diff options
| author | Daniel Friesel <derf@derf.homelinux.org> | 2010-04-30 12:21:03 +0200 |
|---|---|---|
| committer | Daniel Friesel <derf@derf.homelinux.org> | 2010-04-30 12:21:30 +0200 |
| commit | eb254a1deca26d8a409300776f0a46549ebf74b8 (patch) | |
| tree | 86c46dcaa9b32f555f904bdd30496a2428ee94ee /examples/caretaker-ssh-command | |
| parent | 31a2c5211a573c7849c57449c303847c05d54ed3 (diff) | |
examples/caretaker-ssh-command: Add a short description
Diffstat (limited to 'examples/caretaker-ssh-command')
| -rwxr-xr-x | examples/caretaker-ssh-command | 22 |
1 files changed, 15 insertions, 7 deletions
diff --git a/examples/caretaker-ssh-command b/examples/caretaker-ssh-command index ce59a90..03f3e94 100755 --- a/examples/caretaker-ssh-command +++ b/examples/caretaker-ssh-command @@ -1,4 +1,12 @@ #!/usr/bin/env zsh +# example ssh force command. Use this for ssh keys which you only want to use +# for caretaker. +# Example .ssh/authorized_keys line: +# no-pty,no-port-forwarding,command=".../caretaker-ssh-command" ssh-rsa ... +# +# This _should_ restrict all ssh operations to the git/pkglist commands +# required by caretaker. However, be warned that I am no security expert, so +# there might be flaws in here. Use at own risk. # Change this to your package root PKG_ROOT='/home/derf/var/packages_root' @@ -10,14 +18,14 @@ args=(${(z)SSH_ORIGINAL_COMMAND}) if [[ \ ( \ - $args[1] == ${PKG_LIST} && \ - $args[2] == ${PKG_ROOT} \ + ${args[1]} == ${PKG_LIST} && \ + ${args[2]} == ${PKG_ROOT} \ ) || ( \ - $args[1] == 'git-'(upload|receive)'-pack' && \ - $args[2] != *'../'* && \ - $args[2] == \'${PKG_ROOT}/*\' \ - ) \ -]] { + ${args[1]} == 'git-'(upload|receive)'-pack' && \ + ${args[2]} != *'../'* && \ + ${args[2]} == \'${PKG_ROOT}/*\' \ + ) ]] \ +{ args[2]=${args[2]//\'} ${args} } |