blob: a7d51336448488d762cac31c3b645af252c205b1 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
#!/bin/bash
# split multi-key files into separate keys like ssh-authkeys likes
# WHY
# ---
#
# Yeah I wonder that too, when it's so much more maintainable to keep the damn
# keys as sitaram@home.pub and sitaram@work.pub or such. But there's no
# accounting for tastes, and some old fogies apparently want to put all of a
# user's keys into a single ".pub" file.
# WARNINGS AND CAVEATS
# --------------------
#
# - assumes no "@" sign in basenames of any multi-key files (single line file
# may still have them)
# - assumes you don't have a subdir in keydir called "__split_keys__"
# SUPPORT
# -------
#
# NONE.
# USAGE
# -----
#
# to enable, uncomment the 'ssh-authkeys-split' line in the ENABLE list in the
# rc file.
echo "ERROR: ssh-authkeys-split is not support by gitolite-gentoo" 1>&2
echo "ERROR: because metadata might be lost. You should split the keys manually!" 1>&2
exit 1
cd $GL_ADMIN_BASE/keydir
rm -rf __split_keys__
mkdir __split_keys__
export SKD=$PWD/__split_keys__
# if we're coming from a gitolite-admin push, delete all *.multi, and rename
# all multi-line *.pub to *.multi
if [ "$GL_REPO" = "gitolite-admin" ] || [ "$GL_BYPASS_ACCESS_CHECKS" = "1" ]
then
find . -type f -name "*.multi" | while read k
do
rm -f "$k"
done
find . -type f -name "*.pub" | while read k
do
# is this a multi-key?
lines=`wc -l < $k`
case $lines in
(0|1) continue
esac
base=`basename $k .pub`
mv $k $base.multi
done
fi
# now process *.multi
find . -type f -name "*.multi" | while read k
do
# do we need to split?
lines=`wc -l < $k`
case $lines in
(0|1) continue
esac
base=`basename $k .multi`
# sanity check
echo $base | grep '@' >/dev/null && continue
# ok do it
seq=0
while read line
do
(( seq++ ))
[ -z "$line" ] && continue
f=$SKD/$base@$seq.pub
echo "$line" > $f
# similar sanity check as main ssh-authkeys script
if ! ssh-keygen -l -f $f >/dev/null
then
echo 1>&2 "ssh-authkeys-split: bad line $seq in keydir/$k"
rm -f $f
fi
done < $k
done
|