From 0779f528f53797f9185729bf27dd94555a46717e Mon Sep 17 00:00:00 2001 From: Vadim Bendebury Date: Sun, 12 Jun 2011 12:09:16 -0700 Subject: [PATCH] Prevent copying of offending lines when creating .ssh/config Some ssh configuration options are not accepted by the ssh version running inside chroot. Those options need to be filtered out when the configuration is copied while executing enter_chroot.sh. A new function is being added to do that. The list of substrings to be filtered out is defined as an array and can be extended as required. BUG=chromium-os:16441 TEST=manual: scripts 78 $ egrep '(UseProxyIf=|GSSAPIAuthentication no)' ~/.ssh/config UseProxyIf=false scripts 79 $ ./enter_chroot.sh (Grepo1) vbendeb@eskimo ~/trunk/src/scripts $ egrep '(UseProxyIf=|GSSAPIAuthentication no)' ~/.ssh/config (Grepo1) vbendeb@eskimo ~/trunk/src/scripts $ Change-Id: Ic52ef1ba7d015d76558efc39e178156f3d81bf78 Signed-off-by: Vadim Bendebury Reviewed-on: http://gerrit.chromium.org/gerrit/2515 Reviewed-by: Chris Sosa --- enter_chroot.sh | 34 +++++++++++++++++++++++++++++++++- 1 file changed, 33 insertions(+), 1 deletion(-) diff --git a/enter_chroot.sh b/enter_chroot.sh index 6515015f75..6e167b5e75 100755 --- a/enter_chroot.sh +++ b/enter_chroot.sh @@ -179,6 +179,38 @@ function env_sync_proc { done } +function copy_ssh_config { + # Copy user .ssh/config into the chroot filtering out strings not supported + # by the chroot ssh. The chroot .ssh directory is passed in as the first + # parameter. + + # ssh options to filter out. The entire strings containing these substrings + # will be deleted before copying. + local bad_options=( + 'UseProxyIf=' + 'GSSAPIAuthentication no' + ) + local sshc="${HOME}/.ssh/config" + local chroot_ssh_dir="${1}" + local filter + local option + + if [ ! -f "${sshc}" ]; then + return # Nothing to copy. + fi + + for option in "${bad_options[@]}" + do + if [ -z "${filter}" ]; then + filter="${option}" + else + filter+="\\|${option}" + fi + done + + sed "/^.*\(${filter}\).*$/d" "${sshc}" > "${chroot_ssh_dir}/config" +} + function setup_env { # Validate sudo timestamp before entering the critical section so that we # don't stall for a password while we have the lockfile. @@ -210,7 +242,7 @@ function setup_env { if [ -n "${SSH_AUTH_SOCK}" -a -d "${HOME}/.ssh" ]; then mkdir -p "${TARGET_DIR}" cp -r "${HOME}/.ssh/known_hosts" "${TARGET_DIR}" - cp -r "${HOME}/.ssh/config" "${TARGET_DIR}" + copy_ssh_config "${TARGET_DIR}" ASOCK="$(dirname "${SSH_AUTH_SOCK}")" ensure_mounted "${ASOCK}" "--bind" "${ASOCK}" fi