summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMike Gabriel <mike.gabriel@das-netzwerkteam.de>2019-04-04 12:15:55 +0200
committerMike Gabriel <mike.gabriel@das-netzwerkteam.de>2019-04-04 12:22:39 +0200
commit641d06074f4fdeb0daeb13da6f5dd93f65f7a766 (patch)
tree1e17845557b3bff294700b8e00c62c36aab68003
parent3c5c2885dd4a7c26068a055f8e6506836b418c62 (diff)
downloaditzks-systems-641d06074f4fdeb0daeb13da6f5dd93f65f7a766.zip
itzks-systems-641d06074f4fdeb0daeb13da6f5dd93f65f7a766.tar.gz
itzks-systems-641d06074f4fdeb0daeb13da6f5dd93f65f7a766.tar.bz2
Add init script: fetch-filter-cert (for diskless, workstation, terminalserver).
-rw-r--r--debian/control4
l---------debian/itzks-systems-diskless.fetch-filter-cert.init1
l---------debian/itzks-systems-terminalserver.fetch-filter-cert.init1
l---------debian/itzks-systems-workstation.fetch-filter-cert.init1
-rwxr-xr-xdebian/rules3
-rwxr-xr-xetc/init.d/fetch-filter-cert80
6 files changed, 90 insertions, 0 deletions
diff --git a/debian/control b/debian/control
index 384e66f..52379ee 100644
--- a/debian/control
+++ b/debian/control
@@ -222,6 +222,7 @@ Depends:
links,
linuxlogo,
logisim,
+ lsb-base,
mate-applets,
mate-applet-brisk-menu,
mate-desktop-environment,
@@ -654,6 +655,7 @@ Depends:
libmonitoring-plugin-perl,
links,
linuxlogo,
+ lsb-base,
mate-applet-brisk-menu,
mate-desktop-environment-core,
mc,
@@ -819,6 +821,7 @@ Depends:
links,
linuxlogo,
logisim,
+ lsb-base,
mate-applets,
mate-applet-brisk-menu,
mate-desktop-environment,
@@ -1134,6 +1137,7 @@ Depends:
links,
linuxlogo,
logisim,
+ lsb-base,
mate-applets,
mate-applet-brisk-menu,
mate-desktop-environment,
diff --git a/debian/itzks-systems-diskless.fetch-filter-cert.init b/debian/itzks-systems-diskless.fetch-filter-cert.init
new file mode 120000
index 0000000..048dfd5
--- /dev/null
+++ b/debian/itzks-systems-diskless.fetch-filter-cert.init
@@ -0,0 +1 @@
+../etc/init.d/fetch-filter-cert \ No newline at end of file
diff --git a/debian/itzks-systems-terminalserver.fetch-filter-cert.init b/debian/itzks-systems-terminalserver.fetch-filter-cert.init
new file mode 120000
index 0000000..048dfd5
--- /dev/null
+++ b/debian/itzks-systems-terminalserver.fetch-filter-cert.init
@@ -0,0 +1 @@
+../etc/init.d/fetch-filter-cert \ No newline at end of file
diff --git a/debian/itzks-systems-workstation.fetch-filter-cert.init b/debian/itzks-systems-workstation.fetch-filter-cert.init
new file mode 120000
index 0000000..048dfd5
--- /dev/null
+++ b/debian/itzks-systems-workstation.fetch-filter-cert.init
@@ -0,0 +1 @@
+../etc/init.d/fetch-filter-cert \ No newline at end of file
diff --git a/debian/rules b/debian/rules
index b2498cc..0c6536b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,6 +4,9 @@
%:
dh ${@}
+override_dh_installinit:
+ dh_installinit --name fetch-filter-cert -r --no-start
+
override_dh_installexamples:
cd examples/mainserver/ && tar cvf mainserver-tftp.tar tftp && gzip -9n mainserver-tftp.tar
cd examples/disklserver/ && tar cvf disklserver-tftp.tar tftp && gzip -9n disklserver-tftp.tar
diff --git a/etc/init.d/fetch-filter-cert b/etc/init.d/fetch-filter-cert
new file mode 100755
index 0000000..8fdae97
--- /dev/null
+++ b/etc/init.d/fetch-filter-cert
@@ -0,0 +1,80 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides: fetch-filter-cert
+# Required-Start: $local_fs $remote_fs
+# Required-Stop: $local_fs $remote_fs
+# Should-Start: $network $syslog $named
+# Default-Start: 2 3 4 5
+# Default-Stop:
+# Short-Description: Fetch e2guardian SSL public cacert
+# Description:
+# Retrieve e2guardian proxy's CA certificate and add it to
+# the system-wide list of CA certificates.
+### END INIT INFO
+
+set -xe
+
+. /lib/lsb/init-functions
+
+CERTFILE=/usr/local/share/ca-certificates/debian-edu/filter-ca.crt
+FILTERSERVER="filter"
+FILTERCACERTURL="http://$FILTERSERVER/filter-ca.crt"
+
+do_start() {
+ ERROR=false
+ if ! fping "$FILTERSERVER" 1>/dev/null 2>/dev/null; then
+ logger -t fetch-filter-cert "Site does not have a content filter server, aborting."
+ return 0
+ elif [ ! -f $CERTFILE ]; then
+ [ "$VERBOSE" != no ] && log_action_begin_msg "Fetching content filter CA certificate."
+ mkdir -p "$(dirname $CERTFILE)"
+ curl "$FILTERCACERTURL" > $CERTFILE.new
+ chmod 644 $CERTFILE.new
+ if test -s $CERTFILE.new && head -n1 $CERTFILE.new | grep -q -E '^-----BEGIN CERTIFICATE-----$'; then
+ mv $CERTFILE.new $CERTFILE
+ [ "$VERBOSE" != no ] && log_action_end_msg 0
+ logger -t fetch-filter-cert "Fetched content filter CA certificate from $FILTERCACERTURL."
+ update-ca-certificates 1>/dev/null
+ else
+ rm $CERTFILE.new
+ log_action_end_msg 1
+ logger -t fetch-filter-cert "Failed to fetch content filter CA certificate from $FILTERCACERTURL."
+ ERROR=true
+ fi
+ fi
+ if [ -d /opt/ltsp ] ; then
+ for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
+ if [ ! -f $ltsp_chroot$CERTFILE ]; then
+ [ "$VERBOSE" != no ] &&
+ log_action_begin_msg "Copying content filter CA certificate to ltsp-chroot $ltsp_chroot "
+ if test -s $CERTFILE; then
+ mkdir -p $(dirname $ltsp_chroot/$CERTFILE)
+ cp $CERTFILE $ltsp_chroot$CERTFILE
+ chmod 644 $ltsp_chroot$CERTFILE
+ chroot $ltsp_chroot update-ca-certificates 1>/dev/null
+ [ "$VERBOSE" != no ] && log_action_end_msg 0
+ else
+ log_action_end_msg 1
+ ERROR=true
+ fi
+ fi
+ done
+ fi
+ if $ERROR; then
+ return 1
+ fi
+}
+
+case "$1" in
+ start)
+ do_start
+ ;;
+ stop)
+ ;;
+ restart|force-reload)
+ ;;
+ *)
+ echo "Usage: $0 {start|stop|restart|force-reload}"
+ exit 2
+esac
+exit 0