Not a member of Pastebin yet?
Sign Up,
it unlocks many cool features!
- #!/bin/bash
- # fb v0.9 last mod 2018/10/09
- # Ryan Sawhill Aroha <rsaw@redhat.com>
- # Latest version at <https://gitlab.cee.redhat.com/rsawhill/fb/blob/master/fb>
- #
- # This program is free software: you can redistribute it and/or modify
- # it under the terms of the GNU General Public License as published by
- # the Free Software Foundation, either version 3 of the License, or
- # (at your option) any later version.
- #
- # This program is distributed in the hope that it will be useful,
- # but WITHOUT ANY WARRANTY; without even the implied warranty of
- # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- # General Public License <gnu.org/licenses/gpl.html> for more details.
- #-------------------------------------------------------------------------------
- #
- # Steps to use:
- # 1. Install lftp
- # 2. Import Red Hat's internal CA certs
- # cd /etc/pki/ca-trust/source/anchors
- # sudo curl -kO https://password.corp.redhat.com/RH-IT-Root-CA.crt
- # sudo update-ca-trust extract
- # 2. Save this script somewhere in your PATH (name it whatever you want)
- # 3. Make it executable
- # 4. Execute it with -h/--help to see usage
- #
- # On first run, lftp will prompt for username & password
- # Unless you use -p, user/pass will be saved to lftp's per-user bookmark db
- # under ~/.local/share/lftp/bookmarks or ~/.lftp/bookmarks
- #
- # Edit this if you want to change the default site to connect to
- # (Can also be changed at runtime with -s option)
- ftpSite="flopbox.corp.redhat.com"
- #
- #-------------------------------------------------------------------------------
- # Version info from line 2
- version=$(sed '2q;d' "${0}")
- # Current working dir
- cwd=$(basename "$(pwd)")
- # App name based on filename
- app=$(basename "${0}")
- # Short name based on 1st part (domain) of ftpSite
- ftpBkmk="${ftpSite%%.*}"
- # No need to modify these lftp settings unless you want to ...
- lftpCfg="set ftp:ssl-auth TLS; set ftp:ssl-force yes;"
- # This is the command name that lftp's ls command pipes to for pretty-printing sizes
- # Rename at will, if you want to
- ls_parser=_fb_parse_ls.awk
- # Without this, any globbing metachars passed might get interpreted by bash
- set -o noglob
- # Usage statement
- usage="Usage: ${app} [OPTIONS] [FILEGLOB]...
- Use TLS-secured FTP to download all files from ${ftpBkmk} matching FILEGLOB
- FILEGLOB can be an exact filename, e.g.: 'logs-12345.tar.gz'
- FILEGLOB can be a partial filename (case num?) using asterisks, e.g.: '*12345*'
- (Make sure to quote FILEGLOB if asterisks could cause shell expansion)
- If no FILEGLOB is specified and CWD is a number, it will be used ('*${cwd}*')
- Options:
- -c Continue downloads (e.g., after interruption)
- -f Allow downloads to replace existing files (clobber)
- -l Only list matching files and exit
- -n Don't exit after listing or downloading (stay in interactive shell)
- -i Open interactive shell, ignoring CWD and disallowing FILEGLOB
- -p Disable auto-saving password to lftp bookmarks
- -s SITE Specify ftp server to connect to
- (defaults to ${ftpSite})
- -b BKMRK Specify ftp server to connect to via bookmark
- previous SITEs will be auto-bookmarked using 1st subdomain, e.g.:
- for dev.example.com, BKMRK would be 'dev'
- -k Disable lftp cert-validation via 'ssl:verify-certificate no'
- Version info: ${version:2}
- Ping rsaw@redhat.com with questions or suggestions
- "
- show_help() {
- printf "${usage}"
- exit ${1}
- }
- write_ls_parser() {
- command -v ${ls_parser} >/dev/null && return
- mkdir ~/bin 2>/dev/null
- cat > ~/bin/${ls_parser} <<-\EOF
- #!/bin/awk -f
- {
- if ($5 < 1022976)
- # If size is less than 999 KiB, print in K
- printf "%8.2f KiB", $5/1024
- else if ($5 < 1047527424)
- # If size is less than 999 MiB, print in M
- printf "%8.2f MiB", $5/1024/1024
- else
- # If size is bigger than 999 MiB, print in G
- printf "%8.2f GiB", $5/1024/1024/1024
- printf "\t%s\n", $9
- }
- EOF
- chmod +x ~/bin/${ls_parser}
- }
- parse_positional_params() {
- mgetOptions= listOnly= skipDownload= noSavePass= manualSite= manualBkmark= noCheckCert=
- exitCmd="exit"
- until [[ ${1} == -- ]]; do
- case "${1}" in
- -h|--help)
- show_help
- ;;
- -c)
- mgetOptions+="-c "
- ;;
- -f)
- lftpCfg+="set xfer:clobber yes;"
- ;;
- -l)
- listOnly=1
- ;;
- -n)
- if [[ -z ${exitCmd} ]]; then
- printf "${app}: mutually-exclusive options specified -- 'i' and 'n'\n\n" >&2
- show_help 2
- fi
- exitCmd=
- ;;
- -i)
- if [[ -z ${exitCmd} ]]; then
- printf "${app}: mutually-exclusive options specified -- 'i' and 'n'\n\n" >&2
- show_help 2
- fi
- exitCmd=
- skipDownload=1
- ;;
- -p)
- noSavePass=1
- ;;
- -s)
- if [[ -n ${manualBkmark} ]]; then
- printf "${app}: mutually-exclusive options specified -- 's' and 'b'\n\n" >&2
- show_help 2
- fi
- manualSite=1
- ftpSite="${2}"
- ftpBkmk="${2%%.*}"
- shift
- ;;
- -b)
- if [[ -n ${manualSite} ]]; then
- printf "${app}: mutually-exclusive options specified -- 's' and 'b'\n\n" >&2
- show_help 2
- fi
- manualBkmark=1
- ftpBkmk="${2}"
- shift
- ;;
- -k)
- lftpCfg+="set ssl:verify-certificate no;"
- noCheckCert=1
- ;;
- esac
- shift
- done
- shift
- cmdlineArgs="${@}"
- }
- # getopt options
- shortOpts="hcflnips:b:k"
- longOpts="help"
- # Check for bad options
- getopt -Q --name=${app} -o ${shortOpts} -l ${longOpts} -- "${@}" || show_help
- # Parse options proper-like and set variables appropriately
- parse_positional_params $(getopt -u --name=${app} -o ${shortOpts} -l ${longOpts} -- "${@}")
- # Check for lftp
- if ! command -v lftp >/dev/null; then
- printf "${app}: missing required command: lftp\nInstall it and try again\n" >&2
- exit 4
- fi
- # Enable auto-saving of passwords unless no-save-passwd option specified
- [[ -z ${noSavePass} ]] && lftpCfg+="set bmk:save-passwords yes;"
- # Enable cert-validation unless explicitly told not to
- [[ -z ${noCheckCert} ]] && lftpCfg+="set ssl:verify-certificate yes;"
- # Make it possible for modern fedora (28+) to work on flopbox
- [[ ${ftpSite} == flopbox.corp.redhat.com ]] && lftpCfg+="set ssl:priority NORMAL:+3DES-CBC;"
- # Check arguments
- if [[ -z ${skipDownload} && -z ${cmdlineArgs} ]]; then
- # No args passed, check to see if CWD is a simple number
- if ! [[ ${cwd} =~ ^[0-9]+$ ]]; then
- printf "${app}: no arguments seen and current directory is not a valid case number\n\n" >&2
- show_help 1
- fi
- # CWD is simple number (presumably a case number), turn it into a glob
- cwd="*${cwd}*"
- elif [[ -n ${skipDownload} && -n ${cmdlineArgs} ]]; then
- # Interactive (-i) was used but FILEGLOB was also passed
- printf "${app}: option '-i' precludes specifying FILEGLOB\n\n" >&2
- show_help 2
- else
- # Some args were passed, ignore CWD
- cwd=
- fi
- if [[ -n ${skipDownload} ]]; then
- # If entering interactive shell, nullify files & mget cmd
- files= mgetCmd=
- else
- # Otherwise, make sure we have the pretty-printing ls parser
- write_ls_parser
- # Populate mget command with options and files (pulling from CWD or args)
- files="${cwd}${cmdlineArgs}"
- printf "Will attempt to match input arg(s):\n ${files// /\\n }\n\n"
- mgetCmd="echo; echo Finding matching files ...;"
- mgetCmd+="$(for f in ${files}; do printf "ls ${f} | ${ls_parser};"; done);"
- if [[ -z ${listOnly} ]]; then
- mgetCmd+="echo; echo Downloading ...;"
- mgetCmd+="mget ${mgetOptions} ${files};"
- fi
- fi
- # Give an idea of what's about to happpen
- printf "Initiating TLS-encrypted connection to ${ftpBkmk} ...\n"
- # Default location of lftp bookmarks file for modern lftp
- lftpBookmarks=~/.local/share/lftp/bookmarks
- # Older non-default location of lftp bookmarks file
- [[ -r ${lftpBookmarks} ]] || lftpBookmarks=~/.lftp/bookmarks
- if [[ -r ${lftpBookmarks} ]] && grep -q "^${ftpBkmk}[[:space:]]\+ftp://" ${lftpBookmarks}; then
- # Have an appropriate bookmark entry, use it to connect (& exit immediately if that fails)
- connectCmd="connect ${ftpBkmk} || exit 53;"
- elif [[ -n ${manualBkmark} ]]; then
- # Manually-specified bookmark isn't there
- printf "${app}: lftp bookmark '${ftpBkmk}' does not exist\n" >&2
- exit 3
- else
- # No existing bookmark available, prompt for username
- read -ep "Username: " username
- # We don't want to save a bookmark unless we're sure login credentials are OK
- # (the cd command is the quickest way I could think to test that)
- connectCmd="connect ${username}@${ftpSite}; cd || exit 53; bookmark add ${ftpBkmk};"
- fi
- lftp -e "${lftpCfg} ${connectCmd} ${mgetCmd} ${exitCmd}"
- if [[ ${?} -eq 53 ]]; then
- cat <<EOF
- ${app} advice on lftp error messages (above):
- Fatal error: Certificate verification: Not trusted
- If you see a 'Certificate verification' error, you need to import the
- appropriate CA certificate into OpenSSL's database. For Red Hat IT
- services like flopbox, just paste the following into a root terminal:
- cd /etc/pki/ca-trust/source/anchors
- curl -kO https://password.corp.redhat.com/RH-IT-Root-CA.crt
- update-ca-trust extract
- If that doesn't help, you can disable lftp's cert-validation by
- running ${app} with the '-k' option.
- Login failed: 530 Login incorrect.
- If you see a '530 Login incorrect' error, you need to try typing your
- username and password again. If ${app} isn't giving you a chance to
- do that, you need to either clear the lftp bookmarks file completely
- or remove a specific line from it.
- So either run:
- rm ${lftpBookmarks}
- Or if you've added your own custom bookmarks, you'll need to run:
- vi ${lftpBookmarks}
- EOF
- fi >&2
Add Comment
Please, Sign In to add comment