diff --git a/install.sh b/install.sh index 84a9638..b9e90d7 100755 --- a/install.sh +++ b/install.sh @@ -13,12 +13,61 @@ if [ `id -u` -ne 0 ]; then exit 1 fi +# Ask for user parameters +echo "This installer is meant to install the yubilock service for one user. Please specifiy for wich user you want to install xscreensaver-yubilock" +read -p 'Username: ' username +userid=`id -u "$username" 2>/dev/null` || ( echo "$username is not a user on this system" && exit 1 ) +[ "$userid" -lt 1000 ] && echo "User $username seems to be a systemuser (uid: $userid). Please specify a normal user." && exit 1 + +echo "Allowed yubikey serials can be set in {$install_dir}config.ini. Do you wish to add one or more automaticaly now?" +read -p "Add Yubikey serial? (Y/n) " add_serial +[ -z "$add_serial" ] && add_serial='yes' # if no input, assume yes +case ${add_serial:0:1} in + y|Y|1 ) + add_serial='yes';; + * ) + add_serial='no';; +esac +if [ "$add_serial" = 'yes' ]; then + if ! ykman -v >/dev/null 2>&1 ; then + echo "yubikey-manager doesn't seem to be installed. Do you want to install it? ('no' means you'll have to add your yubikey serial manually later" + read -p "Install yubikey-manager? (Y/n) " install_ykman + [ -z "$install_ykman" ] && install_ykman='yes' # if no input, assume yes + case ${install_ykman:0:1} in + y|Y|1 ) + apt-get install -y yubikey-manager;; + * ) + break 3;; + esac + fi + echo "Please make sure your yubikey(s) are plugged in. Then press any key to continue" + read -n 1 -s -r + serials=`ykman list | sed -e 's#.*:\ \(\)#\1#' | tr '\n' ','` # List all keys, get the serials, and comma separate them + serials="${serials%?}" # Remove trailing comma + echo "The following serial(s) will be added to your config file: $serials" +fi + + + +echo "Do you want the daemon to be started by systemd? (you'll have to start it manually every login session if you choose no)" +read -p "Use Systemd? (Y/n) " use_systemd +[ -z "$use_systemd" ] && use_systemd='yes' # if no input, assume yes +case ${use_systemd:0:1} in + y|Y|1 ) + use_systemd='yes';; + * ) + use_systemd='no';; +esac + + + echo "Create yubilock user" adduser --system --home "$install_dir" --shell "/usr/sbin/nologin" --group --gecos "xscreensaver yubilock daemon" -q 'yubilock' + echo "Making sure python3 and virtualenv are installed" -python3 --version || apt-get install python3 -python3 -m venv -h >/dev/null 2>&1 || apt-get install python3-venv +python3 --version || apt-get install -y python3 +python3 -m venv -h >/dev/null 2>&1 || apt-get install -y python3-venv echo "Create virualenv" @@ -36,6 +85,9 @@ cp "$script_dir/config_example.ini" "$install_dir/config.ini" # Remove first line from config sed -i '1d' "$install_dir/config.ini" +# Add yubikey serials to config +[ -n "$serials" ] && sed -i "s+^yubikey_serial\ =.*+yubikey_serial\ =\ $serials+g" "$install_dir/config.ini" + chown -R yubilock:yubilock "$install_dir" chown root:yubilock "$install_dir" chmod 775 "$install_dir" @@ -51,7 +103,7 @@ sed -i "s+^logfile\ =.*+logfile\ =\ ${logging_dir}daemon.log+g" "$install_dir/co echo "Allow yubilock user access to X host" touch "$install_dir/.Xauthority" chown yubilock:yubilock "$install_dir/.Xauthority" -hexkey=`sudo -u link xauth list | cut -d ' ' -f 5` +hexkey=`sudo -u $username xauth list | cut -d ' ' -f 5` export XAUTHORITY="/opt/yubilock/.Xauthority" echo sudo -u yubilock xauth add \":0\" . "$hexkey" sudo -u yubilock xauth add ":0" . "$hexkey" @@ -63,10 +115,34 @@ chown root:root '/etc/udev/rules.d/91-usbftdi.rules' udevadm control --reload-rules -echo "Enable as systemd service" -cp "$script_dir/debian/yubilock.service" "/etc/systemd/system" -sed -i "s+^ExecStart=.*+ExecStart=${install_dir}venv/bin/python ${install_dir}xscreensaver_yubilock.py+g" '/etc/systemd/system/yubilock.service' -systemctl enable yubilock.service +if [ "$use_systemd" = 'yes' ]; then + echo "Enable as systemd service" + cp "$script_dir/debian/yubilock.service" "/etc/systemd/system" + sed -i "s+^ExecStart=.*+ExecStart=${install_dir}venv/bin/python ${install_dir}xscreensaver_yubilock.py+g" '/etc/systemd/system/yubilock.service' + systemctl enable yubilock.service +else + # Make sure service is not previously installed + systemctl stop yubilock.service >/dev/null 2>&1 + systemctl disable yubilock.service >/dev/null 2>&1 + rm '/etc/systemd/system/yubilock.service' >/dev/null 2>&1 + rm '/usr/lib/systemd/system/yubilock.service' >/dev/null 2>&1 + systemctl daemon-reload + systemctl reset-failed +fi +echo "xscreensaver-yubilock is installed!" + +if [ "$use_systemd" = 'yes' ]; then + echo "Do you wish to start the daemon now? WARNING: If the specified yubikey is not plugged in, your machine will lock. Alternatively, you can start the service using 'sudo systemctl start yubilock.service' or wait for next login." + read -p "Start daemon? (y/N) " start_daemon + [ -z "$start_daemon" ] && start_daemon='no' # if no input, assume no + case ${start_daemon:0:1} in + n|N|0 ) + ;; + * ) + systemctl start yubilock.service;; + esac +fi +exit 0 #(Uninstall script)