AniNIX/Uniglot
3
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Replace keyscan with looking at system files; Update data files scan to allow for homedir storage of Ansible/GPG/Keepass secrets

Browse Source
This commit is contained in:
DarkFeather
2025-12-18 12:25:13 -06:00
parent 74aa9849f6
commit e17bb87f13
2 changed files with 31 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
Bash/dns.bash
View File

@@ -32,5 +32,10 @@ function GenerateCAA {
function GenerateSSHFP {
### Generate the SSHFP
ssh-keyscan -D localhost | grep -E '1 2|4 2' | sed 's/localhost IN SSHFP //'
(# 4 means ed25519, 2 means SHA2 hash.
ssh-keygen -r localhost -f /etc/ssh/ssh_host_ed25519_key.pub | grep '4 2'
# 1 means RSA, 2 means SHA2 hash.
ssh-keygen -r localhost -f /etc/ssh/ssh_host_rsa_key.pub | grep '1 2'
# We will not show the 4 1 or 1 1 records, as SHA1 is broken.
) | sed 's/localhost IN SSHFP //'
}

31
Hooks/scripts.d/find-data-files
View File

@@ -1,11 +1,30 @@
#!/bin/bash
result=0
IFS="
"
originURL="$(git config remote.origin.url)"
homedir=0
if [[ "$originURL" =~ .*HomeDir.git$ ]]; then
homedir=1
fi
# We don't want to commit data files, with the exceptions being our GPG public key and organization logo in PNG & ASCII format.
for file in `git ls-files | xargs -n 1 file | grep -Ev 'ASCII text|JSON|empty|Unicode text|symbolic link' | grep -vE '^Resources/logo.png|^Resources/ascii.txt|^Resources/public.gpg' | cut -f 1 -d :`; do
if [ "$(du -k "${file}" | awk '{ print $1; }')" -gt 10 ]; then
echo "These files need to be evaluated -- generally, don't commit data files to Git."
echo "$result"
exit 1
for file in `git ls-files | xargs -d '\n' -n 1 file | grep -Ev 'ASCII text|JSON|empty|Unicode text|symbolic link|^Resources/logo.png|^Resources/ascii.txt|^Resources/public.gpg'`; do
#echo Evaluating \`"${file}"\`
filename="$(echo "${file}" | cut -f 1 -d ':')"
# Some databases need to be revision controlled to protect secrets, but these should only be committed to private repos.
if [ $homedir -eq 1 ] && [[ "$file" =~ GPG.keybox|Ansible.Vault|Keepass|^.gnupg/tofu.db ]]; then
continue
fi
if [ "$(du -k "${filename}" | awk '{ print $1; }')" -gt 10 ]; then
echo "$file"
result=1
fi
done
exit 0
if [ $result -eq 1 ]; then
echo "These files need to be evaluated -- generally, don't commit data files to Git."
fi
exit $result