summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorTobias Schramm <tobleminer@gmail.com>2018-08-24 17:13:28 +0200
committerTobias Schramm <tobleminer@gmail.com>2018-08-24 17:13:28 +0200
commitfa7bdf1da4ee0c2026fe089d0c9bfcf2f845383d (patch)
tree7d6d323cbe63fd6ef6e064940cb5510e2eee151c
parent1b6eb821747ae6c6151c7d9be2041f9c06f6a78e (diff)
Add ci definition
-rw-r--r--.gitlab-ci.yml23
-rwxr-xr-x.gitlab-ci/check-fastd-keys.sh40
2 files changed, 63 insertions, 0 deletions
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
new file mode 100644
index 0000000..cb81907
--- /dev/null
+++ b/.gitlab-ci.yml
@@ -0,0 +1,23 @@
+gateways:
+ - vpn0
+ - vpn6
+
+stages:
+ - prepare
+ - validate
+ - deploy
+
+prepare:
+ stage: prepare
+ script:
+ - git clone https://gitlab.toppoint.de/ffki/ffki-scripts.git ./gitlab-ci/ffki-scripts
+
+validate:
+ stage: validate
+ script:
+ - ./gitlab-ci/ffki-scripts/check-fastd-keys.sh ..
+
+deploy:
+ stage: deploy
+ script:
+ - ./gitlab-ci/deploy-fastd-keys.sh
diff --git a/.gitlab-ci/check-fastd-keys.sh b/.gitlab-ci/check-fastd-keys.sh
new file mode 100755
index 0000000..97a7163
--- /dev/null
+++ b/.gitlab-ci/check-fastd-keys.sh
@@ -0,0 +1,40 @@
+#!/usr/bin/env bash
+
+set -e -o pipefail
+
+KEYDIR=${1:-.}
+
+error() {
+ ( >&2 echo $@ )
+}
+
+LINE_VALIDATORS=()
+LINE_VALIDATORS+=('key[[:space:]]+"[0-9a-f]{64}";')
+LINE_VALIDATORS+=('remote[[:space:]]+((25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?)\.){3}(25[0-5]|2[0-4][0-9]|[01]?[0-9][0-9]?):[0-9]+;')
+LINE_VALIDATORS+=('remote[[:space:]]+(([0-9a-fA-F]{1,4}:){7,7}[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,7}:|([0-9a-fA-F]{1,4}:){1,6}:[0-9a-fA-F]{1,4}|([0-9a-fA-F]{1,4}:){1,5}(:[0-9a-fA-F]{1,4}){1,2}|([0-9a-fA-F]{1,4}:){1,4}(:[0-9a-fA-F]{1,4}){1,3}|([0-9a-fA-F]{1,4}:){1,3}(:[0-9a-fA-F]{1,4}){1,4}|([0-9a-fA-F]{1,4}:){1,2}(:[0-9a-fA-F]{1,4}){1,5}|[0-9a-fA-F]{1,4}:((:[0-9a-fA-F]{1,4}){1,6})|:((:[0-9a-fA-F]{1,4}){1,7}|:)|fe80:(:[0-9a-fA-F]{0,4}){0,4}%[0-9a-zA-Z]{1,}|::(ffff(:0{1,4}){0,1}:){0,1}((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])|([0-9a-fA-F]{1,4}:){1,4}:((25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9])\.){3,3}(25[0-5]|(2[0-4]|1{0,1}[0-9]){0,1}[0-9]))(:|([[:space:]]+port[[:space:]]+))[0-9]+;')
+LINE_VALIDATORS+=('remote[[:space:]]+((ipv4|ipv6)[[:space:]]+)?"[0-9a-zA-Z.-]+"(:|([[:space:]]+port[[:space:]]+))[0-9]+;')
+
+# Validate fastd key files
+keycount=0
+for file in "$KEYDIR"/*; do
+ sed -E 's/^\s+//g;s/[[:space:]]+$//g;/^[[:space:]]*$/d' "$file" |\
+ while read line; do
+ valid=''
+ # Simple comments are always ok
+ echo "$line" | grep -q '^#.*' && continue
+ for validator in "${LINE_VALIDATORS[@]}"; do
+ echo "$line" | egrep -q "^${validator}([[:space:]]*#.*)?$" && {
+ valid=yes
+ break;
+ }
+ done
+ if [ "$valid" != yes ]; then
+ error "Key file '$file' is invalid"
+ error "Offending line: '$line'"
+ exit 1
+ fi
+ done
+ keycount=$((keycount + 1))
+done
+
+echo "OK. $keycount keyfiles"