#!/bin/sh # BEGIN USAGE # $0 -- make some server side tasks easier # Usage: # $0 [sub-command [args]] # Security notes: this program does not do any sanitisation of input. You're # running it at the CLI on the server, so you already have the power to do # whatever you want anyway. # current sub-commands: # (1) REPLACE THE OLD $SHELL_USERS MECHANISM # $0 shell-add foo.pub # adds the pubkey in foo.pub into the authkeys file with "-s" argument (shell # access) and user "foo". The line will be added *before* the "# gitolite # start" section, so that a gitolite-admin push will not affect it. # Although there is no "shell-remove" sub-command, you can do that quite # easily by editing ~/.ssh/authorized_keys and deleting the appropriate line. # END USAGE die() { echo "$@"; exit 1; } if [ -z "$1" ] then perl -ne 's/\$0/$ARGV/ge; print if /BEGIN USAGE/../END USAGE/' $0 | grep -v USAGE | cut -c3- exit 1 fi if [ "$1" = "shell-add" ] then # sanity checks [ -z "$2" ] && exec $0 [ -f "$2" ] || die "$2 does not exist" wc -l < $2 | grep '^1$' >/dev/null || die "$2 contains more than one line" # must be kept consistent with what's in src/gl-compile-conf; on the plus # side, it's not likely to change anytime soon! AUTH_OPTIONS="no-port-forwarding,no-X11-forwarding,no-agent-forwarding" bindir=`echo $0 | perl -lpe 's/^/$ENV{PWD}\// unless /^\//; s/\/[^\/]+$//;'` pubkey_file=$2 user=`basename $pubkey_file .pub` authline="command=\"$bindir/gl-auth-command -s $user\",$AUTH_OPTIONS `cat $pubkey_file`"; authkeys=$HOME/.ssh/authorized_keys for i in 1 do perl -lne "last if /# gitolite start/; print unless /gl-auth-command -s $user/; " $authkeys echo $authline perl -lne "print if /# gitolite start/ .. 0; " $authkeys done > $authkeys.new diff -u $authkeys $authkeys.new && die no change to authkey file echo echo If the above diff looks ok, press enter. Else press Ctrl-C. read dummy cat $authkeys > $authkeys.old cat $authkeys.new > $authkeys exit 0 fi die "could not understand command $1"