#!/usr/bin/env bash # SPDX-License-Identifier: GPL-2.0-only # Created by Tobias Powalowski build () { map add_binary findssl.sh scp sftp ssh-add ssh-agent ssh-copy-id ssh-keygen ssh-keyscan sshd \ exportfs nfsstat rpc.idmapd rpc.mountd rpc.nfsd rpc.statd rpcdebug showmount \ sm-notify start-statd rpcbind rpcinfo rpc.gssd \ nfsdcltrack gssproxy screen tmux rsync map add_file "/etc/screenrc" "/etc/ssh/ssh_config" "/etc/ssh/sshd_config" "/etc/ssh/moduli" \ "/etc/rsyncd.conf" "/etc/exports" "/usr/lib/ssh/sftp-server" "/usr/lib/ssh/ssh-keysign" \ "/usr/lib/ssh/ssh-pkcs11-helper" "/etc/conf.d/rpcbind" \ "/etc/netconfig" add_file "/etc/ssh/sshd_config" # allow root login and empty passwords echo "PermitRootLogin yes" >> "${BUILDROOT}/etc/ssh/sshd_config" echo "PermitEmptyPasswords yes" >> "${BUILDROOT}/etc/ssh/sshd_config" add_full_dir "/usr/lib/libnfsidmap/" map add_dir "/var/empty" "/var/lib/nfs/sm" "/var/lib/nfs/sm.bak" "/var/lib/nfs/v4recovery" \ "/var/lib/nfs/rpc_pipefs" "/var/lib/rpcbind" "/var/log/gssproxy" chmod 700 "${BUILDROOT}/var/lib/rpcbind" chown 32:32 "${BUILDROOT}/var/lib/rpcbind" # mask nfs3 systemd for i in rpcbind.service rpcbind.socket rpcbind.target nfs-server.service; do add_symlink "/etc/systemd/system/${i}" "/dev/null" done map add_full_dir "/etc/gss" "/etc/gssproxy" "/var/lib/gssproxy" add_dir "/var/lib/openldap" chmod 700 "${BUILDROOT}/var/lib/openldap" chown 439:439 "${BUILDROOT}/var/lib/openldap" # start sshd on startup add_symlink "/etc/systemd/system/multi-user.target.wants/sshd.service" "/usr/lib/systemd/system/sshd.service" # fix licenses map add_file "/usr/share/licenses/rpcbind/COPYING" "/usr/share/licenses/nfsidmap/LICENSE" \ "/usr/share/licenses/tmux/LICENSE" } help () { cat<