From c80f05ba17a1c256197492dd054dfeff07bde79a Mon Sep 17 00:00:00 2001
From: "Kyle J. McKay" <mackyle@gmail.com>
Date: Fri, 28 Nov 2014 16:09:44 -0800
Subject: [PATCH] sshactive: improve recording of last active times

The owner will now always be updated to reflect whether the push
came via ssh or www.  Also record the last install time on _install
and the last jailsetup time on _jailsetup since running _jailsetup
alters the ownership of all files in sshactive.
---
 bin/git-http-backend-verify | 12 ++++++++++--
 bin/git-shell-verify        | 12 ++++++++++--
 jailsetup.sh                |  6 ++++++
 3 files changed, 26 insertions(+), 4 deletions(-)

diff --git a/bin/git-http-backend-verify b/bin/git-http-backend-verify
index f9e886b..1d0a08d 100755
--- a/bin/git-http-backend-verify
+++ b/bin/git-http-backend-verify
@@ -244,7 +244,11 @@ if ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "$authuser"; then
 	# presuming the special mob directory has been set up
 	if [ "$cfg_mob" = "mob" -a "$authuser" != "mob" -a -d "$cfg_reporoot/$proj/mob" ] &&
 		"$cfg_basedir/bin/can_user_push_http" "$projbare" "mob"; then
-		(umask 113; > "$cfg_chroot/etc/sshactive/$authuser")
+		(
+			umask 113
+			> "$cfg_chroot/etc/sshactive/${authuser},"
+			mv -f "$cfg_chroot/etc/sshactive/${authuser}," "$cfg_chroot/etc/sshactive/${authuser}"
+		)
 		export PATH_INFO="/$proj/mob/$suffix"
 		if [ -n "$GIT_HTTP_BACKEND_SHOW_ERRORS" ]; then
 			exec "$cfg_git_http_backend_bin" "$@"
@@ -259,7 +263,11 @@ if ! "$cfg_basedir/bin/can_user_push_http" "$projbare" "$authuser"; then
 	exit 1
 fi
 
-(umask 113; > "$cfg_chroot/etc/sshactive/$authuser")
+(
+	umask 113
+	> "$cfg_chroot/etc/sshactive/${authuser},"
+	mv -f "$cfg_chroot/etc/sshactive/${authuser}," "$cfg_chroot/etc/sshactive/${authuser}"
+)
 if [ -n "$GIT_HTTP_BACKEND_SHOW_ERRORS" ]; then
 	exec "$cfg_git_http_backend_bin" "$@"
 else
diff --git a/bin/git-shell-verify b/bin/git-shell-verify
index 4d54b81..d93c0f2 100755
--- a/bin/git-shell-verify
+++ b/bin/git-shell-verify
@@ -153,7 +153,11 @@ if ! [ -x /usr/bin/perl ] && [ "$type" = 'receive-pack' ]; then
 		# presuming the special mob directory has been set up
 		if [ "$mob" = "mob" -a "$LOGNAME" != "mob" -a -d "$reporoot/$proj/mob" ] &&
 								can_user_push "$projbare" mob; then
-			(umask 113; > "/etc/sshactive/$LOGNAME")
+			(
+				umask 113
+				> "/etc/sshactive/${LOGNAME},"
+				mv -f "/etc/sshactive/${LOGNAME}," "/etc/sshactive/${LOGNAME}"
+			)
 			exec git-shell -c "git-receive-pack '$reporoot/$proj/mob'"
 			exit 1
 		fi
@@ -161,7 +165,11 @@ if ! [ -x /usr/bin/perl ] && [ "$type" = 'receive-pack' ]; then
 		echo "You may adjust push permissions at $webadmurl/editproj.cgi?name=$proj" >&2
 		exit 3
 	fi
-	(umask 113; > "/etc/sshactive/$LOGNAME")
+	(
+		umask 113
+		> "/etc/sshactive/${LOGNAME},"
+		mv -f "/etc/sshactive/${LOGNAME}," "/etc/sshactive/${LOGNAME}"
+	)
 fi
 
 exec git-shell -c "git-$type '$dir'"
diff --git a/jailsetup.sh b/jailsetup.sh
index b77e03a..cceaa86 100755
--- a/jailsetup.sh
+++ b/jailsetup.sh
@@ -133,6 +133,9 @@ chmod go-w etc/passwd etc/girocco etc/girocco/.gitconfig ||
 chmod -R g+w etc/sshkeys etc/sshcerts etc/sshactive 2>/dev/null ||
 	echo "WARNING: Cannot chmod g+w the sshkeys, sshcerts and/or sshactive files"
 
+# Note time of last install
+> etc/sshactive/_install
+
 [ -z "$dbonly" ] || exit 0
 
 # Make sure the system type is supported for chroot
@@ -276,6 +279,9 @@ for i in git git-index-pack git-receive-pack git-shell git-update-server-info gi
 	pull_in_bin "$git_exec_path/$i" bin git
 done
 
+# Note time of last jailsetup
+> etc/sshactive/_jailsetup
+
 # Update permissions on the database files
 chown $cfg_cgi_user:$cfg_owning_group etc/passwd etc/group
 chown -R $cfg_cgi_user:$cfg_owning_group etc/sshkeys etc/sshcerts etc/sshactive
-- 
2.11.4.GIT