diff options
author | Erich Eckner <git@eckner.net> | 2019-06-19 10:11:48 +0200 |
---|---|---|
committer | Erich Eckner <git@eckner.net> | 2019-06-19 10:11:48 +0200 |
commit | aac0cb5e62ce2c50f060f41406493f45b57146e3 (patch) | |
tree | 560e6eb31353f73b49e5661ed199d90f5bb80a24 /bin/sanity-check | |
parent | 1e5a9f812fd8576d5791ed45a2a05bb9a01e78e2 (diff) | |
download | builder-aac0cb5e62ce2c50f060f41406493f45b57146e3.tar.xz |
bin/sanity-check: check consistency of ~/.ssh/authorized_keys with database
Diffstat (limited to 'bin/sanity-check')
-rwxr-xr-x | bin/sanity-check | 52 |
1 files changed, 51 insertions, 1 deletions
diff --git a/bin/sanity-check b/bin/sanity-check index e93a157..4da985b 100755 --- a/bin/sanity-check +++ b/bin/sanity-check @@ -128,7 +128,7 @@ touch "${tmp_dir}/messages" trap 'finish' EXIT if [ $# -eq 0 ]; then - set -- git-repositories build-list mysql master-mirror-availability repos package-database track-state + set -- git-repositories build-list mysql ssh-keys master-mirror-availability repos package-database track-state fi while [ $# -gt 0 ]; do @@ -568,6 +568,56 @@ while [ $# -gt 0 ]; do ;; + ssh-keys) + + [ ${silence} -gt 0 ] || \ + printf 'checking ssh-keys ...' | \ + tee -a "${tmp_dir}/messages" >&2 + + # shellcheck disable=SC2016 + { + printf 'SELECT' + printf ' CONCAT(' + printf '"command=\"/home/master/builder/bin/slave-build-connect ",' + printf '`build_slaves`.`name`,' + printf '"\" ssh-rsa ",' + printf '`ssh_keys`.`fingerprint`' + printf ')' + printf ' FROM' + printf ' `build_slaves`' + mysql_join_build_slaves_ssh_keys + } | \ + mysql_run_query | \ + sort > \ + "${tmp_dir}/ssh-keys.mysql" + sed -n ' + /^command/ { + s/^\(\(\S\+\s\+\)\{4\}\)\S.*$/\1/ + s/\s\+$// + p + } + ' ~/".ssh/authorized_keys" | \ + sort > \ + "${tmp_dir}/ssh-keys.authorized_keys" + + errors=$( + diff "${tmp_dir}/ssh-keys.mysql" "${tmp_dir}/ssh-keys.authorized_keys" + ) + if [ -n "${errors}" ]; then + if [ ${silence} -le 1 ]; then + printf '\nThe ssh keys in the database and the file system differ:\n%s\n' \ + "${errors}" + fi | \ + tee -a "${tmp_dir}/messages" >&2 + i_am_insane + fi + + [ ${silence} -gt 0 ] || \ + echo ' passed.' | \ + tee -a "${tmp_dir}/messages" >&2 + + ;; + *) [ ${silence} -gt 1 ] || \ |