple /usr/lib64/security/pam_selinux.so
>> +    inst_simple /usr/lib64/security/pam_selinux_permit.so
>> +    inst_simple /usr/lib64/security/pam_sepermit.so
>> +    inst_simple /usr/lib64/security/pam_shells.so
>> +    inst_simple /usr/lib64/security/pam_stress.so
>> +    inst_simple /usr/lib64/security/pam_succeed_if.so
>> +    inst_simple /usr/lib64/security/pam_tally2.so
>> +    inst_simple /usr/lib64/security/pam_time.so
>> +    inst_simple /usr/lib64/security/pam_timestamp.so
>> +    inst_simple /usr/lib64/security/pam_tty_audit.so
>> +    inst_simple /usr/lib64/security/pam_umask.so
>> +    inst_simple /usr/lib64/security/pam_unix.so
>> +    inst_simple /usr/lib64/security/pam_unix_acct.so
>> +    inst_simple /usr/lib64/security/pam_unix_auth.so
>> +    inst_simple /usr/lib64/security/pam_unix_passwd.so
>> +    inst_simple /usr/lib64/security/pam_unix_session.so
>> +    inst_simple /usr/lib64/security/pam_userdb.so
>> +    inst_simple /usr/lib64/security/pam_warn.so
>> +    inst_simple /usr/lib64/security/pam_wheel.so
>> +    inst_simple /usr/lib64/security/pam_xauth.so
>> +    inst_simple /usr/sbin/faillock
>> +    inst_simple /usr/sbin/mkhomedir_helper
>> +    inst_simple /usr/sbin/pam_console_apply
>> +    inst_simple /usr/sbin/pam_tally2
>> +    inst_simple /usr/sbin/pam_timestamp_check
>> +    inst_simple /usr/sbin/pwhistory_helper
>> +    inst_simple /usr/sbin/unix_chkpwd
>> +    inst_simple /usr/sbin/unix_update
>> +}
>> +
>> +
>> +inst_pam()
>> +{
>> +    copy_pam_binary
>> +    copy_pam_conf
>> +}
>> +
>> +inst_sshd()
>> +{
>> +    inst_simple /usr/sbin/sshd
>> +    inst_simple /usr/libexec/openssh/sshd-keygen
>> +    inst_simple /etc/ssh/sshd_config
>> +    inst_simple /etc/ssh/ssh_host_rsa_key.pub
>> +    inst_simple /etc/ssh/ssh_host_rsa_key
>> +    inst_simple /etc/ssh/ssh_host_ecdsa_key
>> +    inst_simple /etc/ssh/ssh_host_ecdsa_key.pub
>> +    inst_simple /etc/ssh/ssh_host_ed25519_key
>> +    inst_simple /etc/ssh/ssh_host_ed25519_key.pub
>> +    inst_dir /var/empty/sshd
>> +    grep -E '^sshd:' /etc/passwd >> "$initdir/etc/passwd"
>> +    grep -E '^sshd:' /etc/group >> "$initdir/etc/group"
>> +    grep -E '^root:' /etc/passwd >> "$initdir/etc/passwd"
>> +    grep -E '^root:' /etc/group >> "$initdir/etc/group"
>> +    grep -E '^root:' /etc/shadow >> "$initdir/etc/shadow"
>> +    inst_simple   /root/.ssh/authorized_keys
>> +    chmod 600 -R ${initdir}/etc/ssh/
>> +    inst_simple /etc/sysconfig/sshd
>> +    inst_simple /usr/lib/systemd/system/sshd-keygen@.service
>> +    inst_simple /usr/lib/systemd/system/sshd-keygen.target
>> +    inst_simple /usr/lib/systemd/system/sshd.service
>> +    inst_simple /usr/lib/systemd/system/sshd@.service
>> +    inst_simple /usr/lib/systemd/system/sshd.socket
>> +}
>> +
>> +install() {
>> +    inst_sshd
>> +    inst_pam
>> +}
>> --
>> 2.7.4
>>

--
To unsubscribe from this list: send the line "unsubscribe initramfs" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at  http://vger.kernel.org/majordomo-info.html



[Index of Archives]     [Linux Kernel]     [Linux USB Devel]     [Linux Audio Users]     [Yosemite News]     [Linux SCSI]

  Powered by Linux