From da9b55b6c5efef2adde9591ef4ee60fee8c5f5c9 Mon Sep 17 00:00:00 2001
From: Ansgar Burchardt <ansgar@debian.org>
Date: Sun, 17 Aug 2014 20:22:24 +0200
Subject: [PATCH] cron.daily: Don't allow ssh trigger to run arbitrary SQL

---
 config/debian/cron.daily | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/config/debian/cron.daily b/config/debian/cron.daily
index 7eda5586..85bd99e1 100755
--- a/config/debian/cron.daily
+++ b/config/debian/cron.daily
@@ -36,9 +36,8 @@ mv ${TMPFILE} /srv/ftp-master.debian.org/scripts/masterfiles/wnpp_rm
 
 # Push files over to security
 # The key over there should have the following set for the ssh key:
-#  command="/usr/bin/xzcat | /usr/bin/psql -f - -1 obscurity"
-pg_dump -a -F p -t files | \
-            sed -e "s,^COPY files (,DELETE FROM external_files; COPY external_files (," | \
+#  command="/usr/bin/xzcat | /usr/bin/psql -1 -c 'DELETE FROM external_files; COPY external_files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) FROM STDIN' obscurity"
+psql -c 'COPY files (id, filename, size, md5sum, last_used, sha1sum, sha256sum, created, modified) TO STDOUT' projectb | \
             xz -3 | \
             ssh -o BatchMode=yes -o ConnectTimeout=30 -o SetupTimeout=30 -2 \
                 -i ${base}/s3kr1t/push_external_files dak@security-master.debian.org sync
-- 
2.39.2