init pre-prototype

Makefile

@@ -0,0 +1,16 @@
+SBINDIR ?= /usr/sbin
+UNITDIR ?= /lib/systemd/system
+
+install:
+	mkdir -p --mode=0755 $(DESTDIR)$(SBINDIR)
+	install -m0755 doskast-sshd-keygen.sh $(DESTDIR)$(SBINDIR)/doskast-sshd-keygen
+	mkdir -p --mode=0755 $(DESTDIR)/etc/doskast
+	mkdir -p --mode=0700 $(DESTDIR)/etc/doskast/ssh
+	mkdir -p --mode=0755  $(DESTDIR)$(UNITDIR)
+	install -m0644 doskast-sshd.service $(DESTDIR)$(UNITDIR)
+	install -m0644 doskast-sshd-keygen.service $(DESTDIR)$(UNITDIR)
+	# nothing secret here, no need in 0600
+	install -m0644 doskast-sshd.conf $(DESTDIR)/etc/doskast/doskast-sshd.conf
+
+rpm:
+	rpmbuild --define "_sourcedir $$PWD" -bb doskast.spec

doskast-sshd-keygen.service

@@ -0,0 +1,11 @@
+[Unit]
+Description=OpenSSH Server Key Generation
+ConditionPathExists=|!/etc/doskast/ssh/ssh_host_rsa_key
+ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ecdsa_key
+ConditionPathExists=|!/etc/doskast/ssh/ssh_host_ed25519_key
+PartOf=doskast-sshd.service
+
+[Service]
+ExecStart=/usr/sbin/doskast-sshd-keygen
+Type=oneshot
+RemainAfterExit=yes

doskast-sshd-keygen.sh

@@ -0,0 +1,125 @@
+#!/bin/bash
+
+# Create the host keys for the OpenSSH server.
+#
+# The creation is controlled by the $AUTOCREATE_SERVER_KEYS environment
+# variable.
+
+# OpenSSH 7.0 depreceated DSA keys. We don't create DSA be default, but you can add 'DSA' to the list bellow.
+AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519"
+FAIL='0'
+
+# Some functions to make the below more readable
+KEYGEN=/usr/bin/ssh-keygen
+DIR=/etc/doskast/ssh
+RSA_KEY="$DIR"/ssh_host_rsa_key
+DSA_KEY="$DIR"/ssh_host_dsa_key
+ECDSA_KEY="$DIR"/ssh_host_ecdsa_key
+ED25519_KEY="$DIR"/ssh_host_ed25519_key
+
+do_rsa_keygen() {
+	if [ ! -s $RSA_KEY ]; then
+		echo -n $"Generating SSH2 RSA host key: "
+		rm -f $RSA_KEY
+		# XXX use umask 077 here!
+		if test ! -f $RSA_KEY && $KEYGEN -q -t rsa -f $RSA_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $RSA_KEY
+			chmod 644 $RSA_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $RSA_KEY{,.pub}
+			fi
+			echo "RSA key $RSA_KEY generated."
+			return 0
+		else
+			echo "Failed to generate RSA key $RSA_KEY!"
+			FAIL='1'
+			return 1
+		fi
+	fi
+}
+
+do_dsa_keygen() {
+	if [ ! -s $DSA_KEY ]; then
+		echo -n $"Generating SSH2 DSA host key: "
+		rm -f $DSA_KEY
+		if test ! -f $DSA_KEY && $KEYGEN -q -t dsa -f $DSA_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $DSA_KEY
+			chmod 644 $DSA_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $DSA_KEY{,.pub}
+			fi
+			echo "DSA key $DSA_KEY generated."
+			return 0
+		else
+			echo "Failed to generate DSA key $DSA_KEY!"
+			FAIL='1'
+			return 1
+		fi
+	fi
+}
+
+do_ecdsa_keygen() {
+	if [ ! -s $ECDSA_KEY ]; then
+		echo -n $"Generating SSH2 ECDSA host key: "
+		rm -f $ECDSA_KEY
+		if test ! -f $ECDSA_KEY && $KEYGEN -q -t ecdsa -f $ECDSA_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $ECDSA_KEY
+			chmod 644 $ECDSA_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $ECDSA_KEY{,.pub}
+			fi
+			echo "ECDSA key $ECDSA_KEY generated."
+			return 0
+		else
+			echo "Failed to generate ECDSA key $ECDSA_KEY!"
+			FAIL='1'
+			return 1
+		fi
+	fi
+}
+
+do_ed25519_keygen() {
+	if [ ! -s $ED25519_KEY ]; then
+		echo -n $"Generating SSH2 ED25519 host key: "
+		rm -f "$ED25519_KEY"
+		if test ! -f $ED25519_KEY && $KEYGEN -q -t ed25519 -f $ED25519_KEY -C '' -N '' >&/dev/null; then
+			chmod 600 $ED25519_KEY
+			chmod 644 $ED25519_KEY.pub
+			if [ -x /sbin/restorecon ]; then
+			    /sbin/restorecon $ED25519_KEY{,.pub}
+			fi
+			echo "ED25519 key $ED25519_KEY generated."
+			return 0
+		else
+			echo "Failed to generate ED25519 key $ED25519_KEY!"
+			FAIL='1'
+			return 1
+		fi
+	fi
+}
+
+if [ "x${AUTOCREATE_SERVER_KEYS}" == "xNO" ]; then
+	exit 0
+fi
+
+# legacy options
+case $AUTOCREATE_SERVER_KEYS in
+	NODSA) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
+	RSAONLY) AUTOCREATE_SERVER_KEYS="RSA";;
+	YES) AUTOCREATE_SERVER_KEYS="RSA ECDSA ED25519";;
+esac
+
+for KEY in $AUTOCREATE_SERVER_KEYS; do
+	case "$KEY" in
+		DSA) do_dsa_keygen;;
+		RSA) do_rsa_keygen;;
+		ECDSA) do_ecdsa_keygen;;
+		ED25519) do_ed25519_keygen;;
+	esac
+done
+
+# not zero return code if any error has ever occured to make systemd service sshd-keygen.service failed in case of any errors
+if [ "$FAIL" = '1' ]
+	then exit 1
+	else exit 0
+fi

doskast-sshd.conf

@@ -0,0 +1,22 @@
+Port 6260
+
+HostKey /etc/doskast/ssh/ssh_host_rsa_key
+HostKey /etc/doskast/ssh/ssh_host_ecdsa_key
+HostKey /etc/doskast/ssh/ssh_host_ed25519_key
+
+PermitRootLogin no
+PubkeyAuthentication yes
+# keeping this default for compatibility with ssh-copy-id
+AuthorizedKeysFile	.ssh/authorized_keys
+PasswordAuthentication no
+KerberosAuthentication no
+GSSAPIAuthentication no
+# XXX Is PAM needed?
+UsePAM no
+AllowUsers doscast
+
+AllowAgentForwarding no
+AllowTcpForwarding no
+GatewayPorts no
+X11Forwarding no
+PidFile /run/doskast-sshd.pid

doskast-sshd.service

@@ -0,0 +1,14 @@
+[Unit]
+Description=Doskast OpenSSH server
+After=network.target doskast-sshd-keygen.service
+Wants=doskast-sshd-keygen.service
+
+[Service]
+ExecStart=/usr/sbin/sshd -D -f /etc/doskast/doskast-sshd.conf
+ExecReload=/bin/kill -HUP $MAINPID
+KillMode=process
+Restart=on-failure
+RestartSec=42s
+
+[Install]
+WantedBy=multi-user.target

doskast.spec

@@ -0,0 +1,32 @@
+Summary: Cast screen
+Name: doskast
+License: GPL-3.0
+Group: Graphical desktop/Other
+Url: https://osmesh.ru
+Version: 0.1
+Release: 1
+Source1: doskast-sshd.conf
+Source2: doskast-sshd.service
+Source3: doskast-sshd-keygen.service
+Source4: doskast-sshd-keygen.sh
+Source5: Makefile
+
+BuildRequires: make
+
+%description
+%summary
+
+%prep
+%build
+%install
+cp %sources .
+%makeinstall_std
+
+%files
+%_unitdir/doskast-sshd.service
+%_unitdir/doskast-sshd-keygen.service
+%_sbindir/doskast-sshd-keygen
+%dir /etc/doskast
+%dir /etc/doskast/ssh
+# not "noreplace"
+%config /etc/doskast/doskast-sshd.conf