jobs/fixupcheck.sh

   1 #!/bin/bash
   2 #
   3 # THIS SCRIPT IS BEING RUN UNDER ROOT!!!
   4 #
   5 # [repo.or.cz] You will need to manually update this file if you modify
   6 # it in the repository.
   7
   8 # We want to make sure the push-access projects have the right directories
   9 # in the right groups.
  10
  11 ## For maximum security separation, the fixup script is configured separately
  12 ## and does not reuse Girocco::Config settings.
  13
  14 ## Girocco::Config::reporoot
  15 reporoot="/srv/git"
  16 ## Girocco::Config::chroot
  17 chroot="/home/repo/j"
  18 ## Girocco::Config::mirror_user
  19 mirror_user="repo"
  20 ## Directory with this script and fixup.sh; WARNING: COPY THEM OVER to ~root!
  21 ## Otherwise, the owner of these scripts can execute anything as root.
  22 fixup_dir="/root/repomgr"
  23
  24 # No need to lock.
  25
  26 cd "$reporoot"
  27 cat "$chroot/etc/group" | cut -d : -f 1,3 |
  28         while IFS=: read proj id; do
  29                 [ "$id" -ge 65536 ] || continue
  30                 "$fixup_dir"/fixup.sh "$proj" "$chroot/etc/group" "$mirroruser"
  31         done