diff options
Diffstat (limited to 'testing/aaudit')
-rw-r--r-- | testing/aaudit/APKBUILD | 30 | ||||
-rwxr-xr-x | testing/aaudit/aaudit | 59 | ||||
-rw-r--r-- | testing/aaudit/aaudit-server.json | 4 | ||||
-rw-r--r-- | testing/aaudit/aaudit-server.lua | 35 | ||||
-rwxr-xr-x | testing/aaudit/aaudit-shell | 10 |
5 files changed, 93 insertions, 45 deletions
diff --git a/testing/aaudit/APKBUILD b/testing/aaudit/APKBUILD index 5dcb358aca..0dc7179e09 100644 --- a/testing/aaudit/APKBUILD +++ b/testing/aaudit/APKBUILD @@ -1,13 +1,13 @@ # Contributor: Timo Teräs <timo.teras@iki.fi> # Maintainer: Timo Teräs <timo.teras@iki.fi> pkgname=aaudit -pkgver=0.4 +pkgver=0.5 pkgrel=0 pkgdesc="Alpine Auditor" url="http://alpinelinux.org" arch="noarch" license="GPL" -depends="lua5.2 lua5.2-posix lua5.2-cjson" +depends="lua5.2 lua5.2-posix lua5.2-cjson lua5.2-pc" makedepends="" install="" subpackages="$pkgname-server" @@ -36,7 +36,7 @@ package() { } server() { - depends="aaudit git lua5.2 lua5.2-posix lua5.2-cjson" + depends="aaudit git lua5.2 lua5.2-posix lua5.2-cjson lua5.2-zlib" mkdir -p "$subpkgdir"/etc/aaudit \ "$subpkgdir"/usr/libexec/aaudit \ @@ -49,23 +49,23 @@ server() { } md5sums="b81b0707b297a69dacbc1606324de029 aaudit-common.lua -4ad8c883f09133a1b9357f7ac156040c aaudit-server.lua -b24162b7fa31161eab71485b1077f8ea aaudit -07c54e8cb44f195456be7a18b15a0be1 aaudit-shell +2dfb114024f0f7aa46400a6c81d1d9cc aaudit-server.lua +9b48cc51f9f16989af4290107b2b866d aaudit +f5de73f12b6df1a751c89f19c92871be aaudit-shell feef077f56f40002ca11846512d347af aaudit-update-keys e14ded329626ca1d6dd48e5bef0bc7e2 aaudit.json -dc9a54c08ea299ad268301266f3da989 aaudit-server.json" +f2c15c547701ec71aa4d0c1d0f7b70b1 aaudit-server.json" sha256sums="ee1998e730356c2de0ff9d5e27d9e0277e3c1f051777146b7c5b820437edfd7f aaudit-common.lua -3a9384089b0cb73c151b67eaedd66a244b48c0c2a86f5fe0ccadda6e0cbe8863 aaudit-server.lua -198b92b5a0eb8e13c3fad87f3afffda1e749243c785e72b54db190413a513595 aaudit -a99ab6908d780f07b756f5d2416924250b61e88c92ea0aa91af88a05dfc9edff aaudit-shell +55f70bb0eb60b33580a6f68f57f0a8b52fef4f2bf4c4851af7a9b96c60f4841a aaudit-server.lua +160a4e2893dfb264a7844d911d7c2781dda4624f2357f3e7950338f8d2ca9c2a aaudit +659c755cfca95a76da78f4d28d0ab9a32d55bea0077be7420ceaf9d45c518354 aaudit-shell 660dcf86f02a9d0e3ff47cb359e0291a0921d03215e368552a2878d2d691a9cc aaudit-update-keys f61efebc04756c8bfb7cb955b7af5db6a3c5dabdd005f690db812c7e77567cf5 aaudit.json -878fa7c12ddd28d679703cdf7ab31f69473609d16da9604545f78132cc59d562 aaudit-server.json" +d477ca7714ff43818f8deef3f60d69d118ea899c57b6109cdf4c6c22009cc07c aaudit-server.json" sha512sums="aaa378fd710d17cb3663954648e97dd5128406cc6f37e9834075046aed1912dcc9e448b6c96502350b8d3496e00b7803cae671a4be2c12c584a84dc0b6e843e9 aaudit-common.lua -fa74091c9f8f2614f68d828560734b92f16b592b40e9552464ef84dc54f2600f7df91e9ba6159c3a91d54f8d4160078ac022e585633a87edc0cbc6e280a29be9 aaudit-server.lua -b15515979003382527842cf3fd0c150fb1ff96009518e7cd71c42ab0cf091cee000384d2b8b71c6cc8c4c93ee64cb70bef726d98b3e2b87fff9db7afbc83dc57 aaudit -974a4e733a61c07719ae75bc1ffc39f01d5adf7bc7f813aa358201bd18711eafeaa42705d9b8d4a869cdb27687091c8998b7eafd1d10a778a429d0efa787bda0 aaudit-shell +72fb60c37a54b34feff48d1658ecc341937c9fb9148dafd71e19347c6e1cd2daf4f59dfb443490b14f82f543847a56b04c877eb545dc9ee6b4af310a94e1008d aaudit-server.lua +1c9a78d1d2557353982ae5edbad7fefb2983ba06ff139352d2106dbba00f675cc50050ad5dd7a62153b8c8c8a6ec953872cb5c0289fa999656ade8f8004a3f5e aaudit +18499771d7d425f9305209c562eb8e62ef41910e88b08219baf010cdb472d49087080feb67384c4826c53bddcc0ce92c0c23c78df22dc40c64f1b17bf0ad05ec aaudit-shell aec728a9a1e4c92baeb94a9d95e1785ea166652a157571fe2e848e71c1246635ecb99512e92435e1314c620b1fa8e4f37400350bed78bd375db4a63828c500f0 aaudit-update-keys e769f0f77fe54ba1ab35efc80cc6426e34a2ee1d053ac9e7cc5aa316cfcef0c9658d2f0e2c47f7ae282bb9cc07107065fcc13034b2f9125c182378b7c73b7d99 aaudit.json -dcc099fe53603a09de225a888242ce329cdb51af3cd0a88dea23cb56d794eb2a442dcdf93b3db18158f8745d5d33de5c82d106f99b1c616fd4936512dfae75d8 aaudit-server.json" +69f8da6b6057dfb5ab0f36f8b27db3a275cd24e4d45a0e95cf4a79d955c0ebfc88861a0a50d5b6da542587cbe8feca1842c966026f0bf445edea316202d49ee5 aaudit-server.json" diff --git a/testing/aaudit/aaudit b/testing/aaudit/aaudit index a1e835272f..f17c6cc6a8 100755 --- a/testing/aaudit/aaudit +++ b/testing/aaudit/aaudit @@ -2,6 +2,7 @@ local posix = require 'posix' local json = require 'cjson' +local lpc = require 'lpc' local aac = require 'aaudit.common' local function usage() @@ -13,7 +14,7 @@ Valid options for create: -d DESC Description for repository (default: hostname) -t ADDR Specify ADDR as target device (default: local source IP) -m MSG Specify message for the initial commit - -g GRP Add in group GRP + -g GRP Add in group GRP (can be specified multiple times) Valid options for commit: -m MSG Specify message for the commit @@ -23,11 +24,14 @@ Valid options for commit: os.exit(1) end +local verbose = false local conf = aac.readconfig() or {} local req = {} -for ret, optval in posix.getopt(arg, 's:d:t:m:g:r:c:') do - if ret == 's' then +for ret, optval in posix.getopt(arg, 'vs:d:t:m:g:r:c:') do + if ret == 'v' then + verbose = true + elseif ret == 's' then conf.server = optval elseif ret == 'd' then conf.description = optval @@ -60,11 +64,48 @@ if arg[1] == "create" then or aac.readfile("/etc/ssh/ssh_host_dsa_key.pub") or aac.readfile("/etc/ssh/ssh_host_rsa_key.pub") aac.writeconfig(conf) -elseif arg[1] == "commit" then -else - usage() + arg[1] = "commit" end -local F = io.popen(("ssh -T %s@%s "):format(conf.user or "aaudit", conf.server), "w") -F:write(json.encode(req)) -F:close() +req.apkovl_follows = true + +if arg[1] ~= "commit" then usage() end + +local pid, SW, SR = lpc.run('ssh', '-T', ('%s@%s'):format(conf.user or "aaudit", conf.server)) + +SW:write(json.encode(req),'\n') +if req.apkovl_follows then + local APKOVL = io.popen("lbu package -", "rb") + while true do + local block = APKOVL:read(2^13) + if not block then break end + SW:write(block) + end + APKOVL:close() +end +SW:close() + +local reply +for line in SR:lines() do + if line:match("^{") and line:match("}$") then + reply = json.decode(line) + elseif verbose then + print(line) + end +end +SR:close() + +lpc.wait(pid) + +if reply then + if reply.ok then + io.write("OK: ",reply.msg,"\n") + else + io.write("ERROR: ",reply.msg,"\n") + end + if reply.notified then + io.write("Notified: ",reply.notified,"\n") + end +else + io.write("ERROR: No reply received from server\n") +end diff --git a/testing/aaudit/aaudit-server.json b/testing/aaudit/aaudit-server.json index b2edcef650..269e617166 100644 --- a/testing/aaudit/aaudit-server.json +++ b/testing/aaudit/aaudit-server.json @@ -13,8 +13,8 @@ "etc/chrony/chrony.drift", "etc/ld.so.cache" ], - "no_notify": [ "etc/acf/password" ], - "no_diff": [ "etc/shadow*", "*.crt","*.pem", "*.pfx" ] + "no_notify": [ "etc/acf/password", "*/.ssh/known_hosts" ], + "no_diff": [ "etc/shadow*", "etc/ssh/ssh_host_*_key", "*/.ssh/*", "*.crt","*.pem", "*.pfx" ] } } } diff --git a/testing/aaudit/aaudit-server.lua b/testing/aaudit/aaudit-server.lua index 56fed28c14..e6ed3a65e3 100644 --- a/testing/aaudit/aaudit-server.lua +++ b/testing/aaudit/aaudit-server.lua @@ -2,6 +2,7 @@ local M = {} local posix = require 'posix' local json = require 'cjson' +local zlib = require 'zlib' local aac = require 'aaudit.common' local HOME = os.getenv("HOME") @@ -73,7 +74,6 @@ local function import_tar(TAR, GIT, req, G) local branch_ref = "refs/heads/import" local from_ref = "refs/heads/master" local blocksize = 512 - local zeroblock = string.rep("\0", blocksize) local nextmark = 1 local author_time = 0 local all_files = {} @@ -85,10 +85,8 @@ local function import_tar(TAR, GIT, req, G) while true do local block = TAR:read(blocksize) - if not block then - return false, "Premature end of archive" - end - if block == zeroblock then break end + if not block then return false, "Premature end of archive" end + if not block:match("[^%z]") then break end local header, err = read_header_block(block) if not header then return false, err end @@ -217,8 +215,11 @@ local function send_email(body, req, S, R, G) to_rfc822 = table.concat(to_rfc822, ", ") to_email = table.concat(to_email, " ") - local EMAIL = io.popen(('/bin/busybox sendmail -f "%s" -S "%s" %s') - :format(req.author.email, S.smtp_server, to_email), "w") + -- Add busybox sendmail smtp server option + local options="" + if S.smtp_server then options = ('-S "%s"'):format(S.smtp_server) end + + local EMAIL = io.popen(('sendmail -f "%s" %s %s'):format(req.author.email, options, to_email), "w") EMAIL:write(([[ From: %s To: %s @@ -249,13 +250,19 @@ local function load_repo_configs(repohome) return S, R, G end -function M.repo_update(req) +function M.repo_update(req,clientstream) local repodir = req.repositorydir local S, R, G = load_repo_configs(repodir) req.author = resolve_email(S.identities, req.identity) - local TAR = io.popen(("ssh root@%s 'lbu package -' | gunzip"):format(R.address), "r") + local TAR + if req.apkovl_follows then + TAR = zlib.inflate(clientstream) + else + TAR = io.popen(("ssh -T root@%s 'lbu package -' | gunzip"):format(R.address), "r") + end + local GIT = io.popen(("git --git-dir='%s' fast-import --quiet"):format(repodir), "w") local rc, err = import_tar(TAR, GIT, req, G) GIT:close() @@ -271,11 +278,7 @@ function M.repo_update(req) if not req.initial then to = send_email(email_body, req, S, R, G) end - if to then - return true, "Committed and notified: "..to - else - return true, "Commit successful" - end + return true, "Committed", {notified=to} end os.execute(("git --git-dir='%s' branch --quiet -D import;".. @@ -306,7 +309,7 @@ function M.repo_create(req) end end -function M.handle(req) +function M.handle(req,clientstream) req.target_address = req.target_address or req.remote_ip req.repositorydir = ("%s/%s.git"):format(HOME, req.target_address) req.initial = false @@ -322,7 +325,7 @@ function M.handle(req) if not posix.access(req.repositorydir, "rwx") then return false, "No such repository" end - return M.repo_update(req) + return M.repo_update(req,clientstream) else return false,"Invalid request command" end diff --git a/testing/aaudit/aaudit-shell b/testing/aaudit/aaudit-shell index e54ac3a977..733341bae9 100755 --- a/testing/aaudit/aaudit-shell +++ b/testing/aaudit/aaudit-shell @@ -3,9 +3,13 @@ local json = require 'cjson' local aas = require 'aaudit.server' -local req = json.decode(io.read("*all")) +local req = json.decode(io.read()) req.remote_ip = (os.getenv("SSH_CLIENT") or ""):match("[^ ]+") req.identity = arg[1] -local ok, msg = aas.handle(req) -print(json.encode{ok=ok,msg=msg}) +local ok, msg, extra = aas.handle(req, io.stdin) + +local object = extra or {} +object.ok = ok +object.msg = msg +print(json.encode(object)) |