Bug#592550: String freeze for Debian Installer

To: 592550@bugs.debian.org
Subject: Bug#592550: String freeze for Debian Installer
From: Charles Plessy <plessy@debian.org>
Date: Sat, 21 Apr 2012 13:52:22 +0900
Message-id: <[🔎] 20120421045222.GA31501@falafel.plessy.net>
Reply-to: Charles Plessy <plessy@debian.org>, 592550@bugs.debian.org
In-reply-to: <[🔎] 20120404165137.GA28978@mykerinos.kheops.frmug.org>
References: <[🔎] 20120404050314.GD4624@mykerinos.kheops.frmug.org> <[🔎] 20120404071116.GG12520@falafel.plessy.net> <[🔎] 20120404165137.GA28978@mykerinos.kheops.frmug.org>

Le Wed, Apr 04, 2012 at 06:51:37PM +0200, Christian PERRIER a écrit :
> 
> I propose you use sublevel 6.
> 
> Then update the patch...then propose a patch to the D-I documentation
> (the part about preseeding as any preseedable value should be
> documented there).

Dear Christian and everybody,

here is an updated patch to network-console, to implement SSH connection via
authorized keys downloaded at run time.

I am still studying how to test the patched udeb...

I will submit a patch to the D-I documentation separately.  In the meantime,
please let me know if you spot a problem with the attached patches.

Have a nice week-end,

-- 
Charles Plessy
Tsurumi, Kanagawa, Japan

>From a46062a72f680feebc78ff7a630ccb5765b478c1 Mon Sep 17 00:00:00 2001
From: Charles Plessy <plessy@debian.org>
Date: Sat, 21 Apr 2012 11:53:13 +0900
Subject: [PATCH 1/4] Add support for public-key authentication (Matt T.
 Proud, LP: #184108).

URL: http://patches.ubuntu.com/n/network-console/network-console_1.29ubuntu1.patch
---
 debian/network-console.postinst  |   25 ++++++++++++++++++++++++-
 debian/network-console.templates |   16 ++++++++++++++++
 2 files changed, 40 insertions(+), 1 deletion(-)

diff --git a/debian/network-console.postinst b/debian/network-console.postinst
index c5c0560..cbfe825 100755
--- a/debian/network-console.postinst
+++ b/debian/network-console.postinst
@@ -26,7 +26,30 @@ case "$ARCHDETECT" in
 	;;
 esac
 
-while [ -z "$PASSWORD" ]; do
+db_get $TEMPLATE_ROOT/authorized_keys_url
+
+AUTHORIZED_KEYS_URL="$RET"
+AUTHORIZED_KEYS_DIRECTORY="/.ssh"
+AUTHORIZED_KEYS_FILE="$AUTHORIZED_KEYS_DIRECTORY/authorized_keys"
+
+if [ -n "$AUTHORIZED_KEYS_URL" ]; then
+	if [ ! -f "$AUTHORIZED_KEYS_FILE" ]; then
+		[ -d "$AUTHORIZED_KEYS_DIRECTORY" ] || \
+		    mkdir "$AUTHORIZED_KEYS_DIRECTORY"
+		chmod 0700 "$AUTHORIZED_KEYS_DIRECTORY"
+		if ! wget -q "$AUTHORIZED_KEYS_URL" -O "$AUTHORIZED_KEYS_FILE"; then
+			db_subst $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+			    LOCATION "$AUTHORIZED_KEYS_URL"
+			db_input critical $TEMPLATE_ROOT/authorized_keys_fetch_failure \
+			    || true
+			db_go
+			exit 1
+		fi
+		chmod 0644 "$AUTHORIZED_KEYS_FILE" || true
+	fi
+fi
+
+while [ ! -f "$AUTHORIZED_KEYS_FILE" ] && [ -z "$PASSWORD" ]; do
 	db_input critical $TEMPLATE_ROOT/password || true
 	COMPARE_PW=''
 	db_input high $TEMPLATE_ROOT/password-again && COMPARE_PW=1 || true
diff --git a/debian/network-console.templates b/debian/network-console.templates
index 4439379..58daa88 100644
--- a/debian/network-console.templates
+++ b/debian/network-console.templates
@@ -75,3 +75,19 @@ _Description: Start SSH
  .
  Please check this carefully against the fingerprint reported by
  your SSH client.
+
+Template: network-console/authorized_keys_url
+Type: string
+Description: for internal use; can be preseeded
+ What URL contains a list of authorized SSH public keys?
+ .
+ The file at the given URL should be of the same form as a standard OpenSSH
+ authorized_keys file.
+
+Template: network-console/authorized_keys_fetch_failure
+Type: error
+# should be translated when committed upstream
+Description: Could not fetch OpenSSH authorized keys
+ An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
+ .
+ Check /var/log/syslog or see virtual console 4 for the details.
-- 
1.7.9.5

>From 2228ea565729b20691b2451af5743e331647d9e8 Mon Sep 17 00:00:00 2001
From: Charles Plessy <plessy@debian.org>
Date: Sat, 21 Apr 2012 12:17:31 +0900
Subject: [PATCH 2/4] Mark network-console/authorized_keys_fetch_failure for
 translation.

---
 debian/network-console.templates |    4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/debian/network-console.templates b/debian/network-console.templates
index 58daa88..db8621d 100644
--- a/debian/network-console.templates
+++ b/debian/network-console.templates
@@ -86,8 +86,8 @@ Description: for internal use; can be preseeded
 
 Template: network-console/authorized_keys_fetch_failure
 Type: error
-# should be translated when committed upstream
-Description: Could not fetch OpenSSH authorized keys
+# :sl6:
+_Description: Could not fetch OpenSSH authorized keys
  An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
  .
  Check /var/log/syslog or see virtual console 4 for the details.
-- 
1.7.9.5

>From 9ff20a125fc30d8b11e6fe10aa25f1f6bb9c9582 Mon Sep 17 00:00:00 2001
From: Charles Plessy <plessy@debian.org>
Date: Sat, 21 Apr 2012 12:22:05 +0900
Subject: [PATCH 3/4] Simplification of the authorized_keys* entries.

---
 debian/network-console.templates |    8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/debian/network-console.templates b/debian/network-console.templates
index db8621d..26c19fa 100644
--- a/debian/network-console.templates
+++ b/debian/network-console.templates
@@ -79,15 +79,15 @@ _Description: Start SSH
 Template: network-console/authorized_keys_url
 Type: string
 Description: for internal use; can be preseeded
- What URL contains a list of authorized SSH public keys?
+ URL to a list of authorized SSH public keys.
  .
- The file at the given URL should be of the same form as a standard OpenSSH
+ The file at the given URL should be of the same form as a standard SSH
  authorized_keys file.
 
 Template: network-console/authorized_keys_fetch_failure
 Type: error
 # :sl6:
-_Description: Could not fetch OpenSSH authorized keys
- An error occurred while fetching OpenSSH authorized keys from ${LOCATION}.
+_Description: Could not fetch SSH authorized keys
+ An error occurred while fetching SSH authorized keys from ${LOCATION}.
  .
  Check /var/log/syslog or see virtual console 4 for the details.
-- 
1.7.9.5

>From 246fa52be67f03f111ea7c8999e0f5e26bb37996 Mon Sep 17 00:00:00 2001
From: Charles Plessy <plessy@debian.org>
Date: Sat, 21 Apr 2012 12:25:11 +0900
Subject: [PATCH 4/4] New changelog entry for 1.31, about SSH public-key
 authentication.

---
 debian/changelog |   10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/debian/changelog b/debian/changelog
index 43ac6c4..82cce35 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,3 +1,13 @@
+network-console (1.31) UNRELEASED; urgency=low
+
+  [ Matt T. Proud ]
+  * Add support for public-key authentication (Closes:#592550, LP: #184108).
+
+  [ Charles Plessy ]
+  * Mark authorized_keys_fetch_failure for translation, sublevel 6.
+
+ -- Charles Plessy <plessy@debian.org>  Sat, 21 Apr 2012 12:22:26 +0900
+
 network-console (1.30) unstable; urgency=low
 
   [ Updated translations ]
-- 
1.7.9.5

Reply to:

Follow-Ups:
- Bug#592550: String freeze for Debian Installer
  - From: Christian PERRIER <bubulle@debian.org>
- Re: Bug#592550: String freeze for Debian Installer
  - From: Christian PERRIER <bubulle@debian.org>

References:
- String freeze for Debian Installer
  - From: Christian PERRIER <bubulle@debian.org>
- Bug#592550: String freeze for Debian Installer
  - From: Charles Plessy <plessy@debian.org>
- Bug#592550: String freeze for Debian Installer
  - From: Christian PERRIER <bubulle@debian.org>

Prev by Date: Debian installer build: failed or old builds
Next by Date: Bug#592550: String freeze for Debian Installer
Previous by thread: Bug#592550: String freeze for Debian Installer
Next by thread: Bug#592550: String freeze for Debian Installer
Index(es):
- Date
- Thread