3 # This is a wrapper script for ssh access on Debian's static mirroring infrastructure.
5 # It limits the commands the master can run on static-mirroring mirrors (i.e.
6 # the things running apache) on one hand, and also on static-mirroring sources,
7 # that is the things that create the data.
9 # Copyright (c) 2009, 2010, 2012 Peter Palfrader
11 # Permission is hereby granted, free of charge, to any person obtaining
12 # a copy of this software and associated documentation files (the
13 # "Software"), to deal in the Software without restriction, including
14 # without limitation the rights to use, copy, modify, merge, publish,
15 # distribute, sublicense, and/or sell copies of the Software, and to
16 # permit persons to whom the Software is furnished to do so, subject to
17 # the following conditions:
19 # The above copyright notice and this permission notice shall be
20 # included in all copies or substantial portions of the Software.
22 # THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
23 # EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
24 # MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
25 # NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
26 # LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
27 # OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
28 # WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
33 MYLOGNAME="`basename "$0"`[$$]"
34 COMPONENTLIST=/etc/static-components.conf
37 echo "local Usage: $0 <basedir> <host>"
38 echo "via ssh orig command:"
39 echo " mirror <serial>"
43 if [ "$#" -lt 1 ]; then
50 logger -p daemon.info -t "$MYLOGNAME" "$1"
54 logger -s -p daemon.warn -t "$MYLOGNAME" "$1"
59 local basedir="$1"; shift
60 local remote_host="$1"; shift
62 local serial="$1"; shift
64 info "Host $remote_host triggered a mirror run for serial $serial"
65 exec /usr/local/bin/static-mirror-run "$basedir" "$remote_host:-new-" "$serial"
66 echo >&2 "Exec failed"
71 local remote_host="$1"
77 if [ -e "$COMPONENTLIST" ]; then
78 for path in $(awk -v host="$(hostname -f)" '$2 == host {print $3}' $COMPONENTLIST); do
79 allowed_rsyncs+=("--server --sender -lHtrze.iLsf --safe-links . $path/.")
82 for cmd_idx in ${!allowed_rsyncs[*]}; do
83 allowed="${allowed_rsyncs[$cmd_idx]}"
84 if [ "$*" = "$allowed" ]; then
85 info "Running for host $remote_host: rsync $*"
87 echo >&2 "Exec failed"
92 info "NOT allowed for $remote_host: rsync $*"
93 echo >&2 "This rsync command ($*) not allowed."
98 if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
112 # check/parse remote command line
113 if [ -z "${SSH_ORIGINAL_COMMAND:-}" ] ; then
114 croak "Did not find SSH_ORIGINAL_COMMAND"
116 set "dummy" ${SSH_ORIGINAL_COMMAND}
125 do_mirror "$basedir" "$remote_host" "$@"
128 do_rsync "$remote_host" "$@"
131 croak "Invalid operation '$action'"