mirrors/flatcar-scripts
1
0
Fork 0
mirror of https://github.com/flatcar/scripts.git synced 2025-09-21 13:41:20 +02:00
Code Issues Packages Projects Releases Wiki Activity

fix(sdk_lib): Clean up ssh file copying

Browse Source 
- Don't copy known_hosts if it doesn't exist.
- Don't bother with copying *.pub, not sure what that was for.
- Don't rewrite .ssh/config to remove internal Google ssh options.
This commit is contained in:
Michael Marineau 2014-05-27 17:32:58 -07:00
parent 796be0a520
commit f2f74b3423
1 changed files with 3 additions and 49 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

52
sdk_lib/enter_chroot.sh
View File

@ -85,6 +85,8 @@ FILES_TO_COPY_TO_CHROOT=(
.netrc # May contain required source fetching credentials .netrc # May contain required source fetching credentials
.boto # Auth information for gsutil .boto # Auth information for gsutil
.boto-key.p12 # Service account key for gsutil .boto-key.p12 # Service account key for gsutil
.ssh/config # User may need this for fetching git over ssh
.ssh/known_hosts # Reuse existing known hosts
) )
INNER_CHROME_ROOT=$FLAGS_chrome_root_mount # inside chroot INNER_CHROME_ROOT=$FLAGS_chrome_root_mount # inside chroot
@ -128,41 +130,6 @@ setup_mount() {
esac esac
} }
copy_ssh_config() {
# Copy user .ssh/config into the chroot filtering out strings not supported
# by the chroot ssh. The chroot .ssh directory is passed in as the first
# parameter.
# ssh options to filter out. The entire strings containing these substrings
# will be deleted before copying.
local bad_options=(
'UseProxyIf'
'GSSAPIAuthentication'
'GSSAPIKeyExchange'
'ProxyUseFdpass'
)
local sshc="${SUDO_HOME}/.ssh/config"
local chroot_ssh_dir="${1}"
local filter
local option
if ! user_cp "${sshc}" "${chroot_ssh_dir}/config.orig" 2>/dev/null; then
return # Nothing to copy.
fi
for option in "${bad_options[@]}"
do
if [ -z "${filter}" ]; then
filter="${option}"
else
filter+="\\|${option}"
fi
done
sed "/^.*\(${filter}\).*$/d" "${chroot_ssh_dir}/config.orig" | \
user_clobber "${chroot_ssh_dir}/config"
}
copy_into_chroot_if_exists() { copy_into_chroot_if_exists() {
# $1 is file path outside of chroot to copy to path $2 inside chroot. # $1 is file path outside of chroot to copy to path $2 inside chroot.
[ -e "$1" ] && cp -p "$1" "${FLAGS_chroot}/$2" [ -e "$1" ] && cp -p "$1" "${FLAGS_chroot}/$2"
@ -334,25 +301,12 @@ setup_env() {
chmod 0644 "${p}" chmod 0644 "${p}"
fi fi
user_mkdir "${FLAGS_chroot}/home/${SUDO_USER}/.ssh"
if [ $FLAGS_ssh_agent -eq $FLAGS_TRUE ]; then if [ $FLAGS_ssh_agent -eq $FLAGS_TRUE ]; then
# Clean up previous ssh agents. # Clean up previous ssh agents.
rmdir "${FLAGS_chroot}"/tmp/ssh-* 2>/dev/null rmdir "${FLAGS_chroot}"/tmp/ssh-* 2>/dev/null
if [ -n "${SSH_AUTH_SOCK}" -a -d "${SUDO_HOME}/.ssh" ]; then if [ -n "${SSH_AUTH_SOCK}" -a -d "${SUDO_HOME}/.ssh" ]; then
TARGET_DIR="${FLAGS_chroot}/home/${SUDO_USER}/.ssh"
user_mkdir "${TARGET_DIR}"
(
# Only copy ~/.ssh/{known_hosts,*.pub} if they exist. Since we set
# nullglob, this needs to happen within a subshell.
shopt -s nullglob
files=("${SUDO_HOME}"/.ssh/{known_hosts,*.pub})
if [[ ${#files[@]} -gt 0 ]]; then
user_cp "${files[@]}" "${TARGET_DIR}/"
fi
)
copy_ssh_config "${TARGET_DIR}"
chown -R ${SUDO_UID}:${SUDO_GID} "${TARGET_DIR}"
# Don't try to bind mount the ssh agent dir if it has gone stale. # Don't try to bind mount the ssh agent dir if it has gone stale.
ASOCK=${SSH_AUTH_SOCK%/*} ASOCK=${SSH_AUTH_SOCK%/*}
if [ -d "${ASOCK}" ]; then if [ -d "${ASOCK}" ]; then