From a780df5422905be20a24f3574089567d714043e8 Mon Sep 17 00:00:00 2001 From: Clemens Schwaighofer Date: Thu, 11 Sep 2025 15:56:06 +0900 Subject: [PATCH 1/3] SSH Config creation script, readme update --- ReadMe.md | 12 +++++++- src/bin/create_ssh_config.sh | 56 ++++++++++++++++++++++++++++++++++++ src/bin/new_clone.sh | 11 +++++-- 3 files changed, 76 insertions(+), 3 deletions(-) create mode 100644 src/bin/create_ssh_config.sh diff --git a/ReadMe.md b/ReadMe.md index 4b5a204..140a119 100644 --- a/ReadMe.md +++ b/ReadMe.md @@ -8,6 +8,8 @@ the clone base for one campaign and a simple crontab script to pull data from th - base_setup.sh: setup for the folder structure, users, etc - new_clone.sh: Basic clone script - git_sync.sh: The script to run in crontab, to sync the changes +- switch_branch.sh: Switch from one branch to the other +- create_ssh_config.sh: setup ssh key and ssh config entry ## Run commands @@ -30,6 +32,14 @@ as is, if the folder exists it will only copy the scripts, will not alter or cha Planned to get auto fixes for wrong ACL, etc or missing config settings +### SSH Key generation + +A SSH Key has to be generated for each git respository that will be synced and the configuration has to be added to the ssh config file + +```sh +create_ssh_config.sh [SSH Key name] [repo url full] ([jump proxy]) +``` + ### new_clone.sh Create a new clone @@ -38,7 +48,7 @@ Create a new clone new_clone.sh [repository] [branch] ([host]) ([remote name]) ``` -The [host] is the SSH Host name entry, this sill repalce any "[host]:" in the [repository]. If the [host] is not set the host set in the [repository] will be used. If nothing found the script will abort +The [host] is the SSH Host name entry, this will replace any "[host]:" in the [repository]. If the [host] is not set the host set in the [repository] will be used. If nothing found the script will abort A [branch] name must be set all the time. diff --git a/src/bin/create_ssh_config.sh b/src/bin/create_ssh_config.sh new file mode 100644 index 0000000..c124e52 --- /dev/null +++ b/src/bin/create_ssh_config.sh @@ -0,0 +1,56 @@ +#!/usr/bin/env bash + +# [SSH Key name] [repo url] ([Jump Proxy]) + +# ssh-keygen -t ed25519 -N "" -C "${repo_url}" -f "${ssh_key_name}" + +# CONFIG +# Host +# Hostname +# User git +# IdentityFile ~/.ssh/ +# [ProxyJump ] + +SSH_KEY_NAME="$1"; +REPOSITORY="$2"; +JUMP_PROXY="$3"; +# below are only to skip error +BRANCH="-" + +BASE_FOLDER=$(dirname "$(readlink -f "$0")")"/"; +# shellcheck source=init.sh +. "${BASE_FOLDER}init.sh"; + +SSH_CONFIG_BASE="${GIT_WEBHOOK_BASE_FOLDER}.ssh/config/"; +if [ -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}.pem" ]; then + echo "SSH Key: ${SSH_KEY_NAME} already exists"; + error=1 +fi; +if [[ "${REPOSITORY}" == *":"* ]]; then + REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1); +else + echo "[!] Must set a remote host for the repository"; + error=1; +fi; +# if we have an ":" in the repository, split by it and replace it with the remote host +if [[ "${REPOSITORY}" == *":"* ]]; then + REPOSITORY=$(echo "${REPOSITORY}" | cut -d ":" -f 2); +fi; +GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git); + +if ! grep "Host ${GIT_REPOSITORY_NAME}" "${SSH_CONFIG_BASE}config"; then + echo "[!] ssh config for ${GIT_REPOSITORY_NAME} already exists"; + error=1 +fi; +if [ $error -eq 1 ]; then + exit; +fi; + +# SUDO_COMMAND= as base +# ssh-keygen -t ed25519 -N "" -C "${GIT_REPOSITORY_NAME}" -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}" +# must add ".pem" if key name does not end in .pem +# SSH_COMMAND=("${SUDO_COMMAND[@]}" "ssh-keygen" "-t" "ed25519" "-N" "" "-C" "${GIT_REPOSITORY_NAME}" "-f" "${SSH_CONFIG_BASE}${SSH_KEY_NAME}") + + + +# __END__ diff --git a/src/bin/new_clone.sh b/src/bin/new_clone.sh index d6de21f..288154c 100755 --- a/src/bin/new_clone.sh +++ b/src/bin/new_clone.sh @@ -4,10 +4,13 @@ # DATE: 2025/6/27 # DESC: create a new basic clone +# COMMAND: new_clone.sh [] [] [] + REPOSITORY="$1"; BRANCH="$2"; REMOTE_HOST="$3"; -REMOTE_NAME="$4"; +REPOSITORY_FOLDER="$4" +REMOTE_NAME="$5"; if [ -z "${REMOTE_NAME}" ]; then REMOTE_NAME="origin" fi; @@ -61,7 +64,11 @@ fi; unique_id=$(uuidgen | tr -d '-' | head -c 8); # strip .git from the repository path -GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git); +if [ -z "${REPOSITORY_FOLDER}" ]; then + GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git); +else + GIT_REPOSITORY_NAME="${REPOSITORY_FOLDER}"; +fi; # log folder target LOG_FILE="${GIT_WEBHOOK_BASE_FOLDER}${LOG_FOLDER}${GIT_REPOSITORY_NAME}.log"; # from the repository get the last path without the .git so we have the target folder From 56d6fd8e63d63c1b95ffd5b8da21110dc5ef7105 Mon Sep 17 00:00:00 2001 From: Clemens Schwaighofer Date: Thu, 11 Sep 2025 15:58:27 +0900 Subject: [PATCH 2/3] Rename ReadMe.md to README.md --- ReadMe.md => README.md | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename ReadMe.md => README.md (100%) diff --git a/ReadMe.md b/README.md similarity index 100% rename from ReadMe.md rename to README.md From 5251fbf140134a8f7e7b644d6a42142a068babc7 Mon Sep 17 00:00:00 2001 From: Clemens Schwaighofer Date: Thu, 11 Sep 2025 17:52:53 +0900 Subject: [PATCH 3/3] Create basic SSH config and key generataion, other minor updates Basis ssh host config and ssh keygen script, does not hard create, but prints out commads Fix sudo set check in init.sh file Repository name to ssh config host name fix in the new clone script. Change was done to match ssh config create file --- src/bin/create_ssh_config.sh | 50 +++++++++++++++++++++++++++--------- src/bin/init.sh | 2 +- src/bin/new_clone.sh | 18 ++++++------- 3 files changed, 48 insertions(+), 22 deletions(-) mode change 100644 => 100755 src/bin/create_ssh_config.sh diff --git a/src/bin/create_ssh_config.sh b/src/bin/create_ssh_config.sh old mode 100644 new mode 100755 index c124e52..ef9b651 --- a/src/bin/create_ssh_config.sh +++ b/src/bin/create_ssh_config.sh @@ -11,9 +11,8 @@ # IdentityFile ~/.ssh/ # [ProxyJump ] -SSH_KEY_NAME="$1"; -REPOSITORY="$2"; -JUMP_PROXY="$3"; +REPOSITORY="$1"; +JUMP_PROXY="$2"; # below are only to skip error BRANCH="-" @@ -21,15 +20,17 @@ BASE_FOLDER=$(dirname "$(readlink -f "$0")")"/"; # shellcheck source=init.sh . "${BASE_FOLDER}init.sh"; -SSH_CONFIG_BASE="${GIT_WEBHOOK_BASE_FOLDER}.ssh/config/"; -if [ -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}.pem" ]; then - echo "SSH Key: ${SSH_KEY_NAME} already exists"; - error=1 +# base folder for ssh config +SSH_CONFIG_BASE="${GIT_WEBHOOK_BASE_FOLDER}.ssh/"; +if [ ! -f "${SSH_CONFIG_BASE}config" ]; then + echo "[!] SSH config file does not exist: ${SSH_CONFIG_BASE}"; + error=1; fi; + if [[ "${REPOSITORY}" == *":"* ]]; then REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1); else - echo "[!] Must set a remote host for the repository"; + echo "[!] Must set a full repository path with remote host for the repository"; error=1; fi; # if we have an ":" in the repository, split by it and replace it with the remote host @@ -38,8 +39,17 @@ if [[ "${REPOSITORY}" == *":"* ]]; then fi; GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git); -if ! grep "Host ${GIT_REPOSITORY_NAME}" "${SSH_CONFIG_BASE}config"; then - echo "[!] ssh config for ${GIT_REPOSITORY_NAME} already exists"; +if [ -f "${SSH_CONFIG_BASE}${GIT_REPOSITORY_NAME}.pem" ]; then + echo "SSH Key: ${SSH_KEY_NAME} already exists"; + error=1 +fi; + +if + [ -f "${SSH_CONFIG_BASE}config" ] && + [ -n "${GIT_REPOSITORY_NAME}" ] && + grep "Host ${GIT_REPOSITORY_NAME}" "${SSH_CONFIG_BASE}config"; +then + echo "[!] ssh config entry for Host '${GIT_REPOSITORY_NAME}' already exists"; error=1 fi; if [ $error -eq 1 ]; then @@ -49,8 +59,24 @@ fi; # SUDO_COMMAND= as base # ssh-keygen -t ed25519 -N "" -C "${GIT_REPOSITORY_NAME}" -f "${SSH_CONFIG_BASE}${SSH_KEY_NAME}" # must add ".pem" if key name does not end in .pem -# SSH_COMMAND=("${SUDO_COMMAND[@]}" "ssh-keygen" "-t" "ed25519" "-N" "" "-C" "${GIT_REPOSITORY_NAME}" "-f" "${SSH_CONFIG_BASE}${SSH_KEY_NAME}") - +SSH_COMMAND=("${SUDO_COMMAND[@]}" "ssh-keygen" "-t" "ed25519" "-N" "" "-C" "${GIT_REPOSITORY_NAME}" "-f" "${SSH_CONFIG_BASE}${GIT_REPOSITORY_NAME}.pem") +# debug output for now +echo ""; +echo "* SSH-KEYGEN:" +echo ""; +echo "${SSH_COMMAND[*]}"; +echo ""; +echo "* ADD TO: ${SSH_CONFIG_BASE}config"; +echo ""; +echo "Host ${GIT_REPOSITORY_NAME}": +echo " Hostname ${REMOTE_HOST}"; +echo " User git"; +echo " PreferredAuthentications publickey"; +echo " IdentityFile ~/.ssh/${GIT_REPOSITORY_NAME}.pem"; +if [ -n "${JUMP_PROXY}" ]; then + echo " ProxyJump ${JUMP_PROXY}"; +fi; +echo ""; # __END__ diff --git a/src/bin/init.sh b/src/bin/init.sh index 606fd2a..1f7f9b1 100644 --- a/src/bin/init.sh +++ b/src/bin/init.sh @@ -23,7 +23,7 @@ if [ -z "$(command -v git)" ]; then fi; GIT_COMMAND_BASE=("git"); SUDO_COMMAND=() -if [ -n "${USE_SUDO}" ]; then +if [ "${USE_SUDO}" == 1 ]; then # if we are root -> ok, else we must be SUDO USER if [ "$(whoami)" = "root" ]; then SUDO_COMMAND=("sudo" "-u" "${SUDO_USER}"); diff --git a/src/bin/new_clone.sh b/src/bin/new_clone.sh index 288154c..9d92f82 100755 --- a/src/bin/new_clone.sh +++ b/src/bin/new_clone.sh @@ -27,7 +27,7 @@ if [ -z "${REMOTE_HOST}" ]; then if [[ "${REPOSITORY}" == *":"* ]]; then REMOTE_HOST=$(echo "${REPOSITORY}" | cut -d ":" -f 1); else - echo "[!] Must set a remote host for the repository"; + echo "[!] Must set a repository path with remote host for the repository"; error=1; fi; fi; @@ -35,14 +35,20 @@ fi; if [[ "${REPOSITORY}" == *":"* ]]; then REPOSITORY=$(echo "${REPOSITORY}" | cut -d ":" -f 2); fi; +# strip .git from the repository path, this is folder and ssh key Host name +if [ -z "${REPOSITORY_FOLDER}" ]; then + GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git); +else + GIT_REPOSITORY_NAME="${REPOSITORY_FOLDER}"; +fi; if [ $error -eq 1 ]; then exit; fi; error=0 echo "* Validate SSH PEM Key exist and SSH config"; -if ! grep "Host ${REMOTE_HOST}" "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config; then - echo "ssh config entry for Host ${REMOTE_HOST} is missing"; +if ! grep "Host ${GIT_REPOSITORY_NAME}" "${GIT_WEBHOOK_BASE_FOLDER}"/.ssh/config; then + echo "[!] ssh config entry for Host ${GIT_REPOSITORY_NAME} is missing"; error=1; else # make sure the identiy file is there @@ -63,12 +69,6 @@ fi; unique_id=$(uuidgen | tr -d '-' | head -c 8); -# strip .git from the repository path -if [ -z "${REPOSITORY_FOLDER}" ]; then - GIT_REPOSITORY_NAME=$(basename "${REPOSITORY}" .git); -else - GIT_REPOSITORY_NAME="${REPOSITORY_FOLDER}"; -fi; # log folder target LOG_FILE="${GIT_WEBHOOK_BASE_FOLDER}${LOG_FOLDER}${GIT_REPOSITORY_NAME}.log"; # from the repository get the last path without the .git so we have the target folder