+++ /dev/null
-#!/usr/bin/perl
-use strict;
-use warnings;
-
-use lib $ENV{GL_LIBDIR};
-use Gitolite::Rc;
-use Gitolite::Common;
-
-=for usage
-Please see usage at https://www.immae.eu/docs/forge-logicielle/gitolite.html#inviter-des-collaborateurs
-=cut
-
-usage() if @ARGV and ($ARGV[0] eq '-h' or $ARGV[0] eq '--help');
-
-my $rb = $rc{GL_REPO_BASE};
-my $ab = $rc{GL_ADMIN_BASE};
-# get to the keydir
-_chdir("$ab/keydir");
-
-# save arguments for later
-my $operation = shift || 'list';
-my $invitekeyid = shift || '';
-$invitekeyid and $invitekeyid !~ /^[-0-9a-z_]+@[-0-9a-z_]+$/i and die "invalid keyid $invitekeyid\n";
-my ($invited, $keyid) = split /@/, $invitekeyid;
-
-# get the actual userid and keytype
-my $gl_user = $ENV{GL_USER};
-die "This function is reserved for actual users" if $gl_user =~ s/-invite-(.*)$//;
-
-# ----
-# first collect the keys
-
-my ( @invited_keys );
-
-for my $pubkey (`find . -type f -name "*.pub" | sort`) {
- chomp($pubkey);
- $pubkey =~ s(^./)(); # artifact of the find command
-
- my $user = $pubkey;
- $user =~ s(.*/)(); # foo/bar/baz.pub -> baz.pub
- $user =~ s/(\@[^.]+)?\.pub$//; # baz.pub, baz@home.pub -> baz
-
- if ( $user =~ m(^(zzz-marked-for-...-)?$gl_user-invite-) ) {
- push @invited_keys, $pubkey;
- }
-}
-
-# ----
-# list mode; just do it and exit
-sub print_keylist {
- my ( $message, @list ) = @_;
- return unless @list;
- print "== $message ==\n";
- my $count = 1;
- for (@list) {
- my $fp = fingerprint($_);
- s/(zzz-marked-for-...-)?$gl_user-invite-//g;
- s/\.pub$//;
- s(.*/)();
- print $count++ . ": $fp : $_\n";
- }
-}
-if ( $operation eq 'list' ) {
- print "you have the following invited keys:\n";
- print_keylist( "keys for invited persons", @invited_keys );
- print "\n\n";
- exit;
-}
-
-# ----
-# please see docs for details on how a user interacts with this
-
-die "valid operations: add, del\n" unless $operation =~ /^(add|del)$/;
-
-if ( $operation eq 'add' ) {
- print STDERR "please supply the new key on STDIN. (I recommend you
- don't try to do this interactively, but use a pipe)\n";
- kf_add( $gl_user, $invited, $keyid, safe_stdin() );
-} elsif ( $operation eq 'del' ) {
- kf_del( $gl_user, $invited, $keyid );
-}
-
-exit;
-
-# ----
-
-# make a temp clone and switch to it
-our $TEMPDIR;
-BEGIN { $TEMPDIR = `mktemp -d -t tmp.XXXXXXXXXX`; }
-END { `rm -rf $TEMPDIR`; }
-
-sub cd_temp_clone {
- chomp($TEMPDIR);
- hushed_git( "clone", "$rb/gitolite-admin.git", "$TEMPDIR" );
- chdir($TEMPDIR);
- my $hostname = `hostname`; chomp($hostname);
- hushed_git( "config", "--get", "user.email" ) and hushed_git( "config", "user.email", $ENV{USER} . "@" . $hostname );
- hushed_git( "config", "--get", "user.name" ) and hushed_git( "config", "user.name", "$ENV{USER} on $hostname" );
-}
-
-sub fingerprint {
- my ($fp, $output) = ssh_fingerprint_file(shift);
- # Do not print the output of $output to an untrusted destination.
- die "does not seem to be a valid pubkey\n" unless $fp;
- return $fp;
-}
-
-sub safe_stdin {
- # read one line from STDIN
- my $data;
- my $ret = read STDIN, $data, 4096;
- # current pubkeys are approx 400 bytes so we go a little overboard
- die "could not read pubkey data" . ( defined($ret) ? "" : ": $!" ) . "\n" unless $ret;
- die "pubkey data seems to have more than one line\n" if $data =~ /\n./;
- return $data;
-}
-
-sub hushed_git {
- local (*STDOUT) = \*STDOUT;
- local (*STDERR) = \*STDERR;
- open( STDOUT, ">", "/dev/null" );
- open( STDERR, ">", "/dev/null" );
- system( "git", @_ );
-}
-
-sub highlander {
- # there can be only one
- my ( $keyid, $die_if_empty, @a ) = @_;
- # too many?
- if ( @a > 1 ) {
- print STDERR "
-more than one key satisfies this condition, and I can't deal with that!
-The keys are:
-
-";
- print STDERR "\t" . join( "\n\t", @a ), "\n\n";
- exit 1;
- }
- # too few?
- die "no keys with " . ( $keyid || "empty" ) . " keyid found\n" if $die_if_empty and not @a;
-
- return @a;
-}
-
-sub kf_add {
- my ( $gl_user, $invited, $keyid, $keymaterial ) = @_;
-
- # add a new "invited" key for $gl_user.
- cd_temp_clone();
- chdir("keydir");
-
- mkdir("invited");
- _print( "invited/$gl_user-invite-$invited\@$keyid.pub", $keymaterial );
- hushed_git( "add", "." ) and die "git add failed\n";
- my $fp = fingerprint("invited/$gl_user-invite-$invited\@$keyid.pub");
- hushed_git( "commit", "-m", "invite add $gl_user-invite-$invited\@$keyid ($fp)" ) and die "git commit failed\n";
- system("gitolite push >/dev/null 2>/dev/null") and die "git push failed\n";
-}
-
-sub kf_del {
- my ( $gl_user, $invited, $keyid ) = @_;
-
- cd_temp_clone();
- chdir("keydir");
-
- my @pk = highlander( $keyid, 1, grep { m(^(.*/)?(zzz-marked-for-...-)?$gl_user-invite-$invited\@$keyid.pub$) } @invited_keys );
-
- my $fp = fingerprint( $pk[0] );
- hushed_git( "rm", $pk[0]) and die "git mv failed\n";
- hushed_git( "commit", "-m", "invite del $pk[0] ($fp)" ) and die "git commit failed\n";
- system("gitolite push >/dev/null 2>/dev/null") and die "git push failed\n";
-}
projects / perso / Immae / Config / Nix.git / blobdiff