summaryrefslogtreecommitdiff
path: root/update-openssh-known-hosts
blob: 82c56c47d93d1add33dd7e285d2b5d9816c78e92 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
#!/bin/bash

# Copyright (C) 2009-2014 Timo Weingärtner <timo@tiwe.de>
#
# This file is part of openssh-known-hosts.
#
# openssh-known-hosts is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# openssh-known-hosts is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with openssh-known-hosts. If not, see <http://www.gnu.org/licenses/>.

set -euC

CONFDIR=${CONFDIR:-/etc/openssh-known-hosts}
PLUGIN_PATH=${PLUGIN_PATH:-/usr/local/share/openssh-known-hosts/plugins:/usr/share/openssh-known-hosts/plugins}
CACHEDIR=${CACHEDIR:-/var/cache/openssh-known-hosts}
LOCK=${LOCK:-/var/lock/openssh-known-hosts}
OUTFILE=${OUTFILE:-/var/lib/openssh-known-hosts/ssh_known_hosts}

path_search () {
	search="$1"
	shift
	local IFS
	IFS=:
	set -- $@
	if [[ ${search} =~ / ]]; then
		echo "${search}"
		return 0
	fi
	for path; do
		if [ -f "${path}/${search}" ]; then
			echo "${path}/${search}"
			return 0
		fi
	done
	echo "'${search}' not found in '$@'!" >&2
	exit 127
}

cleanup () {
	rm -f "${OUTFILE}.new"
	kill "${LOCKPID}"
	lockfile-remove "${LOCK}"
}

if [ $# -eq 1 ] && [ "$1" = "-f" ]; then
	fail=1
else
	fail=''
fi

trap cleanup EXIT

lockfile-create "${LOCK}"
lockfile-touch "${LOCK}" &
LOCKPID="$!"

mkdir -p "${CACHEDIR}"
cd "${CACHEDIR}"

find -mindepth 2 -maxdepth 2 -type f -name new -delete

run-parts --list "${CONFDIR}/sources/" | while read sourcefile; do
	source=${sourcefile##*/}
	mkdir -p ${source}
	(
		set -a
		cd ${source}
		. "${sourcefile}"
		$(path_search "$PLUGIN" "$PLUGIN_PATH") >| log 2>&1 || {
			exitcode=$?
			rm -f new
			ignore=''
			for e in ${EXIT_IGNORE:-0}; do
				if [[ $e = $exitcode ]]; then
					ignore=1
					break
				fi
			done
			if [ -z "$ignore" -o "$fail" ]; then
				echo "${source} exited with code ${exitcode}, log follows:"
				cat log
				echo
			fi
			if [ "$fail" ]; then
				exit 1
			fi
		} >&2
	) || exit 1
	if [ -e ${source}/new ]; then
		mv ${source}/new ${source}/current
	fi
	if [ -e ${source}/current ]; then
		if [ -e "${sourcefile}.filter" ]; then
			if [[ ${source}/filtered -ot ${source}/current ]] || [[ ${source}/filtered -ot ${sourcefile}.filter ]]; then
				mapfile -t filter < "${sourcefile}.filter"
				for i in ${!filter[@]}; do
					if [[ ${filter[$i]} =~ ^($|#) ]]; then
						unset filter[$i]
					fi
				done
				while read hostlist rest; do
					IFS=, read -a hostarray <<<$hostlist
					new_hostlist=''
					for host in ${hostarray[@]}; do
						for rule in "${filter[@]}"; do
							if [[ ${host} =~ ${rule#* } ]]; then
								if [[ ${rule%% *} =~ ^[aopy] ]]; then
									new_hostlist="${new_hostlist}${host},"
								fi
								break
							fi
						done
					done
					[ "$new_hostlist" ] || continue
					echo "${new_hostlist%,} ${rest}"
				done < ${source}/current | sort -u >| ${source}/filtered.new
				mv ${source}/filtered.new ${source}/filtered
			fi
			cat ${source}/filtered >&3
		else
			sort -u ${source}/current >&3
		fi
	fi
done 3>| "${OUTFILE}.new"

if cmp -s "${OUTFILE}" "${OUTFILE}.new"; then
	rm "${OUTFILE}.new"
else
	mv "${OUTFILE}.new" "${OUTFILE}"
fi

# clean up cache dirs of vanished sources
for d in *; do
	[ -d $d ] || continue
	[ -e "${CONFDIR}/sources/$d" ] || rm -fr $d
done

# vim:set ft=sh: