From 641d06074f4fdeb0daeb13da6f5dd93f65f7a766 Mon Sep 17 00:00:00 2001
From: Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
Date: Thu, 4 Apr 2019 12:15:55 +0200
Subject: Add init script: fetch-filter-cert (for diskless, workstation,
 terminalserver).

---
 debian/control                                     |  4 ++
 .../itzks-systems-diskless.fetch-filter-cert.init  |  1 +
 ...s-systems-terminalserver.fetch-filter-cert.init |  1 +
 ...tzks-systems-workstation.fetch-filter-cert.init |  1 +
 debian/rules                                       |  3 +
 etc/init.d/fetch-filter-cert                       | 80 ++++++++++++++++++++++
 6 files changed, 90 insertions(+)
 create mode 120000 debian/itzks-systems-diskless.fetch-filter-cert.init
 create mode 120000 debian/itzks-systems-terminalserver.fetch-filter-cert.init
 create mode 120000 debian/itzks-systems-workstation.fetch-filter-cert.init
 create mode 100755 etc/init.d/fetch-filter-cert

diff --git a/debian/control b/debian/control
index 384e66f..52379ee 100644
--- a/debian/control
+++ b/debian/control
@@ -222,6 +222,7 @@ Depends:
  links,
  linuxlogo,
  logisim,
+ lsb-base,
  mate-applets,
  mate-applet-brisk-menu,
  mate-desktop-environment,
@@ -654,6 +655,7 @@ Depends:
  libmonitoring-plugin-perl,
  links,
  linuxlogo,
+ lsb-base,
  mate-applet-brisk-menu,
  mate-desktop-environment-core,
  mc,
@@ -819,6 +821,7 @@ Depends:
  links,
  linuxlogo,
  logisim,
+ lsb-base,
  mate-applets,
  mate-applet-brisk-menu,
  mate-desktop-environment,
@@ -1134,6 +1137,7 @@ Depends:
  links,
  linuxlogo,
  logisim,
+ lsb-base,
  mate-applets,
  mate-applet-brisk-menu,
  mate-desktop-environment,
diff --git a/debian/itzks-systems-diskless.fetch-filter-cert.init b/debian/itzks-systems-diskless.fetch-filter-cert.init
new file mode 120000
index 0000000..048dfd5
--- /dev/null
+++ b/debian/itzks-systems-diskless.fetch-filter-cert.init
@@ -0,0 +1 @@
+../etc/init.d/fetch-filter-cert
\ No newline at end of file
diff --git a/debian/itzks-systems-terminalserver.fetch-filter-cert.init b/debian/itzks-systems-terminalserver.fetch-filter-cert.init
new file mode 120000
index 0000000..048dfd5
--- /dev/null
+++ b/debian/itzks-systems-terminalserver.fetch-filter-cert.init
@@ -0,0 +1 @@
+../etc/init.d/fetch-filter-cert
\ No newline at end of file
diff --git a/debian/itzks-systems-workstation.fetch-filter-cert.init b/debian/itzks-systems-workstation.fetch-filter-cert.init
new file mode 120000
index 0000000..048dfd5
--- /dev/null
+++ b/debian/itzks-systems-workstation.fetch-filter-cert.init
@@ -0,0 +1 @@
+../etc/init.d/fetch-filter-cert
\ No newline at end of file
diff --git a/debian/rules b/debian/rules
index b2498cc..0c6536b 100755
--- a/debian/rules
+++ b/debian/rules
@@ -4,6 +4,9 @@
 %:
 	dh ${@}
 
+override_dh_installinit:
+	dh_installinit --name fetch-filter-cert -r --no-start
+
 override_dh_installexamples:
 	cd examples/mainserver/ && tar cvf mainserver-tftp.tar tftp && gzip -9n mainserver-tftp.tar
 	cd examples/disklserver/ && tar cvf disklserver-tftp.tar tftp && gzip -9n disklserver-tftp.tar
diff --git a/etc/init.d/fetch-filter-cert b/etc/init.d/fetch-filter-cert
new file mode 100755
index 0000000..8fdae97
--- /dev/null
+++ b/etc/init.d/fetch-filter-cert
@@ -0,0 +1,80 @@
+#!/bin/sh
+### BEGIN INIT INFO
+# Provides:          fetch-filter-cert
+# Required-Start:    $local_fs $remote_fs
+# Required-Stop:     $local_fs $remote_fs
+# Should-Start:      $network $syslog $named
+# Default-Start:     2 3 4 5
+# Default-Stop:
+# Short-Description: Fetch e2guardian SSL public cacert
+# Description:
+#   Retrieve e2guardian proxy's CA certificate and add it to
+#   the system-wide list of CA certificates.
+### END INIT INFO
+
+set -xe
+
+. /lib/lsb/init-functions
+
+CERTFILE=/usr/local/share/ca-certificates/debian-edu/filter-ca.crt
+FILTERSERVER="filter"
+FILTERCACERTURL="http://$FILTERSERVER/filter-ca.crt"
+
+do_start() {
+    ERROR=false
+    if ! fping "$FILTERSERVER" 1>/dev/null 2>/dev/null; then
+	    logger -t fetch-filter-cert "Site does not have a content filter server, aborting."
+	    return 0
+    elif [ ! -f $CERTFILE ]; then
+	[ "$VERBOSE" != no ] && log_action_begin_msg "Fetching content filter CA certificate."
+	mkdir -p "$(dirname $CERTFILE)"
+	curl "$FILTERCACERTURL" > $CERTFILE.new
+	chmod 644 $CERTFILE.new
+	if test -s $CERTFILE.new && head -n1 $CERTFILE.new | grep -q -E '^-----BEGIN CERTIFICATE-----$'; then
+	    mv $CERTFILE.new $CERTFILE
+	    [ "$VERBOSE" != no ] && log_action_end_msg 0
+	    logger -t fetch-filter-cert "Fetched content filter CA certificate from $FILTERCACERTURL."
+	    update-ca-certificates 1>/dev/null
+	else
+	    rm $CERTFILE.new
+	    log_action_end_msg 1
+	    logger -t fetch-filter-cert "Failed to fetch content filter CA certificate from $FILTERCACERTURL."
+	    ERROR=true
+	fi
+    fi
+    if [ -d /opt/ltsp ] ; then
+	for ltsp_chroot in `find /opt/ltsp/ -mindepth 1 -maxdepth 1 -type d`; do
+	    if [ ! -f $ltsp_chroot$CERTFILE ]; then
+		[ "$VERBOSE" != no ] && 
+		log_action_begin_msg "Copying content filter CA certificate to ltsp-chroot $ltsp_chroot "
+		if test -s $CERTFILE; then
+	            mkdir -p $(dirname $ltsp_chroot/$CERTFILE)
+		    cp $CERTFILE $ltsp_chroot$CERTFILE
+		    chmod 644 $ltsp_chroot$CERTFILE
+		    chroot $ltsp_chroot update-ca-certificates 1>/dev/null
+		    [ "$VERBOSE" != no ] && log_action_end_msg 0
+		else
+		    log_action_end_msg 1
+		    ERROR=true
+		fi
+	    fi
+	done
+    fi
+    if $ERROR; then
+	return 1
+    fi
+}
+
+case "$1" in
+    start)
+	do_start
+	;;
+    stop)
+	;;
+    restart|force-reload)
+	;;
+    *)
+	echo "Usage: $0 {start|stop|restart|force-reload}"
+	exit 2
+esac
+exit 0
-- 
cgit v1.2.3