From 31f38c5e66b193803c019c5ed394f8b26544d357 Mon Sep 17 00:00:00 2001 From: Ian Jackson Date: Fri, 13 Sep 2019 16:02:22 +0100 Subject: [PATCH] infra: New script dgit-mirror-ssh-wrap Signed-off-by: Ian Jackson --- Makefile | 2 +- infra/dgit-mirror-ssh-wrap | 37 +++++++++++++++++++++++++++++++++++++ 2 files changed, 38 insertions(+), 1 deletion(-) create mode 100755 infra/dgit-mirror-ssh-wrap diff --git a/Makefile b/Makefile index c4f16735..87cff8b9 100644 --- a/Makefile +++ b/Makefile @@ -65,7 +65,7 @@ GDR_MAN5PAGES=git-debrebase.5 GDP_PROGRAMS=git-debpush GDP_MAN1PAGES=git-debpush.1 -INFRA_PROGRAMS=dgit-repos-server dgit-ssh-dispatch \ +INFRA_PROGRAMS=dgit-repos-server dgit-ssh-dispatch dgit-mirror-ssh-wrap \ dgit-repos-policy-debian dgit-repos-admin-debian \ dgit-repos-policy-trusting dgit-mirror-rsync INFRA_EXAMPLES=get-dm-txt ssh-wrap drs-cron-wrap get-suites diff --git a/infra/dgit-mirror-ssh-wrap b/infra/dgit-mirror-ssh-wrap new file mode 100755 index 00000000..4d0dcc9d --- /dev/null +++ b/infra/dgit-mirror-ssh-wrap @@ -0,0 +1,37 @@ +#!/usr/bin/perl -w + +# Intended to be used as a restricted command. +# Usage: +# command="/path/to/dgit-mirror-ssh-wrap /srv/repos/ .git --" +# or similar. The two substantive arguments are literals. +# The example permits writes to directories +# /srv/repos/$PACKAGE.git +# where $PACKAGE has the syntax of a Debian package name. + +use strict; + +die 'bad usage' unless @ARGV==3 && $ARGV[2] eq '--'; +our ($prefix, $suffix) = @ARGV; + +$prefix =~ s/\W/\\$&/g; +$suffix =~ s/\W/\\$&/g; + +my $package = qr{[0-9a-z][-+0-9a-z]*}; +my $d = qr{$prefix$package$suffix}; + +my $command = $ENV{SSH_ORIGINAL_COMMAND} + // die "missing SSH_ORIGINAL_COMMAND"; + +#print STDERR ">$d<\n"; + +$command =~ + +m{^rsync --server -lHtre\.iLsfxC --timeout=\d+ --delete --safe-links \. $d$} + +# To add a new command pattern, add || m{^ ... $} above. +# The pattern should contain $d where the per-package destination +# directory would go. + +or die "unexpected command $command\n"; + +exec $& or die $!; -- 2.30.2