blob: 03f3e94719edac209d0cdd2bb137b1ba0eacd151 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
|
#!/usr/bin/env zsh
# example ssh force command. Use this for ssh keys which you only want to use
# for caretaker.
# Example .ssh/authorized_keys line:
# no-pty,no-port-forwarding,command=".../caretaker-ssh-command" ssh-rsa ...
#
# This _should_ restrict all ssh operations to the git/pkglist commands
# required by caretaker. However, be warned that I am no security expert, so
# there might be flaws in here. Use at own risk.
# Change this to your package root
PKG_ROOT='/home/derf/var/packages_root'
# Change this to the location of your pkglist script (if non-default)
PKG_LIST=${PKG_ROOT}/pkglist
args=(${(z)SSH_ORIGINAL_COMMAND})
if [[ \
( \
${args[1]} == ${PKG_LIST} && \
${args[2]} == ${PKG_ROOT} \
) || ( \
${args[1]} == 'git-'(upload|receive)'-pack' && \
${args[2]} != *'../'* && \
${args[2]} == \'${PKG_ROOT}/*\' \
) ]] \
{
args[2]=${args[2]//\'}
${args}
}
|