YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improve semantic / simplify a few things

Browse source
This commit is contained in:
Alexandre Aubin 2018-10-25 21:16:51 +00:00
parent e8393a3d26
commit 6145199564
2 changed files with 21 additions and 26 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
locales/en.json
View file

@ -296,12 +296,12 @@
"migration_0006_done": "Your root password have been replaced by your admin password.", "migration_0006_done": "Your root password have been replaced by your admin password.",
"migration_0006_cancelled": "YunoHost has failed to improve the way your SSH conf is managed.", "migration_0006_cancelled": "YunoHost has failed to improve the way your SSH conf is managed.",
"migration_0006_cannot_restart": "SSH can't be restarted after trying to cancel migration number 6.", "migration_0006_cannot_restart": "SSH can't be restarted after trying to cancel migration number 6.",
"migration_0007_general_warning": "To improve the security of your server, it is recommended to let YunoHost manage the SSH configuration. Your current SSH configuration differs from the recommended configuration. If you let YunoHost reconfigure it, the way you connect to your server through SSH will change in the following way:", "migration_0007_general_disclaimer": "To improve the security of your server, it is recommended to let YunoHost manage the SSH configuration. Your current SSH configuration differs from the recommended configuration. If you let YunoHost reconfigure it, the way you connect to your server through SSH will change in the following way:",
"migration_0007_port": " - you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it ;", "migration_0007_port": " - you will have to connect using port 22 instead of your current custom SSH port. Feel free to reconfigure it ;",
"migration_0007_root": " - you will not be able to connect with root user, instead you will have to use the admin user ;", "migration_0007_root": " - you will not be able to connect as root through SSH. Instead you should use the admin user ;",
"migration_0007_dsa": " - you might need to invalidate a warning and to recheck the fingerprint of your server, because DSA key will be disabled ;", "migration_0007_dsa": " - the DSA key will be disabled. Hence, you might need to invalidate a warning from your SSH client, and recheck the fingerprint of your server ;",
"migration_0007_risk": "If you understand those warnings and agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration though it is not recommended.", "migration_0007_warning": "If you understand those warnings and agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration - though it is not recommended.",
"migration_0007_no_risk": "No major risk has been indentified about overriding your SSH configuration - but it's difficult to be sure. If you agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration though it is not recommended.", "migration_0007_no_warning": "No major risk has been indentified about overriding your SSH configuration - but we can't be absolutely sure ;) ! If you agree to let YunoHost override your current configuration, run the migration. Otherwise, you can also skip the migration - though it is not recommended.",
"migrations_backward": "Migrating backward.", "migrations_backward": "Migrating backward.",
"migrations_bad_value_for_target": "Invalid number for target argument, available migrations numbers are 0 or {}", "migrations_bad_value_for_target": "Invalid number for target argument, available migrations numbers are 0 or {}",
"migrations_cant_reach_migration_file": "Can't access migrations files at path %s", "migrations_cant_reach_migration_file": "Can't access migrations files at path %s",

37
src/yunohost/data_migrations/0007_ssh_conf_managed_by_yunohost_step2.py
View file

@ -11,6 +11,7 @@ from yunohost.settings import settings_set, settings_get
logger = getActionLogger('yunohost.migration') logger = getActionLogger('yunohost.migration')
SSHD_CONF = '/etc/ssh/sshd_config'
class MyMigration(Migration): class MyMigration(Migration):
""" """
@ -41,10 +42,8 @@ class MyMigration(Migration):
# and no DSA key is used, then we're good to go # and no DSA key is used, then we're good to go
# and the migration can be done automatically # and the migration can be done automatically
# (basically nothing shall change) # (basically nothing shall change)
ynh_hash = _get_conf_hashes('ssh') ynh_hash = _get_conf_hashes('ssh').get(SSHD_CONF, None)
if '/etc/ssh/sshd_config' in ynh_hash: current_hash = _calculate_hash(SSHD_CONF)
ynh_hash = ynh_hash['/etc/ssh/sshd_config']
current_hash = _calculate_hash('/etc/ssh/sshd_config')
dsa = settings_get("service.ssh._deprecated_dsa_hostkey") dsa = settings_get("service.ssh._deprecated_dsa_hostkey")
if ynh_hash == current_hash and not dsa: if ynh_hash == current_hash and not dsa:
return "auto" return "auto"
@ -59,43 +58,39 @@ class MyMigration(Migration):
# Detect key things to be aware of before enabling the # Detect key things to be aware of before enabling the
# recommended configuration # recommended configuration
dsa = False dsa_key_enabled = False
ports = [] ports = []
root_login = [] root_login = []
port_rgx = r'^[ \t]*Port[ \t]+(\d+)[ \t]*(?:#.*)?$' port_rgx = r'^[ \t]*Port[ \t]+(\d+)[ \t]*(?:#.*)?$'
root_rgx = r'^[ \t]*PermitRootLogin[ \t]([^# \t]*)[ \t]*(?:#.*)?$' root_rgx = r'^[ \t]*PermitRootLogin[ \t]([^# \t]*)[ \t]*(?:#.*)?$'
dsa_rgx = r'^[ \t]*HostKey[ \t]+/etc/ssh/ssh_host_dsa_key[ \t]*(?:#.*)?$' dsa_rgx = r'^[ \t]*HostKey[ \t]+/etc/ssh/ssh_host_dsa_key[ \t]*(?:#.*)?$'
for line in open('/etc/ssh/sshd_config'): for line in open(SSHD_CONF):
ports = ports + re.findall(port_rgx, line) ports = ports + re.findall(port_rgx, line)
root_login = root_login + re.findall(root_rgx, line) root_login = root_login + re.findall(root_rgx, line)
if not dsa and re.match(dsa_rgx, line) is not None: if not dsa_key_enabled and re.match(dsa_rgx, line) is not None:
dsa = True dsa_key_enabled = True
if len(ports) == 0: custom_port = ports != ['22'] and ports != []
ports = ['22'] root_login_enabled = root_login and root_login[-1] != 'no'
port = ports != ['22']
root_user = root_login and root_login[-1] != 'no'
# Build message # Build message
message = m18n.n("migration_0007_general_warning") message = m18n.n("migration_0007_general_disclaimer")
if port: if custom_port:
message += "\n\n" + m18n.n("migration_0007_port") message += "\n\n" + m18n.n("migration_0007_port")
if root_user: if root_login_enabled:
message += "\n\n" + m18n.n("migration_0007_root") message += "\n\n" + m18n.n("migration_0007_root")
if dsa: if dsa_key_enabled:
message += "\n\n" + m18n.n("migration_0007_dsa") message += "\n\n" + m18n.n("migration_0007_dsa")
if port or root_user or dsa: if custom_port or root_login_enabled or dsa_key_enabled:
message += "\n\n" + m18n.n("migration_0007_risk") message += "\n\n" + m18n.n("migration_0007_warning")
else: else:
message += "\n\n" + m18n.n("migration_0007_no_risk") message += "\n\n" + m18n.n("migration_0007_no_warning")
return message return message