Don't rewrite non-gitea public keys (#906)

* don't rewrite non-gitea public keys

* add comment for public key
This commit is contained in:
Lunny Xiao 2017-03-03 00:36:47 +08:00 committed by GitHub
parent 341b3a0349
commit ef13bbaf7d
3 changed files with 85 additions and 4 deletions

View file

@ -90,6 +90,8 @@ var migrations = []Migration{
NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks), NewMigration("generate and migrate Git hooks", generateAndMigrateGitHooks),
// v20 -> v21 // v20 -> v21
NewMigration("use new avatar path name for security reason", useNewNameAvatars), NewMigration("use new avatar path name for security reason", useNewNameAvatars),
// v21 -> v22
NewMigration("rewrite authorized_keys file via new format", useNewPublickeyFormat),
} }
// Migrate database to current version // Migrate database to current version

53
models/migrations/v21.go Normal file
View file

@ -0,0 +1,53 @@
// Copyright 2017 Gitea. All rights reserved.
// Use of this source code is governed by a MIT-style
// license that can be found in the LICENSE file.
package migrations
import (
"fmt"
"os"
"path/filepath"
"code.gitea.io/gitea/modules/setting"
"github.com/go-xorm/xorm"
)
const (
tplCommentPrefix = `# gitea public key`
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
)
func useNewPublickeyFormat(x *xorm.Engine) error {
fpath := filepath.Join(setting.SSH.RootPath, "authorized_keys")
tmpPath := fpath + ".tmp"
f, err := os.OpenFile(tmpPath, os.O_RDWR|os.O_CREATE|os.O_TRUNC, 0600)
if err != nil {
return err
}
defer func() {
f.Close()
os.Remove(tmpPath)
}()
type PublicKey struct {
ID int64
Content string
}
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
key := bean.(*PublicKey)
_, err = f.WriteString(fmt.Sprintf(tplPublicKey, setting.AppPath, key.ID, setting.CustomConf, key.Content))
return err
})
if err != nil {
return err
}
f.Close()
if err = os.Rename(tmpPath, fpath); err != nil {
return err
}
return nil
}

View file

@ -5,6 +5,7 @@
package models package models
import ( import (
"bufio"
"encoding/base64" "encoding/base64"
"encoding/binary" "encoding/binary"
"errors" "errors"
@ -28,7 +29,8 @@ import (
) )
const ( const (
tplPublicKey = `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n" tplCommentPrefix = `# gitea public key`
tplPublicKey = tplCommentPrefix + "\n" + `command="%s serv key-%d --config='%s'",no-port-forwarding,no-X11-forwarding,no-agent-forwarding,no-pty %s` + "\n"
) )
var sshOpLocker sync.Mutex var sshOpLocker sync.Mutex
@ -553,22 +555,46 @@ func RewriteAllPublicKeys() error {
if err != nil { if err != nil {
return err return err
} }
defer os.Remove(tmpPath) defer func() {
f.Close()
os.Remove(tmpPath)
}()
err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) { err = x.Iterate(new(PublicKey), func(idx int, bean interface{}) (err error) {
_, err = f.WriteString((bean.(*PublicKey)).AuthorizedString()) _, err = f.WriteString((bean.(*PublicKey)).AuthorizedString())
return err return err
}) })
f.Close()
if err != nil { if err != nil {
return err return err
} }
if com.IsExist(fpath) { if com.IsExist(fpath) {
if err = os.Remove(fpath); err != nil { bakPath := fpath + fmt.Sprintf("_%d.gitea_bak", time.Now().Unix())
if err = com.Copy(fpath, bakPath); err != nil {
return err
}
p, err := os.Open(bakPath)
if err != nil {
return err
}
defer p.Close()
scanner := bufio.NewScanner(p)
for scanner.Scan() {
line := scanner.Text()
if strings.HasPrefix(line, tplCommentPrefix) {
scanner.Scan()
continue
}
_, err = f.WriteString(line + "\n")
if err != nil {
return err return err
} }
} }
}
f.Close()
if err = os.Rename(tmpPath, fpath); err != nil { if err = os.Rename(tmpPath, fpath); err != nil {
return err return err
} }