blob: a0311186cca972f74d70753332003568447285c3 (
plain)
- # -*-shell-script-*-
- # This should be sourced by bash (though we welcome changes to make it POSIX sh compliant)
- # Monkeysphere update_known_hosts subcommand
- #
- # The monkeysphere scripts are written by:
- # Jameson Rollins <jrollins@finestructure.net>
- # Jamie McClelland <jm@mayfirst.org>
- # Daniel Kahn Gillmor <dkg@fifthhorseman.net>
- #
- # They are Copyright 2010, and are all released under the GPL, version
- # 3 or later.
- # update the known_hosts file for a set of hosts listed on command
- # line
- update_known_hosts() {
- local returnCode=0
- local fileCheck
- local host
- local newUmask
- # touch the known_hosts file so that the file permission check
- # below won't fail upon not finding the file
- if [ ! -f "$KNOWN_HOSTS" ]; then
- # make sure to create any files or directories with the appropriate write bits turned off:
- newUmask=$(printf "%04o" $(( 0$(umask) | 0022 )) )
- [ -d $(dirname "$KNOWN_HOSTS") ] \
- || (umask "$newUmask" && mkdir -p -m 0700 $(dirname "$KNOWN_HOSTS") ) \
- || failure "Could not create path to known_hosts file '$KNOWN_HOSTS'"
- # make sure to create this file with the appropriate bits turned off:
- (umask "$newUmask" && touch "$KNOWN_HOSTS") \
- || failure "Unable to create known_hosts file '$KNOWN_HOSTS'"
- fi
- check_key_file_permissions $(whoami) "$KNOWN_HOSTS" \
- || failure "Bad permissions governing known_hosts file '$KNOWN_HOSTS'"
- lock create "$KNOWN_HOSTS"
- # FIXME: we're discarding any pre-existing EXIT trap; is this bad?
- trap "lock remove $KNOWN_HOSTS" EXIT
- tmpFile=$(mktemp "${KNOWN_HOSTS}.monkeysphere.XXXXXX")
- trap "lock remove $KNOWN_HOSTS; rm -f $tmpFile" EXIT
- for host ; do
- FILE_TYPE='known_hosts' process_keys_for_file "$tmpFile" "ssh://${host}"
- lock touch "$KNOWN_HOSTS"
- done
- if [ "$(file_hash "$KNOWN_HOSTS")" != "$(file_hash "$tmpFile")" ] ; then
- mv -f "$tmpFile" "$KNOWN_HOSTS"
- log debug "known_hosts file updated."
- else
- rm -f "$tmpFile"
- fi
- lock remove "$KNOWN_HOSTS"
- trap - EXIT
- }
- # process hosts from a known_hosts file
- process_known_hosts() {
- local hosts
- if [ ! -e "$KNOWN_HOSTS" ] ; then
- failure "known_hosts file '$KNOWN_HOSTS' does not exist."
- fi
- log debug "processing known_hosts file:"
- log debug " $KNOWN_HOSTS"
- hosts=$(meat "$KNOWN_HOSTS" | cut -d ' ' -f 1 | grep -v '^|.*$' | tr , ' ' | tr '\n' ' ')
- if [ -z "$hosts" ] ; then
- log debug "no hosts to process."
- return
- fi
- # take all the hosts from the known_hosts file (first
- # field), grep out all the hashed hosts (lines starting
- # with '|')...
- update_known_hosts $hosts
- }
|