Theaninova/openstapps
1
0
Fork 0
mirror of https://gitlab.com/openstapps/openstapps.git synced 2026-01-18 15:42:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor: handle ssh secrets as base64 encoded

Browse Source
This commit is contained in:
Rainer Killinger
2022-03-15 17:56:15 +01:00
parent 368c26ce8c
commit ec8b553d2b
3 changed files with 49 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

26
static/scripts/ssh_deploy.sh
View File

@@ -1,12 +1,12 @@
#!/usr/bin/env bash
#!/usr/bin/env sh
set -e
SSH_DEPLOY_TARGET=$1
SSH_DEPLOY_TARGET="${SSH_DEPLOY_TARGET:-"missingtarget"}"
SSH_DEPLOY_TARGET="${SSH_DEPLOY_TARGET:-'missingtarget'}"
SSH_PRIVATE_KEY=$2
SSH_PRIVATE_KEY="${SSH_PRIVATE_KEY:-"missingkey"}"
SSH_PRIVATE_KEY="${SSH_PRIVATE_KEY:-'missingkey'}"
GOTO_FAIL=false
@@ -24,28 +24,32 @@ if [ "$GOTO_FAIL" = true ]; then
return 1
fi
IFS='@' read -ra TARGET_COMPONENTS <<< "$SSH_DEPLOY_TARGET"
SSH_DEPLOY_TARGET_USER="${TARGET_COMPONENTS[0]:-"missinguser"}"
TARGET_COMPONENTS=$(echo "$SSH_DEPLOY_TARGET" | tr '@' "\n")
TARGET_COMPONENTS=$(echo "$TARGET_COMPONENTS" | tr ':' "\n")
IFS=':' read -ra TARGET_COMPONENTS <<< "$TARGET_COMPONENTS"
SSH_DEPLOY_TARGET_USER=$(echo "$TARGET_COMPONENTS" | head -n 1 | tail -n 1)
SSH_DEPLOY_TARGET_HOST=$(echo "$TARGET_COMPONENTS" | head -n 2 | tail -n 1)
SSH_DEPLOY_TARGET_PATH=$(echo "$TARGET_COMPONENTS" | head -n 3 | tail -n 1)
SSH_DEPLOY_TARGET_HOST="${TARGET_COMPONENTS[0]:-"missinghost"}"
SSH_DEPLOY_TARGET_PATH="${TARGET_COMPONENTS[1]:-"missingpath"}"
SSH_DEPLOY_TARGET_USER="${SSH_DEPLOY_TARGET_USER:-'missinguser'}"
SSH_DEPLOY_TARGET_HOST="${SSH_DEPLOY_TARGET_HOST:-'missinghost'}"
SSH_DEPLOY_TARGET_PATH="${SSH_DEPLOY_TARGET_PATH:-'missingpath'}"
## Add the SSH key stored in SSH_PRIVATE_KEY variable to the agent store
## We're using tr to fix line endings which makes ed25519 keys work
## without extra base64 encoding.
## https://gitlab.com/gitlab-examples/ssh-private-key/issues/1#note_48526556
##
echo "$SSH_PRIVATE_KEY" | tr -d '\r' | ssh-add -
mkdir -p ~/.ssh
chmod 700 ~/.ssh
eval `ssh-agent -s`
echo "$SSH_PRIVATE_KEY" | base64 -d | tr -d '\r' | ssh-add -
##
## Use ssh-keyscan to scan the keys of your private server. Replace gitlab.com
## with your own domain name. You can copy and repeat that command if you have
## more than one server to connect to.
mkdir -p ~/.ssh
chmod 700 ~/.ssh
ssh-keyscan $SSH_DEPLOY_TARGET_HOST >> ~/.ssh/known_hosts
chmod 644 ~/.ssh/known_hosts