Merge sshkeys branch from Stephen and Mark

diff --git a/debian/changelog b/debian/changelog
index bcf0142..ffc9300 100644 (file)
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,11 @@
 userdir-ldap (0.3.23+common1) unstable; urgency=low
 
+  [ Andreas Barth ]
+  * Add compatibility to dchroot-dsa to ud-replicate.
+  * Add (disabled) generation of authorized_keys suiteable for sshdist.
+  * Add performance optimization by caching IP adresses in ud-generate
+    (as a precondition for automatically adding aliases)
+
   [ Stephen Gran ]
   * ud-replicate: handle individual ssh keys
 

diff --git a/ud-generate b/ud-generate
index 8a4588c..b48cdc3 100755 (executable)
--- a/ud-generate
+++ b/ud-generate
@@ -7,6 +7,7 @@
 #   Copyright (c) 2004-2005,7  Joey Schulze <joey@infodrom.org>
 #   Copyright (c) 2001-2007  Ryan Murray <rmurray@debian.org>
 #   Copyright (c) 2008 Peter Palfrader <peter@palfrader.org>
+#   Copyright (c) 2008 Andreas Barth <aba@not.so.argh.org>
 #   Copyright (c) 2008 Mark Hymers <mhy@debian.org>
 #
 #   This program is free software; you can redistribute it and/or modify
@@ -767,8 +768,26 @@ def GenBSMTP(l,File,HomePrefix):
    raise;
   Done(File,F,None);
 
+# cache IP adresses
+HostToIPCache = {}
+def HostToIP(Host):
+    global HostToIPCache
+    if not Host in HostToIPCache:
+        IPAdressesT = None
+        try:
+            IPAdressesT = list(set([ (a[0],a[4][0]) for a in socket.getaddrinfo(Host, None)]))
+        except socket.gaierror, (code):
+            if code[0] != -2: raise
+        IPAdresses = []
+        for addr in IPAdressesT:
+            if addr[0] == socket.AF_INET: IPAdresses += [addr[1], "::ffff:"+addr[1]]
+            else: IPAdresses += [addr[1]]
+        HostToIPCache[Host] = IPAdresses
+    return HostToIPCache[Host]
+
+
 # Generate the ssh known hosts file
-def GenSSHKnown(l,File):
+def GenSSHKnown(l,File,mode=None):
   F = None;
   try:
    OldMask = os.umask(0022);
@@ -788,19 +807,12 @@ def GenSSHKnown(l,File):
       SHost = Host.find(".")
       if SHost != None: HostNames += [Host[0:SHost]]
 
-      IPAdressesT = None
-      IPAdresses = []
-      # get IP adresses back as "proto adress" to distinguish between v4 and v6
-      try:
-         IPAdressesT = set([ (a[0],a[4][0]) for a in socket.getaddrinfo(Host, None)])
-      except:
-         if code[0] != -2: raise
-      for addr in IPAdressesT:
-         if addr[0] == socket.AF_INET: IPAdresses += [addr[1], "::ffff:"+addr[1]]
-        else: IPAdresses += [addr[1]]
-
       for I in x[1]["sshRSAHostKey"]:
-         Line = "%s %s" %(",".join(HostNames + IPAdresses), I);
+         if mode and mode == 'authorized_keys':
+            #Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,from="%s" %s' % (Host, ",".join(HNames + HostToIP(Host)), I)
+            Line = 'command="rsync --server --sender -pr . /var/cache/userdir-ldap/hosts/%s",no-port-forwarding,no-X11-forwarding,no-agent-forwarding %s' % (Host,I)
+         else:
+            Line = "%s %s" %(",".join(HostNames + HostToIP(Host)), I);
          Line = Sanitize(Line) + "\n";
          F.write(Line);
   # Oops, something unspeakable happened.
@@ -889,6 +901,7 @@ GenMarkers(l,GlobalDir+"markers");
 GenPrivate(l,GlobalDir+"debian-private");
 GenDisabledAccounts(l,GlobalDir+"disabled-accounts");
 GenSSHKnown(l,GlobalDir+"ssh_known_hosts");
+#GenSSHKnown(l,GlobalDir+"authorized_keys", 'authorized_keys');
 GenHosts(l,GlobalDir+"debianhosts");
 GenMailDisable(l,GlobalDir+"mail-disable");
 GenMailBool(l,GlobalDir+"mail-greylist","mailGreylisting");

diff --git a/ud-replicate b/ud-replicate
index 8bbef7c..d1c0b24 100755 (executable)
--- a/ud-replicate
+++ b/ud-replicate
@@ -90,6 +90,11 @@ fi
 
 if [ -x /usr/bin/dchroot ]; then
        CHROOTS=`dchroot --listpaths`
+fi
+if [ -x /usr/bin/dchroot-dsa ]; then
+        CHROOTS=$(dchroot-dsa -i | grep Location | awk '{print $2}')
+fi
+if [ -n "$CHROOTS" ]; then
        for c in $CHROOTS; do
                if [ -x "$c/usr/bin/makedb" ]
                then