1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
|
#!/bin/bash
set -e
# Copyright (C) 2018 Mike Gabriel <mike.gabriel@das-netzwerkteam.de>
#
# This script is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2 of the License, or
# (at your option) any later version.
#
# This script is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program; if not, write to the
# Free Software Foundation, Inc.,
# 51 Franklin St, Fifth Floor, Boston, MA 02110-1301, USA.
if [ $(id -u) -gt 0 ]; then
echo "ERROR: This script has to run as super-user root."
exit 1
fi
LTSP_OPT="/srv/ltsp"
# work around libpam-tmpdir not working for the
# root user and /tmp being too small anyway...
TMPDIR="/srv/tmp"
export TMPDIR
mkdir -p ${TMPDIR}/
chown root:root ${TMPDIR}
chmod 1777 ${TMPDIR}
# Prep LTSP configuration
if [ -e "/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in" ] && cat "/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in" | grep -v "#" | grep -q "@rootpw@"; then
# Drop previous ltsp.conf (yes, we want to do that!)
rm -f /etc/ltsp/ltsp.conf
touch /etc/ltsp/ltsp.conf
chown root:root /etc/ltsp/ltsp.conf
chmod 0600 /etc/ltsp/ltsp.conf
echo "# THIS FILE IS RE-CREATED DAILY FROM /etc/ltsp/ltsp.conf.itzks-systems-disklserver.in - DON'T EDIT THIS FILE" >> /etc/ltsp/ltsp.conf
echo >> /etc/ltsp/ltsp.conf
# configure LTSP before creating ltsp.img and iPXE config
host_rootpw=$(cat /etc/shadow | grep -E "^root:" | cut -d":" -f2)
[ "$host_rootpw" ] && export host_rootpw && perl -p -e "s/\@rootpw\@/\$ENV{host_rootpw}/g" "/etc/ltsp/ltsp.conf.itzks-systems-disklserver.in" >> "/etc/ltsp/ltsp.conf"
unset host_rootpw
fi
# Prep X2Go configuration (and pre the chroot, as well)
if [ -e "/etc/ltsp/x2gothinclient-settings.conf" ]; then
. "/etc/ltsp/x2gothinclient-settings.conf"
# FIXME: check for more than one chroot...
TC_FLAVOUR="${TC_FLAVOUR:-minidesktop}"
TC_DISTRO_CODENAME="${TC_DISTRO_CODENAME:-bullseye}"
TC_DISTRO_ARCH="${TC_DISTRO_ARCH:-amd64}"
TC_CHROOT="${TC_CHROOT:-/srv/ltsp/x2go-${TC_FLAVOUR}+${TC_DISTRO_ARCH}+${TC_DISTRO_CODENAME}}"
TC_CONFIG="${TC_CONFIG:-/etc/ltsp/settings_x2go-${TC_FLAVOUR}+${TC_DISTRO_ARCH}+${TC_DISTRO_CODENAME}}"
if [ -e "${TC_CHROOT}" ]; then
echo "Installing X2Go TCE configuration into chroot environment..."
mkdir -p "$TC_CHROOT/etc/x2go/"
ls "$TC_CONFIG/x2gothinclient_init.d/" | while read init_part; do
mkdir -p "$TC_CHROOT/etc/x2go/x2gothinclient_init.d/"
if test -f "$TC_CONFIG/x2gothinclient_init.d/$init_part"; then
cp -v "$TC_CONFIG/x2gothinclient_init.d/$init_part" "$TC_CHROOT/etc/x2go/x2gothinclient_init.d/"
chmod a+rx "$TC_CHROOT/etc/x2go/x2gothinclient_init.d/$init_part"
fi
done
if test -f "$TC_CONFIG/x2gothinclient-${TC_FLAVOUR}_start"; then
cp -v "$TC_CONFIG/x2gothinclient-${TC_FLAVOUR}_start" "$TC_CHROOT/etc/x2go/x2gothinclient-${TC_FLAVOUR}_start"
chmod a+rx "$TC_CHROOT/etc/x2go/x2gothinclient-${TC_FLAVOUR}_start"
fi
if test -f "$TC_CONFIG/x2gothinclient_sessions"; then
cp -v "$TC_CONFIG/x2gothinclient_sessions" "$TC_CHROOT/etc/x2go/x2gothinclient_sessions"
chmod a+rx "$TC_CHROOT/etc/x2go/x2gothinclient_sessions"
fi
if test -f "$TC_CONFIG/x2gothinclient-${TC_FLAVOUR}_background.svg"; then
rm "$TC_CHROOT/etc/x2go/x2gothinclient-${TC_FLAVOUR}_background.svg"
cp -v "$TC_CONFIG/x2gothinclient-${TC_FLAVOUR}_background.svg" "$TC_CHROOT/etc/x2go/x2gothinclient-${TC_FLAVOUR}_background.svg"
ln -sf "/etc/x2go/x2gothinclient-${TC_FLAVOUR}_background.svg" "$TC_CHROOT/etc/x2go/x2gothinclient-background.svg"
fi
if test -f "$TC_CONFIG/freerdp/known_hosts" || test -f "$TC_CONFIG/freerdp/known_hosts2" ; then
mkdir -p "$TC_CHROOT/etc/x2go/freerdp/"
cp -v "$TC_CONFIG"/freerdp/known_hosts* "$TC_CHROOT/etc/x2go/freerdp/"
fi
fi
fi
# update (rebuild) squashfs images
ltsp_chroots="$(ls "${LTSP_OPT}" | while read chroot_dir; do test ! -h "${LTSP_OPT}/${chroot_dir}" -a -x "${LTSP_OPT}/${chroot_dir}/bin/bash" && echo -n "${chroot_dir} " || true; done)"
ltsp_chroots="${ltsp_chroots%%?*( )}"
for chroot in ${ltsp_chroots}; do
if [ -e "${LTSP_OPT}/${chroot}/chroot-upgrade-in-process" ]; then
echo "Chroot ${LTSP_OPT}/${chroot} is currently being upgraded. Skipping..."
continue
fi
latest_upgrade=$(ls ${LTSP_OPT}/${chroot} | grep -E 'chroot-updated_[0-9]{8}$' | sort | tail -n1)
if [ -z "${latest_upgrade}" ]; then
echo "chroot ${LTSP_OPT}/${chroot} lacks the chroot-updated_<date> file. Can't proceeed. Skipping..."
continue
fi
# several chroot preparations (also helpful when directly booting the nfsroot)...
# These preparations run with every script execution (i.e. daily via CRON) to make sure the
# NFS chroot is updated.
# Copy an appropriate SSH secret key for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/id_<crypto>.
# Currently we prefer disklserver:/root/.ssh/id_<crypto>.DLW and fall back to the host's private key file
# (i.e. disklserver:/root/.ssh/id_<crypto>).
for priv_key_file in id_ecdsa id_ecdsa_sk id_ed25519 id_ed25519_sk id_rsa; do
if [ -e "/root/.ssh/${priv_key_file}.DLW" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then
mkdir -p "${LTSP_OPT}/${chroot}/root/.ssh/"
cp "/root/.ssh/${priv_key_file}.DLW" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}"
elif [ -e "/root/.ssh/${priv_key_file}" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}" ]; then
mkdir -p "${LTSP_OPT}/${chroot}/root/.ssh/"
cp "/root/.ssh/${priv_key_file}" "${LTSP_OPT}/${chroot}/root/.ssh/${priv_key_file}"
fi
done
# Copy the host's SSH host keys to the LTSP client chroot if it doesn't have any host keys
host_keys="$(find /etc/ssh/ssh_host_*)"
if [ -n "${host_keys}" ]; then
for host_key in ${host_keys}; do
cp "${host_key}" "${LTSP_OPT}/${chroot}/etc/ssh/"
done
fi
# Copy the SSH authorized_keys file for DLWs to ${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys (e.g. disklserver:/root/.ssh/authorized_keys)
# Use host's authorized_keys file for granting DLW access via SSH as root without password
if [ -e "/root/.ssh/authorized_keys" ] && [ ! -e "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys" ]; then
mkdir -p "${LTSP_OPT}/${chroot}/root/.ssh/"
cp "/root/.ssh/authorized_keys" "${LTSP_OPT}/${chroot}/root/.ssh/authorized_keys"
fi
# Create the SquashFS image (if an update is required)
if [ -e "${LTSP_OPT}/${chroot}/${latest_upgrade}.squashfs-created" ]; then
echo "chroot ${LTSP_OPT}/${chroot}'s squashfs image is up-to-date. Skipping..."
else
if ltsp image "${LTSP_OPT}/${chroot}"; then
rm -f "${LTSP_OPT}/${chroot}/chroot-updated_*.squashfs-created"
touch "${LTSP_OPT}/${chroot}/${latest_upgrade}.squashfs-created"
fi
fi
done
# let's update kernel images, ltsp.img (LTSP initrd) and LTSP's iPXE
# boot menu configuration, just in case...
ALL_IMAGES=1 ltsp kernel
ltsp initrd
ltsp ipxe
|
