This is an automated email from the git hooks/post-receive script. x2go pushed a change to branch master in repository x2gobroker. from 32a4fdc x2gobroker.spec: CentOS 6 + 7 have python34-setuptools, not python3-setuptools. new ad6237f etc/x2gobroker.conf: Mention the per-profile option for enabling/disabling load checker support. new e470714 sbin/{x2gobroker-pubkeyauthorizer,x2gobroker-keygen}: Use proper octal numbers for file permissions. new d1defd1 x2gobroker/agent (check_load()): Bail out if no remote agent is given. new 941e464 sbin/x2gobroker-pubkeyauthorizer: Fix key lookup in os.environ for Python3. new bce0174 sbin/x2gobroker-pubkeyauthorizer: Some string/bytecode fixes for Python3. Plus urllib -> urllib.request. new a861019 sbin/x2gobroker-pubkeyauthorizer: Improve key integrity checker and move it further up. Plus one more Python2 -> Python3 issue fixed. The 6 revisions listed above as "new" are entirely new to this repository and will be described in separate emails. The revisions listed as "adds" were already present in the repository and have only been added to this reference. Summary of changes: etc/x2gobroker.conf | 2 +- sbin/x2gobroker-keygen | 6 +-- sbin/x2gobroker-pubkeyauthorizer | 108 +++++++++++++++++++++++---------------- x2gobroker/agent.py | 4 ++ 4 files changed, 71 insertions(+), 49 deletions(-) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit e470714c5d4a6ae49b1301d5ac1c7e44ccdb484d Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Apr 16 12:49:37 2018 +0200 sbin/{x2gobroker-pubkeyauthorizer,x2gobroker-keygen}: Use proper octal numbers for file permissions. --- sbin/x2gobroker-keygen | 6 +++--- sbin/x2gobroker-pubkeyauthorizer | 4 ++-- 2 files changed, 5 insertions(+), 5 deletions(-) diff --git a/sbin/x2gobroker-keygen b/sbin/x2gobroker-keygen index a901c25..6872ecc 100755 --- a/sbin/x2gobroker-keygen +++ b/sbin/x2gobroker-keygen @@ -108,7 +108,7 @@ if __name__ == '__main__': if not os.path.exists('{home}/.ssh'.format(home=broker_home)): os.mkdir('{home}/.ssh'.format(home=broker_home)) os.chown('{home}/.ssh'.format(home=broker_home), broker_uidnumber, broker_gidnumber) - os.chmod('{home}/.ssh'.format(home=broker_home), 0750) + os.chmod('{home}/.ssh'.format(home=broker_home), 0o0750) logger_broker.info(' Created {home}/.ssh'.format(home=broker_home)) # generate key pair @@ -133,7 +133,7 @@ if __name__ == '__main__': key.write_private_key_file('{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file)) os.chown('{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file), broker_uidnumber, broker_gidnumber) - os.chmod('{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file), 0600) + os.chmod('{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file), 0o0600) logger_broker.info(' Private key written to file {key_file}'.format(key_file='{home}/.ssh/{id_file}'.format(home=broker_home, id_file=id_file))) pubkey_file = open('{home}/.ssh/{id_file}.pub'.format(home=broker_home, id_file=id_file),'w') @@ -143,7 +143,7 @@ if __name__ == '__main__': pubkey_file.write("ssh-dss " +key.get_base64()) pubkey_file.close() os.chown('{home}/.ssh/{id_file}.pub'.format(home=broker_home, id_file=id_file), broker_uidnumber, broker_gidnumber) - os.chmod('{home}/.ssh/{id_file}.pub'.format(home=broker_home, id_file=id_file), 0644) + os.chmod('{home}/.ssh/{id_file}.pub'.format(home=broker_home, id_file=id_file), 0o0644) logger_broker.info(' Public key written to file {key_file}'.format(key_file='{home}/.ssh/{id_file}.pub'.format(home=broker_home, id_file=id_file))) logger_broker.info('Key file generation has been successful!') diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer index ceb4ce6..ec8fd19 100755 --- a/sbin/x2gobroker-pubkeyauthorizer +++ b/sbin/x2gobroker-pubkeyauthorizer @@ -133,7 +133,7 @@ if __name__ == '__main__': if not os.path.exists('{home}/.ssh'.format(home=broker_home)): os.mkdir('{home}/.ssh'.format(home=broker_home)) os.chown('{home}/.ssh'.format(home=broker_home), broker_uidnumber, broker_gidnumber) - os.chmod('{home}/.ssh'.format(home=broker_home), 0750) + os.chmod('{home}/.ssh'.format(home=broker_home), 0o0750) logger_broker.info(' Created {home}/.ssh'.format(home=broker_home)) tmpfile_name, httpmsg = urllib.urlretrieve(cmdline_args.broker_url) @@ -223,6 +223,6 @@ if __name__ == '__main__': else: # set proper file permissions os.chown('{home}/.ssh/authorized_keys'.format(home=broker_home), broker_uidnumber, broker_gidnumber) - os.chmod('{home}/.ssh/authorized_keys'.format(home=broker_home), 0644) + os.chmod('{home}/.ssh/authorized_keys'.format(home=broker_home), 0o0644) logger_broker.info('Completed successfully: X2Go Session Broker\'s PubKey Authorizer.'.format(url=cmdline_args.broker_url)) -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit ad6237f2f3703e055e5b08b26bcb38944ee6b538 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Apr 16 12:41:04 2018 +0200 etc/x2gobroker.conf: Mention the per-profile option for enabling/disabling load checker support. --- etc/x2gobroker.conf | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/etc/x2gobroker.conf b/etc/x2gobroker.conf index 11cb0ea..e3e7e69 100644 --- a/etc/x2gobroker.conf +++ b/etc/x2gobroker.conf @@ -292,7 +292,7 @@ # # o the session profile defines more than one host # o the session profile does not block queries to the load checker daemon -# on a per profile basis +# on a per profile basis (broker-use-load-checker = true|false) # #default-use-load-checker = false -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit bce017435fb2e97c8b6697a1d2388515a7595b5e Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Apr 16 13:07:15 2018 +0200 sbin/x2gobroker-pubkeyauthorizer: Some string/bytecode fixes for Python3. Plus urllib -> urllib.request. --- sbin/x2gobroker-pubkeyauthorizer | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer index 757880a..0948f1e 100755 --- a/sbin/x2gobroker-pubkeyauthorizer +++ b/sbin/x2gobroker-pubkeyauthorizer @@ -25,7 +25,7 @@ import setproctitle import argparse import logging import binascii -import urllib +import urllib.request import getpass import logging import logging.config @@ -136,9 +136,9 @@ if __name__ == '__main__': os.chmod('{home}/.ssh'.format(home=broker_home), 0o0750) logger_broker.info(' Created {home}/.ssh'.format(home=broker_home)) - tmpfile_name, httpmsg = urllib.urlretrieve(cmdline_args.broker_url) + tmpfile_name, httpmsg = urllib.request.urlretrieve(cmdline_args.broker_url) tmpfile = open(tmpfile_name, 'rb') - new_pubkeys = [ k for k in tmpfile.read().split('\n') if k ] + new_pubkeys = [ k for k in tmpfile.read().decode().split('\n') if k ] if len(new_pubkeys) == 1: logger_broker.info(' Found {i} public key at URL {url}'.format(i=len(new_pubkeys), url=cmdline_args.broker_url)) else: @@ -149,9 +149,9 @@ if __name__ == '__main__': try: read_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=broker_home), 'rb') _content = read_authorized_keys.read() - if _content and ord(_content[-1]) != 10: + if _content and _content[-1] != 10: append_newline = '\n' - already_authorized_keys = _content.split('\n') + already_authorized_keys = _content.decode().split('\n') read_authorized_keys.close() except IOError: already_authorized_keys = [] -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit d1defd15575ade7ab7c3f7ad2520fe7bbe201d4f Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Apr 16 12:50:16 2018 +0200 x2gobroker/agent (check_load()): Bail out if no remote agent is given. --- x2gobroker/agent.py | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/x2gobroker/agent.py b/x2gobroker/agent.py index 6dda243..1ee6e37 100644 --- a/x2gobroker/agent.py +++ b/x2gobroker/agent.py @@ -435,6 +435,10 @@ def check_load(remote_agent=None, logger=None, **kwargs): if logger is None: logger = logger_broker + if not remote_agent: + logger.error('no remote agent was given, can\'t query load') + return "NO-REMOTE-AGENT" + try: if "username" in list(kwargs.keys()): del kwargs["username"] -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit 941e464dd541b1cadbd5b61edd526283e4d79a86 Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Apr 16 12:53:31 2018 +0200 sbin/x2gobroker-pubkeyauthorizer: Fix key lookup in os.environ for Python3. --- sbin/x2gobroker-pubkeyauthorizer | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer index ec8fd19..757880a 100755 --- a/sbin/x2gobroker-pubkeyauthorizer +++ b/sbin/x2gobroker-pubkeyauthorizer @@ -45,15 +45,15 @@ setproctitle.setproctitle("%s %s" % (PROG_NAME, " ".join(PROG_OPTIONS))) ### Normally, we would avoid that. However, this is to make this script independent from ### the python-x2gobroker package (and its manifold python module dependencies). -if os.environ.has_key('X2GOBROKER_DAEMON_USER'): +if 'X2GOBROKER_DAEMON_USER' in os.environ: X2GOBROKER_DAEMON_USER=os.environ['X2GOBROKER_DAEMON_USER'] else: X2GOBROKER_DAEMON_USER="x2gobroker" -if os.environ.has_key('X2GOBROKER_DAEMON_GROUP'): +if 'X2GOBROKER_DAEMON_GROUP' in os.environ: X2GOBROKER_DAEMON_GROUP=os.environ['X2GOBROKER_DAEMON_GROUP'] else: X2GOBROKER_DAEMON_GROUP="x2gobroker" -if os.environ.has_key('X2GOBROKER_DEBUG'): +if 'X2GOBROKER_DEBUG' in os.environ: X2GOBROKER_DEBUG = ( os.environ['X2GOBROKER_DEBUG'].lower() in ('1', 'on', 'true', 'yes', ) ) else: X2GOBROKER_DEBUG = False -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git
This is an automated email from the git hooks/post-receive script. x2go pushed a commit to branch master in repository x2gobroker. commit a8610199904a6411a77f1086a4af8ba71a747f1a Author: Mike Gabriel <mike.gabriel@das-netzwerkteam.de> Date: Mon Apr 16 13:42:46 2018 +0200 sbin/x2gobroker-pubkeyauthorizer: Improve key integrity checker and move it further up. Plus one more Python2 -> Python3 issue fixed. --- sbin/x2gobroker-pubkeyauthorizer | 90 ++++++++++++++++++++++++---------------- 1 file changed, 54 insertions(+), 36 deletions(-) diff --git a/sbin/x2gobroker-pubkeyauthorizer b/sbin/x2gobroker-pubkeyauthorizer index 0948f1e..e171c79 100755 --- a/sbin/x2gobroker-pubkeyauthorizer +++ b/sbin/x2gobroker-pubkeyauthorizer @@ -138,11 +138,44 @@ if __name__ == '__main__': tmpfile_name, httpmsg = urllib.request.urlretrieve(cmdline_args.broker_url) tmpfile = open(tmpfile_name, 'rb') - new_pubkeys = [ k for k in tmpfile.read().decode().split('\n') if k ] - if len(new_pubkeys) == 1: - logger_broker.info(' Found {i} public key at URL {url}'.format(i=len(new_pubkeys), url=cmdline_args.broker_url)) + new_pubkeys_raw = [ k for k in tmpfile.read().decode().split('\n') if k ] + + i = 0 + new_pubkeys = [] + for new_pubkey in new_pubkeys_raw: + + if not new_pubkey: + # fully ignore empty lines + continue + + if re.match(r'^#.*', new_pubkey): + # fully ignore commented out lines + continue + + # check key integrity! + is_key = False + if re.match(r'.*ssh-dss AAAAB3NzaC1kc3MA.*', new_pubkey): + is_key = True + elif re.match(r'.*ssh-rsa AAAAB3NzaC1yc2EA.*', new_pubkey): + is_key = True + + if not is_key: + logger_broker.error('The broker returned something that does not look like SSH RSA/DSA keys.') + logger_broker.error('Check the URL {url}'.format(url=cmdline_args.broker_url)) + logger_broker.error('manually from a webbrowser.') + sys.exit(-1) + + i += 1 + new_pubkeys.append(new_pubkey) + + if i == 1: + logger_broker.info(' Found {n} public key at URL {url}'.format(n=len(new_pubkeys), url=cmdline_args.broker_url)) + elif i > 1: + logger_broker.info(' Found {n} public keys at URL {url}'.format(n=len(new_pubkeys), url=cmdline_args.broker_url)) else: - logger_broker.info(' Found {i} public keys at URL {url}'.format(i=len(new_pubkeys), url=cmdline_args.broker_url)) + logger_broker.info(' No public keys found at URL {url}'.format(url=cmdline_args.broker_url)) + sys.exit(0) + tmpfile.close() append_newline = "" @@ -156,48 +189,33 @@ if __name__ == '__main__': except IOError: already_authorized_keys = [] + already_authorized_keys = [ k for k in already_authorized_keys if k ] + append_authorized_keys = open('{home}/.ssh/authorized_keys'.format(home=broker_home), 'ab') if append_newline: logger_broker.warning(' The file {authorized_keys} does not end with a newline character. Adding it.'.format(authorized_keys='{home}/.ssh/authorized_keys'.format(home=broker_home))) append_authorized_keys.write(append_newline) - i = 0 to_be_removed = [] for new_pubkey in new_pubkeys: - # ignore empty lines - if not new_pubkey: - continue - - # check key integrity! - is_key = False - if re.match(r'.*ssh-dss AAAAB3NzaC1kc3MA.*', new_pubkey): - is_key = True - elif re.match(r'.*ssh-rsa AAAAB3NzaC1yc2EA.*', new_pubkey): - is_key = True - - if is_key is False: - continue + # legacy support for authorized_keys files containing SSH keys without options... + # if the remote server provides an already present pubkey with options, replace the + # non-option key in the authorized_keys file... + keytype, pubkey, owner = new_pubkey.rsplit(" ", 2) + keyopts = "" + if " " in keytype: + keyopts, keytype = keytype.rsplit(" ", 1) + for authorized_key in already_authorized_keys: + if authorized_key.endswith(" ".join([keytype, pubkey, owner])) and not authorized_key.startswith(keyopts): + to_be_removed.append(authorized_key) + + if new_pubkey not in already_authorized_keys: + append_authorized_keys.write('{k}\n'.format(k=new_pubkey).encode()) + logger_broker.info(' Adding new public key (counter={i}) to {authorized_keys}.'.format(i=i, authorized_keys='{home}/.ssh/authorized_keys'.format(home=broker_home))) else: - i += 1 - - # legacy support for authorized_keys files containing SSH keys without options... - # if the remote server provides an already present pubkey with options, replace the - # non-option key in the authorized_keys file... - keytype, pubkey, owner = new_pubkey.rsplit(" ", 2) - keyopts = "" - if " " in keytype: - keyopts, keytype = keytype.rsplit(" ", 1) - for authorized_key in [ k for k in already_authorized_keys if k ]: - if authorized_key.endswith(" ".join([keytype, pubkey, owner])) and not authorized_key.startswith(keyopts): - to_be_removed.append(authorized_key) - - if new_pubkey not in already_authorized_keys: - append_authorized_keys.write('{k}\n'.format(k=new_pubkey)) - logger_broker.info(' Adding new public key (counter={i}) to {authorized_keys}.'.format(i=i, authorized_keys='{home}/.ssh/authorized_keys'.format(home=broker_home))) - else: - logger_broker.warning(' Skipping new public key (counter={i}), already in {authorized_keys}.'.format(i=i, authorized_keys='{home}/.ssh/authorized_keys'.format(home=broker_home))) + logger_broker.warning(' Skipping new public key (counter={i}), already in {authorized_keys}.'.format(i=i, authorized_keys='{home}/.ssh/authorized_keys'.format(home=broker_home))) append_authorized_keys.close() -- Alioth's /home/x2go-admin/maintenancescripts/git/hooks/post-receive-email on /srv/git/code.x2go.org/x2gobroker.git