#!/bin/ksh
#
#  rpkgadd: Remote Package Management for Solaris
#
#  Author: Adam Ronthal
#
#  Copyright (c) 2003, CiRBA Inc.           http://www.cirba.com
#  This software is distributed under the terms of the X11 Public License.
#  Please type 'rpkgadd -l' for license terms.
#
#  Description
#  -----------
#  rpkgadd is a remote pkgadd tool to install Sun packages on remote machines
#  it requires sshd to be running on the target machine and ssh/scp to be 
#  installed on the local machine.
#
#  root or root-equivalent permissions are required on the target machine, 
#  though the password is never sent in the clear.
#
#  rsa or dsa keys are supported for authentication, though empty password 
#  keys are not recommended for the root account.  If empty passwords are 
#  to be used, it is strongly recommended to create a root-equivalent 
#  account (e.g. pkginstall)
#

############################
# Settings and Environment #
############################

export PATH=/usr/bin:/usr/local/bin

# Is this a NIS environment
#
NIS="no"

# Remove keys
#
RMKEYS="yes"

# Remove package source from remote server /var/spool/pkg when installed
#
DELPKG="yes"

# Default is to install packages, not uninstall them
#
RMPKG="no"

# Use DSA keys by default
#
KEYTYPE="dsa"

# Use 'root' as the default remote root if not specified
#
REMOTE_ROOT="root"

#############
# Functions #
#############

rpkgadd -p <package> -t <target_host> -u <root-user> [ -k rsa|dsa ] [ -mSehDl ]
rpkgadd -b <configfile>


f_usage()
{

echo "USAGE:   $0 -p <package> -t <target_host> -u <root-user> \
  [ -k rsa|dsa ] [ -mSehDl ]"
echo "         $0 -b <configfile>"
echo
echo "EXAMPLES: $0 -p SMCwget -t somehost -u pkginstall"
echo "          $0 -b rpkgadd.conf"
echo "          $0 -d -p SMCwget -t somehost -u pkginstall"
echo
echo "Use '$0 -h' for detailed usage instructions"

exit 1

}

f_help()
{
cat<<EOH
---------------------------------------------------------------------------
rpkgadd Detailed Usage
---------------------------------------------------------------------------
The following command options are supported:

-p      Name of the package to install.  Packages must be either
        standard solaris packages or DaTaStReAm packages.  If the
        package is a DaTaStReAm package, it will be converted using
        the pkgtrans utility first.

-t      Target host to install package on.

-u      Remote root account.  If not specified, it defaults to 'root'
        If rpkgadd is installed as part of your package infrastructure,
        we recommend the creation of a dedicated package maintenance 
        account.

-k      SSH key type to use.  If not specified, DSA keys will be used.  
        Valid arguments includ 'rsa' and 'dsa'. (optional)

-m      Maintain packages on remote host.  This option will override the
        default behavior of deleting packages from /var/spool/pkg on the
        target host once the package is installed. (optional)

-S      Save SSH keys on remote host.  This option will 
        override the default behavior of removing the SSH keys from the
        remote host.  This is useful if multiple packages will be installed.
        (optional)

-e      Expunge local copy of the RSA or DSA public keys.
        (optional)

-b      Batch processing mode. Required argument is the location of the
        configuration file which should contain the following colon (:) 
        delimited entries:

        target_host:root_user:pkgrm:remove_keys:remove_package_source: \
          keytype:pkg1:pkg2:...:pkg_n

        For example:

        sunspot:pkginstall:no:yes:yes:dsa:SMCwget:SMCtop

        Lines beginning with a # are comments and will be ignored.

        (optional)

-D      Removes the package from the specified target host. (Executes
        a 'pkgrm').

-h      Displays this help message.

-l      Displays the license agreement.
---------------------------------------------------------------------------
Copyright (c) 2003 CiRBA Inc.                       http://www.cirba.com  
This software is distributed under the terms of the X11 Public License.
EOH
}

f_show_lic()
{
cat<<EOL
COPYRIGHT AND PERMISSION NOTICE

Copyright (c) 2003 CiRBA, Inc.

All rights reserved.

Permission is hereby granted, free of charge, to any person obtaining a copy 
of this software and associated documentation files (the "Software"), to deal 
in the Software without restriction, including without limitation the rights 
to use, copy, modify, merge, publish, distribute, and/or sell copies of the 
Software, and to permit persons to whom the Software is furnished to do so, 
provided that the above copyright notice(s) and this permission notice appear 
in all copies of the Software and that both the above copyright notice(s) and 
this permission notice appear in supporting documentation.

THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR 
IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, 
FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. 
IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS INCLUDED IN THIS NOTICE 
BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL DAMAGES, 
OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, 
WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, 
ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

Except as contained in this notice, the name of a copyright holder shall 
not be used in advertising or otherwise to promote the sale, use or other 
dealings in this Software without prior written authorization of the 
copyright holder.
EOL
}

f_process_pkg()
{

CURPKG=$1
echo "Preparing package for file transfer..."
tar -clf - ./${CURPKG} | gzip > ./${CURPKG}.tar.gz
echo "Transfering package to $TARGET"
scp  -q -i $MYHOME/.ssh/pkgkey ./${CURPKG}.tar.gz $REMOTE_ROOT@$TARGET:/var/spool/pkg

echo "Installing package on $TARGET..."
ssh -i $MYHOME/.ssh/pkgkey -l $REMOTE_ROOT $TARGET "cd /var/spool/pkg && \
  gzcat $CURPKG.tar.gz | tar xf -; rm $CURPKG.tar.gz; pkgadd $CURPKG"

echo "Cleaning up..."
rm $CURPKG.tar.gz

if [ "$DELPKG" = "yes" ]; then
   ssh -i $MYHOME/.ssh/pkgkey -l $REMOTE_ROOT $TARGET "cd /var/spool/pkg \
     && rm -Rf $CURPKG"
fi

}

f_remove_keys()
{
ssh -i $MYHOME/.ssh/pkgkey -l $REMOTE_ROOT $TARGET "ksh -c 'if [ -f \
  ~${REMOTE_ROOT}/.ssh/authorized_keys ]; then cat \
  ~${REMOTE_ROOT}/.ssh/authorized_keys | sed -e /pkgkey\$/d > \
  ~${REMOTE_ROOT}/.ssh/ak.tmp && mv ~${REMOTE_ROOT}/.ssh/ak.tmp  \
  ~${REMOTE_ROOT}/.ssh/authorized_keys;  fi; if [ -f  \
  ~${REMOTE_ROOT}/.ssh/authorized_keys2 ]; then cat  \
  ~${REMOTE_ROOT}/.ssh/authorized_keys2 | sed -e /pkgkey\$/d >  \
  ~${REMOTE_ROOT}/.ssh/ak2.tmp && mv ~${REMOTE_ROOT}/.ssh/ak2.tmp  \
  ~${REMOTE_ROOT}/.ssh/authorized_keys2; fi'"
}

f_add_keys()
{

# Add the public key to the target host's authorized_keys files.  We want 
# to support all versions of SSH, so we populate both the authorized_keys 
# and the authorized_keys2 files.
#
cat $MYHOME/.ssh/pkgkey.pub | ssh -l $REMOTE_ROOT $TARGET "ksh -c 'if \
  [ ! -d ~/.ssh ]; then mkdir -m 0700 ~/.ssh;  fi; cat - \
  >>~/.ssh/authorized_keys2; cp -p \
  ~/.ssh/authorized_keys2 ~/.ssh/authorized_keys; chmod -R 0700 ~/.ssh'"

}

f_main_engine()
{

echo "Target host is $TARGET"

# Check if we're adding or removing a package
#
if [ "$RMPKG" != "yes" ]; then

   # We standardize the package format to the traditional Solaris
   # format.  If the package is in DaTaStReAm format, we convert
   # it using pkgtrans.

   if [ -d $PACKAGE ]; then
      PTYPE=standard
      echo "Package is standard format."
   elif [ -f $PACKAGE ]; then
      DS=`head -1 $PACKAGE | grep "DaTaStReAm"`
      if [ "x$DS" != "x" ]; then
         PTYPE=datastream
         echo "Package is in DaTaStReAm format. Translating."
         TRANSD_PACKS=`pkgtrans -o $PACKAGE . all 2>&1 | grep \
           "Transferring" |  sed -e 's/.*<//g' -e 's/>.*//g'` 
      fi
   else
      echo "Cannot determine format of package."
      exit 1
   fi
   
   #  Since the translation process could result in multiple packages,
   #  we deal with that here by getting the name(s) of the packages from
   #  from the output of pkgtrans above, and looping through them.
   # 
   if [ "x$PTYPE" = "xstandard" ]; then
      f_process_pkg $PACKAGE
   else
      for i in $TRANSD_PACKS; do
         f_process_pkg $i
         rm -Rf $i
      done
   fi

# We're removing a package here.
#
else 
   ssh -i $MYHOME/.ssh/pkgkey -l $REMOTE_ROOT $TARGET "pkgrm ${PACKAGE}"
fi

}

#############
# Main      #
#############

# We need to be called with at least one argument
# 
if [ $# -eq 0 ]; then
   f_usage
   exit 1
fi

# Check the command parameters
#
while getopts p:t:u:k:b:mSehDl args; do
   case $args in
     p)   PACKAGE=$OPTARG
          ;;
     t)   TARGET=$OPTARG
          ;;
     u)   REMOTE_ROOT=$OPTARG
          ;;
     k)   KEYTYPE=$OPTARG
          ;;
     m)   DELPKG="no"
          ;;
     S)   RMKEYS="no"
          ;;
     b)   BATCHCONFIG=$OPTARG
          BATCHMODE="yes"
          ;;
     e)   EXPUNGE="yes"
          ;;
     D)   RMPKG="yes"
          ;;
     h)   HELP="yes"
          ;;
     l)   LIC="yes"
          ;;
     *)   echo "Invalid option."
          f_usage
          ;;
   esac
done

# Respond to special requests
#
if [ "$HELP" = "yes" ]; then
   f_help
   exit 1
fi

if [ "$LIC" = "yes" ]; then
   f_show_lic
   exit 1
fi

# Generate a temporary (if necessary) dsa or rsa key for this session.  
# It will be removed from the target host's authorized keys file 
# automatically at the end of the run if the -r flag is NOT specified
#

# Get the current user and home directory
#
ME=`id | sed -e 's/).*//g' -e 's/.*(//g'`

if [ "$NIS" = "yes" ]; then
   export MYHOME=`ypcat passwd | grep $ME | cut -d: -f6`
else
   export MYHOME=`grep $ME /etc/passwd | cut -d: -f6`
fi

# Handle the creation and/or deletion of SSH keys
#
if [ "$EXPUNGE" = "yes" ]; then
   if [ -f $MYHOME/.ssh/pkgkey.pub ]; then
      rm $MYHOME/.ssh/pkgkey.pub
   fi
   if [ -f $MYHOME/.ssh/pkgkey ]; then
      rm $MYHOME/.ssh/pkgkey
   fi
fi

if [ ! -f $MYHOME/.ssh/pkgkey.pub ]; then
    if [ ! -d $MYHOME/.ssh ]; then
       mkdir -m 0700 $MYHOME/.ssh
    fi
   
   echo "----------------------------------------------------------------"
   echo "Hit return when asked for password.   authorized_keys files will"
   echo "be removed from the target host once packages are added unless  "
   echo "the '-r' is specified on the command line.                      "
   echo "----------------------------------------------------------------"

   ssh-keygen -t $KEYTYPE -C pkgkey -f $MYHOME/.ssh/pkgkey
fi


if [ "$BATCHMODE" = "yes" ]; then

   while read -u3 i; do         # READ FROM FD3 TO AVOID INTERACTIVE 
                                # CONFLICTS WITH pkgadd
      if [ "x`echo $i | egrep '^[^# ]'`" = "x" ]; then
         continue
      fi

      export TARGET=`echo $i | cut -f1 -d:`
      export REMOTE_ROOT=`echo $i | cut -f2 -d:`
      export RMPKG=`echo $i | cut -f3 -d:`
      export RMKEYS=`echo $i | cut -f4 -d:`
      export DELPKG=`echo $i | cut -f5 -d:`
      export KEYTYPE=`echo $i | cut -f6 -d:`
      export PKGS_TO_PROCESS=`echo $i | awk 'BEGIN { FS = ":"} \
        { for ( k = 7; k<= NF; k++ ) print $k }'`

      # Add keys to the target host
      #
      f_add_keys

      for p in $PKGS_TO_PROCESS; do
         export PACKAGE=$p
         f_main_engine   
      done

      # If we are removing the rsa/dsa ssh keys, we do that here.
      #
      if [ $RMKEYS = "yes" ]; then
         f_remove_keys
      fi

   done 3<$BATCHCONFIG

else
   # Add keys to the target host
   #
   f_add_keys

   f_main_engine   

   # If we are removing the rsa/dsa ssh keys, we do that here.
   #
   if [ $RMKEYS = "yes" ]; then
      f_remove_keys
   fi
fi