#!/bin/sh
#
# -----------------------------------------------------------------------------
#
# Slackware SlackBuild script 
# ===========================
# By:        Eric Hameleers <alien@sox.homeip.net>
# For:       freenx
# URL:       http://www.nomachine.com/
# Needs:     nx,nc,expect
# Changelog:
# 0.4.4-1:   15/Aug/2005 by Eric Hameleers <alien@sox.homeip.net>
#            * Initial build.
# 0.4.4-2:   18/Aug/2005 by Eric Hameleers <alien@sox.homeip.net>
#            * Added patches for authorized_keys.
# 0.4.4-3:   31/Aug/2005 by Eric Hameleers <alien@slackware.com>
#            * Add the NoMachine public key to authorized_keys, so that our
#              FreeNX package works out-of-the-box with NX clients.
#              This is less secure than using our own key, but that is for the
#              paranoid among us to consider :-)
# 0.4.4-4:   03/Sep/2005 by Eric Hameleers <alien@slackware.com>
#            * Reorganized the patches. Sound for Windows clients will now
#              work out-of-the-box if enabled in the node.conf.
# 0.4.4-5:   05/Sep/2005 by Eric Hameleers <alien@slackware.com>
#            * Added a check for expect and nc as well. Also added the DSA key
#              that a Nomachine client uses for the initial connection to a
#              NX server (this is by default an allowed key for this FreeNX
#              server package). You usually do not need this keyfile, but it is
#              put in the doc directory for reference.
# 
# Run 'sh SlackBuild --cleanup' to build a Slackware package.
# The package (.tgz) plus descriptive .txt file are created in /tmp .
# Install using 'installpkg'. 
#
# -----------------------------------------------------------------------------

# --- INIT ---
# Set initial variables:
CWD=`pwd`
if [ "$TMP" = "" ]; then
  TMP=/tmp
fi

PRGNAM=freenx
VERSION=0.4.4
ARCH=noarch
BUILD=5

PKG=$TMP/package-$PRGNAM

if [ ! -d $TMP/tmp-$PRGNAM ]; then
  mkdir -p $TMP/tmp-$PRGNAM # location to build the source
fi
if [ ! -d $PKG ]; then
  mkdir -p $PKG # place for the package to be built
fi


# --- PACKAGE BUILDING ---

echo "++"
echo "|| $PRGNAM-$VERSION"
echo "++"

rm -rf $PKG/*

cd $PKG

# Explode the package framework:
if [ -f $CWD/_$PRGNAM.tar.gz ]; then
  explodepkg $CWD/_$PRGNAM.tar.gz
fi

cd $TMP/tmp-$PRGNAM


# --- TARBALL EXTRACTION,PATCH,MODIFY ---
tar -zxvf $CWD/$PRGNAM-$VERSION.tar.gz
cd $PRGNAM-$VERSION

patch -p1 < $CWD/authkeys.patch
patch -p1 < $CWD/esddsp.patch
patch -p1 < $CWD/netcat.patch
patch -p1 < $CWD/nx150backend.patch
patch -p1 < $CWD/sessreg.patch

chown -R root.root *
find . -perm 777 -exec chmod 755 {} \;


# --- BUILDING ---

echo Building ...

#
# Install all the needed stuff to the package dir
#
mkdir -p $PKG/usr/bin
mkdir -p $PKG/etc/nxserver
mkdir -p $PKG/var/lib/nxserver/db/closed
mkdir -p $PKG/var/lib/nxserver/db/running
mkdir -p $PKG/var/lib/nxserver/db/failed

chmod 700 $PKG/var/lib/nxserver
chmod 700 $PKG/var/lib/nxserver/*
chmod 700 $PKG/var/lib/nxserver/db/*

cp -a nxclient nxnode nxkeygen nxnode-login nxserver nxprint nxsetup \
 nxloadconfig $PKG/usr/bin/
(cd $PKG/usr/bin &&
  chmod 755 nxclient nxnode nxkeygen nxnode-login nxserver nxprint \
            nxsetup nxloadconfig
)
cp -a node.conf.sample $PKG/etc/nxserver
chmod 755 $PKG/etc/nxserver/node.conf.sample


# --- DOINST.SH SCRIPT ---
mkdir -p $PKG/install
cat <<"EEOOTT" > $PKG/install/doinst.sh
export $(grep ^NX_DIR usr/bin/nxloadconfig)
export $(grep ^NX_HOME_DIR usr/bin/nxloadconfig)
export $(grep ^NX_SESS_DIR usr/bin/nxloadconfig)
export $(grep ^NX_ETC_DIR usr/bin/nxloadconfig)
export $(grep ^NX_LOGFILE usr/bin/nxloadconfig)
export $(grep ^SSH_AUTHORIZED_KEYS usr/bin/nxloadconfig)

if ! /sbin/pidof sshd >/dev/null ; then
  echo ""
  echo "WARNING: The SSH daemon is not running, but without SSH, NX will not work."
fi

if ! which nc 1>/dev/null 2>/dev/null ; then
  echo ""
  echo "WARNING: FreeNX needs the 'netcat' program to be installed."
fi

if ! which expect 1>/dev/null 2>/dev/null ; then
  echo ""
  echo "WARNING: FreeNX needs the 'expect' program to be installed."
fi

touch ${NX_ETC_DIR/#\//}/passwords ${NX_ETC_DIR/#\//}/passwords.orig \
  ${NX_LOGFILE/#\//}
chmod 600 ${NX_ETC_DIR/#\//}/pass* ${NX_LOGFILE/#\//}

if [ ! -e ${NX_ETC_DIR/#\//}/users.id_dsa ]
then
  ssh-keygen -f ${NX_ETC_DIR/#\//}/users.id_dsa -t dsa -N "" > /dev/null 2>&1
fi

if [ -e ${NX_HOME_DIR/#\//}/.ssh/client.id_dsa.key ] && \
   [ -e ${NX_HOME_DIR/#\//}/.ssh/server.id_dsa.pub.key ]
then
  mv -f ${NX_HOME_DIR/#\//}/.ssh/client.id_dsa.key \
        ${NX_ETC_DIR/#\//}/client.id_dsa.key
  mv -f ${NX_HOME_DIR/#\//}/.ssh/server.id_dsa.pub.key \
        ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key
fi

if ! { chroot . getent passwd | egrep -q "^nx:"; }
then
  chroot . useradd -m -d ${NX_HOME_DIR} -s /usr/bin/nxserver nx
  chroot . passwd -u nx 1>/dev/null
  mkdir -p ${NX_HOME_DIR/#\//}/.ssh
  chmod 700 ${NX_HOME_DIR/#\//}/.ssh
fi

if [ ! -e ${NX_ETC_DIR/#\//}/client.id_dsa.key ] || \
   [ ! -e ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key ]
then
  # We are going to create a new SSH key for the FreeNX server.
  # The NX client must import this key into it's configuration to be able to
  # connect to the FreeNX server.
  # If you're security minded, use this key exclusively, and remove the
  # NoMachine key from ${NX_HOME_DIR/#\//}/.ssh/authorized_keys.
  rm -f ${NX_ETC_DIR/#\//}/client.id_dsa.key
  rm -f ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key
  ssh-keygen -q -t dsa -N '' -f ${NX_ETC_DIR/#\//}/local.id_dsa
  mv ${NX_ETC_DIR/#\//}/local.id_dsa \
     ${NX_ETC_DIR/#\//}/client.id_dsa.key
  mv ${NX_ETC_DIR/#\//}/local.id_dsa.pub \
     ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key
fi

# Put our fresh key files in place.
cp -f ${NX_ETC_DIR/#\//}/client.id_dsa.key \
      ${NX_HOME_DIR/#\//}/.ssh/client.id_dsa.key
cp -f ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key \
      ${NX_HOME_DIR/#\//}/.ssh/server.id_dsa.pub.key
chmod 600 ${NX_ETC_DIR/#\//}/client.id_dsa.key \
  ${NX_ETC_DIR/#\//}/server.id_dsa.pub.key \
  ${NX_HOME_DIR/#\//}/.ssh/client.id_dsa.key \
  ${NX_HOME_DIR/#\//}/.ssh/server.id_dsa.pub.key
cat ${NX_HOME_DIR/#\//}/.ssh/server.id_dsa.pub.key \
  > ${NX_HOME_DIR/#\//}/.ssh/authorized_keys

chmod 640 ${NX_HOME_DIR/#\//}/.ssh/authorized_keys
echo -n "127.0.0.1 " > ${NX_HOME_DIR/#\//}/.ssh/known_hosts
cat etc/ssh/ssh_host_rsa_key.pub >> ${NX_HOME_DIR/#\//}/.ssh/known_hosts
chown -R nx:root var/lib/nxserver
chown -R nx:root ${NX_SESS_DIR/#\//}

# Add the Nomachine pubkey to ${NX_HOME_DIR/#\//}/.ssh/authorized_keys
# This way, any NX client can connect to our FreeNX server without
# having to import our own FreeNX private key.
# If you want an "out-of-the-box" experience, leave the NoMachine key in
# ${NX_HOME_DIR/#\//}/.ssh/authorized_keys. If you're paranoid, remove
# this pubkey and accept only clients who have our custom FreeNX key.
cat <<_EOT_ >> ${NX_HOME_DIR/#\//}/.ssh/authorized_keys
no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@nettuno
_EOT_

if [ -e var/lib/nxserver/running ]
then
  mv var/lib/nxserver/running/* ${NX_SESS_DIR/#\//}/running
  mv var/lib/nxserver/closed/* ${NX_SESS_DIR/#\//}/closed
  mv var/lib/nxserver/failed/* ${NX_SESS_DIR/#\//}/failed
  rm -rf var/lib/nxserver/running
  rm -rf var/lib/nxserver/closed
  rm -rf var/lib/nxserver/failed
  chown -R nx:root ${NX_SESS_DIR/#\//}
fi

chown -R nx:root ${NX_ETC_DIR/#\//}
chown -R nx:root ${NX_HOME_DIR/#\//}
chown nx:root ${NX_LOGFILE/#\//}
EEOOTT
# End of generating the install/doinst.sh script.


# --- DOCUMENTATION ---

mkdir -p $PKG/usr/doc/$PRGNAM-$VERSION
DOCS="AUTHORS COPYING ChangeLog CONTRIB \
      $CWD/README.slackware $CWD/nomachine.id_dsa.key"
cp -a $DOCS $PKG/usr/doc/$PRGNAM-$VERSION
chmod -R a-w $PKG/usr/doc/$PRGNAM-$VERSION/*

# Compress the man page(s)
gzip -9f $PKG/usr/man/*/* 

# Strip binaries
( cd $PKG
  find . | xargs file | grep "executable" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
  find . | xargs file | grep "shared object" | grep ELF | cut -f 1 -d : | xargs strip --strip-unneeded 2> /dev/null
)


# --- OWNERSHIP, RIGHTS ---

chmod -R o-w $PKG
chown root:bin $PKG/usr/bin/* $PKG/usr/sbin/* $PKG/bin/* $PKG/sbin/* \
               $PKG/usr/X11R6/bin/* $PKG/opt/kde/bin/* 2>/dev/null


# --- PACKAGE DESCRIPTION ---

mkdir -p $PKG/install
cat $CWD/${PRGNAM}.slack-desc > $PKG/install/slack-desc
if [ -f $CWD/doinst.sh ]; then
  cat $CWD/doinst.sh > $PKG/install/doinst.sh
fi


# --- BUILDING ---

# Build the package:
cd $PKG
makepkg --linkadd y --chown n $TMP/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}.tgz \
  2>&1 | tee $CWD/makepkg-${PRGNAM}.log
(cd $TMP && md5sum ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}.tgz > ${PRGNAM}-${VERSION}-${ARCH}-${BUILD}.tgz.md5)
cat $CWD/${PRGNAM}.slack-desc | grep "^${PRGNAM}" > $TMP/${PRGNAM}-${VERSION}-${ARCH}-${BUILD}.txt


# --- CLEANUP ---

# Clean up the extra stuff:
if [ "$1" = "--cleanup" ]; then
  rm -rf $TMP/tmp-$PRGNAM
  rm -rf $PKG
fi