aboutsummaryrefslogtreecommitdiffstats
path: root/testing/aaudit
diff options
context:
space:
mode:
Diffstat (limited to 'testing/aaudit')
-rw-r--r--testing/aaudit/APKBUILD30
-rwxr-xr-xtesting/aaudit/aaudit59
-rw-r--r--testing/aaudit/aaudit-server.json4
-rw-r--r--testing/aaudit/aaudit-server.lua35
-rwxr-xr-xtesting/aaudit/aaudit-shell10
5 files changed, 93 insertions, 45 deletions
diff --git a/testing/aaudit/APKBUILD b/testing/aaudit/APKBUILD
index 5dcb358aca..0dc7179e09 100644
--- a/testing/aaudit/APKBUILD
+++ b/testing/aaudit/APKBUILD
@@ -1,13 +1,13 @@
# Contributor: Timo Teräs <timo.teras@iki.fi>
# Maintainer: Timo Teräs <timo.teras@iki.fi>
pkgname=aaudit
-pkgver=0.4
+pkgver=0.5
pkgrel=0
pkgdesc="Alpine Auditor"
url="http://alpinelinux.org"
arch="noarch"
license="GPL"
-depends="lua5.2 lua5.2-posix lua5.2-cjson"
+depends="lua5.2 lua5.2-posix lua5.2-cjson lua5.2-pc"
makedepends=""
install=""
subpackages="$pkgname-server"
@@ -36,7 +36,7 @@ package() {
}
server() {
- depends="aaudit git lua5.2 lua5.2-posix lua5.2-cjson"
+ depends="aaudit git lua5.2 lua5.2-posix lua5.2-cjson lua5.2-zlib"
mkdir -p "$subpkgdir"/etc/aaudit \
"$subpkgdir"/usr/libexec/aaudit \
@@ -49,23 +49,23 @@ server() {
}
md5sums="b81b0707b297a69dacbc1606324de029 aaudit-common.lua
-4ad8c883f09133a1b9357f7ac156040c aaudit-server.lua
-b24162b7fa31161eab71485b1077f8ea aaudit
-07c54e8cb44f195456be7a18b15a0be1 aaudit-shell
+2dfb114024f0f7aa46400a6c81d1d9cc aaudit-server.lua
+9b48cc51f9f16989af4290107b2b866d aaudit
+f5de73f12b6df1a751c89f19c92871be aaudit-shell
feef077f56f40002ca11846512d347af aaudit-update-keys
e14ded329626ca1d6dd48e5bef0bc7e2 aaudit.json
-dc9a54c08ea299ad268301266f3da989 aaudit-server.json"
+f2c15c547701ec71aa4d0c1d0f7b70b1 aaudit-server.json"
sha256sums="ee1998e730356c2de0ff9d5e27d9e0277e3c1f051777146b7c5b820437edfd7f aaudit-common.lua
-3a9384089b0cb73c151b67eaedd66a244b48c0c2a86f5fe0ccadda6e0cbe8863 aaudit-server.lua
-198b92b5a0eb8e13c3fad87f3afffda1e749243c785e72b54db190413a513595 aaudit
-a99ab6908d780f07b756f5d2416924250b61e88c92ea0aa91af88a05dfc9edff aaudit-shell
+55f70bb0eb60b33580a6f68f57f0a8b52fef4f2bf4c4851af7a9b96c60f4841a aaudit-server.lua
+160a4e2893dfb264a7844d911d7c2781dda4624f2357f3e7950338f8d2ca9c2a aaudit
+659c755cfca95a76da78f4d28d0ab9a32d55bea0077be7420ceaf9d45c518354 aaudit-shell
660dcf86f02a9d0e3ff47cb359e0291a0921d03215e368552a2878d2d691a9cc aaudit-update-keys
f61efebc04756c8bfb7cb955b7af5db6a3c5dabdd005f690db812c7e77567cf5 aaudit.json
-878fa7c12ddd28d679703cdf7ab31f69473609d16da9604545f78132cc59d562 aaudit-server.json"
+d477ca7714ff43818f8deef3f60d69d118ea899c57b6109cdf4c6c22009cc07c aaudit-server.json"
sha512sums="aaa378fd710d17cb3663954648e97dd5128406cc6f37e9834075046aed1912dcc9e448b6c96502350b8d3496e00b7803cae671a4be2c12c584a84dc0b6e843e9 aaudit-common.lua
-fa74091c9f8f2614f68d828560734b92f16b592b40e9552464ef84dc54f2600f7df91e9ba6159c3a91d54f8d4160078ac022e585633a87edc0cbc6e280a29be9 aaudit-server.lua
-b15515979003382527842cf3fd0c150fb1ff96009518e7cd71c42ab0cf091cee000384d2b8b71c6cc8c4c93ee64cb70bef726d98b3e2b87fff9db7afbc83dc57 aaudit
-974a4e733a61c07719ae75bc1ffc39f01d5adf7bc7f813aa358201bd18711eafeaa42705d9b8d4a869cdb27687091c8998b7eafd1d10a778a429d0efa787bda0 aaudit-shell
+72fb60c37a54b34feff48d1658ecc341937c9fb9148dafd71e19347c6e1cd2daf4f59dfb443490b14f82f543847a56b04c877eb545dc9ee6b4af310a94e1008d aaudit-server.lua
+1c9a78d1d2557353982ae5edbad7fefb2983ba06ff139352d2106dbba00f675cc50050ad5dd7a62153b8c8c8a6ec953872cb5c0289fa999656ade8f8004a3f5e aaudit
+18499771d7d425f9305209c562eb8e62ef41910e88b08219baf010cdb472d49087080feb67384c4826c53bddcc0ce92c0c23c78df22dc40c64f1b17bf0ad05ec aaudit-shell
aec728a9a1e4c92baeb94a9d95e1785ea166652a157571fe2e848e71c1246635ecb99512e92435e1314c620b1fa8e4f37400350bed78bd375db4a63828c500f0 aaudit-update-keys
e769f0f77fe54ba1ab35efc80cc6426e34a2ee1d053ac9e7cc5aa316cfcef0c9658d2f0e2c47f7ae282bb9cc07107065fcc13034b2f9125c182378b7c73b7d99 aaudit.json
-dcc099fe53603a09de225a888242ce329cdb51af3cd0a88dea23cb56d794eb2a442dcdf93b3db18158f8745d5d33de5c82d106f99b1c616fd4936512dfae75d8 aaudit-server.json"
+69f8da6b6057dfb5ab0f36f8b27db3a275cd24e4d45a0e95cf4a79d955c0ebfc88861a0a50d5b6da542587cbe8feca1842c966026f0bf445edea316202d49ee5 aaudit-server.json"
diff --git a/testing/aaudit/aaudit b/testing/aaudit/aaudit
index a1e835272f..f17c6cc6a8 100755
--- a/testing/aaudit/aaudit
+++ b/testing/aaudit/aaudit
@@ -2,6 +2,7 @@
local posix = require 'posix'
local json = require 'cjson'
+local lpc = require 'lpc'
local aac = require 'aaudit.common'
local function usage()
@@ -13,7 +14,7 @@ Valid options for create:
-d DESC Description for repository (default: hostname)
-t ADDR Specify ADDR as target device (default: local source IP)
-m MSG Specify message for the initial commit
- -g GRP Add in group GRP
+ -g GRP Add in group GRP (can be specified multiple times)
Valid options for commit:
-m MSG Specify message for the commit
@@ -23,11 +24,14 @@ Valid options for commit:
os.exit(1)
end
+local verbose = false
local conf = aac.readconfig() or {}
local req = {}
-for ret, optval in posix.getopt(arg, 's:d:t:m:g:r:c:') do
- if ret == 's' then
+for ret, optval in posix.getopt(arg, 'vs:d:t:m:g:r:c:') do
+ if ret == 'v' then
+ verbose = true
+ elseif ret == 's' then
conf.server = optval
elseif ret == 'd' then
conf.description = optval
@@ -60,11 +64,48 @@ if arg[1] == "create" then
or aac.readfile("/etc/ssh/ssh_host_dsa_key.pub")
or aac.readfile("/etc/ssh/ssh_host_rsa_key.pub")
aac.writeconfig(conf)
-elseif arg[1] == "commit" then
-else
- usage()
+ arg[1] = "commit"
end
-local F = io.popen(("ssh -T %s@%s "):format(conf.user or "aaudit", conf.server), "w")
-F:write(json.encode(req))
-F:close()
+req.apkovl_follows = true
+
+if arg[1] ~= "commit" then usage() end
+
+local pid, SW, SR = lpc.run('ssh', '-T', ('%s@%s'):format(conf.user or "aaudit", conf.server))
+
+SW:write(json.encode(req),'\n')
+if req.apkovl_follows then
+ local APKOVL = io.popen("lbu package -", "rb")
+ while true do
+ local block = APKOVL:read(2^13)
+ if not block then break end
+ SW:write(block)
+ end
+ APKOVL:close()
+end
+SW:close()
+
+local reply
+for line in SR:lines() do
+ if line:match("^{") and line:match("}$") then
+ reply = json.decode(line)
+ elseif verbose then
+ print(line)
+ end
+end
+SR:close()
+
+lpc.wait(pid)
+
+if reply then
+ if reply.ok then
+ io.write("OK: ",reply.msg,"\n")
+ else
+ io.write("ERROR: ",reply.msg,"\n")
+ end
+ if reply.notified then
+ io.write("Notified: ",reply.notified,"\n")
+ end
+else
+ io.write("ERROR: No reply received from server\n")
+end
diff --git a/testing/aaudit/aaudit-server.json b/testing/aaudit/aaudit-server.json
index b2edcef650..269e617166 100644
--- a/testing/aaudit/aaudit-server.json
+++ b/testing/aaudit/aaudit-server.json
@@ -13,8 +13,8 @@
"etc/chrony/chrony.drift",
"etc/ld.so.cache"
],
- "no_notify": [ "etc/acf/password" ],
- "no_diff": [ "etc/shadow*", "*.crt","*.pem", "*.pfx" ]
+ "no_notify": [ "etc/acf/password", "*/.ssh/known_hosts" ],
+ "no_diff": [ "etc/shadow*", "etc/ssh/ssh_host_*_key", "*/.ssh/*", "*.crt","*.pem", "*.pfx" ]
}
}
}
diff --git a/testing/aaudit/aaudit-server.lua b/testing/aaudit/aaudit-server.lua
index 56fed28c14..e6ed3a65e3 100644
--- a/testing/aaudit/aaudit-server.lua
+++ b/testing/aaudit/aaudit-server.lua
@@ -2,6 +2,7 @@ local M = {}
local posix = require 'posix'
local json = require 'cjson'
+local zlib = require 'zlib'
local aac = require 'aaudit.common'
local HOME = os.getenv("HOME")
@@ -73,7 +74,6 @@ local function import_tar(TAR, GIT, req, G)
local branch_ref = "refs/heads/import"
local from_ref = "refs/heads/master"
local blocksize = 512
- local zeroblock = string.rep("\0", blocksize)
local nextmark = 1
local author_time = 0
local all_files = {}
@@ -85,10 +85,8 @@ local function import_tar(TAR, GIT, req, G)
while true do
local block = TAR:read(blocksize)
- if not block then
- return false, "Premature end of archive"
- end
- if block == zeroblock then break end
+ if not block then return false, "Premature end of archive" end
+ if not block:match("[^%z]") then break end
local header, err = read_header_block(block)
if not header then return false, err end
@@ -217,8 +215,11 @@ local function send_email(body, req, S, R, G)
to_rfc822 = table.concat(to_rfc822, ", ")
to_email = table.concat(to_email, " ")
- local EMAIL = io.popen(('/bin/busybox sendmail -f "%s" -S "%s" %s')
- :format(req.author.email, S.smtp_server, to_email), "w")
+ -- Add busybox sendmail smtp server option
+ local options=""
+ if S.smtp_server then options = ('-S "%s"'):format(S.smtp_server) end
+
+ local EMAIL = io.popen(('sendmail -f "%s" %s %s'):format(req.author.email, options, to_email), "w")
EMAIL:write(([[
From: %s
To: %s
@@ -249,13 +250,19 @@ local function load_repo_configs(repohome)
return S, R, G
end
-function M.repo_update(req)
+function M.repo_update(req,clientstream)
local repodir = req.repositorydir
local S, R, G = load_repo_configs(repodir)
req.author = resolve_email(S.identities, req.identity)
- local TAR = io.popen(("ssh root@%s 'lbu package -' | gunzip"):format(R.address), "r")
+ local TAR
+ if req.apkovl_follows then
+ TAR = zlib.inflate(clientstream)
+ else
+ TAR = io.popen(("ssh -T root@%s 'lbu package -' | gunzip"):format(R.address), "r")
+ end
+
local GIT = io.popen(("git --git-dir='%s' fast-import --quiet"):format(repodir), "w")
local rc, err = import_tar(TAR, GIT, req, G)
GIT:close()
@@ -271,11 +278,7 @@ function M.repo_update(req)
if not req.initial then
to = send_email(email_body, req, S, R, G)
end
- if to then
- return true, "Committed and notified: "..to
- else
- return true, "Commit successful"
- end
+ return true, "Committed", {notified=to}
end
os.execute(("git --git-dir='%s' branch --quiet -D import;"..
@@ -306,7 +309,7 @@ function M.repo_create(req)
end
end
-function M.handle(req)
+function M.handle(req,clientstream)
req.target_address = req.target_address or req.remote_ip
req.repositorydir = ("%s/%s.git"):format(HOME, req.target_address)
req.initial = false
@@ -322,7 +325,7 @@ function M.handle(req)
if not posix.access(req.repositorydir, "rwx") then
return false, "No such repository"
end
- return M.repo_update(req)
+ return M.repo_update(req,clientstream)
else
return false,"Invalid request command"
end
diff --git a/testing/aaudit/aaudit-shell b/testing/aaudit/aaudit-shell
index e54ac3a977..733341bae9 100755
--- a/testing/aaudit/aaudit-shell
+++ b/testing/aaudit/aaudit-shell
@@ -3,9 +3,13 @@
local json = require 'cjson'
local aas = require 'aaudit.server'
-local req = json.decode(io.read("*all"))
+local req = json.decode(io.read())
req.remote_ip = (os.getenv("SSH_CLIENT") or ""):match("[^ ]+")
req.identity = arg[1]
-local ok, msg = aas.handle(req)
-print(json.encode{ok=ok,msg=msg})
+local ok, msg, extra = aas.handle(req, io.stdin)
+
+local object = extra or {}
+object.ok = ok
+object.msg = msg
+print(json.encode(object))