mirrors/git-annex
2
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

webapp: Include the repository directory in the mangled hostname and ssh key name, so that a locked down ssh key for one repository is not re-used when setting up additional repositories on the same server.

Browse source
This commit is contained in:
Joey Hess 2013-04-16 13:49:39 -04:00
parent 854d5c0471
commit 7956177445
3 changed files with 23 additions and 8 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

25
Assistant/Ssh.hs
View file

@ -210,18 +210,27 @@ setSshConfig sshdata config = do
, ("Port", show $ sshPort sshdata) , ("Port", show $ sshPort sshdata)
] ]
{- This hostname is specific to a given repository on the ssh host,
- so it is based on the real hostname, the username, and the directory.
-}
mangleSshHostName :: SshData -> String mangleSshHostName :: SshData -> String
mangleSshHostName sshdata = "git-annex-" ++ host ++ (maybe "-" ('-':) user) mangleSshHostName sshdata = "git-annex-" ++ T.unpack (sshHostName sshdata)
++ "-" ++ filter safe extra
where where
host = T.unpack $ sshHostName sshdata extra = join "_" $ map T.unpack $ catMaybes
user = T.unpack <$> sshUserName sshdata [ sshUserName sshdata
, Just $ sshDirectory sshdata
]
safe c
| isAlphaNum c = True
| c == '_' = True
| otherwise = False
{- Extracts the real hostname from a mangled ssh hostname. -}
unMangleSshHostName :: String -> String unMangleSshHostName :: String -> String
unMangleSshHostName h unMangleSshHostName h = case split "-" h of
| "git-annex-" `isPrefixOf` h = join "-" (beginning $ drop 2 dashbits) ("git":"annex":rest) -> join "-" (beginning rest)
| otherwise = h _ -> h
where
dashbits = split "-" h
{- Does ssh have known_hosts data for a hostname? -} {- Does ssh have known_hosts data for a hostname? -}
knownHost :: Text -> IO Bool knownHost :: Text -> IO Bool

3
debian/changelog vendored
View file

@ -36,6 +36,9 @@ git-annex (4.20130406) UNRELEASED; urgency=low
* Avoid using runghc, as that needs ghci. * Avoid using runghc, as that needs ghci.
* webapp: When a repository's group is changed, rescan for transfers. * webapp: When a repository's group is changed, rescan for transfers.
* webapp: Added animations. * webapp: Added animations.
* webapp: Include the repository directory in the mangled hostname and
ssh key name, so that a locked down ssh key for one repository is not
re-used when setting up additional repositories on the same server.
-- Joey Hess <joeyh@debian.org> Sat, 06 Apr 2013 15:24:15 -0400 -- Joey Hess <joeyh@debian.org> Sat, 06 Apr 2013 15:24:15 -0400

3
doc/bugs/Cannot_sync_repos_setup_using_webapp:___34__git-annex-shell:_Only_allowed_to_access___126____47__foo_not___126____47__bar__47____34__.mdwn
View file

@ -24,3 +24,6 @@ Machine 2: Ubuntu 12.04 with Git-Annex 4.20130405 installed using cabal.
###Please provide any additional information below. ###Please provide any additional information below.
> [[done]]; when setting up a new repo it will now use
> a ssh key that is different for each repository on the host.
> --[[Joey]]