summaryrefslogtreecommitdiff
path: root/examples/caretaker-ssh-command
blob: 03f3e94719edac209d0cdd2bb137b1ba0eacd151 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
#!/usr/bin/env zsh
# example ssh force command. Use this for ssh keys which you only want to use
# for caretaker.
# Example .ssh/authorized_keys line:
#    no-pty,no-port-forwarding,command=".../caretaker-ssh-command" ssh-rsa ...
#
# This _should_ restrict all ssh operations to the git/pkglist commands
# required by caretaker. However, be warned that I am no security expert, so
# there might be flaws in here. Use at own risk.

# Change this to your package root
PKG_ROOT='/home/derf/var/packages_root'

# Change this to the location of your pkglist script (if non-default)
PKG_LIST=${PKG_ROOT}/pkglist

args=(${(z)SSH_ORIGINAL_COMMAND})

if [[ \
	( \
		${args[1]} == ${PKG_LIST} && \
		${args[2]} == ${PKG_ROOT} \
	) || ( \
		${args[1]} == 'git-'(upload|receive)'-pack' && \
		${args[2]} != *'../'* && \
		${args[2]} == \'${PKG_ROOT}/*\' \
	) ]] \
{
	args[2]=${args[2]//\'}
	${args}
}