Overview

File ec2-instance-connect.spec of Package ec2-instance-connect.16846

#
# spec file for package ec2-instance-connect
#
# Copyright (c) 2020 SUSE LLC
#
# All modifications and additions to the file contributed by third parties
# remain the property of their copyright owners, unless otherwise agreed
# upon. The license for this file, and modifications and additions to the
# file, is the same license as for the pristine package itself (unless the
# license for the pristine package is not an Open Source License, in which
# case the license is the MIT License). An "Open Source License" is a
# license that conforms to the Open Source Definition (Version 1.9)
# published by the Open Source Initiative.

# Please submit bugfixes or comments via https://bugs.opensuse.org/
#

Name:           ec2-instance-connect
Version:        1.1.12
Release:        0
Summary:        EC2 instance scripting and configuration for EC2 Instance Connect
License:        Apache-2.0
Source:         https://github.com/aws/aws-ec2-instance-connect-config/archive/%{version}.tar.gz
Group:          System/Daemons
URL:            https://github.com/aws/aws-ec2-instance-connect-config
Requires:       coreutils
Requires:       curl
Requires:       openssh >= 6.9.0
Requires:       openssl

BuildArch:      noarch

%description
SSH daemon configuration and necessary EC2 instance scripting to enable EC2 Instance Connect.

%prep
%setup -q -n aws-ec2-instance-connect-config-%{version}

%build
# No build required

%install
cd src/bin/
for i in * ; do
	 install -D -m 755 $i %{buildroot}%{_bindir}/$i
done
cd ../..

install -D -m 644 src/rpm_systemd/ec2-instance-connect.service %{buildroot}%{_unitdir}/ec2-instance-connect.service
install -D -m 644 src/ec2-instance-connect.preset %{buildroot}%{_presetdir}/95-ec2-instance-connect.preset

sed -i 's/\/opt\/aws/\/usr/g' %{buildroot}%{_unitdir}/ec2-instance-connect.service

mkdir -p %{buildroot}/usr/lib/systemd/hostkey.d
echo 'ec2-instance-connect.service' > %{buildroot}/usr/lib/systemd/hostkey.d/60-ec2-instance-connect.list

mkdir -p %{buildroot}%{_sbindir}
for srv_name in %{buildroot}%{_unitdir}/*.service; do rc_name=$(basename -s '.service' $srv_name); ln -s service %{buildroot}%{_sbindir}/rc$rc_name; done

%pre
%service_add_pre ec2-instance-connect.service
if ! [ -e /.buildenv ] ; then
   getent passwd ec2-instance-connect || useradd -r -M -s /sbin/nologin ec2-instance-connect
   usermod -L ec2-instance-connect
fi

%post
%service_add_post ec2-instance-connect.service
if ! [ -e /.buildenv ] ; then
   systemctl start ec2-instance-connect.service
fi

modified=1

# Configure sshd to use EC2 Instance Connect's AuthorizedKeysCommand
EXEC_OVERRIDE='ExecStart=%{_sbindir}/sshd -D -o "AuthorizedKeysCommand %{_bindir}/eic_run_authorized_keys %%%u %%%f" -o "AuthorizedKeysCommandUser ec2-instance-connect"'
# If there is nothing in the AuthorizedKeysCommand field of sshd_config *and* nothing in any sshd override, add our config
if ! [ -e /.buildenv ] && ! /bin/grep -q '^[^#]*AuthorizedKeysCommand[[:blank:]]\+.*$' %{_sysconfdir}/ssh/sshd_config ; then
    if ! /bin/grep -q '^[^#]*AuthorizedKeysCommandUser[[:blank:]]\+.*$' %{_sysconfdir}/ssh/sshd_config ; then
        if ! /bin/grep -q '^[^#]*AuthorizedKeysCommandRunAs[[:blank:]]\+.*$' %{_sysconfdir}/ssh/sshd_config ; then
            # If systemd unit contains AKC don't override it
            if ! /bin/grep -q "AuthorizedKeysCommand" %{_unitdir}/sshd.service ; then
                can_modify=1
                if [ -d %{_unitdir}/sshd.service.d ] ; then
                    # If *any* override contains an ExecStart, don't override it
                    if ! /bin/grep -Rq "ExecStart" %{_unitdir}/sshd.service.d/ ; then
                        can_modify=0
                    fi
                else
                    # Or there are no overrides
                    mkdir %{_unitdir}/sshd.service.d
                    can_modify=0
                fi
                if [ $can_modify -eq 0 ] ; then
                    # Add our configuration
                    echo -e "[Service]\nExecStart=\n${EXEC_OVERRIDE}" > %{_unitdir}/sshd.service.d/ec2-instance-connect.conf
                    modified=0
                fi
            fi
        fi
    fi
fi

if ! [ -e /.buildenv ] && [ $modified -eq 0 ] ; then
    # Restart sshd
    systemctl daemon-reload
    if systemctl is-active --quiet sshd ; then
	systemctl restart sshd
    fi
fi

%preun
%service_del_preun ec2-instance-connect.service

if ! [ -e /.buildenv ] && [ $1 -eq 0 ] ; then
    modified=1

    # Remove EC2 Instance Connect sshd override if present
    if [ -f %{_unitdir}/sshd.service.d/ec2-instance-connect.conf ] ; then
        rm -f %{_unitdir}/sshd.service.d/ec2-instance-connect.conf
        if [ -z "$(ls -A %{_unitdir}/sshd.service.d)" ] ; then
            # There were no other overrides, clean up
	    rmdir %{_unitdir}/sshd.service.d
        fi
        modified=0
    fi

    # Restart sshd
    if [ $modified -eq 0 ] ; then
	systemctl daemon-reload
        if systemctl is-active --quiet sshd ; then
	    systemctl restart sshd
        fi
    fi
fi

%postun
%service_del_postun ec2-instance-connect.service

if ! [ -e /.buildenv ] && [ $1 -eq 0 ] ; then
    userdel ec2-instance-connect
fi

%files
%{_bindir}/eic_run_authorized_keys
%{_bindir}/eic_curl_authorized_keys
%{_bindir}/eic_parse_authorized_keys
%{_bindir}/eic_harvest_hostkeys
%{_sbindir}/*
%{_unitdir}/ec2-instance-connect.service
%dir /usr/lib/systemd/hostkey.d
/usr/lib/systemd/hostkey.d/60-ec2-instance-connect.list
%{_presetdir}/95-ec2-instance-connect.preset

%changelog
openSUSE Build Service is sponsored by
Places