diff options
Diffstat (limited to 'infra/dgit-mirror-ssh-wrap')
| -rwxr-xr-x | infra/dgit-mirror-ssh-wrap | 37 |
1 files changed, 37 insertions, 0 deletions
diff --git a/infra/dgit-mirror-ssh-wrap b/infra/dgit-mirror-ssh-wrap new file mode 100755 index 0000000..3feb6dc --- /dev/null +++ b/infra/dgit-mirror-ssh-wrap @@ -0,0 +1,37 @@ +#!/usr/bin/perl -w + +# Intended to be used as a restricted command. +# Usage: +# command="/path/to/dgit-mirror-ssh-wrap /srv/repos/ .git --" +# or similar. The two substantive arguments are literals. +# The example permits writes to directories +# /srv/repos/$PACKAGE.git +# where $PACKAGE has the syntax of a Debian package name. + +use strict; + +die 'bad usage' unless @ARGV==3 && $ARGV[2] eq '--'; +our ($prefix, $suffix) = @ARGV; + +$prefix =~ s/\W/\\$&/g; +$suffix =~ s/\W/\\$&/g; + +my $package = qr{[0-9a-z][-+.0-9a-z]*}; +my $d = qr{$prefix$package$suffix}; + +my $command = $ENV{SSH_ORIGINAL_COMMAND} + // die "missing SSH_ORIGINAL_COMMAND"; + +#print STDERR ">$d<\n"; + +$command =~ + +m{^rsync --server -lHtre\.iLsfxC --timeout=\d+ --delete --safe-links \. $d$} + +# To add a new command pattern, add || m{^ ... $} above. +# The pattern should contain $d where the per-package destination +# directory would go. + +or die "unexpected command $command\n"; + +exec $& or die $!; |