infra/codestorage/hg-ssh: pullkeys.sh annotate

Set trust settings to avoid annoying message. Update the hgrc to trust the .hgrc files of everyone in the committers group, because I got tired of seeing the "not trusting file /mounted/repos/blah-blah/.hg/hgrc from untrusted user root, group committers" message every time I pushed.

paddy@1	1 #!/bin/bash
paddy@1	2 DOMAIN=${DOMAIN:-code.secondbit.org}
paddy@1	3 SSH_KEYS_BUCKET=${SSH_KEYS_BUCKET:-sshkeys.$DOMAIN}
paddy@1	4
paddy@1	5 mkdir -p /tmp/sshkeys
paddy@1	6
paddy@1	7 echo "Cleaning up..."
paddy@1	8 rm -rf /tmp/sshkeys/*
paddy@1	9
paddy@1	10 echo "Downloading keys from gs://${SSH_KEYS_BUCKET}/"
paddy@1	11
paddy@1	12 output=$(gsutil cp -R gs://$SSH_KEYS_BUCKET/\* /tmp/sshkeys/ 2>&1)
paddy@1	13 echo $output
paddy@1	14
paddy@1	15 keys=$(find /tmp/sshkeys -name '*.pub')
paddy@1	16
paddy@1	17 for key in $keys
paddy@1	18 do
paddy@1	19 dir=$(dirname $key)
paddy@1	20 stripped=${dir#.}
paddy@1	21 stripped=${stripped#/tmp/sshkeys}
paddy@1	22 target=${key#/tmp/sshkeys}
paddy@1	23 target=${target%.pub}
paddy@1	24 target=${target#/}
paddy@1	25 IFS='-' read -ra USERSPEC <<< $target
paddy@1	26 if [ -d "/home${USERSPEC[0]}" ]
paddy@1	27 then
paddy@1	28 echo "User ${USERSPEC[0]} already exists, skipping."
paddy@1	29 else
paddy@1	30 echo "Creating user ${USERSPEC[0]} with ID ${USERSPEC[1]}."
paddy@1	31 /bin/bash /usr/local/bin/helpers/create_user.sh "${USERSPEC[0]}" "${USERSPEC[1]}"
paddy@1	32 cat $key > /home/${USERSPEC[0]}/.ssh/authorized_keys
paddy@1	33 fi
paddy@1	34 done
paddy@1	35
paddy@1	36 echo "Cleaning up..."
paddy@1	37 rm -rf /tmp/sshkeys/*
paddy@1	38
paddy@1	39 echo "SSH key pull complete."

infra/codestorage/hg-ssh

infra/codestorage/hg-ssh/pullkeys.sh