From 472060d9b1c119d4327e28f6a784971743d5b8e1 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Tue, 29 Jan 2019 19:27:28 +0100
Subject: Adding ssh_known_hosts handling.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 debian/control                 |  1 +
 debian/progress-linux.postinst | 42 ++++++++++++++++++++++++++++++++++++------
 2 files changed, 37 insertions(+), 6 deletions(-)

diff --git a/debian/control b/debian/control
index 7e55705..bcfd8d3 100644
--- a/debian/control
+++ b/debian/control
@@ -19,6 +19,7 @@ Depends:
  apt-transport-https,
  ca-certificates,
  progress-linux-pgp-keys,
+ progress-linux-ssh-keys,
  ${misc:Depends},
 Description: Progress Linux Setup
  Progress Linux is a Debian derivative distribution focused on system
diff --git a/debian/progress-linux.postinst b/debian/progress-linux.postinst
index a6e613b..59e68c9 100755
--- a/debian/progress-linux.postinst
+++ b/debian/progress-linux.postinst
@@ -2,7 +2,7 @@
 
 set -e
 
-Install ()
+Install_apt ()
 {
 	# apt sources
 	echo "Installing /etc/apt/sources.list.d/progress-linux.list ..."
@@ -28,7 +28,7 @@ EOF
 	done
 }
 
-Remove ()
+Remove_apt ()
 {
 	# apt sources
 	echo "Removing /etc/apt/sources.list.d/progress-linux.list ..."
@@ -43,7 +43,7 @@ Remove ()
 	rm -f /etc/apt/trusted.gpg.d/progress-linux.gpg
 }
 
-Configure ()
+Configure_apt ()
 {
 	ARCHIVE="${1}"
 
@@ -71,6 +71,34 @@ Pin-Priority: 999
 EOF
 }
 
+Configure_ssh ()
+{
+	KEY="$(cat /usr/share/progress-linux/ssh-keys/ssh.progress-linux.org.pub)"
+
+	echo "Installing /etc/ssh/ssh_known_hosts ..."
+
+	if [ ! -e "/etc/ssh/ssh_known_hosts" ]
+	then
+		# ssh cert-authority
+		mkdir -p /etc/ssh
+
+cat > "/etc/ssh/ssh_known_hosts" << EOF
+# /etc/ssh/ssh_known_hosts
+
+@cert-authority *.progress-linux.org ${KEY}
+EOF
+
+	else
+		grep -v '^@cert-authority \*.progress-linux.org' /etc/ssh/ssh_known_hosts > /etc/ssh/ssh_known_hosts.tmp
+
+cat >> "/etc/ssh/ssh_known_hosts.tmp" << EOF
+@cert-authority *.progress-linux.org ${KEY}
+EOF
+
+		mv -f /etc/ssh/ssh_known_hosts.tmp /etc/ssh/ssh_known_hosts
+	fi
+}
+
 case "${1}" in
 	configure)
 		. /usr/share/debconf/confmodule
@@ -85,9 +113,9 @@ case "${1}" in
 
 		if [ -n "${ARCHIVES}" ]
 		then
-			Install
+			Install_apt
 		else
-			Remove
+			Remove_apt
 		fi
 
 		ARCHIVES="$(echo ${ARCHIVES} | sed -e 's|, | |g')"
@@ -95,8 +123,10 @@ case "${1}" in
 
 		for ARCHIVE in ${ARCHIVES}
 		do
-			Configure ${ARCHIVE}
+			Configure_apt ${ARCHIVE}
 		done
+
+		Configure_ssh
 		;;
 
 	abort-upgrade|abort-remove|abort-deconfigure)
-- 
cgit v1.2.3