Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Don't rewrite non-gitea public keys #906

Merged
merged 2 commits into from
Mar 2, 2017

Conversation

lunny
Copy link
Member

@lunny lunny commented Feb 11, 2017

This will fix #424

@lunny lunny added the type/bug label Feb 11, 2017
@lunny lunny added this to the 1.1.0 milestone Feb 11, 2017
if err != nil {
f.Close()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we defer f.Close() instead?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

No. We have to close the file and then rename it from tmp to normal.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

you can still defer f.Close(), it will just not do anything if it's already closed :)

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

So it's no need to use defer f.Close().

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

defer f.Close() is good practice, if I'm not familiar with the code-base I'd assume that it defers it and then we have a bug 🙁

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍 for defer, it's common practice to make sure the file gets always closed.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

That way you can also skip all the f.Close() calls.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

done.

@lunny
Copy link
Member Author

lunny commented Feb 12, 2017

It seems drone down?

@tboerger tboerger added the lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. label Feb 12, 2017
@strk
Copy link
Member

strk commented Feb 12, 2017

If I read the code correctly you're using full path to the gitea binary as the "tag", correct ?
This means if you change the gitea path and rewrite authorized keys you end up with duplicate keys, is that correct ? How does sshd behave in that case ? Is that something we need to handle somehow ? For example logging a warning if a possibly conflicting key is found ?

@travnick
Copy link

I'd like to suggest to add new config option like "KEY_PREFIX_ID".
Then use prefix for keys like "gitea-KEY_PREFIX_ID". Now you are free to move around gitea without issues with duplicated keys.

By default KEY_PREFIX_ID should be an UUID that is generated during installation.

@lunny
Copy link
Member Author

lunny commented Feb 12, 2017

I did not consider to move the place of the Gate binary.

@strk
Copy link
Member

strk commented Feb 12, 2017 via email

@strk
Copy link
Member

strk commented Feb 12, 2017 via email

@tboerger tboerger added lgtm/need 1 This PR needs approval from one additional maintainer to be merged. and removed lgtm/need 2 This PR needs two approvals by maintainers to be considered for merging. labels Feb 12, 2017
@bkcsoft
Copy link
Member

bkcsoft commented Feb 12, 2017

I would read the file line-by-line, appending each to the list of keys we wanna write. Sort the list, step through and remove duplicates.

Pseudo-code as fuck because I'm tired :trollface:

keys := getListsAsStringSlice()
f, _ := os.Open("authorized_keys")
for line := f.ReadLine() {
  keys := append(keys, line)
}
strings.Sort(keys)
outKeys := []string{keys[0]}
for i := 1; i < len(keys) - 1; i++ {
  if keys[i] != keys[i-1] {
    outKeys = append(outKeys, keys[i])
  }
}
f.Seek(0, io.SeekStart)
f.Write(outKeys)

@lunny
Copy link
Member Author

lunny commented Feb 14, 2017

@bkcsoft You have to consider backup if the machine is down when it's writing keys. So rename is not an ignoreable step. Or maybe we need copy not rename.

@lunny
Copy link
Member Author

lunny commented Feb 14, 2017

@travnick do you mean on the comment?

@travnick
Copy link

@lunny what are you asking about exactly?

@bkcsoft
Copy link
Member

bkcsoft commented Feb 14, 2017

@lunny copy sounds better :)

@lunny lunny force-pushed the lunny/fix_publick_rewrite branch from 6ab5f22 to 671781e Compare February 27, 2017 04:32
@lunny
Copy link
Member Author

lunny commented Feb 27, 2017

@tboerger @bkcsoft @strk please confirm.

for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, tplCommentPrefix) {
scanner.Scan()
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will skip every other line no?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This will skip always the next line if the current line is the prefix

@tboerger
Copy link
Member

Isn't it easier to have a start and an end marker line gitolite?

@lunny
Copy link
Member Author

lunny commented Feb 27, 2017

It's also easy to this one. but it seems no need to add end.

@tboerger
Copy link
Member

But this implementation is harder to understand, at least that's my opinion.

@lunny
Copy link
Member Author

lunny commented Feb 27, 2017

But it works. We can improve it in v1.2.

Content string
}

err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Is this assuming all authorized_keys belong to gitea ?

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If it's an old gitea, of course because every time you add a new public key. it will remove other non-gitea public key.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

For a new gitea, this will not be executed.

@bkcsoft
Copy link
Member

bkcsoft commented Feb 27, 2017

We can improve it in v1.2.

No, we'd have to change for v2.0 since that would be a breaking change

@lunny
Copy link
Member Author

lunny commented Feb 27, 2017

Where is the breakage?

@bkcsoft
Copy link
Member

bkcsoft commented Mar 2, 2017

The breakage is in the expected behaviour. Anyhow, this is LGTM to me 🙂

@tboerger tboerger added lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. and removed lgtm/need 1 This PR needs approval from one additional maintainer to be merged. labels Mar 2, 2017
@lunny lunny merged commit ef13bba into go-gitea:master Mar 2, 2017
@lunny lunny deleted the lunny/fix_publick_rewrite branch March 2, 2017 17:06
@pgaskin pgaskin mentioned this pull request Mar 12, 2017
@lunny lunny mentioned this pull request Mar 30, 2017
7 tasks
@go-gitea go-gitea locked and limited conversation to collaborators Nov 23, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
lgtm/done This PR has enough approvals to get merged. There are no important open reservations anymore. type/bug
Projects
None yet
Development

Successfully merging this pull request may close these issues.

Empty authorized_keys after delete user key
5 participants