YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

More explicit name for setting

Browse source
This commit is contained in:
Alexandre Aubin 2018-11-27 23:55:15 +01:00
parent e596758184
commit 325678f541
4 changed files with 10 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
data/hooks/conf_regen/03-ssh
View file

@ -13,8 +13,8 @@ do_pre_regen() {
[[ -f /proc/net/if_inet6 ]] \ [[ -f /proc/net/if_inet6 ]] \
|| sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config || sed -i "s/ListenAddress ::/#ListenAddress ::/g" sshd_config
# Add DSA HostKey to let user remove it with migration 7 # Support legacy setting (this setting might be disabled by a user during a migration)
if [[ "$(yunohost settings get 'service.ssh._deprecated_dsa_hostkey')" == "True" ]]; then if [[ "$(yunohost settings get 'service.ssh.allow_deprecated_dsa_hostkey')" == "True" ]]; then
sed -i '/HostKey \/etc\/ssh\/ssh_host_rsa_key/a HostKey /etc/ssh/ssh_host_dsa_key' sshd_config sed -i '/HostKey \/etc\/ssh\/ssh_host_rsa_key/a HostKey /etc/ssh/ssh_host_dsa_key' sshd_config
fi fi

10
src/yunohost/data_migrations/0006_ssh_conf_managed_by_yunohost_step1.py
View file

@ -23,13 +23,13 @@ class MyMigration(Migration):
This is the first step of a couple of migrations that ensure SSH conf is This is the first step of a couple of migrations that ensure SSH conf is
managed by YunoHost (even if the "from_script" flag is present, which was managed by YunoHost (even if the "from_script" flag is present, which was
previously preventing it from being managed by YunoHost) previously preventing it from being managed by YunoHost)
The goal of this first (automatic) migration is to make sure that the The goal of this first (automatic) migration is to make sure that the
sshd_config is managed by the regen-conf mechanism. sshd_config is managed by the regen-conf mechanism.
If the from_script flag exists, then we keep the current SSH conf such that it If the from_script flag exists, then we keep the current SSH conf such that it
will appear as "manually modified" to the regenconf. will appear as "manually modified" to the regenconf.
In step 2 (manual), the admin will be able to choose wether or not to actually In step 2 (manual), the admin will be able to choose wether or not to actually
use the recommended configuration, with an appropriate disclaimer. use the recommended configuration, with an appropriate disclaimer.
""" """
@ -44,15 +44,15 @@ class MyMigration(Migration):
dsa = True dsa = True
break break
if dsa: if dsa:
settings_set("service.ssh._deprecated_dsa_hostkey", True) settings_set("service.ssh.allow_deprecated_dsa_hostkey", True)
# Create sshd_config.d dir # Create sshd_config.d dir
if not os.path.exists(SSHD_CONF + '.d'): if not os.path.exists(SSHD_CONF + '.d'):
mkdir(SSHD_CONF + '.d', 0755, uid='root', gid='root') mkdir(SSHD_CONF + '.d', 0755, uid='root', gid='root')
# Here, we make it so that /etc/ssh/sshd_config is managed # Here, we make it so that /etc/ssh/sshd_config is managed
# by the regen conf (in particular in the case where the # by the regen conf (in particular in the case where the
# from_script flag is present - in which case it was *not* # from_script flag is present - in which case it was *not*
# managed by the regenconf) # managed by the regenconf)
# But because we can't be sure the user wants to use the # But because we can't be sure the user wants to use the
# recommended conf, we backup then restore the /etc/ssh/sshd_config # recommended conf, we backup then restore the /etc/ssh/sshd_config

4
src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step2.py
View file

@ -28,7 +28,7 @@ class MyMigration(Migration):
""" """
def migrate(self): def migrate(self):
settings_set("service.ssh._deprecated_dsa_hostkey", False) settings_set("service.ssh.allow_deprecated_dsa_hostkey", False)
service_regen_conf(names=['ssh'], force=True) service_regen_conf(names=['ssh'], force=True)
def backward(self): def backward(self):
@ -44,7 +44,7 @@ class MyMigration(Migration):
# (basically nothing shall change) # (basically nothing shall change)
ynh_hash = _get_conf_hashes('ssh').get(SSHD_CONF, None) ynh_hash = _get_conf_hashes('ssh').get(SSHD_CONF, None)
current_hash = _calculate_hash(SSHD_CONF) current_hash = _calculate_hash(SSHD_CONF)
dsa = settings_get("service.ssh._deprecated_dsa_hostkey") dsa = settings_get("service.ssh.allow_deprecated_dsa_hostkey")
if ynh_hash == current_hash and not dsa: if ynh_hash == current_hash and not dsa:
return "auto" return "auto"

2
src/yunohost/settings.py
View file

@ -39,7 +39,7 @@ DEFAULTS = OrderedDict([
# -1 disabled, 0 alert if listed, 1 8-letter, 2 normal, 3 strong, 4 strongest # -1 disabled, 0 alert if listed, 1 8-letter, 2 normal, 3 strong, 4 strongest
("security.password.admin.strength", {"type": "int", "default": 1}), ("security.password.admin.strength", {"type": "int", "default": 1}),
("security.password.user.strength", {"type": "int", "default": 1}), ("security.password.user.strength", {"type": "int", "default": 1}),
("service.ssh._deprecated_dsa_hostkey", {"type": "bool", "default": False}), ("service.ssh.allow_deprecated_dsa_hostkey", {"type": "bool", "default": False}),
]) ])