mirror of
https://gitlab.com/bauen1/dn42-roagen
synced 2024-05-11 05:55:36 +00:00
Update to use the new registry and generate a ssh key to do so.
This commit is contained in:
bauen1
@ -17,6 +17,7 @@ assets = [
|
||||
[ "assets/dn42-roagen.timer", "usr/lib/systemd/system/", "644" ],
|
||||
[ "assets/dn42-roagen.service", "usr/lib/systemd/system/", "644" ],
|
||||
]
|
||||
conf-files = [ "/etc/dn42-roagen" ]
|
||||
maintainer-scripts = "debian"
|
||||
extended-description = """
|
||||
A simple roa file generator.
|
||||
|
||||
@ -9,6 +9,8 @@ Generate bird 2.0 roa entries from the dn42 registry.
|
||||
|
||||
## Usage
|
||||
|
||||
After Installtion add the ssh public key from `/etc/dn42-roagen/id_ed25591.pub` to your account on [git.dn42.dev](https://git.dn42.dev/)
|
||||
|
||||
Add
|
||||
```bird
|
||||
|
||||
|
||||
@ -7,6 +7,11 @@ User=bird
|
||||
Group=bird
|
||||
|
||||
Type=oneshot
|
||||
|
||||
# git.dn42.dev provides sshfp
|
||||
# sshpf without dnssec is insecure but better than not checking at all
|
||||
Environment="GIT_SSH_COMMAND=ssh -o VerifyHostKeyDNS=yes -o StrictHostKeyChecking=yes -i /etc/dn42-roagen/id_ed25519"
|
||||
|
||||
ExecStart=git -C /var/lib/bird/registry fetch origin
|
||||
ExecStart=git -C /var/lib/bird/registry checkout origin/master
|
||||
ExecStart=dn42-roagen /var/lib/bird/registry /var/lib/bird/
|
||||
|
||||
27
debian/postinst
vendored
27
debian/postinst
vendored
@ -6,13 +6,38 @@ if [ "$1" = "configure" ]; then
|
||||
if [ ! -d /var/lib/bird ]; then
|
||||
mkdir -p /var/lib/bird
|
||||
git -C /var/lib/bird init registry
|
||||
git -C /var/lib/bird/registry remote add origin "https://git.dn42.us/dn42/registry"
|
||||
git -C /var/lib/bird/registry remote add origin "git@git.dn42.dev:dn42/registry.git"
|
||||
fi
|
||||
|
||||
if ! dpkg-statoverride --list /var/lib/bird >/dev/null; then
|
||||
chown -R bird:bird /var/lib/bird
|
||||
chmod u=rwx,g=rx,o= /var/lib/bird
|
||||
fi
|
||||
|
||||
if [ ! -d /etc/dn42-roagen ]; then
|
||||
mkdir -p /etc/dn42-roagen
|
||||
fi
|
||||
|
||||
if ! dpkg-statoverride --list /etc/dn42-roagen >/dev/null; then
|
||||
chown -R bird:bird /etc/dn42-roagen
|
||||
chmod u=rwx,g=,o= /etc/dn42-roagen
|
||||
fi
|
||||
|
||||
if [ ! -e /etc/dn42-roagen/id_ed25519 ]; then
|
||||
echo "SSH key does not exist, generating one ..."
|
||||
# References:
|
||||
# https://infosec.mozilla.org/guidelines/openssh.html
|
||||
# https://security.stackexchange.com/questions/50878/ecdsa-vs-ecdh-vs-ed25519-vs-curve25519#50890
|
||||
ssh-keygen -t ed25519 -C "dn42-roagen@$(hostname)" -f "/etc/dn42-roagen/id_ed25519" -N ""
|
||||
|
||||
if ! dpkg-statoverride --list "/etc/dn42-roagen/id_ed25519*" >/dev/null; then
|
||||
chown -R bird:bird /etc/dn42-roagen/id_ed25519*
|
||||
chmod u=r,g=,o= /etc/dn42-roagen/id_ed25519*
|
||||
fi
|
||||
|
||||
echo "Please login on https://git.dn42.dev/ and add the key to your account."
|
||||
cat /etc/dn42-roagen/id_ed25519.pub
|
||||
fi
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
1
debian/postrm
vendored
Normal file → Executable file
1
debian/postrm
vendored
Normal file → Executable file
@ -3,6 +3,7 @@ set -e
|
||||
|
||||
if [ "$1" = "purge" ]; then
|
||||
rm -rf /var/lib/bird
|
||||
rm -rf /etc/dn42-roagen
|
||||
fi
|
||||
|
||||
exit 0
|
||||
|
||||
Reference in New Issue
Block a user