Send patches - preferably formatted by git format-patch - to patches at archlinux32 dot org.
summaryrefslogtreecommitdiff
path: root/bin/sanity-check
diff options
context:
space:
mode:
authorErich Eckner <git@eckner.net>2019-06-19 10:11:48 +0200
committerErich Eckner <git@eckner.net>2019-06-19 10:11:48 +0200
commitaac0cb5e62ce2c50f060f41406493f45b57146e3 (patch)
tree560e6eb31353f73b49e5661ed199d90f5bb80a24 /bin/sanity-check
parent1e5a9f812fd8576d5791ed45a2a05bb9a01e78e2 (diff)
bin/sanity-check: check consistency of ~/.ssh/authorized_keys with database
Diffstat (limited to 'bin/sanity-check')
-rwxr-xr-xbin/sanity-check52
1 files changed, 51 insertions, 1 deletions
diff --git a/bin/sanity-check b/bin/sanity-check
index e93a157..4da985b 100755
--- a/bin/sanity-check
+++ b/bin/sanity-check
@@ -128,7 +128,7 @@ touch "${tmp_dir}/messages"
trap 'finish' EXIT
if [ $# -eq 0 ]; then
- set -- git-repositories build-list mysql master-mirror-availability repos package-database track-state
+ set -- git-repositories build-list mysql ssh-keys master-mirror-availability repos package-database track-state
fi
while [ $# -gt 0 ]; do
@@ -568,6 +568,56 @@ while [ $# -gt 0 ]; do
;;
+ ssh-keys)
+
+ [ ${silence} -gt 0 ] || \
+ printf 'checking ssh-keys ...' | \
+ tee -a "${tmp_dir}/messages" >&2
+
+ # shellcheck disable=SC2016
+ {
+ printf 'SELECT'
+ printf ' CONCAT('
+ printf '"command=\"/home/master/builder/bin/slave-build-connect ",'
+ printf '`build_slaves`.`name`,'
+ printf '"\" ssh-rsa ",'
+ printf '`ssh_keys`.`fingerprint`'
+ printf ')'
+ printf ' FROM'
+ printf ' `build_slaves`'
+ mysql_join_build_slaves_ssh_keys
+ } | \
+ mysql_run_query | \
+ sort > \
+ "${tmp_dir}/ssh-keys.mysql"
+ sed -n '
+ /^command/ {
+ s/^\(\(\S\+\s\+\)\{4\}\)\S.*$/\1/
+ s/\s\+$//
+ p
+ }
+ ' ~/".ssh/authorized_keys" | \
+ sort > \
+ "${tmp_dir}/ssh-keys.authorized_keys"
+
+ errors=$(
+ diff "${tmp_dir}/ssh-keys.mysql" "${tmp_dir}/ssh-keys.authorized_keys"
+ )
+ if [ -n "${errors}" ]; then
+ if [ ${silence} -le 1 ]; then
+ printf '\nThe ssh keys in the database and the file system differ:\n%s\n' \
+ "${errors}"
+ fi | \
+ tee -a "${tmp_dir}/messages" >&2
+ i_am_insane
+ fi
+
+ [ ${silence} -gt 0 ] || \
+ echo ' passed.' | \
+ tee -a "${tmp_dir}/messages" >&2
+
+ ;;
+
*)
[ ${silence} -gt 1 ] || \