From: Ian Jackson Date: Fri, 13 Sep 2019 15:02:22 +0000 (+0100) Subject: infra: New script dgit-mirror-ssh-wrap X-Git-Tag: archive/debian/9.9~10 X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=dgit.git;a=commitdiff_plain;h=31f38c5e66b193803c019c5ed394f8b26544d357;ds=sidebyside infra: New script dgit-mirror-ssh-wrap Signed-off-by: Ian Jackson --- diff --git a/Makefile b/Makefile index c4f16735..87cff8b9 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ GDR_MAN5PAGES=git-debrebase.5 GDP_PROGRAMS=git-debpush GDP_MAN1PAGES=git-debpush.1 -INFRA_PROGRAMS=dgit-repos-server dgit-ssh-dispatch \ +INFRA_PROGRAMS=dgit-repos-server dgit-ssh-dispatch dgit-mirror-ssh-wrap \ dgit-repos-policy-debian dgit-repos-admin-debian \ dgit-repos-policy-trusting dgit-mirror-rsync INFRA_EXAMPLES=get-dm-txt ssh-wrap drs-cron-wrap get-suites diff --git a/infra/dgit-mirror-ssh-wrap b/infra/dgit-mirror-ssh-wrap new file mode 100755 index 00000000..4d0dcc9d --- /dev/null +++ b/infra/dgit-mirror-ssh-wrap @@ -0,0 +1,37 @@ +#!/usr/bin/perl -w + +# Intended to be used as a restricted command. +# Usage: +# command="/path/to/dgit-mirror-ssh-wrap /srv/repos/ .git --" +# or similar. The two substantive arguments are literals. +# The example permits writes to directories +# /srv/repos/$PACKAGE.git +# where $PACKAGE has the syntax of a Debian package name. + +use strict; + +die 'bad usage' unless @ARGV==3 && $ARGV[2] eq '--'; +our ($prefix, $suffix) = @ARGV; + +$prefix =~ s/\W/\\$&/g; +$suffix =~ s/\W/\\$&/g; + +my $package = qr{[0-9a-z][-+0-9a-z]*}; +my $d = qr{$prefix$package$suffix}; + +my $command = $ENV{SSH_ORIGINAL_COMMAND} + // die "missing SSH_ORIGINAL_COMMAND"; + +#print STDERR ">$d<\n"; + +$command =~ + +m{^rsync --server -lHtre\.iLsfxC --timeout=\d+ --delete --safe-links \. $d$} + +# To add a new command pattern, add || m{^ ... $} above. +# The pattern should contain $d where the per-package destination +# directory would go. + +or die "unexpected command $command\n"; + +exec $& or die $!;