From ab585d70c9b82694425fc2b98410a2eb9616add3 Mon Sep 17 00:00:00 2001
From: Julien Escario <julien.escario@altinea.fr>
Date: Tue, 21 Apr 2020 23:49:58 +0200
Subject: [PATCH] Multiple tests and variables added to SSH deploy script

---
 ssh/install_altinea_pubkey.sh | 29 ++++++++++++++++++++++++++---
 1 file changed, 26 insertions(+), 3 deletions(-)
 mode change 100644 => 100755 ssh/install_altinea_pubkey.sh

diff --git a/ssh/install_altinea_pubkey.sh b/ssh/install_altinea_pubkey.sh
old mode 100644
new mode 100755
index 2dff2d6..2279a07
--- a/ssh/install_altinea_pubkey.sh
+++ b/ssh/install_altinea_pubkey.sh
@@ -1,5 +1,19 @@
 #!/bin/bash
 
+FINGERPRINT="2048 SHA256:pBz+GiWLvh9uccTB50HTQOCXhD9FZPFin/tfGKAZApQ"
+KEYURL="https://gitlab.altinea.fr/julien.escario/install-scripts/raw/branch/master/ssh/altinea.key"
+
+if [ -x "$(which curl)" ] ; then
+	COMMAND="curl $KEYURL"
+	echo "Found curl, using it"
+elif [ -x "$(which wget)" ]; then
+	COMMAND="wget -q -O - $KEYURL"
+	echo "Found wget, fallback to that"
+else
+	echo "Could not find curl or wget, please install one." >&2
+	exit 3;
+fi
+
 if [[ ! -d ~/.ssh ]];
 then
 	mkdir ~/.ssh
@@ -8,10 +22,19 @@ fi
 
 if [[ -w ~/.ssh/authorized_keys2 ]]
 then
-	wget --no-check-certificate -q -O - https://wiki.altinea.fr/lib/exe/fetch.php/public:altinea.key >> ~/.ssh/authorized_keys2
+	echo "It seems you're still relying on authorized_keys2, this is (almost) deprecated."
+	exit 1;
 else
 	touch ~/.ssh/authorized_keys
-	wget --no-check-certificate -q -O - https://wiki.altinea.fr/lib/exe/fetch.php/public:altinea.key >> ~/.ssh/authorized_keys
+	if [ $(grep -c "$FINGERPRINT" <(ssh-keygen -E sha256 -lf ~/.ssh/authorized_keys 2>/dev/null)) -eq 1 ]
+	then
+		echo "Altinea CA fingerprint found in authorized_keys file, not adding"
+		exit 2;
+	else
+		$COMMAND >> ~/.ssh/authorized_keys
+		echo "Altinea CA SSH key deployed on this account"
+		exit 0;
+	fi
 fi
 
-echo "Clé SSH Altinea installée"
+exit 99;
\ No newline at end of file