X-Git-Url: https://ruderich.org/simon/gitweb/?a=blobdiff_plain;f=rpc%2Fdial.go;h=caa34b098fe933ca9fba22d7f0ea35aadb05d33a;hb=35e775270d3df86a5801c4905e98e562d2dd5ec6;hp=680cb87df39ae0c999ce789d5d53bb168ed64b80;hpb=304a68c565d58ae52dd39cf6e2d6ef52cada7d19;p=safcm%2Fsafcm.git diff --git a/rpc/dial.go b/rpc/dial.go index 680cb87..caa34b0 100644 --- a/rpc/dial.go +++ b/rpc/dial.go @@ -32,7 +32,7 @@ import ( "ruderich.org/simon/safcm/remote" ) -func (c *Conn) DialSSH(user, host string) error { +func (c *Conn) DialSSH(user, host, sshConfig string) error { if c.events == nil { return fmt.Errorf("cannot reuse Conn") } @@ -48,8 +48,14 @@ func (c *Conn) DialSSH(user, host string) error { // Help debugging by showing executed shell commands opts += "x" } - c.cmd = exec.Command("ssh", remote, "/bin/sh", opts) - c.remote = remote + + c.sshRemote = remote + if sshConfig != "" { + c.sshOpts = []string{"-F", sshConfig} + } + c.cmd = exec.Command("ssh", + append(append([]string{}, c.sshOpts...), + c.sshRemote, "/bin/sh", opts)...) stdin, err := c.cmd.StdinPipe() if err != nil { @@ -112,6 +118,17 @@ compat_stat() { compat_sha512sum() { sha512sum "$1" } +` + case "freebsd", "openbsd": + compat = ` +dir_stat='41777 0 0' +file_stat="100700 $(id -u) $(id -g)" +compat_stat() { + stat -f '%p %u %g' "$1" +} +compat_sha512sum() { + sha512 -q "$1" +} ` default: return fmt.Errorf("internal error: no support for %q", goos) @@ -124,13 +141,13 @@ compat_sha512sum() { // // The target directory must no permit other users to delete our files // or symlink attacks and arbitrary code execution is possible. For - // /tmp this is guaranteed by the sticky bit. Make sure it has the - // proper permissions. + // /tmp this is guaranteed by the sticky bit. The code verifies the + // directory has the proper permissions. // // We cannot use `test -f && test -O` because this is open to TOCTOU // attacks. `stat` gives use the full file state. If the file is owned - // by us and not a symlink then it's safe to use (assuming sticky or - // directory not writable by others). + // by us and not a symlink then it's safe to use (assuming sticky + // directory or directory not writable by others). // // `test -e` is only used to prevent error messages if the file // doesn't exist. It does not guard against any races. @@ -160,7 +177,6 @@ f() { tmp="$(mktemp "$x.XXXXXX")" # Report filename for upload echo "$tmp" - # Wait for upload to complete read unused @@ -170,6 +186,8 @@ f() { rm "$tmp" # Make file executable chmod 0700 "$x" + # Some BSD create files with group wheel in /tmp + chgrp "$(id -g)" "$x" fi exec "$x" sync @@ -238,12 +256,14 @@ f path = strings.TrimSuffix(path, "\n") c.debugf("DialSSH: uploading new remote to %q at %q", - c.remote, path) + c.sshRemote, path) - cmd := exec.Command("ssh", c.remote, - fmt.Sprintf("cat > %q", path)) + cmd := exec.Command("ssh", + append(append([]string{}, c.sshOpts...), + c.sshRemote, + fmt.Sprintf("cat > %q", path))...) cmd.Stdin = bytes.NewReader(helper) - err = c.handleStderrAsEvents(cmd) + err = c.handleStderrAsEvents(cmd) // cmd.Stderr if err != nil { return err } @@ -263,7 +283,7 @@ f } func connGetGoos(stdin io.Writer, stdout *bufio.Reader) (string, error) { - _, err := fmt.Fprintln(stdin, "uname -o") + _, err := fmt.Fprintln(stdin, "uname") if err != nil { return "", err } @@ -276,10 +296,14 @@ func connGetGoos(stdin io.Writer, stdout *bufio.Reader) (string, error) { // NOTE: Adapt helper uploading in dialSSH() when adding new systems var goos string switch x { - case "GNU/Linux": + case "Linux": goos = "linux" + case "FreeBSD": + goos = "freebsd" + case "OpenBSD": + goos = "openbsd" default: - return "", fmt.Errorf("unsupported OS %q (`uname -o`)", x) + return "", fmt.Errorf("unsupported OS %q (`uname`)", x) } return goos, nil } @@ -298,7 +322,7 @@ func connGetGoarch(stdin io.Writer, stdout *bufio.Reader) (string, error) { // NOTE: Adapt cmd/safcm-remote/build.sh when adding new architectures var goarch string switch x { - case "x86_64": + case "x86_64", "amd64": goarch = "amd64" case "armv7l": goarch = "armv7l"