diff options
author | Eric Hameleers <alien@slackware.com> | 2005-09-01 19:46:08 +0000 |
---|---|---|
committer | Eric Hameleers <alien@slackware.com> | 2005-09-01 19:46:08 +0000 |
commit | 36b89328cbebf0ac225ac76a879bd3aa24e64239 (patch) | |
tree | 272abc772735165bac263659a20971d59a3008f4 /freenx | |
parent | 0cab769c5ed3efd00982ec4deae5ad6329ef3033 (diff) | |
download | asb-36b89328cbebf0ac225ac76a879bd3aa24e64239.tar.gz asb-36b89328cbebf0ac225ac76a879bd3aa24e64239.tar.xz |
Added the Nomachine public key; enable nxesddsp for Windows clients.
Diffstat (limited to 'freenx')
-rwxr-xr-x | freenx/build/freenx.SlackBuild | 36 |
1 files changed, 32 insertions, 4 deletions
diff --git a/freenx/build/freenx.SlackBuild b/freenx/build/freenx.SlackBuild index c4df1b85..b56da2bf 100755 --- a/freenx/build/freenx.SlackBuild +++ b/freenx/build/freenx.SlackBuild @@ -13,6 +13,14 @@ # * Initial build. # 0.4.4-2: 18/Aug/2005 by Eric Hameleers <alien@sox.homeip.net> # * Added patches for authorized_keys. +# 0.4.4-3: 31/Aug/2005 by Eric Hameleers <alien@slackware.com> +# * Add the NoMachine public key to authorized_keys, so that our +# FreeNX package works out-of-the-box with NX clients. +# This is less secure than using our own key, but that is for the +# paranoid among us to consider :-) +# 0.4.4-4: 01/Sep/2005 by Eric Hameleers <alien@slackware.com> +# * Reorganized the patches. Sound for Windows clients will now +# work out-of-the-box if enabled in the node.conf. # # Run 'sh SlackBuild --cleanup' to build a Slackware package. # The package (.tgz) plus descriptive .txt file are created in /tmp . @@ -30,7 +38,7 @@ fi PRGNAM=freenx VERSION=0.4.4 ARCH=noarch -BUILD=2 +BUILD=4 PKG=$TMP/package-$PRGNAM @@ -64,9 +72,10 @@ cd $TMP/tmp-$PRGNAM tar -zxvf $CWD/$PRGNAM-$VERSION.tar.gz cd $PRGNAM-$VERSION -patch -p0 < $CWD/netcat.diff -patch -p0 < $CWD/authkeys.diff -patch -p0 < $CWD/nx150backend.diff +patch -p1 < $CWD/netcat.patch +patch -p1 < $CWD/authkeys.patch +patch -p1 < $CWD/esddsp.patch +patch -p1 < $CWD/nx150backend.patch chown -R root.root * find . -perm 777 -exec chmod 755 {} \; @@ -140,6 +149,11 @@ fi if [ ! -e ${NX_ETC_DIR/#\//}/client.id_dsa.key ] || \ [ ! -e ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key ] then + # We are going to create a new SSH key for the FreeNX server. + # The NX client must import this key into it's configuration to be able to + # connect to the FreeNX server. + # If you're security minded, use this key exclusively, and remove the + # NoMachine key from ${NX_HOME_DIR/#\//}/.ssh/authorized_keys. rm -f ${NX_ETC_DIR/#\//}/client.id_dsa.key rm -f ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key ssh-keygen -q -t dsa -N '' -f ${NX_ETC_DIR/#\//}/local.id_dsa @@ -149,6 +163,7 @@ then ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key fi +# Put our fresh key files in place. cp -f ${NX_ETC_DIR/#\//}/client.id_dsa.key \ ${NX_HOME_DIR/#\//}/.ssh/client.id_dsa.key cp -f ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key \ @@ -159,12 +174,23 @@ chmod 600 ${NX_ETC_DIR/#\//}/client.id_dsa.key \ ${NX_HOME_DIR/#\//}/.ssh/server.id_dsa.pub.key cat ${NX_HOME_DIR/#\//}/.ssh/server.id_dsa.pub.key \ > ${NX_HOME_DIR/#\//}/.ssh/authorized_keys + chmod 640 ${NX_HOME_DIR/#\//}/.ssh/authorized_keys echo -n "127.0.0.1 " > ${NX_HOME_DIR/#\//}/.ssh/known_hosts cat etc/ssh/ssh_host_rsa_key.pub >> ${NX_HOME_DIR/#\//}/.ssh/known_hosts chown -R nx:root var/lib/nxserver chown -R nx:root ${NX_SESS_DIR/#\//} +# Add the Nomachine pubkey to ${NX_HOME_DIR/#\//}/.ssh/authorized_keys +# This way, any NX client can connect to our FreeNX server without +# having to import our own FreeNX private key. +# If you want an "out-of-the-box" experience, leave the NoMachine key in +# ${NX_HOME_DIR/#\//}/.ssh/authorized_keys. If you're paranoid, remove +# this pubkey and accept only clients who have our custom FreeNX key. +cat <<_EOT_ >> ${NX_HOME_DIR/#\//}/.ssh/authorized_keys +no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@nettuno +_EOT_ + if [ -e var/lib/nxserver/running ] then mv var/lib/nxserver/running/* ${NX_SESS_DIR/#\//}/running @@ -175,10 +201,12 @@ then rm -rf var/lib/nxserver/failed chown -R nx:root ${NX_SESS_DIR/#\//} fi + chown -R nx:root ${NX_ETC_DIR/#\//} chown -R nx:root ${NX_HOME_DIR/#\//} chown nx:root ${NX_LOGFILE/#\//} EEOOTT +# End of generating the install/doinst.sh script. # --- DOCUMENTATION --- |