131 lines
2.8 KiB
Bash
Executable File
131 lines
2.8 KiB
Bash
Executable File
#!/bin/sh
|
|
|
|
set -eu
|
|
|
|
usage() {
|
|
cat <<EOF
|
|
Usage: $BINNAME create|purge|list
|
|
$BINNAME get|get-priv <group>
|
|
$BINNAME help|-h|--help
|
|
EOF
|
|
if [ "$#" -eq 2 ]; then
|
|
cat <<EOF
|
|
|
|
This script manages SSH keys that enable jenkins to autmatically pull
|
|
from private github/gitea repositories. It *DOES NOT* add any keys to
|
|
jenkins automatically.
|
|
|
|
Apache is (should be) configured to automatically create missing keys,
|
|
so 'create' should not need to be invoked manually.
|
|
|
|
Commands:
|
|
create <group> Creates an SSH key for the given group if one
|
|
doesn't already exist
|
|
|
|
purge Deletes all existing SSH keys
|
|
|
|
list Prints all groups' public keys
|
|
|
|
get <group> Prints the public key for the given group
|
|
|
|
get-priv <group> Prints the private key for the given group
|
|
|
|
help Prints this help text
|
|
|
|
|
|
Group identifiers are formatted as "NN-MM". NN is the group number, and MM is
|
|
the course variant. Currently there are two variants, "15" for the 15hp course
|
|
and "75" for the 7.5hp course.
|
|
|
|
Files and directories:
|
|
$BASEDIR/groups.list
|
|
The list of user-group mappings. This script doesn't use
|
|
the usernames, but they are required by apache in order
|
|
to determine who should be able to see what.
|
|
The list format is "<username><tab><groupid>"
|
|
|
|
$BASEDIR/keys
|
|
All SSH keys are stored here.
|
|
The name format is "group<groupid>"
|
|
|
|
EOF
|
|
fi
|
|
exit "$1"
|
|
}
|
|
|
|
BINNAME="$(basename $0)"
|
|
BASEDIR="$(dirname "$(readlink -f "$0")")"
|
|
cd "$BASEDIR"
|
|
|
|
if [ "$#" -lt 1 ]; then
|
|
usage 1
|
|
fi
|
|
|
|
GROUPFILE="./groups.list"
|
|
KEYDIR="./keys"
|
|
|
|
groups="$(sed -r '/^#/d' "$GROUPFILE" | awk '{print $2}' | sort | uniq)"
|
|
|
|
case "$1" in
|
|
create)
|
|
if ! [ "$#" = "2" ]; then
|
|
echo "You must specify a group to create a key for."
|
|
exit 2
|
|
fi
|
|
keyname="$KEYDIR/$2"
|
|
if ! [ -e "$keyname" ]; then
|
|
ssh-keygen -f "$keyname" -t ecdsa -q -P '' -C "${2}@pvt"
|
|
fi
|
|
;;
|
|
purge)
|
|
rm "$KEYDIR"/*
|
|
;;
|
|
list)
|
|
for group in $groups; do
|
|
keyname="$KEYDIR/${group}.pub"
|
|
printf "$group\t"
|
|
if [ -e "$keyname" ]; then
|
|
cat "$keyname"
|
|
else
|
|
echo "No key found."
|
|
fi
|
|
done
|
|
;;
|
|
get )
|
|
if [ "$#" -ne 2 ]; then
|
|
echo "You must specify a group to get the public key for."
|
|
exit 2
|
|
fi
|
|
keyfile="$KEYDIR/${2}.pub"
|
|
if [ -e "$keyfile" ]; then
|
|
cat "$keyfile"
|
|
else
|
|
echo "Not found."
|
|
exit 1
|
|
fi
|
|
;;
|
|
get-priv)
|
|
if [ "$#" -ne 2 ]; then
|
|
echo "You must specify a group to get the private key for."
|
|
exit 2
|
|
fi
|
|
keyfile="$KEYDIR/${2}"
|
|
if [ -e "$keyfile" ]; then
|
|
if [ -r "$keyfile" ]; then
|
|
cat "$keyfile"
|
|
else
|
|
echo "Not readable."
|
|
fi
|
|
else
|
|
echo "Not found."
|
|
exit 1
|
|
fi
|
|
;;
|
|
help|-h|--help)
|
|
usage 0 long
|
|
;;
|
|
*)
|
|
usage 1
|
|
;;
|
|
esac
|