diff options
author | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2019-09-13 16:02:22 +0100 |
---|---|---|
committer | Ian Jackson <ijackson@chiark.greenend.org.uk> | 2019-09-13 16:46:27 +0100 |
commit | 31f38c5e66b193803c019c5ed394f8b26544d357 (patch) | |
tree | 5702c70b04d3fa5a5c49de836a91205d948a3cce | |
parent | c36ad3c2cb1c90bfda7ec2da3079be14ca10af6d (diff) |
infra: New script dgit-mirror-ssh-wrap
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
-rw-r--r-- | Makefile | 2 | ||||
-rwxr-xr-x | infra/dgit-mirror-ssh-wrap | 37 |
2 files changed, 38 insertions, 1 deletions
@@ -65,7 +65,7 @@ GDR_MAN5PAGES=git-debrebase.5 GDP_PROGRAMS=git-debpush GDP_MAN1PAGES=git-debpush.1 -INFRA_PROGRAMS=dgit-repos-server dgit-ssh-dispatch \ +INFRA_PROGRAMS=dgit-repos-server dgit-ssh-dispatch dgit-mirror-ssh-wrap \ dgit-repos-policy-debian dgit-repos-admin-debian \ dgit-repos-policy-trusting dgit-mirror-rsync INFRA_EXAMPLES=get-dm-txt ssh-wrap drs-cron-wrap get-suites diff --git a/infra/dgit-mirror-ssh-wrap b/infra/dgit-mirror-ssh-wrap new file mode 100755 index 0000000..4d0dcc9 --- /dev/null +++ b/infra/dgit-mirror-ssh-wrap @@ -0,0 +1,37 @@ +#!/usr/bin/perl -w + +# Intended to be used as a restricted command. +# Usage: +# command="/path/to/dgit-mirror-ssh-wrap /srv/repos/ .git --" +# or similar. The two substantive arguments are literals. +# The example permits writes to directories +# /srv/repos/$PACKAGE.git +# where $PACKAGE has the syntax of a Debian package name. + +use strict; + +die 'bad usage' unless @ARGV==3 && $ARGV[2] eq '--'; +our ($prefix, $suffix) = @ARGV; + +$prefix =~ s/\W/\\$&/g; +$suffix =~ s/\W/\\$&/g; + +my $package = qr{[0-9a-z][-+0-9a-z]*}; +my $d = qr{$prefix$package$suffix}; + +my $command = $ENV{SSH_ORIGINAL_COMMAND} + // die "missing SSH_ORIGINAL_COMMAND"; + +#print STDERR ">$d<\n"; + +$command =~ + +m{^rsync --server -lHtre\.iLsfxC --timeout=\d+ --delete --safe-links \. $d$} + +# To add a new command pattern, add || m{^ ... $} above. +# The pattern should contain $d where the per-package destination +# directory would go. + +or die "unexpected command $command\n"; + +exec $& or die $!; |