API tools faq
paste
Guest User

Untitled

a guest
Feb 14th, 2019
62
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 10.51 KB | None | 0 0
raw download clone embed print report
  1. #!/bin/bash
  2. # fb v0.9 last mod 2018/10/09
  3. # Ryan Sawhill Aroha <rsaw@redhat.com>
  4. # Latest version at <https://gitlab.cee.redhat.com/rsawhill/fb/blob/master/fb>
  5. #
  6. # This program is free software: you can redistribute it and/or modify
  7. # it under the terms of the GNU General Public License as published by
  8. # the Free Software Foundation, either version 3 of the License, or
  9. # (at your option) any later version.
  10. #
  11. # This program is distributed in the hope that it will be useful,
  12. # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13. # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
  14. # General Public License <gnu.org/licenses/gpl.html> for more details.
  15. #-------------------------------------------------------------------------------
  16. #
  17. # Steps to use:
  18. # 1. Install lftp
  19. # 2. Import Red Hat's internal CA certs
  20. # cd /etc/pki/ca-trust/source/anchors
  21. # sudo curl -kO https://password.corp.redhat.com/RH-IT-Root-CA.crt
  22. # sudo update-ca-trust extract
  23. # 2. Save this script somewhere in your PATH (name it whatever you want)
  24. # 3. Make it executable
  25. # 4. Execute it with -h/--help to see usage
  26. #
  27. # On first run, lftp will prompt for username & password
  28. # Unless you use -p, user/pass will be saved to lftp's per-user bookmark db
  29. # under ~/.local/share/lftp/bookmarks or ~/.lftp/bookmarks
  30. #
  31. # Edit this if you want to change the default site to connect to
  32. # (Can also be changed at runtime with -s option)
  33. ftpSite="flopbox.corp.redhat.com"
  34. #
  35. #-------------------------------------------------------------------------------
  36.  
  37. # Version info from line 2
  38. version=$(sed '2q;d' "${0}")
  39.  
  40. # Current working dir
  41. cwd=$(basename "$(pwd)")
  42.  
  43. # App name based on filename
  44. app=$(basename "${0}")
  45.  
  46. # Short name based on 1st part (domain) of ftpSite
  47. ftpBkmk="${ftpSite%%.*}"
  48.  
  49. # No need to modify these lftp settings unless you want to ...
  50. lftpCfg="set ftp:ssl-auth TLS; set ftp:ssl-force yes;"
  51.  
  52. # This is the command name that lftp's ls command pipes to for pretty-printing sizes
  53. # Rename at will, if you want to
  54. ls_parser=_fb_parse_ls.awk
  55.  
  56. # Without this, any globbing metachars passed might get interpreted by bash
  57. set -o noglob
  58.  
  59. # Usage statement
  60. usage="Usage: ${app} [OPTIONS] [FILEGLOB]...
  61. Use TLS-secured FTP to download all files from ${ftpBkmk} matching FILEGLOB
  62.  
  63. FILEGLOB can be an exact filename, e.g.: 'logs-12345.tar.gz'
  64. FILEGLOB can be a partial filename (case num?) using asterisks, e.g.: '*12345*'
  65. (Make sure to quote FILEGLOB if asterisks could cause shell expansion)
  66. If no FILEGLOB is specified and CWD is a number, it will be used ('*${cwd}*')
  67.  
  68. Options:
  69. -c Continue downloads (e.g., after interruption)
  70. -f Allow downloads to replace existing files (clobber)
  71. -l Only list matching files and exit
  72. -n Don't exit after listing or downloading (stay in interactive shell)
  73. -i Open interactive shell, ignoring CWD and disallowing FILEGLOB
  74. -p Disable auto-saving password to lftp bookmarks
  75. -s SITE Specify ftp server to connect to
  76. (defaults to ${ftpSite})
  77. -b BKMRK Specify ftp server to connect to via bookmark
  78. previous SITEs will be auto-bookmarked using 1st subdomain, e.g.:
  79. for dev.example.com, BKMRK would be 'dev'
  80. -k Disable lftp cert-validation via 'ssl:verify-certificate no'
  81.  
  82. Version info: ${version:2}
  83. Ping rsaw@redhat.com with questions or suggestions
  84. "
  85.  
  86. show_help() {
  87. printf "${usage}"
  88. exit ${1}
  89. }
  90.  
  91. write_ls_parser() {
  92. command -v ${ls_parser} >/dev/null && return
  93. mkdir ~/bin 2>/dev/null
  94. cat > ~/bin/${ls_parser} <<-\EOF
  95. #!/bin/awk -f
  96. {
  97. if ($5 < 1022976)
  98. # If size is less than 999 KiB, print in K
  99. printf "%8.2f KiB", $5/1024
  100. else if ($5 < 1047527424)
  101. # If size is less than 999 MiB, print in M
  102. printf "%8.2f MiB", $5/1024/1024
  103. else
  104. # If size is bigger than 999 MiB, print in G
  105. printf "%8.2f GiB", $5/1024/1024/1024
  106. printf "\t%s\n", $9
  107. }
  108. EOF
  109. chmod +x ~/bin/${ls_parser}
  110. }
  111.  
  112. parse_positional_params() {
  113. mgetOptions= listOnly= skipDownload= noSavePass= manualSite= manualBkmark= noCheckCert=
  114. exitCmd="exit"
  115. until [[ ${1} == -- ]]; do
  116. case "${1}" in
  117. -h|--help)
  118. show_help
  119. ;;
  120. -c)
  121. mgetOptions+="-c "
  122. ;;
  123. -f)
  124. lftpCfg+="set xfer:clobber yes;"
  125. ;;
  126. -l)
  127. listOnly=1
  128. ;;
  129. -n)
  130. if [[ -z ${exitCmd} ]]; then
  131. printf "${app}: mutually-exclusive options specified -- 'i' and 'n'\n\n" >&2
  132. show_help 2
  133. fi
  134. exitCmd=
  135. ;;
  136. -i)
  137. if [[ -z ${exitCmd} ]]; then
  138. printf "${app}: mutually-exclusive options specified -- 'i' and 'n'\n\n" >&2
  139. show_help 2
  140. fi
  141. exitCmd=
  142. skipDownload=1
  143. ;;
  144. -p)
  145. noSavePass=1
  146. ;;
  147. -s)
  148. if [[ -n ${manualBkmark} ]]; then
  149. printf "${app}: mutually-exclusive options specified -- 's' and 'b'\n\n" >&2
  150. show_help 2
  151. fi
  152. manualSite=1
  153. ftpSite="${2}"
  154. ftpBkmk="${2%%.*}"
  155. shift
  156. ;;
  157. -b)
  158. if [[ -n ${manualSite} ]]; then
  159. printf "${app}: mutually-exclusive options specified -- 's' and 'b'\n\n" >&2
  160. show_help 2
  161. fi
  162. manualBkmark=1
  163. ftpBkmk="${2}"
  164. shift
  165. ;;
  166. -k)
  167. lftpCfg+="set ssl:verify-certificate no;"
  168. noCheckCert=1
  169. ;;
  170. esac
  171. shift
  172. done
  173. shift
  174. cmdlineArgs="${@}"
  175. }
  176.  
  177. # getopt options
  178. shortOpts="hcflnips:b:k"
  179. longOpts="help"
  180.  
  181. # Check for bad options
  182. getopt -Q --name=${app} -o ${shortOpts} -l ${longOpts} -- "${@}" || show_help
  183.  
  184. # Parse options proper-like and set variables appropriately
  185. parse_positional_params $(getopt -u --name=${app} -o ${shortOpts} -l ${longOpts} -- "${@}")
  186.  
  187. # Check for lftp
  188. if ! command -v lftp >/dev/null; then
  189. printf "${app}: missing required command: lftp\nInstall it and try again\n" >&2
  190. exit 4
  191. fi
  192.  
  193. # Enable auto-saving of passwords unless no-save-passwd option specified
  194. [[ -z ${noSavePass} ]] && lftpCfg+="set bmk:save-passwords yes;"
  195.  
  196. # Enable cert-validation unless explicitly told not to
  197. [[ -z ${noCheckCert} ]] && lftpCfg+="set ssl:verify-certificate yes;"
  198.  
  199. # Make it possible for modern fedora (28+) to work on flopbox
  200. [[ ${ftpSite} == flopbox.corp.redhat.com ]] && lftpCfg+="set ssl:priority NORMAL:+3DES-CBC;"
  201.  
  202. # Check arguments
  203. if [[ -z ${skipDownload} && -z ${cmdlineArgs} ]]; then
  204. # No args passed, check to see if CWD is a simple number
  205. if ! [[ ${cwd} =~ ^[0-9]+$ ]]; then
  206. printf "${app}: no arguments seen and current directory is not a valid case number\n\n" >&2
  207. show_help 1
  208. fi
  209. # CWD is simple number (presumably a case number), turn it into a glob
  210. cwd="*${cwd}*"
  211. elif [[ -n ${skipDownload} && -n ${cmdlineArgs} ]]; then
  212. # Interactive (-i) was used but FILEGLOB was also passed
  213. printf "${app}: option '-i' precludes specifying FILEGLOB\n\n" >&2
  214. show_help 2
  215. else
  216. # Some args were passed, ignore CWD
  217. cwd=
  218. fi
  219.  
  220. if [[ -n ${skipDownload} ]]; then
  221. # If entering interactive shell, nullify files & mget cmd
  222. files= mgetCmd=
  223. else
  224. # Otherwise, make sure we have the pretty-printing ls parser
  225. write_ls_parser
  226. # Populate mget command with options and files (pulling from CWD or args)
  227. files="${cwd}${cmdlineArgs}"
  228. printf "Will attempt to match input arg(s):\n ${files// /\\n }\n\n"
  229. mgetCmd="echo; echo Finding matching files ...;"
  230. mgetCmd+="$(for f in ${files}; do printf "ls ${f} | ${ls_parser};"; done);"
  231. if [[ -z ${listOnly} ]]; then
  232. mgetCmd+="echo; echo Downloading ...;"
  233. mgetCmd+="mget ${mgetOptions} ${files};"
  234. fi
  235. fi
  236.  
  237. # Give an idea of what's about to happpen
  238. printf "Initiating TLS-encrypted connection to ${ftpBkmk} ...\n"
  239.  
  240. # Default location of lftp bookmarks file for modern lftp
  241. lftpBookmarks=~/.local/share/lftp/bookmarks
  242.  
  243. # Older non-default location of lftp bookmarks file
  244. [[ -r ${lftpBookmarks} ]] || lftpBookmarks=~/.lftp/bookmarks
  245.  
  246. if [[ -r ${lftpBookmarks} ]] && grep -q "^${ftpBkmk}[[:space:]]\+ftp://" ${lftpBookmarks}; then
  247. # Have an appropriate bookmark entry, use it to connect (& exit immediately if that fails)
  248. connectCmd="connect ${ftpBkmk} || exit 53;"
  249. elif [[ -n ${manualBkmark} ]]; then
  250. # Manually-specified bookmark isn't there
  251. printf "${app}: lftp bookmark '${ftpBkmk}' does not exist\n" >&2
  252. exit 3
  253. else
  254. # No existing bookmark available, prompt for username
  255. read -ep "Username: " username
  256. # We don't want to save a bookmark unless we're sure login credentials are OK
  257. # (the cd command is the quickest way I could think to test that)
  258. connectCmd="connect ${username}@${ftpSite}; cd || exit 53; bookmark add ${ftpBkmk};"
  259. fi
  260.  
  261. lftp -e "${lftpCfg} ${connectCmd} ${mgetCmd} ${exitCmd}"
  262.  
  263. if [[ ${?} -eq 53 ]]; then
  264. cat <<EOF
  265.  
  266. ${app} advice on lftp error messages (above):
  267.  
  268. Fatal error: Certificate verification: Not trusted
  269.  
  270. If you see a 'Certificate verification' error, you need to import the
  271. appropriate CA certificate into OpenSSL's database. For Red Hat IT
  272. services like flopbox, just paste the following into a root terminal:
  273.  
  274. cd /etc/pki/ca-trust/source/anchors
  275. curl -kO https://password.corp.redhat.com/RH-IT-Root-CA.crt
  276. update-ca-trust extract
  277.  
  278. If that doesn't help, you can disable lftp's cert-validation by
  279. running ${app} with the '-k' option.
  280.  
  281. Login failed: 530 Login incorrect.
  282.  
  283. If you see a '530 Login incorrect' error, you need to try typing your
  284. username and password again. If ${app} isn't giving you a chance to
  285. do that, you need to either clear the lftp bookmarks file completely
  286. or remove a specific line from it.
  287.  
  288. So either run:
  289.  
  290. rm ${lftpBookmarks}
  291.  
  292. Or if you've added your own custom bookmarks, you'll need to run:
  293.  
  294. vi ${lftpBookmarks}
  295. EOF
  296. fi >&2
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!