LILiK
/
openwrt-packages-dist
5
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
25131 Commits
1 Branch
46 MiB
Tree: 57c034577c
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '57c034577c'
${ noResults }
openwrt-packages-dist/net/gitolite/patches/0100-avoid-ssh-keygen.patch

130 lines
4.6 KiB
Raw Normal View History

gitolite: Drop openssh dependency Current dropbear is sufficient for gitolite purposes, so don't require openssh (we don't do a dependency on either dropbear or openssh as they are not yet drop-in replacements in terms of packaging for the functions shared between them). To achieve tihs we also eliminate the dependency on ssh-keygen. Previously gitolite used ssh-keygen to generate fingerprints from OpenSSH keys to ensure non-duplication of keys when processing them to create / manage user ssh access to the git repositories. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
6 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
4 years ago
gitolite: Drop openssh dependency Current dropbear is sufficient for gitolite purposes, so don't require openssh (we don't do a dependency on either dropbear or openssh as they are not yet drop-in replacements in terms of packaging for the functions shared between them). To achieve tihs we also eliminate the dependency on ssh-keygen. Previously gitolite used ssh-keygen to generate fingerprints from OpenSSH keys to ensure non-duplication of keys when processing them to create / manage user ssh access to the git repositories. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
6 years ago
treewide: Run refresh on all packages The crude loop I wrote to come up with this changeset: find -L package/feeds/packages/ -name patches | \ sed 's/patches$/refresh/' | sort | xargs make Signed-off-by: Ilya Lipnitskiy <ilya.lipnitskiy@gmail.com>
4 years ago
gitolite: Drop openssh dependency Current dropbear is sufficient for gitolite purposes, so don't require openssh (we don't do a dependency on either dropbear or openssh as they are not yet drop-in replacements in terms of packaging for the functions shared between them). To achieve tihs we also eliminate the dependency on ssh-keygen. Previously gitolite used ssh-keygen to generate fingerprints from OpenSSH keys to ensure non-duplication of keys when processing them to create / manage user ssh access to the git repositories. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
6 years ago
 
  1. Author: Daniel F. Dickinson <cshored@thecshore.com>
  2. Date:   Sun Jan 27 01:04:25 2019 -0500
  3. 

  4. gitolite: Eliminate the need for ssh-keygen dependency
  5. 

  6.   Previously gitolite used ssh-keygen to generate fingerprints
  7.   from OpenSSH keys to ensure non-duplication of keys when
  8.   processing them to create / manage user ssh access to the
  9.   git repositories.  This ends up depending on openssl,
  10.   which is large and unnecessary when we are running on an
  11.   embedded distro such as OpenWrt.
  12. 

  13. Signed-off-by: Daniel F. Dickinson <cshored@thecshore.com>
  14. --- a/src/lib/Gitolite/Common.pm

  15. +++ b/src/lib/Gitolite/Common.pm

  16. @@ -26,6 +26,8 @@ package Gitolite::Common;

  17.  use Exporter 'import';
  18.  use File::Path qw(mkpath);
  19.  use File::Temp qw(tempfile);
  20. +use MIME::Base64 qw(decode_base64);

  21. +use Digest::SHA qw(sha256_base64);

  22.  use Carp qw(carp cluck croak confess);
  23.  
  24.  use strict;
  25. @@ -352,43 +354,82 @@ sub logger_plus_stderr {

  26.  }
  27.  
  28.  # ----------------------------------------------------------------------
  29. +# Decode OpenSSH key

  30. +# If the key cannot be parsed it will be undef

  31. +# Returns (algorithm_name, algo_data1, algo_data2, ...)

  32. +sub ssh_decode_key($) {

  33. +    my $key = shift;

  34. +    my $keydata = decode_base64($key);

  35. +    my @keyparts = ();

  36. +    my $partlen;

  37. +    my $algorithm;

  38. +    my $data;

  39. +    my $pos = 0;

  40. +    $partlen = unpack('N',  substr $keydata, $pos, 4) or return undef;

  41. +    $algorithm = substr $keydata, $pos + 4, $partlen or return undef;

  42. +    $pos = $pos + 4 + $partlen;

  43. +    while ( $pos <= length($keydata) ) {

  44. +        $partlen = unpack('N',  substr $keydata, $pos, 4) or last;

  45. +        $data = unpack('s>*',  substr $keydata, $pos + 4, 4) or last;

  46. +	$pos = $pos + 4 + $partlen;

  47. +        push @keyparts, $data;

  48. +    }

  49. +    return ( $algorithm, @keyparts );

  50. +}

  51. +

  52. +# ----------------------------------------------------------------------

  53. +# Parse OpenSSH line

  54. +# If the file cannot be parsed it will be undef

  55. +# Returns (restrictions, algorithm, PEMkey, comment)

  56. +sub ssh_parse_line($) {

  57. +   my $ssh_line = shift;

  58. +   my @ssh_parts = split / /, $ssh_line, 5;

  59. +   if (scalar @ssh_parts < 4)  {

  60. +      @ssh_parts = ('', @ssh_parts);

  61. +   }

  62. +   if (scalar @ssh_parts > 4) {

  63. +      @ssh_parts = @ssh_parts[0,3]

  64. +   }

  65. +   if (scalar @ssh_parts < 4) {

  66. +      @ssh_parts = undef;

  67. +   }

  68. +   return ( @ssh_parts );

  69. +}

  70. +

  71. +# ----------------------------------------------------------------------

  72. +# Get the SSH fingerprint of a line of text

  73. +# If the fingerprint cannot be parsed, it will be undef

  74. +# In a scalar context, returns the fingerprint

  75. +# In a list context, returns (fingerprint, output) where output

  76. +# is the parsed input line (less algorithm)

  77. +sub ssh_fingerprint_line($) {

  78. +    my $ssh_line = shift;

  79. +    my @parsed_line = ssh_parse_line($ssh_line) or return undef;

  80. +    my @ssh_parts = ssh_decode_key($parsed_line[2]) or return undef;

  81. +    ( $parsed_line[1] eq $ssh_parts[0] ) or die "algorithm mismatch: $parsed_line[1] vs. $ssh_parts[0]";

  82. +    my $fp = sha256_base64(join(' ', @ssh_parts[1,-1]));

  83. +    return wantarray ? ($fp, join(' ', @ssh_parts[1,-1])) : $fp;

  84. +}

  85. +

  86. +# ----------------------------------------------------------------------

  87.  # Get the SSH fingerprint of a file
  88.  # If the fingerprint cannot be parsed, it will be undef
  89.  # In a scalar context, returns the fingerprint
  90.  # In a list context, returns (fingerprint, output) where output
  91. -# is the raw output of the ssh-keygen command

  92. -sub ssh_fingerprint_file {

  93. +# is the raw input line

  94. +sub ssh_fingerprint_file($) {

  95.      my $in = shift;
  96.      -f $in or die "file not found: $in\n";
  97.      my $fh;
  98. -    open( $fh, "ssh-keygen -l -f $in |" ) or die "could not fork: $!\n";

  99. +    open( $fh, $in ) or die "could not open $in: $!\n";

  100.      my $output = <$fh>;
  101.      chomp $output;
  102. -    # dbg("fp = $fp");

  103.      close $fh;
  104.      # Return a valid fingerprint or undef
  105. -    my $fp = undef;

  106. -    if($output =~ /((?:MD5:)?(?:[0-9a-f]{2}:){15}[0-9a-f]{2})/i or

  107. -       $output =~ m{((?:RIPEMD|SHA)\d+:[A-Za-z0-9+/=]+)}i) {

  108. -        $fp = $1;

  109. -    }

  110. +    my $fp = ssh_fingerprint_line($output);

  111.      return wantarray ? ($fp, $output) : $fp;
  112.  }
  113.  
  114. -# Get the SSH fingerprint of a line of text

  115. -# If the fingerprint cannot be parsed, it will be undef

  116. -# In a scalar context, returns the fingerprint

  117. -# In a list context, returns (fingerprint, output) where output

  118. -# is the raw output of the ssh-keygen command

  119. -sub ssh_fingerprint_line {

  120. -    my ( $fh, $fn ) = tempfile();

  121. -    print $fh shift() . "\n";

  122. -    close $fh;

  123. -    my ($fp,$output) = ssh_fingerprint_file($fn);

  124. -    unlink $fn;

  125. -    return wantarray ? ($fp,$output) : $fp;

  126. -}

  127. -

  128.  # ----------------------------------------------------------------------
  129.  
  130.  # bare-minimum subset of 'Tsh' (see github.com/sitaramc/tsh)