diff options
| author | Rob Austein <sra@hactrn.net> | 2016-03-18 19:28:47 +0000 |
|---|---|---|
| committer | Rob Austein <sra@hactrn.net> | 2016-03-18 19:28:47 +0000 |
| commit | 408be29b843a846ac521366adc90d2ee37f95fc4 (patch) | |
| tree | aa4ee4ec7fcfecf4078538ada93d8336c8b2d85e | |
| parent | d2bc08df18e2eb97b409800c447a77d9a676d604 (diff) | |
Switch rsync upload to use daemon mode over ssh, to give server better
control over precisely what this rsync client is allowed to do.
svn path=/branches/tk705/; revision=6313
| -rw-r--r-- | buildtools/rpki-pbuilder.py | 44 |
1 files changed, 23 insertions, 21 deletions
diff --git a/buildtools/rpki-pbuilder.py b/buildtools/rpki-pbuilder.py index 9a9d4b85..6d1b77c9 100644 --- a/buildtools/rpki-pbuilder.py +++ b/buildtools/rpki-pbuilder.py @@ -311,26 +311,28 @@ for r in args.releases: Release.do_all_releases() -# Upload results, maybe. - -# This should change to use the rsync:// over ssh hack so server can provide an rsyncd.conf -# tuning access. See {bob,bikeshed}.cryptech.is configuration. - -srv_path = "{user}@{host}:/usr/local/www/data/{host}/{path}/".format(user = args.apt_user, - host = args.url_host, - path = args.url_path.strip("/")) - -if upload: - logging.info("Synching repository to %s", srv_path) - run("rsync", "-ai4", - "--ignore-existing", - args.apt_tree, srv_path) - run("rsync", "-ai4", - "--exclude", "HEADER.html", - "--exclude", "HEADER.css", - "--delete", "--delete-delay", - args.apt_tree, srv_path) -else: - logging.info("Would have synched repository to %s", srv_path) +# Upload results, maybe. We do this in two stages, to minimize the window +# during which the uploaded repository might be in an inconsistent state. + +def rsync(*flags): + cmd = ["rsync", "--archive", "--itemize-changes", + "--rsh", "ssh -l {}".format(args.apt_user)] + cmd.extend(flags) + cmd.append(args.apt_tree) + cmd.append("rsync://{host}/{path}/".format(host = args.url_host, + path = args.url_path.strip("/"))) + if upload: + logging.info("Synching repository to %s with flags %s", + cmd[-1], " ".join(flags)) + run(*cmd) + else: + logging.info("Would have synched repository to %s with flags %", + cmd[-1], " ".join(flags)) + +rsync("--ignore-existing") + +rsync("--exclude", "HEADER.html", + "--exclude", "HEADER.css", + "--delete", "--delete-delay") logging.info("Done") |