YunoHost/yunohost
1
0
Fork 0
mirror of https://github.com/YunoHost/yunohost.git synced 2024-09-03 20:06:10 +02:00
Code Issues Projects Releases Packages Wiki Activity

Improve comments

Browse source
This commit is contained in:
Alexandre Aubin 2018-10-25 22:16:36 +02:00 committed by Alexandre Aubin
parent 31c8b88f44
commit 68906a1e98
1 changed files with 21 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

27
src/yunohost/data_migrations/0006_manage_sshd_config.py
View file

@ -20,8 +20,14 @@ SSHD_CONF = '/etc/ssh/sshd_config'
class MyMigration(Migration): class MyMigration(Migration):
""" """
Ensure SSH conf is managed by YunoHost, reapply initial change and setup an This is an automatic migration, that ensure SSH conf is managed by YunoHost
extension dir (even if the "from_script" flag is present)
If the from_script flag exists, then we keep the current SSH conf such that it
will appear as "manually modified" to the regenconf.
The admin can then choose in the next migration (manual, thi time) wether or
not to actually use the recommended configuration.
""" """
def migrate(self): def migrate(self):
@ -40,25 +46,34 @@ class MyMigration(Migration):
if not os.path.exists(SSHD_CONF + '.d'): if not os.path.exists(SSHD_CONF + '.d'):
mkdir(SSHD_CONF + '.d', 0755, uid='root', gid='root') mkdir(SSHD_CONF + '.d', 0755, uid='root', gid='root')
# Manage SSHd in all case # Here, we make it so that /etc/ssh/sshd_config is managed
# by the regen conf (in particular in the case where the
# from_script flag is present - in which case it was *not*
# managed by the regenconf)
# But because we can't be sure the user wants to use the
# recommended conf, we backup then restore the /etc/ssh/sshd_config
# right after the regenconf, such that it will appear as
# "manually modified".
if os.path.exists('/etc/yunohost/from_script'): if os.path.exists('/etc/yunohost/from_script'):
rm('/etc/yunohost/from_script') rm('/etc/yunohost/from_script')
copyfile(SSHD_CONF, '/etc/ssh/sshd_config.bkp') copyfile(SSHD_CONF, '/etc/ssh/sshd_config.bkp')
service_regen_conf(names=['ssh'], force=True) service_regen_conf(names=['ssh'], force=True)
copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF) copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF)
# If custom conf, add 'Include' instruction # If we detect the conf as manually modified
ynh_hash = _get_conf_hashes('ssh')[SSHD_CONF] ynh_hash = _get_conf_hashes('ssh')[SSHD_CONF]
current_hash = _calculate_hash(SSHD_CONF) current_hash = _calculate_hash(SSHD_CONF)
include_rgx = r'^[ \t]*Include[ \t]+sshd_config\.d/\*[ \t]*(?:#.*)?$'
if ynh_hash != current_hash: if ynh_hash != current_hash:
# And if there's not already an "Include ssh_config.d/*" directive
include_rgx = r'^[ \t]*Include[ \t]+sshd_config\.d/\*[ \t]*(?:#.*)?$'
add_include = False add_include = False
for line in open(SSHD_CONF): for line in open(SSHD_CONF):
if re.match(include_rgx, line) is not None: if re.match(include_rgx, line) is not None:
add_include = True add_include = True
break break
# We add an "Include sshd_config.d/*" directive
if add_include: if add_include:
with open(SSHD_CONF, "a") as conf: with open(SSHD_CONF, "a") as conf:
conf.write('Include sshd_config.d/*') conf.write('Include sshd_config.d/*')
@ -69,8 +84,8 @@ class MyMigration(Migration):
raise MoulinetteError(m18n.n("migration_0006_cancel")) raise MoulinetteError(m18n.n("migration_0006_cancel"))
def backward(self): def backward(self):
# We don't backward completely but it should be enough
# We don't backward completely but it should be enough
copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF) copyfile('/etc/ssh/sshd_config.bkp', SSHD_CONF)
if not _run_service_command('restart', 'ssh'): if not _run_service_command('restart', 'ssh'):
raise MoulinetteError(m18n.n("migration_0006_cannot_restart")) raise MoulinetteError(m18n.n("migration_0006_cannot_restart"))