thomas/docker-sshd
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

Merge pull request #4 from Hermsi1337/maint/rebase-entrypoint-bash

Browse Source 
Maint/rebase entrypoint bash
This commit is contained in:
Dennis Hermsmeier 2019-06-19 22:24:07 +02:00 committed by GitHub
commit cfabbd0a68
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 23 additions and 21 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
.travis.yml
View File

@ -7,6 +7,7 @@ addons:
packages: packages:
- docker-ce - docker-ce
- w3m - w3m
- shellcheck
env: env:
global: global:
@ -19,6 +20,7 @@ before_script:
- export OPENSSH_VERSION="$(w3m -dump "https://pkgs.alpinelinux.org/packages?name=openssh&branch=v${ALPINE_VERSION}" | grep -m 1 "x86" | awk '{print $2}')" - export OPENSSH_VERSION="$(w3m -dump "https://pkgs.alpinelinux.org/packages?name=openssh&branch=v${ALPINE_VERSION}" | grep -m 1 "x86" | awk '{print $2}')"
script: | script: |
for i in *.sh ; do shellcheck $i ; done && \
docker build \ docker build \
--no-cache \ --no-cache \
--pull \ --pull \

42
entrypoint.sh
View File

@ -1,9 +1,9 @@
#!/usr/bin/env sh #!/usr/bin/env bash
set -e set -e
# enable debug mode if desired # enable debug mode if desired
if [ "${DEBUG}" = "true" ]; then if [[ "${DEBUG}" == "true" ]]; then
set -x set -x
fi fi
@ -16,13 +16,13 @@ log() {
RED='\033[1;31m' RED='\033[1;31m'
NO_COLOR='\033[0m' NO_COLOR='\033[0m'
if [ "${LEVEL}" = "warning" ]; then if [[ "${LEVEL}" == "warning" ]]; then
LOG_LEVEL="${YELLOW}WARN${NO_COLOR}" LOG_LEVEL="${YELLOW}WARN${NO_COLOR}"
elif [ "${LEVEL}" = "error" ]; then elif [[ "${LEVEL}" == "error" ]]; then
LOG_LEVEL="${RED}ERROR${NO_COLOR}" LOG_LEVEL="${RED}ERROR${NO_COLOR}"
else else
LOG_LEVEL="${WHITE}INFO${NO_COLOR}" LOG_LEVEL="${WHITE}INFO${NO_COLOR}"
if [ -z "${TO_LOG}" ]; then if [[ -z "${TO_LOG}" ]]; then
TO_LOG="${1}" TO_LOG="${1}"
fi fi
fi fi
@ -45,15 +45,15 @@ generate_passwd() {
} }
# ensure backward comaptibility for earlier versions of this image # ensure backward comaptibility for earlier versions of this image
if [ -n "${KEYPAIR_LOGIN}" ] && [ "${KEYPAIR_LOGIN}" = "true" ]; then if [[ -n "${KEYPAIR_LOGIN}" ]] && [[ "${KEYPAIR_LOGIN}" == "true" ]]; then
ROOT_KEYPAIR_LOGIN_ENABLED="${KEYPAIR_LOGIN}" ROOT_KEYPAIR_LOGIN_ENABLED="${KEYPAIR_LOGIN}"
fi fi
if [ -n "${ROOT_PASSWORD}" ]; then if [[ -n "${ROOT_PASSWORD}" ]]; then
ROOT_LOGIN_UNLOCKED="true" ROOT_LOGIN_UNLOCKED="true"
fi fi
# enable root login if keypair login is enabled # enable root login if keypair login is enabled
if [ "${ROOT_KEYPAIR_LOGIN_ENABLED}" = "true" ]; then if [[ "${ROOT_KEYPAIR_LOGIN_ENABLED}" == "true" ]]; then
ROOT_LOGIN_UNLOCKED="true" ROOT_LOGIN_UNLOCKED="true"
fi fi
@ -68,20 +68,20 @@ ssh-keygen -A 1>/dev/null
log "Applying configuration for 'root' user ..." log "Applying configuration for 'root' user ..."
if [ "${ROOT_LOGIN_UNLOCKED}" = "true" ] ; then if [[ "${ROOT_LOGIN_UNLOCKED}" == "true" ]] ; then
# generate random root password # generate random root password
if [ -z "${ROOT_PASSWORD}" ]; then if [[ -z "${ROOT_PASSWORD}" ]]; then
log " generating random password for user 'root'" log " generating random password for user 'root'"
ROOT_PASSWORD="$(generate_passwd)" ROOT_PASSWORD="$(generate_passwd)"
fi fi
echo "root:${ROOT_PASSWORD}" | chpasswd >/dev/null 2>&1 echo "root:${ROOT_PASSWORD}" | chpasswd &>/dev/null
log " password for user 'root' set" log " password for user 'root' set"
log "warning" " user 'root' is now UNLOCKED" log "warning" " user 'root' is now UNLOCKED"
# set root login mode by password or keypair # set root login mode by password or keypair
if [ "${ROOT_KEYPAIR_LOGIN_ENABLED}" = "true" ] && [ -f "${HOME}/.ssh/authorized_keys" ] ; then if [[ "${ROOT_KEYPAIR_LOGIN_ENABLED}" == "true" ]] && [[ -f "${HOME}/.ssh/authorized_keys" ]]; then
sed -i "s/#PermitRootLogin.*/PermitRootLogin without-password/" /etc/ssh/sshd_config sed -i "s/#PermitRootLogin.*/PermitRootLogin without-password/" /etc/ssh/sshd_config
sed -i "s/#PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config sed -i "s/#PasswordAuthentication.*/PasswordAuthentication no/" /etc/ssh/sshd_config
ensure_mod "${HOME}/.ssh/authorized_keys" "0600" "root" "root" ensure_mod "${HOME}/.ssh/authorized_keys" "0600" "root" "root"
@ -99,11 +99,11 @@ else
fi fi
printf "\n" "" printf "\n"
log "Applying configuration for additional users ..." log "Applying configuration for additional users ..."
if [ ! -x "${USER_LOGIN_SHELL}" ]; then if [[ ! -x "${USER_LOGIN_SHELL}" ]]; then
log "error" " can not allocate desired shell '${USER_LOGIN_SHELL}', falling back to '${USER_LOGIN_SHELL_FALLBACK}' ..." log "error" " can not allocate desired shell '${USER_LOGIN_SHELL}', falling back to '${USER_LOGIN_SHELL_FALLBACK}' ..."
USER_LOGIN_SHELL="${USER_LOGIN_SHELL_FALLBACK}" USER_LOGIN_SHELL="${USER_LOGIN_SHELL_FALLBACK}"
fi fi
@ -111,7 +111,7 @@ fi
log " desired shell is ${USER_LOGIN_SHELL}" log " desired shell is ${USER_LOGIN_SHELL}"
if [ -n "${SSH_USERS}" ]; then if [[ -n "${SSH_USERS}" ]]; then
IFS="," IFS=","
for USER in ${SSH_USERS}; do for USER in ${SSH_USERS}; do
@ -122,14 +122,14 @@ if [ -n "${SSH_USERS}" ]; then
USER_UID="$(echo "${USER}" | cut -d ':' -f 2)" USER_UID="$(echo "${USER}" | cut -d ':' -f 2)"
USER_GID="$(echo "${USER}" | cut -d ':' -f 3)" USER_GID="$(echo "${USER}" | cut -d ':' -f 3)"
if [ -z "${USER_NAME}" ] || [ -z "${USER_UID}" ] || [ -z "${USER_GID}" ]; then if [[ -z "${USER_NAME}" ]] || [[ -z "${USER_UID}" ]] || [[ -z "${USER_GID}" ]]; then
log "error" " skipping invalid data '${USER_NAME}' - UID: '${USER_UID}' GID: '${USER_GID}'" log "error" " skipping invalid data '${USER_NAME}' - UID: '${USER_UID}' GID: '${USER_GID}'"
continue continue
fi fi
getent group "${USER_GID}" >/dev/null 2>&1 || addgroup -g "${USER_GID}" "${USER_NAME}" getent group "${USER_GID}" &>/dev/null || addgroup -g "${USER_GID}" "${USER_NAME}"
getent passwd "${USER_NAME}" >/dev/null 2>&1 || adduser -s "${USER_LOGIN_SHELL}" -D -u "${USER_UID}" -G "${USER_NAME}" "${USER_NAME}" getent passwd "${USER_NAME}" &>/dev/null || adduser -s "${USER_LOGIN_SHELL}" -D -u "${USER_UID}" -G "${USER_NAME}" "${USER_NAME}"
passwd -u "${USER_NAME}" >/dev/null 2>&1 passwd -u "${USER_NAME}" &>/dev/null
mkdir -p "/home/${USER_NAME}/.ssh" mkdir -p "/home/${USER_NAME}/.ssh"
log " user '${USER_NAME}' created - UID: '${USER_UID}' GID: '${USER_GID}'" log " user '${USER_NAME}' created - UID: '${USER_UID}' GID: '${USER_GID}'"
@ -137,7 +137,7 @@ if [ -n "${SSH_USERS}" ]; then
MOUNTED_AUTHORIZED_KEYS="${AUTHORIZED_KEYS_VOLUME}/${USER_NAME}" MOUNTED_AUTHORIZED_KEYS="${AUTHORIZED_KEYS_VOLUME}/${USER_NAME}"
LOCAL_AUTHORIZED_KEYS="/home/${USER_NAME}/.ssh/authorized_keys" LOCAL_AUTHORIZED_KEYS="/home/${USER_NAME}/.ssh/authorized_keys"
if [ ! -e "${MOUNTED_AUTHORIZED_KEYS}" ]; then if [[ ! -e "${MOUNTED_AUTHORIZED_KEYS}" ]]; then
log "warning" " no SSH authorized_keys found for user '${USER_NAME}'" log "warning" " no SSH authorized_keys found for user '${USER_NAME}'"
else else
cp "${MOUNTED_AUTHORIZED_KEYS}" "${LOCAL_AUTHORIZED_KEYS}" cp "${MOUNTED_AUTHORIZED_KEYS}" "${LOCAL_AUTHORIZED_KEYS}"
@ -146,7 +146,7 @@ if [ -n "${SSH_USERS}" ]; then
log " set mod 0600 on ${LOCAL_AUTHORIZED_KEYS}" log " set mod 0600 on ${LOCAL_AUTHORIZED_KEYS}"
fi fi
printf "\n" "" printf "\n"
done done
unset IFS unset IFS