From 944bbcdf1c840045b71b06eac99eb9b85bcb1f5b Mon Sep 17 00:00:00 2001 From: Jacob Patterson Date: Tue, 15 Oct 2024 12:51:10 -0400 Subject: [PATCH] Initial commit of script and Dockerfile --- Dockerfile | 14 ++++++++++++ copy.sh | 63 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 77 insertions(+) create mode 100644 Dockerfile create mode 100644 copy.sh diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 0000000..bd3c976 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,14 @@ +FROM alpine:3.20 + +ARG DROPBEAR_VERSION_PREFIX=2024.85 + +RUN apk add --no-cache \ + dropbear-scp=~${DROPBEAR_VERSION_PREFIX} \ + dropbear-dbclient=~${DROPBEAR_VERSION_PREFIX} \ + dropbear-convert=~${DROPBEAR_VERSION_PREFIX} && \ + addgroup -S plugin && \ + adduser -S plugin -G plugin +COPY --chown=root:plugin --chmod=770 copy.sh /bin/plugin_scp +USER plugin + +ENTRYPOINT ["/bin/plugin_scp"] diff --git a/copy.sh b/copy.sh new file mode 100644 index 0000000..4d54d6c --- /dev/null +++ b/copy.sh @@ -0,0 +1,63 @@ +#!/usr/bin/env sh + +fatal() { + echo "[ERROR] $1" + [ -n "$2" ] && exit "$2" || exit 1 +} + +info() { + echo "[INFO] $1" +} + +# dropbear SSH uses a whacky private key format. I can't imagine anyone likes this, so read a normal +# one from the input (which needs to be a string anyways) and let dropbear figure it out +create_key_from_env() { + if [ ! -d "$HOME"/.ssh ]; then + mkdir "$HOME"/.ssh + fi + + echo "${PLUGIN_SSH_PRIVATE_KEY}" >"$HOME"/.ssh/id_rsa + chmod 600 "$HOME"/.ssh/id_rsa + dropbearconvert openssh dropbear "$HOME"/.ssh/id_rsa "$HOME"/.ssh/id_dropbear + chmod 600 "$HOME"/.ssh/id_dropbear +} + +if [ -z "${PLUGIN_REMOTE_USER}" ]; then + fatal "Must specify remote user" 1 +fi + +if [ -z "${PLUGIN_REMOTE_HOST}" ]; then + fatal "Must specify remote host" 2 +fi + +if [ -z "${PLUGIN_REMOTE_PORT}" ]; then + PLUGIN_REMOTE_PORT=22 +fi + +if [ -z "${PLUGIN_REMOTE_PATH}" ]; then + fatal "Must specify remote path" 3 +fi + +if [ -z "$PLUGIN_SSH_PRIVATE_KEY" ]; then + fatal "Must provide private key for authentication" 4 +fi + +if [ -z "$PLUGIN_FILE" ]; then + fatal "Must provide source file for transfer" 5 +fi + +create_key_from_env +scp -o StrictHostKeyChecking=accept-new \ + -P "${PLUGIN_REMOTE_PORT}" \ + -i "$HOME"/.ssh/id_dropbear \ + "${PLUGIN_FILE}" \ + "${PLUGIN_REMOTE_USER}"@"${PLUGIN_REMOTE_HOST}":"${PLUGIN_REMOTE_PATH}" +scp_status=$? + +rm -r "$HOME"/.ssh + +if [ "$scp_status" -ne 0 ]; then + fatal "Transfer failed with exit code $scp_status" $scp_status +fi + +info "Transfer completed"