#! /bin/bash
+# Copyright (C) 2011 GRNET S.A.
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation; either version 2 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful, but
+# WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+# General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program; if not, write to the Free Software
+# Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
+# 02110-1301, USA.
+
### BEGIN TASK INFO
# Provides: DeleteSSHKeys
-# Requires: MountImage
-# Short-Description: Remove ssh keys if present.
+# RunBefore: EnforcePersonality
+# RunAfter: MountImage
+# Short-Description: Remove ssh keys and in some cases recreate them
### END TASK INFO
set -e
. "@commondir@/common.sh"
+trap task_cleanup EXIT
+report_task_start
+
+# Check if the task should be prevented from running.
+check_if_excluded
+
if [ ! -d "$SNF_IMAGE_TARGET" ]; then
log_error "Target dir: \`$SNF_IMAGE_TARGET' is missing."
fi
-target="$SNF_IMAGE_TARGET"
-
-if [ "$SNF_IMAGE_TYPE" != "extdump" ]; then
- cleanup
- trap - EXIT
+if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "windows" ]; then
exit 0
fi
-distro=$(get_base_distro "$SNF_IMAGE_TARGET")
+if [ "$SNF_IMAGE_PROPERTY_OSFAMILY" = "linux" ]; then
+ distro=$(get_base_distro "$SNF_IMAGE_TARGET")
+fi
HOST_KEY="/etc/ssh/ssh_host_key"
RSA_KEY="/etc/ssh/ssh_host_rsa_key"
DSA_KEY="/etc/ssh/ssh_host_dsa_key"
ECDSA_KEY="/etc/ssh/ssh_host_ecdsa_key"
+target="$SNF_IMAGE_TARGET"
+
+if [ "x$distro" = "xdebian" ]; then
+ mount -o bind /proc "$target/proc"
+ add_cleanup umount "$target/proc"
+ mount -o bind /dev "$target/dev"
+ add_cleanup umount "$target/dev"
+fi
#Remove the default keys
for pair in "$HOST_KEY@rsa1" "$RSA_KEY@rsa" "$DSA_KEY@dsa" "$ECDSA_KEY@ecdsa"; do
fi
done
-config="$target/etc/ssh/sshd_config"
+config="$target/etc/ssh/sshd_config"
if [ ! -e "$config" ]; then
- log_error "Config file: \`$config' is missing."
+ warn "Config file: \`$config' is missing."
+ warn "Can't check for non-default keys."
+ exit 0
fi
# Remove non-default keys...
-grep ^HostKey "$config" | while read key_line; do
+{ grep ^HostKey "$config" || true; } | while read key_line; do
key=$(echo $key_line | cut -d" " -f2)
if [ "$key" = $HOST_KEY -o "$key" = $RSA_KEY -o \
"$key" = $DSA_KEY -o "$key" = $ECDSA_KEY ]; then
- continue;
+ continue
fi
if [ "x$distro" = "xdebian" ]; then
# Most distros recreate missing keys...debian complains
type=""
if [ -e "$target/$key" ]; then
- if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key"; then
+ if grep -e "-----BEGIN DSA PRIVATE KEY-----" "$target/$key" > /dev/null; then
type=dsa
- elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key"; then
+ elif grep -e "-----BEGIN EC PRIVATE KEY-----" "$target/$key" > /dev/null; then
type=ecdsa
- elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key"; then
+ elif grep -e "-----BEGIN RSA PRIVATE KEY-----" "$target/$key" > /dev/null; then
type=rsa
- elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key"; then
+ elif grep -e "SSH PRIVATE KEY FILE FORMAT" "$target/$key" > /dev/null; then
type=rsa1
fi
else # do some guessing...
for i in rsa dsa ecdsa; do
- echo "$key" | grep _${i}_ && { type="$i"; break; }
+ if echo "$key" | grep _${i}_ > /dev/null; then
+ type="$i";
+ break;
+ fi
done
fi
if [ -z "$type" ]; then
fi
done
-cleanup
-trap - EXIT
-
exit 0
# vim: set sta sts=4 shiftwidth=4 sw=4 et ai :