diff options
| -rw-r--r-- | buildtools/debian-skeleton/rpki-rp.postinst | 36 | ||||
| -rw-r--r-- | buildtools/freebsd-skeleton/rpki-rp/pkg-install | 39 | ||||
| -rw-r--r-- | rcynic/Makefile.in | 9 | ||||
| -rw-r--r-- | rcynic/rules.darwin.mk | 35 | ||||
| -rw-r--r-- | rcynic/rules.freebsd.mk | 24 | ||||
| -rw-r--r-- | rcynic/rules.linux.mk | 26 | ||||
| -rw-r--r-- | rtr-origin/rules.freebsd.mk | 4 | ||||
| -rw-r--r-- | rtr-origin/rules.linux.mk | 2 |
8 files changed, 146 insertions, 29 deletions
diff --git a/buildtools/debian-skeleton/rpki-rp.postinst b/buildtools/debian-skeleton/rpki-rp.postinst index 46ef8b97..ef45c861 100644 --- a/buildtools/debian-skeleton/rpki-rp.postinst +++ b/buildtools/debian-skeleton/rpki-rp.postinst @@ -5,26 +5,36 @@ set -e -setup_rcynic_ownership() { - install -o rcynic -g rcynic -d /var/rcynic/data /var/rcynic/rpki-rtr /var/rcynic/rpki-rtr - if test -d /var/www +setup_groups() { + if ! getent group rcynic >/dev/null then - install -o rcynic -g rcynic -d /var/www/rcynic + groupadd rcynic + fi + if ! getent group rpkirtr >/dev/null + then + groupadd rpkirtr fi } -setup_rcynic_user() { +setup_users() { if ! getent passwd rcynic >/dev/null then useradd -g rcynic -M -N -d /var/rcynic -s /sbin/nologin -c "RPKI validation system" rcynic fi + if ! getent passwd rpkirtr >/dev/null + then + useradd -g rpkirtr -M -N -d /var/rcynic/rpki-rtr -s /sbin/nologin -c "RPKI router server" rpkirtr + fi + usermod -a -G rpkirtr rcynic } -setup_rcynic_group() { - if ! getent group rcynic >/dev/null +setup_directories() { + install -o rcynic -g rcynic -d /var/rcynic/data /var/rcynic/rpki-rtr + if test -d /var/www then - groupadd rcynic + install -o rcynic -g rcynic -d /var/www/rcynic fi + install -o rpkirtr -g rcynic -m 775 -d /var/rcynic/rpki-rtr/sockets } # We want to pick a *random* minute for rcynic to run, to spread load @@ -39,7 +49,7 @@ setup_rcynic_cron() { fi } -setup_rpki_rtr_listener() { +setup_rpkirtr_listener() { if test -f /var/run/xinetd.pid then kill -HUP `cat /var/run/xinetd.pid` @@ -61,11 +71,11 @@ setup_rpki_rtr_listener() { case "$1" in configure) - setup_rcynic_group - setup_rcynic_user - setup_rcynic_ownership + setup_groups + setup_users + setup_directories setup_rcynic_cron - setup_rpki_rtr_listener + setup_rpkirtr_listener ;; abort-upgrade|abort-remove|abort-deconfigure) diff --git a/buildtools/freebsd-skeleton/rpki-rp/pkg-install b/buildtools/freebsd-skeleton/rpki-rp/pkg-install index 90abb8f2..3a8d960e 100644 --- a/buildtools/freebsd-skeleton/rpki-rp/pkg-install +++ b/buildtools/freebsd-skeleton/rpki-rp/pkg-install @@ -25,6 +25,28 @@ PRE-INSTALL) echo "Please create it, then try again." exit 1 fi + if /usr/sbin/pw groupshow "rpkirtr" 2>/dev/null + then + echo "You already have a group \"rpkirtr\", so I will use it." + elif /usr/sbin/pw groupadd rpkirtr + then + echo "Added group \"rpkirtr\"." + else + echo "Adding group \"rpkirtr\" failed..." + echo "Please create it, then try again." + exit 1 + fi + if /usr/sbin/pw usershow "rpkirtr" 2>/dev/null + then + echo "You already have a user \"rpkirtr\", so I will use it." + elif /usr/sbin/pw useradd rpkirtr -g rpkirtr -h - -d /nonexistant -s /usr/sbin/nologin -c "RPKI router server" + then + echo "Added user \"rpkirtr\"." + else + echo "Adding user \"rpkirtr\" failed..." + echo "Please create it, then try again." + exit 1 + fi ;; POST-INSTALL) @@ -41,6 +63,11 @@ POST-INSTALL) /usr/bin/install -o rcynic -g rcynic -d /var/rcynic fi done + if ! test -d /var/rcynic/rpki-rtr/sockets + then + echo "Creating /var/rcynic/rpki-rtr/sockets" + /usr/bin/install -o rpkirtr -g rcynic -m 775 -d /var/rcynic/rpki-rtr/sockets + fi if test ! -f /usr/local/etc/rcynic.conf then /bin/cp -p /usr/local/etc/rcynic.conf.sample /usr/local/etc/rcynic.conf @@ -51,13 +78,7 @@ POST-INSTALL) echo "Creating $htmldir" /usr/bin/install -o rcynic -g rcynic -d $htmldir fi - sockdir=/var/rcynic/rpki-rtr/sockets - if ! test -d $sockdir - then - echo "Creating $sockdir" - /usr/bin/install -o nobody -g rcynic -d $sockdir - fi - if test "X`/usr/bin/crontab -l -u ${RCYNIC_CRON_USER} 2>/dev/null`" != "X" + if test "X`/usr/bin/crontab -l -u rcynic 2>/dev/null`" != "X" then echo "rcynic user already has a crontab, leaving it alone" else @@ -80,7 +101,7 @@ POST-INSTALL) if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp[ ]" /etc/inetd.conf then echo "You already have an inetd.conf entry for rpki-rtr on TCPv4, so I will use it." - elif echo >>/etc/inetd.conf "rpki-rtr stream tcp nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr" + elif echo >>/etc/inetd.conf "rpki-rtr stream tcp nowait rpkirtr /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr" then echo "Added rpki-rtr for TCPv4 to /etc/inetd.conf." else @@ -90,7 +111,7 @@ POST-INSTALL) if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp6[ ]" /etc/inetd.conf then echo "You already have an inetd.conf entry for rpki-rtr on TCPv6, so I will use it." - elif echo >>/etc/inetd.conf "rpki-rtr stream tcp6 nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr" + elif echo >>/etc/inetd.conf "rpki-rtr stream tcp6 nowait rpkirtr /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr" then echo "Added rpki-rtr for TCPv6 to /etc/inetd.conf." else diff --git a/rcynic/Makefile.in b/rcynic/Makefile.in index 709dbb58..e3b45036 100644 --- a/rcynic/Makefile.in +++ b/rcynic/Makefile.in @@ -54,11 +54,15 @@ RCYNIC_CONF_DATA = @RCYNIC_CONF_DATA@ RCYNIC_CONF_TA_DIR = @RCYNIC_CONF_TA_DIR@ RCYNIC_USER = rcynic RCYNIC_GROUP = rcynic -NOBODY_USER = nobody +RPKIRTR_USER = rpkirtr RCYNIC_GECOS = RPKI Validation System RCYNIC_STATIC_RSYNC = @RCYNIC_STATIC_RSYNC@ RCYNIC_HTML_DIR = @RCYNIC_HTML_DIR@ RCYNIC_CRON_USER = @RCYNIC_CRON_USER@ +RPKIRTR_USER = rpkirtr +RPKIRTR_GROUP = rpkirtr +RPKIRTR_GECOS = RPKI router server +RPKIRTR_MODE = 775 SCRIPTS = rcynic-text rcynic-html rcynic-svn validation_status rcynic-cron @@ -155,7 +159,8 @@ ${RCYNIC_DIRS} ${DESTDIR}${bindir} ${DESTDIR}${sysconfdir}: install-directory-ownership: ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR} chown ${RCYNIC_USER}:${RCYNIC_GROUP} ${RCYNIC_DATA_DIR} ${RCYNIC_RPKI_RTR_DIR} - chown ${NOBODY_USER}:${RCYNIC_GROUP} ${RCYNIC_RPKI_RTR_DIR}/sockets + chown ${RPKIRTR_USER}:${RCYNIC_GROUP} ${RCYNIC_RPKI_RTR_DIR}/sockets + chmod ${RPKIRTR_MODE} ${RCYNIC_RPKI_RTR_DIR}/sockets install-rcynic-conf: ${RCYNIC_CONF_FILE} diff --git a/rcynic/rules.darwin.mk b/rcynic/rules.darwin.mk index 998b5f54..d37b0e75 100644 --- a/rcynic/rules.darwin.mk +++ b/rcynic/rules.darwin.mk @@ -36,6 +36,41 @@ install-user-and-group: .FORCE echo "Please create it, then try again."; \ exit 1; \ fi + @if /usr/bin/dscl . -read "/Groups/${RPKIRTR_GROUP}" >/dev/null 2>&1; \ + then \ + echo "You already have a group \"${RPKIRTR_GROUP}\", so I will use it."; \ + elif gid="$$(/usr/bin/dscl . -list /Groups PrimaryGroupID | /usr/bin/awk 'BEGIN {gid = 501} $$2 >= gid {gid = 1 + $$2} END {print gid}')" && \ + /usr/bin/dscl . -create "/Groups/${RPKIRTR_GROUP}" && \ + /usr/bin/dscl . -create "/Groups/${RPKIRTR_GROUP}" RealName "${RPKIRTR_GECOS}" && \ + /usr/bin/dscl . -create "/Groups/${RPKIRTR_GROUP}" PrimaryGroupID "$$gid" && \ + /usr/bin/dscl . -create "/Groups/${RPKIRTR_GROUP}" GeneratedUID "$$(/usr/bin/uuidgen)" && \ + /usr/bin/dscl . -create "/Groups/${RPKIRTR_GROUP}" Password "*"; \ + then \ + echo "Added group \"${RPKIRTR_GROUP}\"."; \ + else \ + echo "Adding group \"${RPKIRTR_GROUP}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi; \ + if /usr/bin/dscl . -read "/Users/${RPKIRTR_USER}" >/dev/null 2>&1; \ + then \ + echo "You already have a user \"${RPKIRTR_USER}\", so I will use it."; \ + elif uid="$$(/usr/bin/dscl . -list /Users UniqueID | /usr/bin/awk 'BEGIN {uid = 501} $$2 >= uid {uid = 1 + $$2} END {print uid}')" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" UserShell "/usr/bin/false" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" RealName "${RPKIRTR_GECOS}" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" UniqueID "$$uid" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" PrimaryGroupID "$$gid" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" NFSHomeDirectory "/var/empty" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" GeneratedUID "$$(/usr/bin/uuidgen)" && \ + /usr/bin/dscl . -create "/Users/${RPKIRTR_USER}" Password "*"; \ + then \ + echo "Added user \"${RPKIRTR_USER}\"."; \ + else \ + echo "Adding user \"${RPKIRTR_USER}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi install-shared-libraries: .FORCE diff --git a/rcynic/rules.freebsd.mk b/rcynic/rules.freebsd.mk index f5391ce8..5233386e 100644 --- a/rcynic/rules.freebsd.mk +++ b/rcynic/rules.freebsd.mk @@ -12,10 +12,21 @@ install-user-and-group: .FORCE echo "Please create it, then try again."; \ exit 1; \ fi + @if /usr/sbin/pw groupshow "${RPKIRTR_GROUP}" 2>/dev/null; \ + then \ + echo "You already have a group \"${RPKIRTR_GROUP}\", so I will use it."; \ + elif /usr/sbin/pw groupadd ${RPKIRTR_GROUP}; \ + then \ + echo "Added group \"${RPKIRTR_GROUP}\"."; \ + else \ + echo "Adding group \"${RPKIRTR_GROUP}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi @if /usr/sbin/pw usershow "${RCYNIC_USER}" 2>/dev/null; \ then \ echo "You already have a user \"${RCYNIC_USER}\", so I will use it."; \ - elif /usr/sbin/pw useradd ${RCYNIC_USER} -g ${RCYNIC_GROUP} -h - -d /nonexistant -s /usr/sbin/nologin -c "${RCYNIC_GECOS}"; \ + elif /usr/sbin/pw useradd ${RCYNIC_USER} -g ${RCYNIC_GROUP} -h - -d /nonexistant -s /usr/sbin/nologin -c "${RCYNIC_GECOS}" -G "${RPKIRTR_GROUP}"; \ then \ echo "Added user \"${RCYNIC_USER}\"."; \ else \ @@ -23,6 +34,17 @@ install-user-and-group: .FORCE echo "Please create it, then try again."; \ exit 1; \ fi + @if /usr/sbin/pw usershow "${RPKIRTR_USER}" 2>/dev/null; \ + then \ + echo "You already have a user \"${RPKIRTR_USER}\", so I will use it."; \ + elif /usr/sbin/pw useradd ${RPKIRTR_USER} -g ${RPKIRTR_GROUP} -h - -d /nonexistant -s /usr/sbin/nologin -c "${RPKIRTR_GECOS}"; \ + then \ + echo "Added user \"${RPKIRTR_USER}\"."; \ + else \ + echo "Adding user \"${RPKIRTR_USER}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi # We use static compilation on FreeBSD, so no need for shared libraries diff --git a/rcynic/rules.linux.mk b/rcynic/rules.linux.mk index 84275361..6a962cef 100644 --- a/rcynic/rules.linux.mk +++ b/rcynic/rules.linux.mk @@ -25,7 +25,31 @@ install-user-and-group: .FORCE echo "Please create it, then try again."; \ exit 1; \ fi - + @if getent group ${RPKIRTR_GROUP} >/dev/null; \ + then \ + echo "You already have a group \"${RPKIRTR_GROUP}\", so I will use it."; \ + elif /usr/sbin/groupadd ${RPKIRTR_GROUP}; \ + then \ + echo "Added group \"${RPKIRTR_GROUP}\"."; \ + else \ + echo "Adding group \"${RPKIRTR_GROUP}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi + @nogroup='-N'; \ + if test -f /etc/redhat-release; then read vendor release version < /etc/redhat-release; if test $$vendor = CentOS; then nogroup='-n'; fi; fi; \ + if getent passwd ${RPKIRTR_USER} >/dev/null; \ + then \ + echo "You already have a user \"${RPKIRTR_USER}\", so I will use it."; \ + elif /usr/sbin/useradd -g ${RPKIRTR_GROUP} -M $$nogroup -d "${RPKIRTR_DIR}" -s /sbin/nologin -c "${RPKIRTR_GECOS}" ${RPKIRTR_USER}; \ + then \ + echo "Added user \"${RPKIRTR_USER}\"."; \ + else \ + echo "Adding user \"${RPKIRTR_USER}\" failed..."; \ + echo "Please create it, then try again."; \ + exit 1; \ + fi + usermod -a -G ${RPKIRTR_GROUP} ${RCYNIC_USER} install-shared-libraries: .FORCE @echo "Copying required shared libraries" diff --git a/rtr-origin/rules.freebsd.mk b/rtr-origin/rules.freebsd.mk index 4cb21f3b..df99da47 100644 --- a/rtr-origin/rules.freebsd.mk +++ b/rtr-origin/rules.freebsd.mk @@ -18,7 +18,7 @@ install-listener: .FORCE @if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp[ ]" /etc/inetd.conf; \ then \ echo "You already have an inetd.conf entry for rpki-rtr on TCPv4, so I will use it."; \ - elif echo >>/etc/inetd.conf "rpki-rtr stream tcp nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; \ + elif echo >>/etc/inetd.conf "rpki-rtr stream tcp nowait rpkirtr /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; \ then \ echo "Added rpki-rtr for TCPv4 to /etc/inetd.conf."; \ else \ @@ -28,7 +28,7 @@ install-listener: .FORCE @if /usr/bin/egrep -q "rpki-rtr[ ]+stream[ ]+tcp6[ ]" /etc/inetd.conf; \ then \ echo "You already have an inetd.conf entry for rpki-rtr on TCPv6, so I will use it."; \ - elif echo >>/etc/inetd.conf "rpki-rtr stream tcp6 nowait nobody /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; \ + elif echo >>/etc/inetd.conf "rpki-rtr stream tcp6 nowait rpkirtr /usr/local/bin/rtr-origin rtr-origin --server /var/rcynic/rpki-rtr"; \ then \ echo "Added rpki-rtr for TCPv6 to /etc/inetd.conf."; \ else \ diff --git a/rtr-origin/rules.linux.mk b/rtr-origin/rules.linux.mk index 2faa0e41..73a00f9d 100644 --- a/rtr-origin/rules.linux.mk +++ b/rtr-origin/rules.linux.mk @@ -19,7 +19,7 @@ ${DESTDIR}/etc/xinetd.d/rpki-rtr: print " protocol = tcp"; \ print " port = ${RPKI_RTR_PORT}"; \ print " wait = no"; \ - print " user = nobody"; \ + print " user = rpkirtr"; \ print " server = /usr/bin/rtr-origin"; \ print " server_args = --server /var/rcynic/rpki-rtr"; \ print "}"; \ |