infra/codestorage/hg-ssh
infra/codestorage/hg-ssh/pullkeys.sh
Set trust settings to avoid annoying message. Update the hgrc to trust the .hgrc files of everyone in the committers group, because I got tired of seeing the "not trusting file /mounted/repos/blah-blah/.hg/hgrc from untrusted user root, group committers" message every time I pushed.
1 #!/bin/bash
2 DOMAIN=${DOMAIN:-code.secondbit.org}
3 SSH_KEYS_BUCKET=${SSH_KEYS_BUCKET:-sshkeys.$DOMAIN}
5 mkdir -p /tmp/sshkeys
7 echo "Cleaning up..."
8 rm -rf /tmp/sshkeys/*
10 echo "Downloading keys from gs://${SSH_KEYS_BUCKET}/"
12 output=$(gsutil cp -R gs://$SSH_KEYS_BUCKET/\* /tmp/sshkeys/ 2>&1)
13 echo $output
15 keys=$(find /tmp/sshkeys -name '*.pub')
17 for key in $keys
18 do
19 dir=$(dirname $key)
20 stripped=${dir#.}
21 stripped=${stripped#/tmp/sshkeys}
22 target=${key#/tmp/sshkeys}
23 target=${target%.pub}
24 target=${target#/}
25 IFS='-' read -ra USERSPEC <<< $target
26 if [ -d "/home${USERSPEC[0]}" ]
27 then
28 echo "User ${USERSPEC[0]} already exists, skipping."
29 else
30 echo "Creating user ${USERSPEC[0]} with ID ${USERSPEC[1]}."
31 /bin/bash /usr/local/bin/helpers/create_user.sh "${USERSPEC[0]}" "${USERSPEC[1]}"
32 cat $key > /home/${USERSPEC[0]}/.ssh/authorized_keys
33 fi
34 done
36 echo "Cleaning up..."
37 rm -rf /tmp/sshkeys/*
39 echo "SSH key pull complete."