Merge pull request #52 from dokku/master

Release 0.10.0

.circleci/config.yml

@@ -1,7 +1,8 @@
 version: 2
 jobs:
   build:
-    machine: {}
+    machine:
+      docker_layer_caching: false
     steps:
       - checkout
       - run:
@@ -24,6 +25,5 @@ jobs:
       - run:
           command: |
             if [[ "$CIRCLE_BRANCH" == "release" ]]; then
-              make release-in-docker
+              make release-in-docker release-packagecloud-in-docker
             fi
-            make release-packagecloud-in-docker

.gitignore

@@ -1 +1,3 @@
+.env*
 sshcommand.bak
+test-results

CHANGELOG.md

@@ -10,6 +10,22 @@ All notable changes to this project will be documented in this file.
 
 ### Changed
 
+## [0.10.0] - 2020-04-03
+
+### Added
+- @Filipe-Souza Ability to output JSON format in ssh keys list
+- @matthewmueller Add support for Amazon Linux 2
+
+### Changed
+- @josegonzalez Drop unsupported debian-based operating systems
+- @josegonzalez Do not release to the betafish channel
+
+### Fixed
+- @josegonzalez Do not allow users to re-specify an ssh key under a different name
+- @josegonzalez Allow user to disable name check when adding a new ssh key
+- @josegonzalez Correct shellcheck issues with shellcheck 0.7.0
+- @znz Ignore options in key file
+
 ## [0.9.0] - 2019-09-20
 
 ### Added
@@ -28,7 +44,7 @@ All notable changes to this project will be documented in this file.
 
 ## [0.7.0] - 2017-03-22
 ### Fixed
-- @callahad  Only allow one key per file in acl-add. Otherwise, the additional keys get added without the sshcommand wrapper.
+- @callahad Only allow one key per file in acl-add. Otherwise, the additional keys get added without the sshcommand wrapper.
 
 ### Added
 - @michaelshobbs automated releases
@@ -118,7 +134,8 @@ All notable changes to this project will be documented in this file.
 - @michaelshobbs update build image in README
 - @jvanbaarsen Only add SSH key if it doesn't already exists
 
-[unreleased]: https://github.com/dokku/sshcommand/compare/v0.9.0...HEAD
+[unreleased]: https://github.com/dokku/sshcommand/compare/v0.10.0...HEAD
+[0.10.0]: https://github.com/dokku/sshcommand/compare/v0.9.0...v0.10.0
 [0.9.0]: https://github.com/dokku/sshcommand/compare/v0.8.0...v0.9.0
 [0.8.0]: https://github.com/dokku/sshcommand/compare/v0.7.0...v0.8.0
 [0.7.0]: https://github.com/dokku/sshcommand/compare/v0.6.0...v0.7.0

Dockerfile.build

@@ -1,4 +1,4 @@
-FROM golang:1.12.0-stretch
+FROM golang:1.14.1-buster
 RUN apt-get update \
     && apt install apt-transport-https build-essential curl gnupg2 lintian rpm rsync rubygems-integration ruby-dev ruby software-properties-common sudo -qy \
     && apt-get clean \

Makefile

@@ -6,7 +6,7 @@ MAINTAINER_NAME = Jose Diaz-Gonzalez
 REPOSITORY = sshcommand
 HARDWARE = $(shell uname -m)
 SYSTEM_NAME  = $(shell uname -s | tr '[:upper:]' '[:lower:]')
-BASE_VERSION ?= 0.9.0
+BASE_VERSION ?= 0.10.0
 IMAGE_NAME ?= $(MAINTAINER)/$(REPOSITORY)
 PACKAGECLOUD_REPOSITORY ?= dokku/dokku-betafish
 
@@ -144,17 +144,8 @@ release-packagecloud:
 	@$(MAKE) release-packagecloud-rpm
 
 release-packagecloud-deb: build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/trusty  build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/utopic  build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/vivid   build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/wily    build/deb/$(NAME)_$(VERSION)_amd64.deb
 	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/xenial  build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/yakkety build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/zesty   build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/artful  build/deb/$(NAME)_$(VERSION)_amd64.deb
 	package_cloud push $(PACKAGECLOUD_REPOSITORY)/ubuntu/bionic  build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/debian/wheezy  build/deb/$(NAME)_$(VERSION)_amd64.deb
-	package_cloud push $(PACKAGECLOUD_REPOSITORY)/debian/jessie  build/deb/$(NAME)_$(VERSION)_amd64.deb
 	package_cloud push $(PACKAGECLOUD_REPOSITORY)/debian/stretch build/deb/$(NAME)_$(VERSION)_amd64.deb
 	package_cloud push $(PACKAGECLOUD_REPOSITORY)/debian/buster  build/deb/$(NAME)_$(VERSION)_amd64.deb
 

README.md

@@ -17,12 +17,12 @@ ssh ls@server <your-args>
 ## Commands
 
 ```shell
-sshcommand create     <USER> <COMMAND>          # Creates a user forced to run command when SSH connects
-sshcommand acl-add    <USER> <NAME> <KEY_FILE>  # Adds named SSH key to user from STDIN or argument
-sshcommand acl-remove <USER> <NAME>             # Removes SSH key by name
-sshcommand list       <USER> [<NAME>]           # Lists SSH keys by user and an optional name
-sshcommand help       <COMMAND>                 # Shows help information
-sshcommand version                              # Shows version
+sshcommand create     <USER> <COMMAND>                 # Creates a user forced to run command when SSH connects
+sshcommand acl-add    <USER> <NAME> <KEY_FILE>         # Adds named SSH key to user from STDIN or argument
+sshcommand acl-remove <USER> <NAME>                    # Removes SSH key by name
+sshcommand list       <USER> [<NAME>] [<OUTPUT_TYPE>]  # Lists SSH keys by user, an optional name and a optional output format (JSON)
+sshcommand help       <COMMAND>                        # Shows help information
+sshcommand version                                     # Shows version
 ```
 
 ## Example

package.json

@@ -1,6 +1,6 @@
 {
   "name": "sshcommand",
-  "version": "0.9.0",
+  "version": "0.10.0",
   "description": "Turn SSH into a thin client specifically for your app",
   "global": "true",
   "install": "cp sshcommand /usr/local/bin && chmod +x /usr/local/bin/sshcommand",

sshcommand

@@ -8,6 +8,8 @@ if [[ -f /etc/defaults/sshcommand ]]; then
 fi
 
 declare SSHCOMMAND_VERSION=""
+declare SSHCOMMAND_CHECK_DUPLICATE_FINGERPRINT=${SSHCOMMAND_CHECK_DUPLICATE_FINGERPRINT:="true"}
+declare SSHCOMMAND_CHECK_DUPLICATE_NAME=${SSHCOMMAND_CHECK_DUPLICATE_NAME:="true"}
 
 cmd-help() {
   declare desc="Shows help information for a command"
@@ -23,7 +25,7 @@ fn-args() {
   declare desc="Inspect a function's arguments"
   local argline
   argline=$(type "$1" | grep declare | grep -v "declare desc" | head -1)
-  echo -e "${argline// /"\n"}" | awk -F= '/=/{print "<"$1">"}' | tr "\n" " "
+  echo -e "${argline// /"\\n"}" | awk -F= '/=/{print "<"$1">"}' | tr "\\n" " "
 }
 
 fn-desc() {
@@ -49,7 +51,7 @@ fn-print-os-id() {
   declare desc="Returns the release id of the operating system"
   local OSRELEASE="${SSHCOMMAND_OSRELEASE:="/etc/os-release"}"
   if [[ -f $OSRELEASE ]]; then
-    sed -n 's#^ID=\(.*\)#\1#p' "$OSRELEASE"
+    sed -n 's#^ID=\(.*\)#\1#p' "$OSRELEASE" | tr -d '"'
   else
     echo unknown
   fi
@@ -70,7 +72,7 @@ fn-adduser() {
     debian*|ubuntu|raspbian*)
       adduser --disabled-password --gecos "" "$l_user"
       ;;
-    arch)
+    arch|amzn)
       useradd -m -s /bin/bash "$l_user"
       usermod -L -aG "$l_user" "$l_user"
       ;;
@@ -85,12 +87,12 @@ fn-adduser() {
 log-fail() {
   declare desc="Log fail formatter"
   echo "$@" 1>&2
-  exit -1
+  exit 1
 }
 
 log-verbose() {
   declare desc="Log verbose formatter"
-  if [[ ! -z "$SSHCOMMAND_VERBOSE_OUTPUT" ]]; then
+  if [[ -n "$SSHCOMMAND_VERBOSE_OUTPUT" ]]; then
     echo "$@"
   fi
 }
@@ -130,8 +132,8 @@ sshcommand-acl-add() {
   USERHOME=$(sh -c "echo ~$USER")
 
   NEW_KEY=$(grep "NAME=\\\\\"$NAME"\\\\\" "$USERHOME/.ssh/authorized_keys" || true)
-  if [[ ! -z "$NEW_KEY" ]]; then
-    log-fail "Duplicate SSH Key name"
+  if [[ "$SSHCOMMAND_CHECK_DUPLICATE_NAME" == "true" ]] && [[ -n "$NEW_KEY" ]]; then
+    log-fail "Duplicate ssh key name"
   fi
 
   if [[ -z "$KEY_FILE" ]]; then
@@ -146,12 +148,16 @@ sshcommand-acl-add() {
   count="$(wc -l <<< "$KEY")"
   [[ "$count" -eq 1 ]] || log-fail "Too many keys provided, set one per invocation of sshcommand acl-add <USER> <NAME>"
 
-  FINGERPRINT=$(ssh-keygen -lf "$KEY_FILE" | awk '{print $2}')
+  FINGERPRINT=$(ssh-keygen -lf <(echo "command=\"dummy to fail when options already exist\" $KEY") | awk '{print $2}')
 
   if [[ ! "$FINGERPRINT" =~ :.* ]]; then
     log-fail "Invalid ssh public key"
   fi
 
+  if [[ "$SSHCOMMAND_CHECK_DUPLICATE_FINGERPRINT" == "true" ]] && grep -qF "$FINGERPRINT" "$USERHOME/.ssh/authorized_keys"; then
+    log-fail "Duplicate ssh public key specified"
+  fi
+
   ALLOWED_KEYS="${SSHCOMMAND_ALLOWED_KEYS:="no-agent-forwarding,no-user-rc,no-X11-forwarding,no-port-forwarding"}"
   KEY_PREFIX="command=\"FINGERPRINT=$FINGERPRINT NAME=\\\"$NAME\\\" \`cat $USERHOME/.sshcommand\` \$SSH_ORIGINAL_COMMAND\",$ALLOWED_KEYS"
   echo "$KEY_PREFIX $KEY" >> "$USERHOME/.ssh/authorized_keys"
@@ -174,21 +180,30 @@ sshcommand-acl-remove() {
 }
 
 sshcommand-list() {
-  declare desc="Lists SSH keys by user and an optional name"
-  declare userhome USER="$1" NAME="$2"
+  declare desc="Lists SSH keys by user, an optional name and a optional output format (JSON)"
+  declare userhome USER="$1" NAME="$2" OUTPUT_TYPE="${3:-$2}"
   [[ -z "$USER" ]] && log-fail "Usage: sshcommand list" "$(fn-args "sshcommand-list")"
 
   getent passwd "$USER" > /dev/null || log-fail "\"$USER\" is not a user on this system"
   userhome=$(sh -c "echo ~$USER")
   [[ -e "$userhome/.ssh/authorized_keys" ]] || log-fail "authorized_keys not found for $USER"
   [[ -s "$userhome/.ssh/authorized_keys" ]] || log-fail "authorized_keys is empty for $USER"
-  OUTPUT="$(sed --silent --regexp-extended \
+
+  if [[ -n "$OUTPUT_TYPE" ]] && [[ "$OUTPUT_TYPE" == "json" ]]; then
+    data=$(sed --silent --regexp-extended \
+      's/^command="FINGERPRINT=(\S+) NAME=(\\"|)(.*)\2 `.*",(\S+).*/{ "fingerprint": "\1", "name": "\3", "SSHCOMMAND_ALLOWED_KEYS": "\4" }/p' \
+      "$userhome/.ssh/authorized_keys" | tr '\n' ',' | sed '$s/,$/\n/')
+
+    echo "[${data}]";
+  else
+    OUTPUT="$(sed --silent --regexp-extended \
         's/^command="FINGERPRINT=(\S+) NAME=(\\"|)(.*)\2 `.*",(\S+).*/\1 NAME="\3" SSHCOMMAND_ALLOWED_KEYS="\4"/p' \
         "$userhome/.ssh/authorized_keys")"
-  if [[ -n "$NAME" ]]; then
-    echo "$OUTPUT" | grep "NAME=\"$NAME\""
-  else
-    echo "$OUTPUT"
+    if [[ -n "$NAME" ]]; then
+      echo "$OUTPUT" | grep "NAME=\"$NAME\""
+    else
+      echo "$OUTPUT"
+    fi
   fi
 }
 
@@ -203,12 +218,12 @@ sshcommand-help() {
 
   echo "sshcommand ${SSHCOMMAND_VERSION}"
   echo ""
-  printf "  %-10s %-30s %s\n" "create"     "$(fn-args "sshcommand-create")"     "$(fn-desc "sshcommand-create")"
-  printf "  %-10s %-30s %s\n" "acl-add"    "$(fn-args "sshcommand-acl-add")"    "$(fn-desc "sshcommand-acl-add")"
-  printf "  %-10s %-30s %s\n" "acl-remove" "$(fn-args "sshcommand-acl-remove")" "$(fn-desc "sshcommand-acl-remove")"
-  printf "  %-10s %-30s %s\n" "list"       "$(fn-args "sshcommand-list")"       "$(fn-desc "sshcommand-list")"
-  printf "  %-10s %-30s %s\n" "help"       "$(fn-args "sshcommand-help")"       "$(fn-desc "sshcommand-help")"
-  printf "  %-10s %-30s %s\n" "version"    "$(fn-args "sshcommand-version")"    "$(fn-desc "sshcommand-version")"
+  printf "  %-10s %-30s %s\\n" "create"     "$(fn-args "sshcommand-create")"     "$(fn-desc "sshcommand-create")"
+  printf "  %-10s %-30s %s\\n" "acl-add"    "$(fn-args "sshcommand-acl-add")"    "$(fn-desc "sshcommand-acl-add")"
+  printf "  %-10s %-30s %s\\n" "acl-remove" "$(fn-args "sshcommand-acl-remove")" "$(fn-desc "sshcommand-acl-remove")"
+  printf "  %-10s %-30s %s\\n" "list"       "$(fn-args "sshcommand-list")"       "$(fn-desc "sshcommand-list")"
+  printf "  %-10s %-30s %s\\n" "help"       "$(fn-args "sshcommand-help")"       "$(fn-desc "sshcommand-help")"
+  printf "  %-10s %-30s %s\\n" "version"    "$(fn-args "sshcommand-version")"    "$(fn-desc "sshcommand-version")"
 }
 
 sshcommand-version() {
@@ -225,7 +240,7 @@ main() {
   local cmd="sshcommand-$1"
   shift 1
 
-  if declare -f $cmd > /dev/null; then
+  if declare -f "$cmd" > /dev/null; then
     $cmd "$@"
   else
     log-fail "Invalid command"