111 lines
3.7 KiB
Bash
Executable file
111 lines
3.7 KiB
Bash
Executable file
#!/bin/bash
|
|
|
|
# WARNING 1: probably contains bashisms galore. If you don't have bash,
|
|
# please install it.
|
|
|
|
# NOTE 1: this script is initially run as root, then it calls itself with an
|
|
# "su" so it can run as the hosting user.
|
|
|
|
# NOTE 2: if you'd rather do this manually, just do the first part as root,
|
|
# and the second part as the hosting user, with only the name of the user
|
|
# (alice) and her pub key (~alice/.ssh/id_rsa.pub) needing to be passed from
|
|
# root to the hosting user id.
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
# site-local changes
|
|
|
|
# the gitolite hosting user you want to forward git commands to. Typically
|
|
# this will be 'git' or perhaps 'gitolite', but actually could be anything
|
|
hosting_user="gitolite-test"
|
|
|
|
# absolute path of the gitolite-admin repo
|
|
admin_repo="/home/gitolite-test/repositories/gitolite-admin.git"
|
|
|
|
# the full path to the new login shell to replace these users' existing shell
|
|
new_shell="/usr/local/bin/gl-shell"
|
|
|
|
my_chsh() {
|
|
# please replace with appropriate command for your OS/distro. This one is
|
|
# suitable at least for Fedora, maybe others also
|
|
chsh -s $new_shell $1
|
|
}
|
|
|
|
# remove these 2 lines after you have done your customisation
|
|
[ -f /tmp/done.gl-shell-setup ] || { echo please customise $0 before using; exit 1; }
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
die() { echo "FATAL: $@" >&2; exit 1; }
|
|
|
|
# ------------------------------------------------------------------------------
|
|
|
|
euid=$(perl -e 'print $>')
|
|
if [ "$euid" = "0" ]
|
|
then
|
|
|
|
# --------------------------------------------------------------------------
|
|
# stuff to be done as root
|
|
# --------------------------------------------------------------------------
|
|
|
|
[ -n "$1" ] || die "need a valid username"
|
|
user=$1
|
|
id $user >/dev/null || die "need a valid username"
|
|
|
|
# now fix up the user's login shell
|
|
my_chsh $user
|
|
|
|
# drat... 'cd ~$user` doesn't work...
|
|
cd $(bash -c "echo ~$user") || die "can't cd to $user's home directory"
|
|
|
|
# now set up her rsa key, creating it if needed
|
|
[ -d .ssh ] || {
|
|
mkdir .ssh
|
|
chown $user .ssh
|
|
chmod go-w .ssh
|
|
}
|
|
[ -f .ssh/id_rsa.pub ] || {
|
|
ssh-keygen -q -N "" -f .ssh/id_rsa
|
|
chown $user .ssh/id_rsa .ssh/id_rsa.pub
|
|
chmod go-rw .ssh/id_rsa
|
|
chmod go-w .ssh/id_rsa.pub
|
|
}
|
|
|
|
# now run yourself as the hosting user, piping in the pubkey to STDIN, and
|
|
# passing the username whose key it is as argument 1.
|
|
cat .ssh/id_rsa.pub | su -l -c "$0 $user" $hosting_user
|
|
|
|
# finally, as $user (alice) ssh to the hosting_user once so that the
|
|
# hostkey checking gets done and you get the correct hostkey in
|
|
# ~user/.ssh/known_hosts
|
|
su -c "ssh -o StrictHostKeyChecking=no $hosting_user@localhost info" - $user
|
|
|
|
exit 0
|
|
|
|
else
|
|
|
|
# --------------------------------------------------------------------------
|
|
# stuff to be done as the hosting user
|
|
# --------------------------------------------------------------------------
|
|
|
|
user=$1
|
|
|
|
# make a temp dir and switch to it
|
|
export tmp=$(mktemp -d)
|
|
cd $tmp || die "could not cd to temp dir $tmp"
|
|
trap "rm -rf $tmp" 0
|
|
|
|
# clone the admin repo here
|
|
git clone $admin_repo .
|
|
# copy alice's pubkey, which was sent in via STDIN. We don't want to
|
|
# overwrite any *other* keys she may have, hence the @localhost part.
|
|
# (See "one user, many keys" in doc/3 for more on this @ part).
|
|
cat > keydir/$user@localhost.pub
|
|
# add commit push...
|
|
git add keydir/$user@localhost.pub
|
|
git diff --cached --quiet 2>/dev/null || git commit -am "$0: added/updated local key for $user"
|
|
gl-admin-push
|
|
# see doc for what/why this is
|
|
|
|
fi
|