From aac0cb5e62ce2c50f060f41406493f45b57146e3 Mon Sep 17 00:00:00 2001 From: Erich Eckner Date: Wed, 19 Jun 2019 10:11:48 +0200 Subject: bin/sanity-check: check consistency of ~/.ssh/authorized_keys with database --- bin/sanity-check | 52 +++++++++++++++++++++++++++++++++++++++++++++++++++- 1 file changed, 51 insertions(+), 1 deletion(-) (limited to 'bin/sanity-check') diff --git a/bin/sanity-check b/bin/sanity-check index e93a157..4da985b 100755 --- a/bin/sanity-check +++ b/bin/sanity-check @@ -128,7 +128,7 @@ touch "${tmp_dir}/messages" trap 'finish' EXIT if [ $# -eq 0 ]; then - set -- git-repositories build-list mysql master-mirror-availability repos package-database track-state + set -- git-repositories build-list mysql ssh-keys master-mirror-availability repos package-database track-state fi while [ $# -gt 0 ]; do @@ -568,6 +568,56 @@ while [ $# -gt 0 ]; do ;; + ssh-keys) + + [ ${silence} -gt 0 ] || \ + printf 'checking ssh-keys ...' | \ + tee -a "${tmp_dir}/messages" >&2 + + # shellcheck disable=SC2016 + { + printf 'SELECT' + printf ' CONCAT(' + printf '"command=\"/home/master/builder/bin/slave-build-connect ",' + printf '`build_slaves`.`name`,' + printf '"\" ssh-rsa ",' + printf '`ssh_keys`.`fingerprint`' + printf ')' + printf ' FROM' + printf ' `build_slaves`' + mysql_join_build_slaves_ssh_keys + } | \ + mysql_run_query | \ + sort > \ + "${tmp_dir}/ssh-keys.mysql" + sed -n ' + /^command/ { + s/^\(\(\S\+\s\+\)\{4\}\)\S.*$/\1/ + s/\s\+$// + p + } + ' ~/".ssh/authorized_keys" | \ + sort > \ + "${tmp_dir}/ssh-keys.authorized_keys" + + errors=$( + diff "${tmp_dir}/ssh-keys.mysql" "${tmp_dir}/ssh-keys.authorized_keys" + ) + if [ -n "${errors}" ]; then + if [ ${silence} -le 1 ]; then + printf '\nThe ssh keys in the database and the file system differ:\n%s\n' \ + "${errors}" + fi | \ + tee -a "${tmp_dir}/messages" >&2 + i_am_insane + fi + + [ ${silence} -gt 0 ] || \ + echo ' passed.' | \ + tee -a "${tmp_dir}/messages" >&2 + + ;; + *) [ ${silence} -gt 1 ] || \ -- cgit v1.2.3-54-g00ecf