Re: icecast2 config/postinst
On Mon, Apr 18, 2011 at 8:55 PM, Robin Gareus wrote: > What do you mean with "refresh"? I've miss'd your last reply to Jonas regarding how passwords are handled, then never mind and thanks again. -- Alessio Treglia | www.alessiotreglia.com Debian Developer | ales...@debian.org Ubuntu Core Developer | quadris...@ubuntu.com 0FEC 59A5 E18E E04F 6D40 593B 45D4 8C7C DCFC 3FD0 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: icecast2 config/postinst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Hi Alessio, On 04/18/2011 08:50 PM, Alessio Treglia wrote: > I've already pushed your patch Wow, that's faster than fast :) > could you refresh it by yourself? What do you mean with "refresh"? > Thanks for the great work, man ;) Thanks for the flowers. Cheers! robin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2siTYACgkQeVUk8U+VK0Ik+QCghYa2q+XMJEoI/lkB3aRfxtNo rQcAn07mRMw7P/fQn3T7jyYbZWLOJdMG =iDIr -END PGP SIGNATURE- ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: icecast2 config/postinst
Robin, I've already pushed your patch, could you refresh it by yourself? Thanks for the great work, man ;) -- Alessio Treglia | www.alessiotreglia.com Debian Developer | ales...@debian.org Ubuntu Core Developer | quadris...@ubuntu.com 0FEC 59A5 E18E E04F 6D40 593B 45D4 8C7C DCFC 3FD0 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: icecast2 config/postinst
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 04/18/2011 07:53 PM, Jonas Smedegaard wrote: > Hi Robin, > > On 11-04-18 at 07:29pm, Robin Gareus wrote: >> I've added config-templates and postinst configuration (passwords, >> hostname, enable-service) to icecast2. > > Nice! > > >> Attached patch applies to revision baf67ba (currently HEAD) on >> http://git.debian.org/?p=pkg-multimedia/icecast2.git >> >> What would be needed to get this into the official icecast2 debian >> package? > > Please open a bugreport against the package and include the patch there. done. http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=623256 I inadvertently attached the patch twice (`reportbug` did not list the attachments; so I thought it missing.. sorry). > Also, it seems to me from briefly reading it, that you (briefly) expose > passwords to all local users by printing it as part of an ed command. AFAICT it does not. It's cat << _EOF_ | ed ... So the password is piped to ed and not visible to other process. > That is (if correctly read) a security flaw and should be avoided. > > One way to avoid it is to export the passwords as environment variables > and then run a short perl script which uses those same variables. > > Like this (from a CipUX routine): > > export pw="bla" > > perl -i -pe "s/[ \t]*#([ \t]*password[ \t]*=).*/\$1\$ENV{'pw'}/" file > > > But please, instead of discussing further here, file a bugreport and > let's continue the discussion there :-) sure. It's also not-using-po-debconf for internationalization, yet. Anyway, one step at a time. Cheers! robin -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.10 (GNU/Linux) iEYEARECAAYFAk2shiUACgkQeVUk8U+VK0Ko3QCgiMrJbgnY4Go9BO3JafeTF6vQ LDUAoJ5kOTymrxrjOLSz/lSLBNnEyJI/ =9PO7 -END PGP SIGNATURE- ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
Re: icecast2 config/postinst
Hi Robin, On 11-04-18 at 07:29pm, Robin Gareus wrote: > I've added config-templates and postinst configuration (passwords, > hostname, enable-service) to icecast2. Nice! > Attached patch applies to revision baf67ba (currently HEAD) on > http://git.debian.org/?p=pkg-multimedia/icecast2.git > > What would be needed to get this into the official icecast2 debian > package? Please open a bugreport against the package and include the patch there. Also, it seems to me from briefly reading it, that you (briefly) expose passwords to all local users by printing it as part of an ed command. That is (if correctly read) a security flaw and should be avoided. One way to avoid it is to export the passwords as environment variables and then run a short perl script which uses those same variables. Like this (from a CipUX routine): export pw="bla" perl -i -pe "s/[ \t]*#([ \t]*password[ \t]*=).*/\$1\$ENV{'pw'}/" file But please, instead of discussing further here, file a bugreport and let's continue the discussion there :-) Regards, - Jonas -- * Jonas Smedegaard - idealist & Internet-arkitekt * Tlf.: +45 40843136 Website: http://dr.jones.dk/ [x] quote me freely [ ] ask before reusing [ ] keep private signature.asc Description: Digital signature ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers
icecast2 config/postinst
Hi Alessio et al, I've added config-templates and postinst configuration (passwords, hostname, enable-service) to icecast2. Attached patch applies to revision baf67ba (currently HEAD) on http://git.debian.org/?p=pkg-multimedia/icecast2.git What would be needed to get this into the official icecast2 debian package? Cheers! robin >From 58b10173268e252f87a7e021d61a0e43ba3d13aa Mon Sep 17 00:00:00 2001 From: Robin Gareus Date: Mon, 18 Apr 2011 19:22:15 +0200 Subject: [PATCH] added configuration template&postinst setup. --- debian/config| 25 + debian/icecast2.postinst | 35 ++- debian/templates | 37 + 3 files changed, 96 insertions(+), 1 deletions(-) create mode 100644 debian/config create mode 100644 debian/templates diff --git a/debian/config b/debian/config new file mode 100644 index 000..742ddf3 --- /dev/null +++ b/debian/config @@ -0,0 +1,25 @@ +#!/bin/bash +# Debconf config script for icecast2 + +set -e + +. /usr/share/debconf/confmodule + +db_input high icecast2/icecast-setup || true +db_go ||true + +db_get icecast2/icecast-setup +if [ "$RET" = "true" ]; then + db_input high icecast2/hostname || true + db_go ||true + db_input high icecast2/sourcepassword || true + db_go ||true + db_input high icecast2/relaypassword|| true + db_go ||true + db_input high icecast2/adminpassword || true + db_go ||true +fi + +#DEBHELPER# + +exit 0 diff --git a/debian/icecast2.postinst b/debian/icecast2.postinst index ca9a341..eb12a54 100644 --- a/debian/icecast2.postinst +++ b/debian/icecast2.postinst @@ -3,8 +3,10 @@ set -e +. /usr/share/debconf/confmodule + case "$1" in -configure) +configure|reconfigure) ;; @@ -34,6 +36,37 @@ id icecast2 >/dev/null 2>&1 || \ adduser --system --quiet --disabled-password --disabled-login \ --home /usr/share/icecast2 --no-create-home --ingroup icecast icecast2 +# set passwords +db_get icecast2/icecast-setup +if test "$RET" = "true"; then + if [ -f /etc/default/icecast2 -a -f /etc/icecast2/icecast.xml ]; then + echo "Configuring icecast2.." >&2 + cat << _EOF_ \ + | ed /etc/default/icecast2 2>/dev/null 1>&2 || true +%s/^.*ENABLE=.*$/ENABLE=true/ +wq +_EOF_ + + db_get icecast2/sourcepassword + ICESOURCE=$RET + db_get icecast2/relaypassword + ICERELAY=$RET + db_get icecast2/adminpassword + ICEADMIN=$RET + db_get icecast2/hostname + ICEHOST=$RET + cat << _EOF_ \ + | ed /etc/icecast2/icecast.xml 2>/dev/null 1>&2 || true +%s/[^<]*<\/source-password>/$ICESOURCE<\/source-password>/ +%s/[^<]*<\/relay-password>/$ICERELAY<\/relay-password>/ +%s/[^<]*<\/admin-password>/$ICEADMIN<\/admin-password>/ +%s/[^<]*<\/hostname>/$ICEHOST<\/hostname>/ +wq +_EOF_ + echo "Done Configuring icecast2.." >&2 + fi +fi + chown -R icecast2: /var/log/icecast2 /etc/icecast2 # Set all file readable by default chmod -R ug=rw,o=r,ugo+X /etc/icecast2 diff --git a/debian/templates b/debian/templates new file mode 100644 index 000..64e00e7 --- /dev/null +++ b/debian/templates @@ -0,0 +1,37 @@ +Template: icecast2/icecast-setup +Type: boolean +Default: false +Description: Setup Icecast2 - Enable Live HTTP Streaming? + This option allows enable icecast2 on this server + and configure passwords for icecast-server. + . + If you have already manually tweaked icecast2 configuration + it may not work as expected. + +Template: icecast2/hostname +Type: string +Default: localhost +Description: Icecast2 Hostname: + Specify a fully qualified domain name. + Icecast2 uses this as prefix to all streams. + +Template: icecast2/sourcepassword +Type: string +Default: hackme +Description: Icecast2 Source Password: + Specify a password to send A/V sources to icecast + +Template: icecast2/relaypassword +Type: string +Default: hackme +Description: Icecast2 Relay Password: + Specify the default password for stream relay access. + +Template: icecast2/adminpassword +Type: string +Default: hackme +Description: Icecast2 Admin Password: + Specify the admin password. + You can access icecast2's admin interface via + http://localhost:8000/ - and both monitor connection as + well as block users. -- 1.7.2.3 ___ pkg-multimedia-maintainers mailing list pkg-multimedia-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/mailman/listinfo/pkg-multimedia-maintainers