community-scripts/ProxmoxVED
5
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Update build.func

Browse Source
This commit is contained in:
CanbiZ 2025-09-04 14:19:40 +02:00
parent ae770c38ea
commit 399b5d9705
1 changed files with 82 additions and 32 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

114
misc/build.func
View File

@ -282,25 +282,53 @@ exit_script() {
} }
find_host_ssh_keys() { find_host_ssh_keys() {
local glob="${var_ssh_import_glob:-/root/.ssh/*}" local glob_override="${var_ssh_import_glob:-}"
local files=() local -a candidates=()
local f
local total=0
local keyre='^(ssh-(rsa|ed25519|ecdsa)|sk-(ssh-ed25519|ecdsa-sha2-nistp256))\s+'
shopt -s nullglob if [[ -n "$glob_override" ]]; then
for f in $glob; do shopt -s nullglob
# skip directories / unreadable candidates+=($glob_override)
shopt -u nullglob
else
shopt -s nullglob
candidates+=(/root/.ssh/authorized_keys /root/.ssh/authorized_keys2)
candidates+=(/root/.ssh/*.pub)
candidates+=(/etc/ssh/authorized_keys /etc/ssh/authorized_keys.d/*)
shopt -u nullglob
fi
local -A seen=()
local files=()
local total=0
local f
for f in "${candidates[@]}"; do
[[ -f "$f" && -r "$f" ]] || continue [[ -f "$f" && -r "$f" ]] || continue
# count lines that look like authorized_keys entries
case "$(basename "$f")" in
known_hosts | known_hosts.* | config) continue ;;
id_*) [[ "$f" != *.pub ]] && continue ;;
esac
local c local c
c=$(awk -v RS='\r?\n' '$0 ~ /^#/ {next} $0 ~ /'"$keyre"'/ {cnt++} END{print cnt+0}' "$f") c=$(tr -d '\r' <"$f" | awk '
if [[ "${c:-0}" -gt 0 ]]; then /^[[:space:]]*#/ {next}
files+=("$f") /^[[:space:]]*$/ {next}
total=$((total + c)) # Startet mit Key-Typ
/^(ssh-(rsa|ed25519)|ecdsa-sha2-nistp256|sk-(ssh-ed25519|ecdsa-sha2-nistp256))[[:space:]]+/ {cnt++; next}
# Oder startet mit authorized_keys-Optionen und enthält später einen Key
/^(command=|environment=|from=|no-agent-forwarding|no-port-forwarding|no-pty|no-user-rc|no-X11-forwarding|permitopen=|principals=|tunnel=)/ \
&& /(ssh-(rsa|ed25519)|ecdsa-sha2-nistp256|sk-(ssh-ed25519|ecdsa-sha2-nistp256))/ {cnt++}
END {print cnt+0}
')
if ((c > 0)); then
[[ -n "${seen[$f]:-}" ]] || {
files+=("$f")
seen[$f]=1
total=$((total + c))
}
fi fi
done done
shopt -u nullglob
FOUND_HOST_KEY_COUNT="$total" FOUND_HOST_KEY_COUNT="$total"
( (
@ -1425,30 +1453,40 @@ check_container_storage() {
install_ssh_keys_into_ct() { install_ssh_keys_into_ct() {
[[ "$SSH" != "yes" ]] && return 0 [[ "$SSH" != "yes" ]] && return 0
local tmp="$(mktemp)" any=0 local tmp
local keyre='^(ssh-(rsa|ed25519|ecdsa)|sk-(ssh-ed25519|ecdsa-sha2-nistp256))[[:space:]]+' tmp="$(mktemp)" || return 1
local any=0
case "$SSH_SOURCE" in if [[ "$SSH_SOURCE" == "host" || "$SSH_SOURCE" == "both" ]]; then
host | both)
if [[ -n "${SSH_IMPORT_FILES:-}" ]]; then if [[ -n "${SSH_IMPORT_FILES:-}" ]]; then
IFS=: read -r -a _files <<<"$SSH_IMPORT_FILES" IFS=: read -r -a _files <<<"$SSH_IMPORT_FILES"
for f in "${_files[@]}"; do for f in "${_files[@]}"; do
[[ -r "$f" ]] || continue [[ -r "$f" ]] || continue
awk '$0 !~ /^#/ && $0 ~ /'"$keyre"'/ {print $0}' "$f" >>"$tmp" tr -d '\r' <"$f" | awk '
/^[[:space:]]*#/ {next}
/^[[:space:]]*$/ {next}
# reine Keyzeile
/^(ssh-(rsa|ed25519)|ecdsa-sha2-nistp256|sk-(ssh-ed25519|ecdsa-sha2-nistp256))[[:space:]]+/ {print; next}
# authorized_keys mit Optionen
/^(command=|environment=|from=|no-agent-forwarding|no-port-forwarding|no-pty|no-user-rc|no-X11-forwarding|permitopen=|principals=|tunnel=)/ \
&& /(ssh-(rsa|ed25519)|ecdsa-sha2-nistp256|sk-(ssh-ed25519|ecdsa-sha2-nistp256))/ {print}
' >>"$tmp"
any=1 any=1
done done
fi fi
;; fi
esac
case "$SSH_SOURCE" in if [[ "$SSH_SOURCE" == "manual" || "$SSH_SOURCE" == "both" ]]; then
manual | both)
if [[ -n "${SSH_AUTHORIZED_KEY:-}" ]]; then if [[ -n "${SSH_AUTHORIZED_KEY:-}" ]]; then
echo "${SSH_AUTHORIZED_KEY}" | awk '$0 !~ /^#/ && $0 ~ /'"$keyre"'/ {print $0}' >>"$tmp" printf '%s\n' "$SSH_AUTHORIZED_KEY" | tr -d '\r' | awk '
/^[[:space:]]*#/ {next}
/^[[:space:]]*$/ {next}
/^(ssh-(rsa|ed25519)|ecdsa-sha2-nistp256|sk-(ssh-ed25519|ecdsa-sha2-nistp256))[[:space:]]+/ {print; next}
/^(command=|environment=|from=|no-agent-forwarding|no-port-forwarding|no-pty|no-user-rc|no-X11-forwarding|permitopen=|principals=|tunnel=)/ \
&& /(ssh-(rsa|ed25519)|ecdsa-sha2-nistp256|sk-(ssh-ed25519|ecdsa-sha2-nistp256))/ {print}
' >>"$tmp"
any=1 any=1
fi fi
;; fi
esac
if [[ "$any" -eq 0 ]]; then if [[ "$any" -eq 0 ]]; then
rm -f "$tmp" rm -f "$tmp"
@ -1456,14 +1494,26 @@ install_ssh_keys_into_ct() {
return 0 return 0
fi fi
sort -u -o "$tmp" "$tmp" # Dedupe + clean EOF
sort -u "$tmp" -o "$tmp"
printf '\n' >>"$tmp"
msg_info "Installing SSH keys into CT ${CTID}" msg_info "Installing SSH keys into CT ${CTID}"
pct exec "$CTID" -- sh -c 'mkdir -p /root/.ssh && chmod 700 /root/.ssh' pct exec "$CTID" -- sh -c 'mkdir -p /root/.ssh && chmod 700 /root/.ssh' || {
pct push "$CTID" "$tmp" /root/.ssh/authorized_keys >/dev/null 2>&1 || msg_error "prepare /root/.ssh failed"
pct exec "$CTID" -- sh -c "cat > /root/.ssh/authorized_keys" <"$tmp" rm -f "$tmp"
pct exec "$CTID" -- sh -c 'chmod 600 /root/.ssh/authorized_keys' return 1
}
if ! pct push "$CTID" "$tmp" /root/.ssh/authorized_keys >/dev/null 2>&1; then
pct exec "$CTID" -- sh -c "cat > /root/.ssh/authorized_keys" <"$tmp" || {
msg_error "write authorized_keys failed"
rm -f "$tmp"
return 1
}
fi
pct exec "$CTID" -- sh -c 'chmod 600 /root/.ssh/authorized_keys' || true
rm -f "$tmp" rm -f "$tmp"
msg_ok "Installed SSH keys into CT ${CTID}" msg_ok "Installed SSH keys into CT ${CTID}"
} }