From 5d0d13c42acc36aaed4cb5b76d84bb7b86981489 Mon Sep 17 00:00:00 2001 From: Matthijs Abma <4146168+abmaonline@users.noreply.github.com> Date: Sun, 1 Dec 2019 17:58:29 +0100 Subject: [PATCH] Add simple integrity check for authorized_keys file, in case you put something interesting in your BORG_SERVE_ARGS --- data/run.sh | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/data/run.sh b/data/run.sh index 0e360bd..3ffd137 100755 --- a/data/run.sh +++ b/data/run.sh @@ -78,6 +78,13 @@ for keyfile in $(find "${SSH_KEY_DIR}/clients" ! -regex '.*/\..*' -a -type f); d cat ${keyfile} >> ${AUTHORIZED_KEYS_PATH} done +echo " * Validating structure of generated ${AUTHORIZED_KEYS_PATH}..." +ERROR=$(ssh-keygen -lf ${AUTHORIZED_KEYS_PATH} 2>&1 >/dev/null) +if [ $? -ne 0 ]; then + echo "ERROR: ${ERROR}" + exit 1 +fi + chown -R borg:borg ${BORG_DATA_DIR} chown borg:borg ${AUTHORIZED_KEYS_PATH} chmod 600 ${AUTHORIZED_KEYS_PATH}