Last active
December 20, 2015 14:29
-
-
Save arcaartem/6146792 to your computer and use it in GitHub Desktop.
Script to install Yubikey-KSM on Raspberry Pi "Wheezy"
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/usr/bin/env bash | |
| # Install dependencies | |
| sudo apt-get install git make help2man apache2 php5 php5-mcrypt postgresql php5-pgsql libdbd-pg-perl | |
| read -p "Press [Enter] to continue..." | |
| # Get the latest source code from GitHub | |
| git clone https://github.com/Yubico/yubikey-ksm.git | |
| cd yubikey-ksm | |
| # TODO: Raise a pull request | |
| sed -i -e 's/url.*/url = https\:\/\/github.com\/Yubico\/yubikey-ksm.wiki.git/' .gitmodules | |
| git submodule update --init | |
| sudo make install | |
| read -p "Press [Enter] to continue..." | |
| # Initialize database | |
| sudo -u postgres createdb ykksm | |
| sudo -u postgres psql ykksm < /usr/share/doc/yubikey-ksm/ykksm-db.sql | |
| # Create user for decrypt interface | |
| sudo -u postgres psql ykksm -q -c "CREATE USER ykksmreader PASSWORD 'ykksmreaderpass##';" | |
| sudo -u postgres psql ykksm -q -c "GRANT SELECT ON yubikeys TO ykksmreader;" | |
| sudo -u postgres psql ykksm -q -c "CREATE USER ykksmimporter PASSWORD 'ykksmimporterpass##';" | |
| sudo -u postgres psql ykksm -q -c "GRANT INSERT ON yubikeys TO ykksmimporter;" | |
| read -p "Press [Enter] to continue..." | |
| # Include path configuration | |
| sudo sh -c 'cat > /etc/php5/conf.d/ykksm.ini' <<"EOL" | |
| include_path = "/etc/yubico/ksm:/usr/share/yubikey-ksm" | |
| EOL | |
| sudo sh -c 'cat > /etc/yubico/ksm/config-db.php' << "EOL" | |
| <?php | |
| $dbuser='ykksmreader'; | |
| $dbpass='ykksmreaderpass##'; | |
| $dbname='ykksm'; | |
| $dbtype='pgsql'; | |
| ?> | |
| EOL | |
| read -p "Press [Enter] to continue..." | |
| sudo /etc/init.d/apache2 restart | |
| # Logging | |
| sudo sh -c 'cat > /etc/rsyslog.d/ykksm.conf' <<"EOL" | |
| local0.* -/var/log/ykksm.log | |
| EOL | |
| sudo /etc/init.d/rsyslog restart | |
| sudo sh -c 'cat > /etc/logrotate.d/ykksm' <<"EOL" | |
| /var/log/ykksm.log { | |
| weekly | |
| missingok | |
| rotate 9999 | |
| notifempty | |
| postrotate | |
| invoke-rc.d rsyslog reload > /dev/null | |
| endscript | |
| } | |
| EOL | |
| read -p "Press [Enter] to continue..." | |
| # Decrypt OTP Interface | |
| sudo make -f /usr/share/doc/yubikey-ksm/ykksm.mk symlink | |
| # Fix permissions | |
| sudo chown -R www-data:www-data /var/www | |
| sudo chown -R www-data:www-data /etc/yubikey | |
| sudo chown -R www-data:www-data /usr/share/yubikey-ksm/ | |
| sudo chmod 755 /var/www | |
| sudo chmod 755 /etc/yubikey | |
| sudo chmod 755 /usr/share/yubikey-ksm/ | |
| read -p "Press [Enter] to continue..." | |
| cd - | |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment