From c272fb8c8baecf1caadfb270917f592c4c19b988 Mon Sep 17 00:00:00 2001 From: Andrew Cady Date: Thu, 1 Jun 2023 18:41:08 -0400 Subject: Access to directory named with public key hash Inside a directory whose name is the user's public key hash, any fossil repository is directly accessible to the user (without a .fossil-remotes/ intermediary). --- src/endofossil | 31 +++++++++++++++++++++---------- 1 file changed, 21 insertions(+), 10 deletions(-) diff --git a/src/endofossil b/src/endofossil index 3925d89..74801aa 100644 --- a/src/endofossil +++ b/src/endofossil @@ -60,23 +60,34 @@ done < <(ssh-keygen -f <(printf '%s\n' "$keytype $keyvalue") -r .) upstreamDatabaseDir=${upstreamDatabase%/*} readWriteDbName=${upstreamDatabase#${upstreamDatabaseDir}/} -readWriteDir=$upstreamDatabaseDir/.fossil-remotes/$keyhash as_user() { setpriv --reuid="$uid" --regid="$gid" --clear-groups --inh-caps=-all "$@" } -if ! [ -d "$readWriteDir" ] -then - make_parents= - if [[ $readWriteDir == $home/* ]] + +setup_fossil_remotes() +{ + if ! [ -d "$readWriteDir" ] then - [ -d "$upstreamDatabaseDir" ] - make_parents=-p + make_parents= + if [[ $readWriteDir == $home/* ]] + then + [ -d "$upstreamDatabaseDir" ] + make_parents=-p + fi + as_user mkdir $make_parents "$readWriteDir" fi - as_user mkdir $make_parents "$readWriteDir" -fi -as_user cp -n --reflink -- "$upstreamDatabase" "$readWriteDir"/"$readWriteDbName" + as_user cp -n --reflink -- "$upstreamDatabase" "$readWriteDir"/"$readWriteDbName" +} + +case "$upstreamDatabaseDir" in + */"$keyhash" ) readWriteDir=$upstreamDatabaseDir ;; + * ) + readWriteDir=$upstreamDatabaseDir/.fossil-remotes/$keyhash + setup_fossil_remotes + ;; +esac exec systemd-run -P \ --property=User="$username" \ -- cgit v1.2.3