Ubuntu
openssh package

Merge lp:~smoser/ubuntu/natty/openssh/lp688574 into lp:ubuntu/natty/openssh

  1. Natty (11.04)
  2. lp688574
  3. Merge into natty
Proposed by Scott Moser on 2010-12-10
Status: Work in progress
Proposed branch: lp:~smoser/ubuntu/natty/openssh/lp688574
Merge into: lp:ubuntu/natty/openssh
Diff against target: 188 lines (+99/-34)
3 files modified
debian/changelog (+7/-0)
debian/ssh-import-id (+81/-34)
debian/ssh-import-id.1 (+11/-0)
To merge this branch: bzr merge lp:~smoser/ubuntu/natty/openssh/lp688574
Reviewer Review Type Date Requested Status
Sebastien Bacher Needs Fixing on 2010-12-15
Clint Byrum Approve on 2010-12-15
Ubuntu branches 2010-12-10 Pending
Review via email: mp+43366@code.launchpad.net
To post a comment you must log in.
Clint Byrum (clint-fewbar) wrote :

Hi Scott.. I tested this out in a natty chroot, and after manually installing wget and ca-certificates (see bug #690436 for more info) it worked quite well.

review: Approve
Reply
Sebastien Bacher (seb128) wrote :

Dustin talked with Colin and agreed to split ssh-import-id in a new source rather, so setting as needs fixing

review: Needs Fixing
Reply
Sebastien Bacher (seb128) wrote :

settings to work in progress so it's not listed in the sponsoring queue

Reply

Unmerged revisions

3221. By Scott Moser on 2010-12-10

add options to ssh-import-id for writing to specified file,
being silent, and not attempting key validation (LP: #688574)

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'debian/changelog'
2--- debian/changelog 2010-12-10 13:47:02 +0000
3+++ debian/changelog 2010-12-10 15:56:15 +0000
4@@ -1,3 +1,10 @@
5+openssh (1:5.6p1-2ubuntu3) UNRELEASED; urgency=low
6+
7+ * add options to ssh-import-id for writing to specified file,
8+ being silent, and not attempting key validation (LP: #688574)
9+
10+ -- Scott Moser <smoser@ubuntu.com> Fri, 10 Dec 2010 09:24:52 -0500
11+
12 openssh (1:5.6p1-2ubuntu2) natty; urgency=low
13
14 * add mention of ssh-keygen in ssh connect warning (LP: #686607)
15
16=== modified file 'debian/ssh-import-id'
17--- debian/ssh-import-id 2010-07-22 14:48:57 +0000
18+++ debian/ssh-import-id 2010-12-10 15:56:15 +0000
19@@ -38,26 +38,35 @@
20 URL="https://launchpad.net/~%s/+sshkeys"
21
22 usage() {
23- echo
24- echo "Usage:"
25- echo " $0 [USER_ID_1] [USER_ID_2] ... [USER_ID_n]"
26- echo
27- exit 1
28+ cat <<EOF
29+Usage: ${0##*/} [options] USER_ID [USER_ID_2] ... [USER_ID_n]
30+
31+ import ssh keys for listed users, writing output to a file.
32+
33+ options:
34+ -h | --help this help
35+ -o | --output F write output to file 'F'
36+ (default ~/.ssh/authorized_keys)
37+ | --raw do not attempt to fix keys or validate before adding
38+ -q | --quiet be silent
39+EOF
40 }
41-
42-[ -n "$1" ] || usage
43+bad_usage() { usage 1>&2; echo "$@" 1>&2; exit 1; }
44
45 error() {
46+ [ "${QUIET}" = "0" ] || return 0
47 printf "ERROR: %s\n" "$@" 1>&2
48 exit 1
49 }
50
51 warn() {
52+ [ "${QUIET}" = "0" ] || return 0
53 printf "WARNING: %s\n" "$@" 1>&2
54 }
55
56 info() {
57- printf "INFO: %s\n" "$@"
58+ [ "${QUIET}" = "0" ] || return 0
59+ printf "INFO: %s\n" "$@" 1>&2
60 }
61
62 url_encode() {
63@@ -79,40 +88,78 @@
64 [ $lines -gt 0 ] && [ $keys -eq $lines ]
65 }
66
67-# Only support writing to this user's authorized_keys file
68-if [ -z "$HOME" ]; then
69- uid=$(id -u) || error "Cannot determine user id"
70- [ -n "$uid" ] || error "User id cannot be empty"
71- pwline=$(getent passwd "$uid") || error "Cannot get passwd entry"
72- HOME=$(echo "$pwline" | awk -F: '{print $6}') || error "Cannot determine home directory"
73- [ -n "$HOME" ] || error "Home directory cannot be empty"
74+get_authkeypath() {
75+ # Only support writing to this user's authorized_keys file
76+ local home="${HOME}"
77+ if [ -z "$home" ]; then
78+ uid=$(id -u) || error "Cannot determine user id"
79+ [ -n "$uid" ] || error "User id cannot be empty"
80+ pwline=$(getent passwd "$uid") || error "Cannot get passwd entry"
81+ home=$(echo "$pwline" | awk -F: '{print $6}') || error "Cannot determine home directory"
82+ [ -n "$home" ] || error "Home directory cannot be empty"
83+ fi
84+
85+ _RET="${home}/.ssh/authorized_keys"
86+}
87+
88+short_opts="ho:qr"
89+long_opts="help,output:,quiet,raw"
90+getopt_out=$(getopt --shell sh --name "${0##*/}" \
91+ --options "${short_opts}" --long "${long_opts}" -- "$@") &&
92+ eval set -- "${getopt_out}" ||
93+ bad_usage
94+
95+output=""
96+raw=0
97+QUIET=0
98+while [ $# -ne 0 ]; do
99+ cur=${1}; next=${2};
100+ case "$cur" in
101+ -h|--help) usage; exit 0;;
102+ -o|--output) output="${2}"; shift;;
103+ -q|--quiet) QUIET=1;;
104+ -r|--raw) raw=1;;
105+ --) shift; break;;
106+ esac
107+ shift;
108+done
109+
110+[ -n "$1" ] || bad_usage "must give user"
111+
112+if [ -z "${output}" ]; then
113+ get_authkeypath
114+ output=${_RET}
115+ dir=${output%/*}
116+ mkdir -m 0700 "${dir%/*}" 2>/dev/null || true
117+ [ -d "$dir" ] || error "Cannot create directory [$dir]"
118+ [ -e "$output" ] || (umask 0177 && touch "$output") ||
119+ error "Cannot create [$output]"
120 fi
121
122-DIR="$HOME/.ssh"
123-FILE="$DIR"/authorized_keys
124-
125-mkdir -m 0700 "$DIR" 2>/dev/null || true
126-[ -d "$DIR" ] || error "Cannot create directory [$DIR]"
127-[ -w "$DIR" ] || error "Cannot write to directory [$DIR]"
128-[ -e "$FILE" ] || (umask 0177 && touch "$FILE") || error "Cannot create [$FILE]"
129-
130-rc=0
131 tmp=$(mktemp)
132 trap "rm -f $tmp" EXIT HUP INT QUIT TERM
133+rc=0
134 for i in "$@"; do
135 i=$(url_encode "$i") || error "Failed encoding [$i]"
136 url=$(printf "$URL" "$i")
137- if env -i wget --quiet -O- "$url" > "$tmp"; then
138- echo >> "$tmp" # needed for wc
139- if ! validate_keys "$tmp"; then
140- warn "Invalid keys at [$url]"
141- continue
142- fi
143- cat "$tmp" >> "$FILE" || error "Could not write to [$tmp]"
144- info "Successfully authorized [$i]"
145+ if ! env -i wget --quiet -O- "$url" > "$tmp"; then
146+ rc=$(($rc+1));
147+ warn "Failed to retrieve key for [$i] from [$url]"
148+ continue
149+ fi
150+ echo >> "$tmp" # needed for wc
151+ if [ ${raw} -eq 0 ] && ! validate_keys "$tmp"; then
152+ warn "Invalid keys at [$url]"
153+ rc=$(($rc+1));
154+ continue
155+ fi
156+ if [ "${output}" = "-" ]; then
157+ cat "$tmp" || error "Could not write to stdout";
158 else
159- rc=$?
160- warn "Failed to retrieve key for [$i] from [$url]"
161+ cat "$tmp" >> "$output" || error "Could not write to [$output]";
162 fi
163+ info "Successfully authorized [$i]"
164 done
165 exit $rc
166+
167+# vi: ts=4 noexpandtab
168
169=== modified file 'debian/ssh-import-id.1'
170--- debian/ssh-import-id.1 2010-08-02 14:56:36 +0000
171+++ debian/ssh-import-id.1 2010-12-10 15:56:15 +0000
172@@ -8,6 +8,17 @@
173 .SH DESCRIPTION
174 This utility will securely contact a public keyserver (Launchpad.net by default) and retrieve one or more user's public keys, and append these to the current user's \fI~/.ssh/authorized_keys\fP file.
175
176+.SH OPTIONS
177+.TP
178+.B -o|--output <file>
179+write to file, default is ~/.ssh/authorized_keys. Use '-' for stdout.
180+.TP
181+.B -q|--quiet
182+do not status messages.
183+.TP
184+.B --raw
185+do not attempt to fix keys or validate before writing
186+
187 .SH SEE ALSO
188 \fIssh\fP(1)
189

Subscribers

People subscribed via source and target branches

to all changes: