--- /dev/null
+#!/bin/bash
+
+# Copyright (c) 2009, 2010, 2012 Peter Palfrader
+# Copyright (c) 2015 Aurelien Jarno
+#
+# Permission is hereby granted, free of charge, to any person obtaining
+# a copy of this software and associated documentation files (the
+# "Software"), to deal in the Software without restriction, including
+# without limitation the rights to use, copy, modify, merge, publish,
+# distribute, sublicense, and/or sell copies of the Software, and to
+# permit persons to whom the Software is furnished to do so, subject to
+# the following conditions:
+#
+# The above copyright notice and this permission notice shall be
+# included in all copies or substantial portions of the Software.
+#
+# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
+
+set -e
+set -u
+
+MYLOGNAME="`basename "$0"`[$$]"
+RSYNCDIR="/srv/upload.debian.org/UploadQueue/"
+
+usage() {
+ echo "local Usage: $0 <host>"
+ echo "via ssh orig command: rsync <stuff>"
+}
+
+one_more_arg() {
+ if [ "$#" -lt 1 ]; then
+ usage >&2
+ exit 1
+ fi
+}
+
+info() {
+ logger -p daemon.info -t "$MYLOGNAME" "$1"
+}
+
+croak() {
+ logger -s -p daemon.warn -t "$MYLOGNAME" "$1"
+ exit 1
+}
+
+do_rsync() {
+ local remote_host="$1"
+ shift
+
+ local allowed_rsyncs
+ allowed_rsyncs=()
+
+ if [ -d "$RSYNCDIR" ]; then
+ allowed_rsyncs+=("--server -vlogDtprxze.iLsf --partial . $RSYNCDIR") # wheezy
+ allowed_rsyncs+=("--server -vlogDtprxze.iLsfx --partial . $RSYNCDIR") # jessie
+ fi
+ for cmd_idx in ${!allowed_rsyncs[*]}; do
+ allowed="${allowed_rsyncs[$cmd_idx]}"
+ if [ "$*" = "$allowed" ]; then
+ info "Running for host $remote_host: rsync $*"
+ exec rsync "$@"
+ croak "Exec failed"
+ fi
+ done
+
+ info "NOT allowed for $remote_host: rsync $*"
+ echo >&2 "This rsync command ($@) not allowed."
+ exit 1
+}
+
+if [ "${1:-}" = "-h" ] || [ "${1:-}" = "--help" ]; then
+ usage
+ exit 0
+fi
+
+one_more_arg "$@"
+remote_host="$1"
+shift
+
+
+# check/parse remote command line
+if [ -z "${SSH_ORIGINAL_COMMAND:-}" ] ; then
+ croak "Did not find SSH_ORIGINAL_COMMAND"
+fi
+set "dummy" ${SSH_ORIGINAL_COMMAND}
+shift
+
+info "host $remote_host called with $*"
+
+one_more_arg "$@"
+action="$1"
+shift
+
+case "$action" in
+ # rsync command to upload packages
+ rsync)
+ do_rsync "$remote_host" "$@"
+ ;;
+ # just ignore any other commands (e.g. chmod)
+ *)
+ info "Ignored operation '$action'"
+ ;;
+esac
--- /dev/null
+##
+## THIS FILE IS UNDER PUPPET CONTROL. DON'T EDIT IT HERE.
+##
+
+<%=
+def getbuilddkey(host)
+ key = nil
+ begin
+ facts = YAML.load(File.open("/var/lib/puppet/yaml/facts/#{host}.yaml").read)
+ return facts.values['buildd_key']
+ rescue Exception => e
+ end
+ return key
+end
+
+allnodeinfo = scope.lookupvar('site::allnodeinfo')
+buildds = []
+
+allnodeinfo.keys.sort.each do |node|
+ next unless scope.lookupvar('site::allnodeinfo')[node]['purpose']
+ next unless scope.lookupvar('site::allnodeinfo')[node]['purpose'].include?('buildd')
+ key = getbuilddkey(node)
+ buildds << { 'node' => node, 'addr' => allnodeinfo[node]['ipHostNumber'], 'key' => key}
+end
+
+lines = []
+for m in buildds do
+ lines << '# ' + m['node']
+ if m['key'].nil?
+ lines << "## no key for node"
+ else
+ lines << "command=\"/home/buildd-uploader/rsync-ssh-wrap #{m['node'].split('.')[0]}\"," +
+ 'no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-user-rc,' +
+ 'from="' + m['addr'].join(',') + '" ' +
+ m['key']
+ end
+end
+
+lines.join("\n")
+# vim:set et:
+# vim:set sts=4 ts=4:
+# vim:set shiftwidth=4:
+%>
projects / mirror / dsa-puppet.git / commitdiff