diff options
author | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-07-10 11:25:58 +0100 |
---|---|---|
committer | Paul Sokolovsky <paul.sokolovsky@linaro.org> | 2013-07-10 11:25:58 +0100 |
commit | 3184f1ef5bb4921d175f8bf1fe1906f7ab5df947 (patch) | |
tree | 6d7f86d515d0c2ed2b48c552de633a3e602441bf /utils | |
parent | d48b20edc9b6e8c0a15c25605bf96498af5a217b (diff) |
Improve idempotency, comments.
Diffstat (limited to 'utils')
-rwxr-xr-x | utils/new-publish/setup.sh | 28 |
1 files changed, 17 insertions, 11 deletions
diff --git a/utils/new-publish/setup.sh b/utils/new-publish/setup.sh index f3b6ed0..72fd1b5 100755 --- a/utils/new-publish/setup.sh +++ b/utils/new-publish/setup.sh @@ -52,7 +52,7 @@ function setup_accounts() { chown root.root $publish_home chmod 755 $publish_home - # Actual uploads will happen here + # Actual uploads will happen to this dir mkdir -p $publish_home/uploads # publish-copy should have write access there, publish-trigger # generally only read (cleanup can be handled by cronjob) @@ -88,29 +88,35 @@ Match User publish-copy function setup_ssh_keys() { echo "Moving current account's authorized_keys to /etc/ssh/user-authorized-keys/" mkdir -p /etc/ssh/user-authorized-keys/ - # Don't do this for symlink + # Move only real file, don't do this for symlink if [ -f $HOME/.ssh/authorized_keys ]; then cp $HOME/.ssh/authorized_keys /etc/ssh/user-authorized-keys/$SUDO_USER fi - # Unlike when reside in ~/.ssh/, here auth keys must be readable enough, + # Unlike when reside in ~/.ssh/, in /etc/ssh/... auth keys must be readable enough, # or won't be picked up by sshd => login lockout. chmod 644 /etc/ssh/user-authorized-keys/$SUDO_USER mkdir -p ~/snapshots-sync3 - ssh-keygen -t rsa -N "" -f ~/snapshots-sync3/publish-copy - ssh-keygen -t rsa -N "" -f ~/snapshots-sync3/publish-trigger + if [ ! -f ~/snapshots-sync3/publish-copy ]; then + ssh-keygen -t rsa -N "" -f ~/snapshots-sync3/publish-copy + fi + if [ ! -f ~/snapshots-sync3/publish-trigger ]; then + ssh-keygen -t rsa -N "" -f ~/snapshots-sync3/publish-trigger + fi echo -n 'command="/usr/lib/sftp-server",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ' \ >/etc/ssh/user-authorized-keys/publish-copy - cat ~/snapshots-sync3/publish-copy.pub >>/etc/ssh/user-authorized-keys/publish-copy + pubkey=$(cat ~/snapshots-sync3/publish-copy.pub) + add_if_absent /etc/ssh/user-authorized-keys/publish-copy "^$pubkey" "$pubkey" echo -n 'command="/home/ubuntu/new-publish/utils/new-publish/trigger ${SSH_ORIGINAL_COMMAND#* }",no-pty,no-port-forwarding,no-X11-forwarding,no-agent-forwarding ' \ >/etc/ssh/user-authorized-keys/publish-trigger - cat ~/snapshots-sync3/publish-trigger.pub >>/etc/ssh/user-authorized-keys/publish-trigger + pubkey=$(cat ~/snapshots-sync3/publish-trigger.pub) + add_if_absent /etc/ssh/user-authorized-keys/publish-trigger "^$pubkey" "$pubkey" } -#setup_accounts -# Setup new ssh keys structure, or there's a chance of SSH lock-out -#setup_ssh_keys -#setup_sshd_config +setup_accounts +# Setup new ssh keys structure first, or there's a chance of SSH lock-out +setup_ssh_keys +setup_sshd_config |