summaryrefslogtreecommitdiff
path: root/README.md
blob: 824e74d832d5539be2257b6fd8872e7ab4c63847 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
This repository contains tools for working with hackers.git
information.

The most important 4 programs are:

 - `meta-check`: sanity-check hackers.git data
 - `ssh-list-authorized-keys`: configure sshd to use this for
   AuthorizedKeysCommand to have it get SSH keys directly from
   hackers.git
 - `postfix-generate-virtual-map`: generate a virtual map
   for Postfix that provides email aliases for users in hackers.git
 - `pacman-make-keyring` generate a tarball with the pacman-keyring
   files for the users in hackers.git

The others are:

 - `meta-normalize-stdio`: used by `meta-check`
 - `meta-cat`: used by `nshd`
 - `pgp-list-keyids`: used by `pacman-make-keyring`
 - `uid-map`: used by `pacman-make-keyring`

Each of the programs looks for `parabola-hackers.yml` in he current
directory (except for `meta-normalize-stdio`, which has no
configuration).

# Configuration

The main two things programs at are `yamldir` which tells them where
to find `hackers.git/users`, and `groupgroups` which augments the
`groups` array for each user.

## pacman-make-keyring

`pacman-make-keyring` also looks at `keyring_cachedir` to see where to
store files that can be cached between versions of the keyring.

## ssh-list-authorized-keys

`ssh-list-authorized-keys` also looks at `ssh_pseudo_users`.
System users (`/etc/passwd`) mentioned in this variable may be SSH'ed
into by hackers.git users who are in a group of the same name.

## nshd (TODO)

`nshd` also looks at `pam_password_prohibit_message` to decide what to
say when prohibiting a user from being changed via PAM.

# Usage

## meta-check

Just run it, it will report any problems with hackers.git data.

## ssh-list-authorized-keys

Configure `sshd_config:AuthorizedKeysCommand` to be this program.
`sshd` will run it as `ssh-list-authorized-keys ${USERNAME}`

## postfix-generate-virtual-map

    postfix-show-virtual-map > /etc/postfix/virtual-parabola.nu
    postmap hash:/etc/postfix/virtual-parabola.nu

## pacman-make-keyring

    pacman-make-keyring V=$(date -u +%Y%m%d)
	scp parabola-keyring-$(date -u +%Y%m%d).tar.gz repo.parabola.nu:/srv/repo/main/other/parabola-keyring/

or

    cd $(. "$(librelib conf)" && load_files makepkg && echo "$SRCDEST")
	pacman-make-keyring V=$(date -u +%Y%m%d)

In the latter case, it would get uploaded automagically by
`librerelease` when you release a parabola-keyring with the matching
version.