[pkg-bacula-commits] [bacula] 21/35: Don't set passwords at build time but ask for them
Carsten Leonhardt
leo at moszumanska.debian.org
Wed Jul 20 10:21:39 UTC 2016
This is an automated email from the git hooks/post-receive script.
leo pushed a commit to tag development/2011-04-29
in repository bacula.
commit d4676fc19978a0588bb09a58234cf451d15859d6
Author: Jan Hauke Rahm <jhr at debian.org>
Date: Wed Apr 27 11:57:10 2011 +0200
Don't set passwords at build time but ask for them
Instead of setting pseudo-passwords at build time that get changed
during postinst, rather ask for them via debconf and set them. If the
user doesn't provide passwords, leave them untouched but, if it's an
install (not an upgrade), disable the daemon to avoid getting it started
without proper passwords.
Closes: #585037, #602191, #493092
---
.gitignore | 3 +++
debian/bacula-director-db.config.in | 5 +++++
debian/bacula-director-db.postinst.in | 31 +++++++++++++++++++++++++--
debian/bacula-director-db.templates.in | 20 +++++++++++++++++
debian/bacula-fd.config | 8 +++++++
debian/bacula-fd.postinst | 35 ++++++++++++++++++++++++++++++
debian/bacula-fd.templates | 20 +++++++++++++++++
debian/bacula-sd.config | 8 +++++++
debian/bacula-sd.postinst | 35 ++++++++++++++++++++++++++++++
debian/bacula-sd.templates | 20 +++++++++++++++++
debian/patches/fix-default-config | 39 +++++++++++++++++++---------------
debian/po/POTFILES.in | 5 +++++
debian/rules | 11 +---------
13 files changed, 211 insertions(+), 29 deletions(-)
diff --git a/.gitignore b/.gitignore
index aef4a66..02d1110 100644
--- a/.gitignore
+++ b/.gitignore
@@ -1381,3 +1381,6 @@ debian/bacula-sd-pgsql.install
debian/bacula-sd-pgsql.manpages
debian/bacula-sd-sqlite3.install
debian/bacula-sd-sqlite3.manpages
+debian/bacula-director-mysql.templates
+debian/bacula-director-pgsql.templates
+debian/bacula-director-sqlite3.templates
diff --git a/debian/bacula-director-db.config.in b/debian/bacula-director-db.config.in
index 0c76026..efb162e 100644
--- a/debian/bacula-director-db.config.in
+++ b/debian/bacula-director-db.config.in
@@ -19,3 +19,8 @@ if [ -f /usr/share/dbconfig-common/dpkg/config.$THISDB ]; then
. /usr/share/dbconfig-common/dpkg/config.$THISDB
dbc_go bacula-director-$THISDB $@
fi
+
+# director passwords
+db_input medium bacula-dir/password || true
+db_input medium bacula-dir/mon-password || true
+db_go
diff --git a/debian/bacula-director-db.postinst.in b/debian/bacula-director-db.postinst.in
index 38ec36c..f895f38 100644
--- a/debian/bacula-director-db.postinst.in
+++ b/debian/bacula-director-db.postinst.in
@@ -1,6 +1,16 @@
-#! /bin/bash
+#! /bin/sh
set -e
+PKG=bacula-dir
+
+CONFDIR=/etc/bacula
+PW_FILE=$PKG-password.conf
+MONPW_FILE=$PKG-mon-password.conf
+DEFAULTFILE=/etc/default/$PKG
+
+DEFAULT_TEXT="No password has been provided.\nThe daemon is thus deactivated for your safety via\n$DEFAULTFILE."
+COMMON_TEXT="# This file is sourced by the daemon's main config file."
+
THISDB=XX_DB_XX
. /usr/share/debconf/confmodule
@@ -24,7 +34,24 @@ if [ -f /usr/share/dbconfig-common/dpkg/postinst.$THISDB ]; then
dbc_go bacula-director-$THISDB $@
fi
-db_stop
+# Create files with passwords that can be sourced from the main config if the
+# user did provide a password.
+if [ "$1" = "configure" ]; then
+ db_get $PKG/password && PW="$RET"
+ db_get $PKG/mon-password && MONPW="$RET"
+
+ [ -z "$PW" ] || printf "$COMMON_TEXT\n\nPassword = \"$PW\"" > $CONFDIR/$PW_FILE
+ [ -z "$MONPW" ] || printf "$COMMON_TEXT\n\nPassword = \"$MONPW\"" > $CONFDIR/$MONPW_FILE
+
+ # if this is a new installation and the user didn't provide passwords,
+ # deactivate daemon
+ if [ -z "$2" ]; then
+ if [ -z "$PW" -o -z "$MONPW" ]; then
+ printf "$DEFAULT_TEXT"
+ sed -i -e 's/^ENABLED=.*$/ENABLED=no/' $DEFAULTFILE
+ fi
+ fi
+fi
invoke-rc.d --quiet bacula-director start
diff --git a/debian/bacula-director-db.templates.in b/debian/bacula-director-db.templates.in
new file mode 100644
index 0000000..fde363f
--- /dev/null
+++ b/debian/bacula-director-db.templates.in
@@ -0,0 +1,20 @@
+Template: bacula-dir/password
+Type: password
+_Description: Password for the bacula storage daemon:
+ To be able to connect to this daemon a password needs to be set. Please
+ provide one here.
+ .
+ If you leave the field empty, no password will be set. On new installation the
+ daemon will then be deactivated to make sure the daemon is not started without
+ a password.
+
+Template: bacula-dir/mon-password
+Type: password
+_Description: Password for the bacula storage daemon monitor:
+ Restricted access can also be established to this daemon (for instance from
+ the bacula-tray-monitor util). For that a password needs to be set. Please
+ provide one here.
+ .
+ If you leave the field empty, no password will be set. On new installation the
+ daemon will then be deactivated to make sure the daemon is not started without
+ a password.
diff --git a/debian/bacula-fd.config b/debian/bacula-fd.config
new file mode 100644
index 0000000..dc74796
--- /dev/null
+++ b/debian/bacula-fd.config
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+db_input medium bacula-fd/password || true
+db_input medium bacula-fd/mon-password || true
+db_go
diff --git a/debian/bacula-fd.postinst b/debian/bacula-fd.postinst
new file mode 100644
index 0000000..788226d
--- /dev/null
+++ b/debian/bacula-fd.postinst
@@ -0,0 +1,35 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+PKG=bacula-fd
+
+CONFDIR=/etc/bacula
+PW_FILE=$PKG-password.conf
+MONPW_FILE=$PKG-mon-password.conf
+DEFAULTFILE=/etc/default/$PKG
+
+DEFAULT_TEXT="No password has been provided.\nThe daemon is thus deactivated for your safety via\n$DEFAULTFILE."
+COMMON_TEXT="# This file is sourced by the daemon's main config file."
+
+# Create files with passwords that can be sourced from the main config if the
+# user did provide a password.
+if [ "$1" = "configure" ]; then
+ db_get $PKG/password && PW="$RET"
+ db_get $PKG/mon-password && MONPW="$RET"
+
+ [ -z "$PW" ] || printf "$COMMON_TEXT\n\nPassword = \"$PW\"" > $CONFDIR/$PW_FILE
+ [ -z "$MONPW" ] || printf "$COMMON_TEXT\n\nPassword = \"$MONPW\"" > $CONFDIR/$MONPW_FILE
+
+ # if this is a new installation and the user didn't provide passwords,
+ # deactivate daemon
+ if [ -z "$2" ]; then
+ if [ -z "$PW" -o -z "$MONPW" ]; then
+ printf "$DEFAULT_TEXT"
+ sed -i -e 's/^ENABLED=.*$/ENABLED=no/' $DEFAULTFILE
+ fi
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/bacula-fd.templates b/debian/bacula-fd.templates
new file mode 100644
index 0000000..7165f2b
--- /dev/null
+++ b/debian/bacula-fd.templates
@@ -0,0 +1,20 @@
+Template: bacula-fd/password
+Type: password
+_Description: Password for the bacula file daemon:
+ To be able to connect to this daemon a password needs to be set. Please
+ provide one here.
+ .
+ If you leave the field empty, no password will be set. On new installation the
+ daemon will then be deactivated to make sure the daemon is not started without
+ a password.
+
+Template: bacula-fd/mon-password
+Type: password
+_Description: Password for the bacula file daemon monitor:
+ Restricted access can also be established to this daemon (for instance from
+ the bacula-tray-monitor util). For that a password needs to be set. Please
+ provide one here.
+ .
+ If you leave the field empty, no password will be set. On new installation the
+ daemon will then be deactivated to make sure the daemon is not started without
+ a password.
diff --git a/debian/bacula-sd.config b/debian/bacula-sd.config
new file mode 100644
index 0000000..e702556
--- /dev/null
+++ b/debian/bacula-sd.config
@@ -0,0 +1,8 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+db_input medium bacula-sd/password || true
+db_input medium bacula-sd/mon-password || true
+db_go
diff --git a/debian/bacula-sd.postinst b/debian/bacula-sd.postinst
new file mode 100644
index 0000000..9556248
--- /dev/null
+++ b/debian/bacula-sd.postinst
@@ -0,0 +1,35 @@
+#!/bin/sh
+set -e
+
+. /usr/share/debconf/confmodule
+
+PKG=bacula-sd
+
+CONFDIR=/etc/bacula
+PW_FILE=$PKG-password.conf
+MONPW_FILE=$PKG-mon-password.conf
+DEFAULTFILE=/etc/default/$PKG
+
+DEFAULT_TEXT="No password has been provided.\nThe daemon is thus deactivated for your safety via\n$DEFAULTFILE."
+COMMON_TEXT="# This file is sourced by the daemon's main config file."
+
+# Create files with passwords that can be sourced from the main config if the
+# user did provide a password.
+if [ "$1" = "configure" ]; then
+ db_get $PKG/password && PW="$RET"
+ db_get $PKG/mon-password && MONPW="$RET"
+
+ [ -z "$PW" ] || printf "$COMMON_TEXT\n\nPassword = \"$PW\"" > $CONFDIR/$PW_FILE
+ [ -z "$MONPW" ] || printf "$COMMON_TEXT\n\nPassword = \"$MONPW\"" > $CONFDIR/$MONPW_FILE
+
+ # if this is a new installation and the user didn't provide passwords,
+ # deactivate daemon
+ if [ -z "$2" ]; then
+ if [ -z "$PW" -o -z "$MONPW" ]; then
+ printf "$DEFAULT_TEXT"
+ sed -i -e 's/^ENABLED=.*$/ENABLED=no/' $DEFAULTFILE
+ fi
+ fi
+fi
+
+#DEBHELPER#
diff --git a/debian/bacula-sd.templates b/debian/bacula-sd.templates
new file mode 100644
index 0000000..d55a91d
--- /dev/null
+++ b/debian/bacula-sd.templates
@@ -0,0 +1,20 @@
+Template: bacula-sd/password
+Type: password
+_Description: Password for the bacula storage daemon:
+ To be able to connect to this daemon a password needs to be set. Please
+ provide one here.
+ .
+ If you leave the field empty, no password will be set. On new installation the
+ daemon will then be deactivated to make sure the daemon is not started without
+ a password.
+
+Template: bacula-sd/mon-password
+Type: password
+_Description: Password for the bacula storage daemon monitor:
+ Restricted access can also be established to this daemon (for instance from
+ the bacula-tray-monitor util). For that a password needs to be set. Please
+ provide one here.
+ .
+ If you leave the field empty, no password will be set. On new installation the
+ daemon will then be deactivated to make sure the daemon is not started without
+ a password.
diff --git a/debian/patches/fix-default-config b/debian/patches/fix-default-config
index 33fdca9..b8188e6 100644
--- a/debian/patches/fix-default-config
+++ b/debian/patches/fix-default-config
@@ -1,6 +1,6 @@
--- a/src/dird/bacula-dir.conf.in
+++ b/src/dird/bacula-dir.conf.in
-@@ -13,7 +13,7 @@
+@@ -13,21 +13,22 @@
#
Director { # define myself
@@ -9,9 +9,10 @@
DIRport = @dir_port@ # where we listen for UA connections
QueryFile = "@scriptdir@/query.sql"
WorkingDirectory = "@working_dir@"
-@@ -21,13 +21,14 @@
+ PidDirectory = "@piddir@"
Maximum Concurrent Jobs = 1
- Password = "@dir_password@" # Console password
+- Password = "@dir_password@" # Console password
++ @/etc/bacula/bacula-dir-password.conf
Messages = Daemon
+ DirAddress = 127.0.0.1
}
@@ -86,30 +87,35 @@
#
Console {
- Name = @basename at -mon
+- Password = "@mon_dir_password@"
+ Name = localhost-mon
- Password = "@mon_dir_password@"
++ @/etc/bacula/bacula-dir-mon-password.conf
CommandACL = status, .status
}
--- a/src/filed/bacula-fd.conf.in
+++ b/src/filed/bacula-fd.conf.in
-@@ -11,7 +11,7 @@
+@@ -11,8 +11,8 @@
# List Directors who are permitted to contact this File daemon
#
Director {
- Name = @basename at -dir
+- Password = "@fd_password@"
+ Name = localhost-dir
- Password = "@fd_password@"
++ @/etc/bacula/bacula-fd-password.conf
}
-@@ -20,7 +20,7 @@
+ #
+@@ -20,8 +20,8 @@
# status of the file daemon
#
Director {
- Name = @basename at -mon
+- Password = "@mon_fd_password@"
+ Name = localhost-mon
- Password = "@mon_fd_password@"
++ @/etc/bacula/bacula-fd-mon-password.conf
Monitor = yes
}
+
@@ -29,15 +29,16 @@
# "Global" File daemon configuration specifications
#
@@ -131,7 +137,7 @@
}
--- a/src/stored/bacula-sd.conf.in
+++ b/src/stored/bacula-sd.conf.in
-@@ -11,18 +11,19 @@
+@@ -11,19 +11,20 @@
#
Storage { # definition of myself
@@ -149,19 +155,23 @@
#
Director {
- Name = @basename at -dir
+- Password = "@sd_password@"
+ Name = localhost-dir
- Password = "@sd_password@"
++ @/etc/bacula/bacula-sd-password.conf
}
-@@ -31,7 +32,7 @@
+ #
+@@ -31,8 +32,8 @@
# status of the storage daemon
#
Director {
- Name = @basename at -mon
+- Password = "@mon_sd_password@"
+ Name = localhost-mon
- Password = "@mon_sd_password@"
++ @/etc/bacula/bacula-sd-mon-password.conf
Monitor = yes
}
+
@@ -201,5 +202,5 @@
#
Messages {
@@ -179,8 +189,3 @@
}
#
-#--- /dev/null
-#+++ b/scripts/logwatch/logfile.bacula.conf.in
-#@@ -0,0 +1,2 @@
-#+# What actual file? Defaults to LogPath if not absolute path....
-#+LogFile = /var/lib/bacula/log
diff --git a/debian/po/POTFILES.in b/debian/po/POTFILES.in
new file mode 100644
index 0000000..c58c734
--- /dev/null
+++ b/debian/po/POTFILES.in
@@ -0,0 +1,5 @@
+[type: gettext/rfc822deb] bacula-fd.templates
+[type: gettext/rfc822deb] bacula-sd.templates
+[type: gettext/rfc822deb] bacula-director-sqlite3.templates
+[type: gettext/rfc822deb] bacula-director-mysql.templates
+[type: gettext/rfc822deb] bacula-director-pgsql.templates
diff --git a/debian/rules b/debian/rules
index 2c2bde8..7755e40 100755
--- a/debian/rules
+++ b/debian/rules
@@ -8,7 +8,7 @@ DBGPKGS := $(shell fgrep dbg debian/control | sed -e 's/Package: //' -e 's/-dbg/
VARIANTS := pgsql mysql sqlite3
# auto-generated files in debian/
-FILETYPES := install manpages config postinst postrm preinst prerm
+FILETYPES := install manpages config postinst postrm preinst prerm templates
PACKAGES := director sd
######################################################################
@@ -27,15 +27,6 @@ CONF_ALL = --enable-smartalloc \
--enable-batch-insert \
--without-qwt \
--enable-ipv6 \
- --with-dir-passowrd=XXX_DIRPASSWORD_XXX \
- --with-fd-password=XXX_FDPASSWORD_XXX \
- --with-sd-password=XXX_SDPASSWORD_XXX \
- --with-mon-dir-password=XXX_MONDIRPASSWORD_XXX \
- --with-mon-fd-password=XXX_MONFDPASSWORD_XXX \
- --with-mon-sd-password=XXX_MONSDPASSWORD_XXX \
- --with-db-name=XXX_DBNAME_XXX \
- --with-db-user=XXX_DBUSER_XXX \
- --with-db-password=XXX_DBPASSWORD_XXX \
--config-cache \
--with-archivedir=/nonexistant/path/to/file/archive/dir \
--sysconfdir=/etc/bacula --with-scriptdir=/etc/bacula/scripts \
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-bacula/bacula.git
More information about the pkg-bacula-commits
mailing list