diff options
author | Sean Whitton <spwhitton@spwhitton.name> | 2018-05-11 11:41:14 -0700 |
---|---|---|
committer | Sean Whitton <spwhitton@spwhitton.name> | 2018-05-11 11:41:14 -0700 |
commit | 9ddf53be82fd72fb93f13f1255c48dde781c2735 (patch) | |
tree | e87ed66260b600c162b10af07785b7e2a2288b56 /bin/insinuate-dotfiles | |
parent | 6e5eaa2f2387e91f43b5c3b645016c9767396db9 (diff) | |
download | dotfiles-9ddf53be82fd72fb93f13f1255c48dde781c2735.tar.gz |
make insinuate-dotfiles work for stretch hosts
Diffstat (limited to 'bin/insinuate-dotfiles')
-rwxr-xr-x | bin/insinuate-dotfiles | 25 |
1 files changed, 18 insertions, 7 deletions
diff --git a/bin/insinuate-dotfiles b/bin/insinuate-dotfiles index fcdd5288..583c66c8 100755 --- a/bin/insinuate-dotfiles +++ b/bin/insinuate-dotfiles @@ -1,11 +1,9 @@ #!/bin/sh -# Try to get my dotfiles onto a host +# Try to get my dotfiles onto a host, securely # Intended for machines on which I don't have root -- otherwise I'd -# just use propellor. The reason for using this script rather than -# simply sshing in and running `git clone` is to avoid zsh's "first -# run" screen on Debian hosts +# just use propellor # Assumes ssh connection sharing @@ -13,14 +11,27 @@ . $HOME/lib/tputfs.sh status "trying to clone dotfiles to $1 using git daemon protocol" -ssh "$1" 'wget -O- https://spwhitton.name/spwhitton.asc | gpg --import' + +# post-buster +# ssh "$1" 'wget -O- https://spwhitton.name/spwhitton.asc | gpg --import' + ssh "$1" 'cd $HOME && git clone --depth 1 git://spwhitton.name/dotfiles src/dotfiles' -ssh "$1" 'cd $HOME/src/dotfiles && git verify-commit --raw master 2>&1 | grep "VALIDSIG .* 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B"' + +# pre-buster +hash=$(ssh "$1" 'cd $HOME/src/dotfiles && git show-ref -s master | head -n1') +( cd "$HOME/src/dotfiles" && git branch --contains "$hash" | grep master) +# post-buster +# ssh "$1" 'cd $HOME/src/dotfiles && git verify-commit --raw master 2>&1 | grep "VALIDSIG .* 8DC2487E51ABDD90B5C4753F0F56D0553B6D411B"' + if [ $? = 0 ]; then status "clone ok; running bootstrap script" ssh "$1" 'cd $HOME && sh src/dotfiles/bin/bstraph.sh' else - status "couldn't verify PGP signature on dotfiles commit" + # pre-buster + status "couldn't find remote HEAD in local master branch" + # post-buster + # status "couldn't verify PGP signature on dotfiles commit" + status "nuking corrupted clone on $1" ssh "$1" 'rm -rf $HOME/src/dotfiles' exit 1 |