This is the mail archive of the cygwin mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: csih: Unattended installations are not possible


Hi again,

Chuck and Corinna, can you please take a look at this?

On Fri, Mar 20, 2009 at 20:12, Julio Emanuel  wrote:
[snip]
>
> Chuck, if this is the old 'time compression' problem :) I could try to
> help and see if I send a patch to your evaluation.
> I just don't want to take something in hands that someone else has
> already started to work on, or simply does not agree with my view.
>
> Standing by...
>

Timeout! :)
Now, contradicting myself... there you have: a -f (force) option to
the csih_select_privileged_username function!
This way nothing breaks regarding current clients of csih.
And it only takes a minor change in new/upgraded clients to make use of this.

Here is the patch to csih:

~/cygsetup/addons/usr/bin $ cygcheck -c csih
Cygwin Package Information
Package              Version        Status
csih                 0.1.8-1        OK

~/cygsetup/addons/usr/share/csih $ diff -u
/usr/src/csih-0.1.8-1/origsrc/csih-0.1.8/cygwin-service-installation-helper.sh
cygwin-service-installation-helper.sh
========= [Cut here] ===================
--- /usr/src/csih-0.1.8-1/origsrc/csih-0.1.8/cygwin-service-installation-helper.sh
     2008-08-20 19:35:38.000000000 +0100
+++ cygwin-service-installation-helper.sh       2009-03-24
14:47:39.346570600 +0000
@@ -2071,7 +2071,7 @@


 # ======================================================================
-# Routine: csih_select_privileged_username [-q] [service_name]
+# Routine: csih_select_privileged_username [-q] [-f] [service_name]
 #   On NT and above, get the desired privileged account name.
 #
 #   If the optional argument '-q' is specified, then this function will
@@ -2079,6 +2079,10 @@
 #      scripts that need information ABOUT a service, but do not
 #      themselves install the service.
 #
+#   If the optional argument '-f' is specified, then no confirmation
+#      questions will be asked about the selected username. This is
+#      useful mainly in unattended installations.
+#
 #   If the optional [service_name] argument is present, then that value
 #      may be used in some of the messages. Also, this function will
 #      then check to see if [service_name] is already installed. If so,
@@ -2087,6 +2091,7 @@
 #      etc)
 #
 # Usually [service_name] and [-q] should be specified together.
+#    [-f] can be set regardless of others options.
 #
 # SETS GLOBAL VARIABLE:
 #   csih_PRIVILEGED_USERNAME
@@ -2116,6 +2121,7 @@
   $_csih_trace
   local username
   local opt_query=0
+  local opt_force=0
   local opt_servicename=""
   local options

@@ -2123,9 +2129,10 @@

   # always parse "command line"
   OPTIND=0
-  while getopts ":q" options; do
+  while getopts ":qf" options; do
     case $options in
       q  ) opt_query=1 ;;
+      f  ) opt_force=1 ;;
       \? ) csih_warning "${FUNCNAME[0]} ignoring invalid option: $OPTARG" ;;
       \: ) csih_warning "${FUNCNAME[0]} ignoring option missing
required argument: $OPTARG" ;;
     esac
@@ -2264,27 +2271,23 @@
       echo ""
       csih_inform "This script plans to use '${username}'."
       csih_inform "'${username}' will only be used by registered services."
-      if csih_request "Do you want to use a different name?"
+      if [ $opt_force -eq 0 ]
       then
-        csih_get_value "Enter the new user name:"
-        username="${csih_value}"
-      fi
-    else
-      if [ -z "${opt_servicename}" ]
-      then
-        csih_inform "This script will assume that the service will
run under the"
-        csih_inform "'${username}' account."
-        if csih_request "Will the service run under a different account?"
+        if csih_request "Do you want to use a different name?"
         then
-          csih_get_value "Enter the user name used by the service:"
+          csih_get_value "Enter the new user name:"
           username="${csih_value}"
         fi
-      else
-        csih_inform "This script will assume that ${opt_servicename}
will run under the"
-        csih_inform "'${username}' account."
-        if csih_request "Will ${opt_servicename} run under a
different account?"
+      fi
+    else
+      theservice=${opt_servicename:-the service}
+      csih_inform "This script will assume that ${theservice} will
run under the"
+      csih_inform "'${username}' account."
+      if [ $opt_force -eq 0 ]
+      then
+        if csih_request "Will ${theservice} run under a different account?"
         then
-          csih_get_value "Enter the user name used by ${opt_servicename}:"
+          csih_get_value "Enter the user name used by ${theservice}:"
           username="${csih_value}"
         fi
       fi
@@ -2332,6 +2335,12 @@
 #   create a new privileged user.
 #   $1 (optional) will be used as the password if non-empty
 #
+#   NOTE: For using special behaviours triggered by optional parameters
+#   to the csih_select_privileged_username function, you should first
+#   call that function with all required parameters, and then call this
+#   function. The selected username will already be stored in
+#   $csih_PRIVILEGED_USERNAME.
+#
 #   Exits on catastrophic error (or if user enters empty password)
 #   Returns 0 on total success
 #   Returns 1 on partial success (created user, but could not add
========= [Cut here] ===================

And as and example of client usage, my patch to ssh-host-config to
make it really unattended (also has a minor typo correction):

~/cygsetup/addons/usr/bin $ cygcheck -c openssh
Cygwin Package Information
Package              Version        Status
openssh              5.2p1-1        OK

~/cygsetup/addons/usr/bin $ diff -u
/usr/src/openssh-5.2p1-1/contrib/cygwin/ssh-host-config
ssh-host-config
========= [Cut here] ===================
--- /usr/src/openssh-5.2p1-1/contrib/cygwin/ssh-host-config
2009-01-29 20:40:30.001000000 +0000
+++ ssh-host-config     2009-03-24 15:09:30.000000000 +0000
@@ -287,6 +287,9 @@
          csih_inform "sshd requires.  You need to have or to create a
privileged"
          csih_inform "account.  This script will help you do so."
          echo
+
+         # Try to discover a privileged user, if possible the one
already used by sshd
+         csih_select_privileged_username ${with_force} sshd
          if ! csih_create_privileged_user "${password_value}"
          then
            csih_error_recoverable "There was a serious problem
creating a privileged user."
@@ -432,6 +435,10 @@
     csih_FORCE_PRIVILEGED_USER=yes
     ;;

+  -f | --force )
+    with_force=-f
+    ;;
+
   *)
     echo "usage: ${progname} [OPTION]..."
     echo
@@ -441,6 +448,7 @@
     echo "  --debug  -d            Enable shell's debug output."
     echo "  --yes    -y            Answer all questions with \"yes\"
automatically."
     echo "  --no     -n            Answer all questions with \"no\"
automatically."
+    echo "  --force  -f            Don't ask confirmation for sshd
account name."
     echo "  --cygwin -c <options>  Use \"options\" as value for
CYGWIN environment var."
     echo "  --port   -p <n>        sshd listens on port n."
     echo "  --pwd    -w <passwd>   Use \"pwd\" as password for
privileged user."
@@ -489,7 +497,7 @@
 fi

 # Create /var/empty file used as chroot jail for privilege separation
-csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create log directory."
+csih_make_dir "${LOCALSTATEDIR}/empty" "Cannot create chroot jail
base directory."
 chmod 755 "${LOCALSTATEDIR}/empty"
 setfacl -m u:system:rwx "${LOCALSTATEDIR}/empty"
========= [Cut here] ===================

With those patches, you can configure ssh in a snap:
ssh-host-config --yes --force --privileged --pwd "$PASS" --cygwin ''
ssh-user-config --yes --privileged --passphrase "$MYPHRASE"

Hope you can make something useful from these patches, because I think
this helps cygwin getting more 'smooth' in configuration activities.

Have fun!
___________
Julio Costa

George Burns  - "Don't stay in bed, unless you can make money in bed."

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]