ud-replicate, ud-generate: Instead of one big ssh-rsa-shadow file ud-generate

now produces per-user authorized_keys files and tars them up.  On the receiving
end ud-replicate takes the tar and syncs it to userkeys/.  The goal here is to
no longer require a patched sshd.  Setting AuthorizedKeysFile2 to
/var/lib/misc/userkeys/%u is sufficient.  For homedir creation we can use
pam_mkhomedir. [mhy, sgran]

diff --cc debian/changelog
index 3c46d61,ffc9300..e1ec284
--- 1/debian/changelog
--- 2/debian/changelog
+++ b/debian/changelog
@@@ -1,17 -1,18 +1,24 @@@
 -userdir-ldap (0.3.23+common1) unstable; urgency=low
 -
 -  [ Andreas Barth ]
 -  * Add compatibility to dchroot-dsa to ud-replicate.
 -  * Add (disabled) generation of authorized_keys suiteable for sshdist.
 -  * Add performance optimization by caching IP adresses in ud-generate
 -    (as a precondition for automatically adding aliases)
 -
 -  [ Stephen Gran ]
 -  * ud-replicate: handle individual ssh keys
 -
 -  [ Mark Hymers ]
 -  * ud-generate: handle individual ssh keys
 -
 - -- Mark Hymers <mhy@debian.org>  Wed, 14 May 2008 22:09:22 +0100
 +userdir-ldap (0.3.XX) Xnstable; urgency=low
 +
 +  * ud-mailgate: better regex for ssh1 keys, which we reject. [joerg, weasel]
 +  * ud-replicate: Also support the imposter dchroot-dsa from the debian
 +    archive. [aba, weasel]
 +  * ud-generate: Add support for generation of authorized_keys file on
 +    the db host for the sshdist user.  This is now possible since
 +    ud-replicate clients use their ssh host key to authenticate to the
 +    db server.  The code now supports this but the feature is still
 +    disabled. [aba]
 +  * ud-generate: Add performance optimization by resolving IP adresses
 +    for hosts only once and caching the result. [aba]
- 
-  -- Peter Palfrader <weasel@debian.org>  Sat, 17 May 2008 11:29:41 +0200
++  * ud-replicate, ud-generate: Instead of one big ssh-rsa-shadow file
++    ud-generate now produces per-user authorized_keys files and tars
++    them up.  On the receiving end ud-replicate takes the tar and
++    syncs it to userkeys/.  The goal here is to no longer require
++    a patched sshd.  Setting AuthorizedKeysFile2 to
++    /var/lib/misc/userkeys/%u is sufficient.  For homedir creation
++    we can use pam_mkhomedir. [mhy, sgran]
++
++ -- Peter Palfrader <weasel@debian.org>  Sat, 17 May 2008 11:34:20 +0200
  
  userdir-ldap (0.3.23) unstable; urgency=low
  

diff --cc ud-replicate
index b745119,d1c0b24..f148bf6
--- 1/ud-replicate
--- 2/ud-replicate
+++ b/ud-replicate
@@@ -4,6 -4,7 +4,7 @@@
  #   Copyright (c) 2002-2003,2006  Ryan Murray <rmurray@debian.org>
  #   Copyright (c) 2004-2005  Joey Schulze <joey@infodrom.org>
  #   Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
 -#   Copyright (©) 2008 Stephen Gran <sgran@debian.org>
++#   Copyright (c) 2008 Stephen Gran <sgran@debian.org>
  #
  #   This program is free software; you can redistribute it and/or modify
  #   it under the terms of the GNU General Public License as published by
@@@ -68,11 -77,22 +77,22 @@@ don
  ln -sf `pwd -P`/ssh-rsa-shadow /etc/ssh
  ln -sf `pwd -P`/ssh_known_hosts /etc/ssh
  
+ if [ -e ${HOST}/ssh-keys.tar.gz ]; then
+   export TMPDIR='/tmp/' 
+   tempdir=$(mktemp -d)
+   old=$(pwd -P)
+   cd $tempdir && tar -xf ${old}/${HOST}/ssh-keys.tar.gz
+   cd $old
+   mkdir userkeys 2> /dev/null || true
+   chmod 755 $tempdir
+   rsync -a --delete-after $tempdir/ userkeys/
+ fi
+ 
 +CHROOTS=""
  if [ -x /usr/bin/dchroot ]; then
        CHROOTS=`dchroot --listpaths`
 -fi
 -if [ -x /usr/bin/dchroot-dsa ]; then
 -        CHROOTS=$(dchroot-dsa -i | grep Location | awk '{print $2}')
 +elif [ -x /usr/bin/dchroot-dsa ]; then
 +      CHROOTS=$(dchroot-dsa -i | grep Location | awk '{print $2}')
  fi
  if [ -n "$CHROOTS" ]; then
        for c in $CHROOTS; do