X-Git-Url: https://iankelling.org/git/?p=distro-setup;a=blobdiff_plain;f=rootsshsync;h=668f8a3d7ed931ea2a65130c050b9c7e9326ca66;hp=ab904e32223ceded8b2537f342c9017aa6b84876;hb=79b274fcd8bfa556133ab13270e84b40aebe8468;hpb=b31f99aa53d9bd0ef98d35c4468b34ce99ec900f

diff --git a/rootsshsync b/rootsshsync
index ab904e3..668f8a3 100755
--- a/rootsshsync
+++ b/rootsshsync
@@ -1,10 +1,56 @@
-#!/bin/bash -l
+#!/bin/bash
 # Copyright (C) 2016 Ian Kelling
-# This program is under GPL v. 3 or later, see <http://www.gnu.org/licenses/>
-if s test -e /q/root/.ssh; then
-    s lnf /q/root/.ssh /root
-else
-    mkdir /root/.ssh
-fi
-s cp -rL $(eval echo ~${SUDO_USER:-$USER})/.ssh/* /root/.ssh
-s chown -R root:root /root/.ssh
+
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+
+#     http://www.apache.org/licenses/LICENSE-2.0
+
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -eE -o pipefail
+trap 'echo "$0:$LINENO:error: \"$BASH_COMMAND\" returned $?" >&2' ERR
+
+[[ $EUID == 0 ]] || exec sudo -E "${BASH_SOURCE[0]}" "$@"
+
+dest=/root/.ssh
+
+# leftover
+if [[ -L $dest ]]; then
+  rm $dest
+fi
+mkdir -p $dest
+chmod 700 $dest
+
+user=$(id -un)
+if [[ $SUDO_USER ]]; then
+  user=$SUDO_USER
+fi
+
+user_ssh_dir=$(eval echo ~$user)/.ssh
+if [[ ! -s $user_ssh_dir/authorized_keys ]]; then
+  echo missing $user_ssh_dir/authorized_keys. bad sign. bailing >&2
+  exit 1
+fi
+
+# remove broken links, or else rsync has error about them.
+find $user_ssh_dir -xtype l -exec rm '{}' \;
+# -t times, so it won't rewrite the file every time,
+# -L resolve links
+rsync -rtL --delete $user_ssh_dir/ $dest
+chown -R root:root /root/.ssh
+
+
+d=/etc/initramfs-tools
+if [[ -e $d ]] && ! diff -q /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys &>/dev/null; then
+  mkdir -p $d/root/.ssh /etc/dropbear-initramfs
+  chmod 700 $d/root $d/root/.ssh
+  cp -p /root/.ssh/authorized_keys $d/root/.ssh/authorized_keys
+  cp -p /root/.ssh/authorized_keys /etc/dropbear-initramfs
+  update-initramfs -u -k all
+fi