Initial revision

2 files changed, 133 insertions, 0 deletions

diff --git a/freenx/build/doinst.sh.freenx b/freenx/build/doinst.sh.freenx
new file mode 100755
index 00000000..044c5042
--- /dev/null
+++ b/freenx/build/doinst.sh.freenx
@@ -0,0 +1,120 @@
+# Handle the incoming configuration files:
+config() {
+  for infile in $1; do
+    NEW="$infile"
+    OLD="`dirname $NEW`/`basename $NEW .new`"
+    # If there's no config file by that name, mv it over:
+    if [ ! -r $OLD ]; then
+      mv $NEW $OLD
+    elif [ "`cat $OLD | md5sum`" = "`cat $NEW | md5sum`" ]; then
+      # toss the redundant copy
+      rm $NEW
+    fi
+    # Otherwise, we leave the .new copy for the admin to consider...
+  done
+}
+
+config etc/nxserver/node.conf.new
+config etc/rc.d/rc.freenx.new
+
+chroot . <<EOCR 2>/dev/null
+export \$(grep ^NX_DIR usr/bin/nxloadconfig)
+export \$(grep ^NX_HOME_DIR usr/bin/nxloadconfig)
+export \$(grep ^NX_SESS_DIR usr/bin/nxloadconfig)
+export \$(grep ^NX_ETC_DIR usr/bin/nxloadconfig)
+export \$(grep ^NX_LOGFILE usr/bin/nxloadconfig)
+export \$(grep ^SSH_AUTHORIZED_KEYS usr/bin/nxloadconfig)
+
+if ! /sbin/pidof sshd >/dev/null ; then
+  echo ""
+  echo "WARNING: The SSH daemon is not running, but without SSH, NX will not work."
+fi
+
+if ! which nc 1>/dev/null 2>/dev/null ; then
+  echo ""
+  echo "WARNING: FreeNX needs the 'netcat' program to be installed."
+fi
+
+if ! which expect 1>/dev/null 2>/dev/null ; then
+  echo ""
+  echo "WARNING: FreeNX needs the 'expect' program to be installed."
+fi
+
+touch \${NX_ETC_DIR}/passwords \${NX_ETC_DIR}/passwords.orig \${NX_LOGFILE}
+chmod 600 \${NX_ETC_DIR}/pass* \${NX_LOGFILE}
+
+if [ ! -e \${NX_ETC_DIR}/users.id_dsa ]; then
+  ssh-keygen -f \${NX_ETC_DIR}/users.id_dsa -t dsa -N "" > /dev/null 2>&1
+fi
+
+if [ -e \${NX_HOME_DIR}/.ssh/client.id_dsa.key ] && \
+   [ -e \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key ]; then
+  mv -f \${NX_HOME_DIR}/.ssh/client.id_dsa.key \${NX_ETC_DIR}/client.id_dsa.key
+  mv -f \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key \
+    \${NX_ETC_DIR}/server.id_dsa.pub.key
+fi
+
+if ! getent passwd | egrep -q "^nx:"; then
+  useradd -m -d \${NX_HOME_DIR} -s /usr/bin/nxserver nx
+  passwd -u nx 1>/dev/null
+  mkdir -p \${NX_HOME_DIR}/.ssh
+  chmod 700 \${NX_HOME_DIR}/.ssh
+fi
+
+if [ ! -e \${NX_ETC_DIR}/client.id_dsa.key ] || \
+   [ ! -e \${NX_ETC_DIR}/server.id_dsa.pub.key ]; then
+  # We are going to create a new SSH key for the FreeNX server.
+  # The NX client must import this key into it's configuration to be able to
+  # connect to the FreeNX server.
+  # If you're security minded, use this key exclusively, and remove the
+  # NoMachine key from ${NX_HOME_DIR}/.ssh/authorized_keys.
+  rm -f \${NX_ETC_DIR}/client.id_dsa.key
+  rm -f \${NX_ETC_DIR}/server.id_dsa.pub.key
+  ssh-keygen -q -t dsa -N '' -f \${NX_ETC_DIR}/local.id_dsa
+  mv \${NX_ETC_DIR}/local.id_dsa \${NX_ETC_DIR}/client.id_dsa.key
+  mv \${NX_ETC_DIR}/local.id_dsa.pub \${NX_ETC_DIR}/server.id_dsa.pub.key
+
+  # Put our fresh key files in place.
+  cp -f \${NX_ETC_DIR}/client.id_dsa.key \${NX_HOME_DIR}/.ssh/client.id_dsa.key
+  cp -f \${NX_ETC_DIR}/server.id_dsa.pub.key \
+    \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key
+  chmod 600 \${NX_ETC_DIR}/client.id_dsa.key \
+    \${NX_ETC_DIR}/server.id_dsa.pub.key \
+    \${NX_HOME_DIR}/.ssh/client.id_dsa.key \
+    \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key
+  echo -n "no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command=\"/usr/bin/nxserver\" "\
+    > \${NX_HOME_DIR}/.ssh/authorized_keys
+  cat \${NX_HOME_DIR}/.ssh/server.id_dsa.pub.key \
+    >> \${NX_HOME_DIR}/.ssh/authorized_keys
+  chmod 640 \${NX_HOME_DIR}/.ssh/authorized_keys
+  echo -n "127.0.0.1 " > \${NX_HOME_DIR}/.ssh/known_hosts
+  cat etc/ssh/ssh_host_rsa_key.pub >> \${NX_HOME_DIR}/.ssh/known_hosts
+  chown -R nx:root var/lib/nxserver
+  chown -R nx:root \${NX_SESS_DIR}
+
+  # Add the Nomachine pubkey to ${NX_HOME_DIR}/.ssh/authorized_keys
+  # This way, any NX client can connect to our FreeNX server without
+  # having to import our own FreeNX private key.
+  # If you want an "out-of-the-box" experience, leave the NoMachine key in
+  # ${NX_HOME_DIR}/.ssh/authorized_keys. If you're paranoid, remove
+  # this pubkey and accept only clients who have our custom FreeNX key.
+  cat <<_EOT_ >> \${NX_HOME_DIR}/.ssh/authorized_keys
+no-port-forwarding,no-X11-forwarding,no-agent-forwarding,command="/usr/bin/nxserver" ssh-dss AAAAB3NzaC1kc3MAAACBAJe/0DNBePG9dYLWq7cJ0SqyRf1iiZN/IbzrmBvgPTZnBa5FT/0Lcj39sRYt1paAlhchwUmwwIiSZaON5JnJOZ6jKkjWIuJ9MdTGfdvtY1aLwDMpxUVoGwEaKWOyin02IPWYSkDQb6cceuG9NfPulS9iuytdx0zIzqvGqfvudtufAAAAFQCwosRXR2QA8OSgFWSO6+kGrRJKiwAAAIEAjgvVNAYWSrnFD+cghyJbyx60AAjKtxZ0r/Pn9k94Qt2rvQoMnGgt/zU0v/y4hzg+g3JNEmO1PdHh/wDPVOxlZ6Hb5F4IQnENaAZ9uTZiFGqhBO1c8Wwjiq/MFZy3jZaidarLJvVs8EeT4mZcWxwm7nIVD4lRU2wQ2lj4aTPcepMAAACANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfaQU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8= root@nettuno
+_EOT_
+fi # end "no pre-existing NX ssh keys"
+
+if [ -e var/lib/nxserver/running ]; then
+  mv var/lib/nxserver/running/* \${NX_SESS_DIR}/running
+  mv var/lib/nxserver/closed/* \${NX_SESS_DIR}/closed
+  mv var/lib/nxserver/failed/* \${NX_SESS_DIR}/failed
+  rm -rf var/lib/nxserver/running
+  rm -rf var/lib/nxserver/closed
+  rm -rf var/lib/nxserver/failed
+  chown -R nx:root \${NX_SESS_DIR}
+fi
+
+chown -R nx:root \${NX_ETC_DIR}
+chown -R nx:root \${NX_HOME_DIR}
+chown nx:root \${NX_LOGFILE}
+
+EOCR
diff --git a/freenx/build/nomachine.id_dsa.key b/freenx/build/nomachine.id_dsa.key
new file mode 100755
index 00000000..4aa17788
--- /dev/null
+++ b/freenx/build/nomachine.id_dsa.key
@@ -0,0 +1,13 @@
+-----BEGIN DSA PRIVATE KEY-----
+MIIBuwIBAAKBgQCXv9AzQXjxvXWC1qu3CdEqskX9YomTfyG865gb4D02ZwWuRU/9
+C3I9/bEWLdaWgJYXIcFJsMCIkmWjjeSZyTmeoypI1iLifTHUxn3b7WNWi8AzKcVF
+aBsBGiljsop9NiD1mEpA0G+nHHrhvTXz7pUvYrsrXcdMyM6rxqn77nbbnwIVALCi
+xFdHZADw5KAVZI7r6QatEkqLAoGBAI4L1TQGFkq5xQ/nIIciW8setAAIyrcWdK/z
+5/ZPeELdq70KDJxoLf81NL/8uIc4PoNyTRJjtT3R4f8Az1TsZWeh2+ReCEJxDWgG
+fbk2YhRqoQTtXPFsI4qvzBWct42WonWqyyb1bPBHk+JmXFscJu5yFQ+JUVNsENpY
++Gkz3HqTAoGANlgcCuA4wrC+3Cic9CFkqiwO/Rn1vk8dvGuEQqFJ6f6LVfPfRTfa
+QU7TGVLk2CzY4dasrwxJ1f6FsT8DHTNGnxELPKRuLstGrFY/PR7KeafeFZDf+fJ3
+mbX5nxrld3wi5titTnX+8s4IKv29HJguPvOK/SI7cjzA+SqNfD7qEo8CFDIm1xRf
+8xAPsSKs6yZ6j1FNklfu
+-----END DSA PRIVATE KEY-----
+